openSUSE-SLE-15.4-2022-538 low SUSE Updates openSUSE-SLE 15.4 This update for xmltooling doesn't fix any user visible bugs. libxmltooling7-1.6.4-3.6.1.x86_64.rpm xmltooling-1.6.4-3.6.1.src.rpm libxmltooling7-1.6.4-3.6.1.s390x.rpm libxmltooling7-1.6.4-3.6.1.ppc64le.rpm libxmltooling7-1.6.4-3.6.1.aarch64.rpm openSUSE-SLE-15.4-2022-679 moderate SUSE Updates openSUSE-SLE 15.4 This update for php7 fixes the following issues: - CVE-2021-21703: Fixed local privilege escalation via PHP-FPM (bsc#1192050). - CVE-2021-21707: Fixed special character breaks path in xml parsing (bsc#1193041). - CVE-2017-8923: Fixed denial of service (application crash) when using .= with a long string (zend_string_extend func in Zend/zend_string.h) (bsc#1038980). - CVE-2015-9253: Fixed endless loop when the master process restarts a child process using program execution functions (bsc#1081790). php7-7.2.5-4.89.4.src.rpm php7-wddx-7.2.5-4.89.4.x86_64.rpm php7-wddx-7.2.5-4.89.4.s390x.rpm php7-wddx-7.2.5-4.89.4.ppc64le.rpm php7-wddx-7.2.5-4.89.4.aarch64.rpm openSUSE-SLE-15.4-2022-70 moderate SUSE Updates openSUSE-SLE 15.4 This update for python-configshell-fb fixes the following issues: - Upgrade to latest upstream version v1.1.29 (jsc#SLE-17360): * setup.py: specify a version range for pyparsing * setup.py: lets stick to pyparsing v2.4.7 * Don't warn if prefs file doesn't exist - Update to version v1.1.28 from v1.1.27 (jsc#SLE-17360): * version 1.1.28 * Ensure that all output reaches the client when daemonized * Remove Epydoc markup from command messages * Remove epydoc imports and epydoc calls python-configshell-fb-1.1.29-3.3.1.src.rpm python2-configshell-fb-1.1.29-3.3.1.noarch.rpm python3-configshell-fb-1.1.29-3.3.1.noarch.rpm openSUSE-SLE-15.4-2022-19 moderate SUSE Updates openSUSE-SLE 15.4 This update for ghostscript, gswrap fixes the following issues: We now ship an additional wraper for ghostscript, called gswrap, for SLE 15 SP2 and SLE15 SP3. You can install this wrapper by installing the gswrap package. - Allow the `gswrap` package to use its wrapper script for `ghostscript` (jsc#SLE-21705 jsc#SLE-21706) - Use `update-alternatives` to get the real `ghostscript` binary from `/usr/bin/gs` to `/usr/bin/gs.bin` ghostscript-9.52-158.1.src.rpm ghostscript-9.52-158.1.x86_64.rpm ghostscript-devel-9.52-158.1.x86_64.rpm ghostscript-x11-9.52-158.1.x86_64.rpm ghostscript-9.52-158.1.s390x.rpm ghostscript-devel-9.52-158.1.s390x.rpm ghostscript-x11-9.52-158.1.s390x.rpm ghostscript-9.52-158.1.ppc64le.rpm ghostscript-devel-9.52-158.1.ppc64le.rpm ghostscript-x11-9.52-158.1.ppc64le.rpm ghostscript-9.52-158.1.aarch64.rpm ghostscript-devel-9.52-158.1.aarch64.rpm ghostscript-x11-9.52-158.1.aarch64.rpm openSUSE-SLE-15.4-2022-143 moderate SUSE Updates openSUSE-SLE 15.4 This update for java-11-openjdk fixes the following issues: - Java Cryptography was always operating in FIPS mode if crypto-policies was not used. - Allow plain key import in fips mode unless "com.suse.fips.plainKeySupport" is set to false java-11-openjdk-11.0.13.0-3.68.1.src.rpm java-11-openjdk-11.0.13.0-3.68.1.x86_64.rpm java-11-openjdk-accessibility-11.0.13.0-3.68.1.x86_64.rpm java-11-openjdk-demo-11.0.13.0-3.68.1.x86_64.rpm java-11-openjdk-devel-11.0.13.0-3.68.1.x86_64.rpm java-11-openjdk-headless-11.0.13.0-3.68.1.x86_64.rpm java-11-openjdk-javadoc-11.0.13.0-3.68.1.noarch.rpm java-11-openjdk-jmods-11.0.13.0-3.68.1.x86_64.rpm java-11-openjdk-src-11.0.13.0-3.68.1.x86_64.rpm java-11-openjdk-11.0.13.0-3.68.1.s390x.rpm java-11-openjdk-accessibility-11.0.13.0-3.68.1.s390x.rpm java-11-openjdk-demo-11.0.13.0-3.68.1.s390x.rpm java-11-openjdk-devel-11.0.13.0-3.68.1.s390x.rpm java-11-openjdk-headless-11.0.13.0-3.68.1.s390x.rpm java-11-openjdk-jmods-11.0.13.0-3.68.1.s390x.rpm java-11-openjdk-src-11.0.13.0-3.68.1.s390x.rpm java-11-openjdk-11.0.13.0-3.68.1.ppc64le.rpm java-11-openjdk-accessibility-11.0.13.0-3.68.1.ppc64le.rpm java-11-openjdk-demo-11.0.13.0-3.68.1.ppc64le.rpm java-11-openjdk-devel-11.0.13.0-3.68.1.ppc64le.rpm java-11-openjdk-headless-11.0.13.0-3.68.1.ppc64le.rpm java-11-openjdk-jmods-11.0.13.0-3.68.1.ppc64le.rpm java-11-openjdk-src-11.0.13.0-3.68.1.ppc64le.rpm java-11-openjdk-11.0.13.0-3.68.1.aarch64.rpm java-11-openjdk-accessibility-11.0.13.0-3.68.1.aarch64.rpm java-11-openjdk-demo-11.0.13.0-3.68.1.aarch64.rpm java-11-openjdk-devel-11.0.13.0-3.68.1.aarch64.rpm java-11-openjdk-headless-11.0.13.0-3.68.1.aarch64.rpm java-11-openjdk-jmods-11.0.13.0-3.68.1.aarch64.rpm java-11-openjdk-src-11.0.13.0-3.68.1.aarch64.rpm openSUSE-SLE-15.4-2022-485 moderate SUSE Updates openSUSE-SLE 15.4 This update for tomcat fixes the following issues: - Fix Null Pointer Exception in JNDIRealm, when userRoleAttribute is not set (bsc#1193569) tomcat-9.0.36-16.1.noarch.rpm tomcat-9.0.36-16.1.src.rpm tomcat-admin-webapps-9.0.36-16.1.noarch.rpm tomcat-docs-webapp-9.0.36-16.1.noarch.rpm tomcat-el-3_0-api-9.0.36-16.1.noarch.rpm tomcat-embed-9.0.36-16.1.noarch.rpm tomcat-javadoc-9.0.36-16.1.noarch.rpm tomcat-jsp-2_3-api-9.0.36-16.1.noarch.rpm tomcat-jsvc-9.0.36-16.1.noarch.rpm tomcat-lib-9.0.36-16.1.noarch.rpm tomcat-servlet-4_0-api-9.0.36-16.1.noarch.rpm tomcat-webapps-9.0.36-16.1.noarch.rpm openSUSE-SLE-15.4-2022-465 important SUSE Updates openSUSE-SLE 15.4 This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190487) - CVE-2021-4010: The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190488) - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) xorg-x11-server-1.20.3-22.5.42.1.src.rpm xorg-x11-server-wayland-1.20.3-22.5.42.1.x86_64.rpm xorg-x11-server-wayland-1.20.3-22.5.42.1.s390x.rpm xorg-x11-server-wayland-1.20.3-22.5.42.1.ppc64le.rpm xorg-x11-server-wayland-1.20.3-22.5.42.1.aarch64.rpm openSUSE-SLE-15.4-2022-482 moderate SUSE Updates openSUSE-SLE 15.4 This update for libreoffice fixes the following issues: Update LibreOffice from version 7.1.4.2 to 7.2.3.2 (jsc#SLE-18214) - Improve the rendering and loading rendering of shapes. (bsc#1183308) - Removed unrecognized option `--disable-vlc` This option has been removed from upstream in commit https://gerrit.libreoffice.org/c/core/+/108283 There's no real change in our build given that the VLC avmedia backend was explicitly disabled. - Fix gtk popover usage on gtk 3.20 - Revert upstream commit https://gerrit.libreoffice.org/c/core/+/116884 - Fix generated list of files for python scripts - Updating some LibreOffice buildrequires - Fix UI scaling on HIDPI Wayland/KDE screens - Fix inteaction between multi-column shape text and automatic height. (bsc#1187982) - Fix interaction of transparent cell fill and transparent shadow. (bsc#1189813) - Use vendored boost for all codestreams except Tumbleweed. Update boost vendored version. - Add vendored poppler to use for all codestreams except Tumbleweed. - Keep upstream desktop file names (bsc#1183655) and display math icon (bsc#1180479) - Source profile.d/alljava.sh from either /etc (if found) or /usr/etc). libreoffice-7.2.3.2-150300.14.22.15.3.src.rpm libreoffice-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-base-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-base-drivers-postgresql-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-branding-upstream-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-calc-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-calc-extensions-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-draw-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-filters-optional-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-gdb-pretty-printers-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-glade-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-gnome-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-gtk3-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-icon-themes-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-impress-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-l10n-af-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-am-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-ar-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-as-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-ast-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-be-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-bg-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-bn-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-bn_IN-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-bo-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-br-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-brx-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-bs-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-ca-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-ca_valencia-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-ckb-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-cs-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-cy-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-da-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-de-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-dgo-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-dsb-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-dz-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-el-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-en-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-en_GB-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-en_ZA-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-eo-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-es-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-et-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-eu-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-fa-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-fi-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-fr-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-fur-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-fy-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-ga-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-gd-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-gl-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-gu-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-gug-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-he-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-hi-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-hr-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-hsb-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-hu-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-id-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-is-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-it-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-ja-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-ka-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-kab-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-kk-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-km-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-kmr_Latn-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-kn-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-ko-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-kok-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-ks-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-lb-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-lo-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-lt-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-lv-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-mai-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-mk-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-ml-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-mn-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-mni-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-mr-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-my-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-nb-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-ne-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-nl-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-nn-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-nr-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-nso-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-oc-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-om-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-or-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-pa-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-pl-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-pt_BR-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-pt_PT-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-ro-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-ru-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-rw-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-sa_IN-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-sat-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-sd-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-si-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-sid-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-sk-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-sl-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-sq-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-sr-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-ss-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-st-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-sv-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-sw_TZ-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-szl-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-ta-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-te-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-tg-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-th-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-tn-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-tr-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-ts-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-tt-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-ug-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-uk-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-uz-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-ve-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-vec-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-vi-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-xh-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-zh_CN-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-zh_TW-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-l10n-zu-7.2.3.2-150300.14.22.15.3.noarch.rpm libreoffice-librelogo-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-mailmerge-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-math-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-officebean-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-pyuno-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-qt5-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-sdk-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-sdk-doc-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-writer-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-writer-extensions-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreofficekit-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreofficekit-devel-7.2.3.2-150300.14.22.15.3.x86_64.rpm libreoffice-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-base-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-base-drivers-postgresql-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-calc-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-calc-extensions-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-draw-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-filters-optional-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-gnome-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-gtk3-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-impress-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-librelogo-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-mailmerge-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-math-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-officebean-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-pyuno-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-qt5-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-sdk-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-sdk-doc-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-writer-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-writer-extensions-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreofficekit-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreofficekit-devel-7.2.3.2-150300.14.22.15.3.ppc64le.rpm libreoffice-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreoffice-base-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreoffice-base-drivers-postgresql-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreoffice-calc-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreoffice-calc-extensions-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreoffice-draw-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreoffice-filters-optional-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreoffice-gnome-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreoffice-gtk3-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreoffice-impress-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreoffice-librelogo-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreoffice-mailmerge-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreoffice-math-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreoffice-officebean-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreoffice-pyuno-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreoffice-qt5-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreoffice-sdk-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreoffice-sdk-doc-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreoffice-writer-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreoffice-writer-extensions-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreofficekit-7.2.3.2-150300.14.22.15.3.aarch64.rpm libreofficekit-devel-7.2.3.2-150300.14.22.15.3.aarch64.rpm openSUSE-SLE-15.4-2022-35 low SUSE Updates openSUSE-SLE 15.4 This update for telnet fixes the following issues: - Update Source location to use Gentoo mirror, fixes bsc#1129925 telnet-1.2-3.3.1.src.rpm telnet-1.2-3.3.1.x86_64.rpm telnet-server-1.2-3.3.1.x86_64.rpm telnet-1.2-3.3.1.s390x.rpm telnet-server-1.2-3.3.1.s390x.rpm telnet-1.2-3.3.1.ppc64le.rpm telnet-server-1.2-3.3.1.ppc64le.rpm telnet-1.2-3.3.1.aarch64.rpm telnet-server-1.2-3.3.1.aarch64.rpm openSUSE-SLE-15.4-2022-187 moderate SUSE Updates openSUSE-SLE 15.4 This update for vsftpd fixes the following issues: - Fix several issues related to SSL/TLS support (bsc#1021387) - Fix a seccomp failure that used to occur in FIPS mode when SSL is enabled (bsc#1052900) - Fix seccomp bug where the process would hang trying access syslog (bsc#971784) vsftpd-3.0.3-12.6.1.src.rpm vsftpd-3.0.3-12.6.1.x86_64.rpm vsftpd-3.0.3-12.6.1.ppc64le.rpm vsftpd-3.0.3-12.6.1.aarch64.rpm openSUSE-SLE-15.4-2022-52 important SUSE Updates openSUSE-SLE 15.4 This update for libsndfile fixes the following issues: - CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that could potentially lead to heap exploitation (bsc#1194006). libsndfile-1.0.28-5.15.1.src.rpm libsndfile-devel-1.0.28-5.15.1.x86_64.rpm libsndfile-progs-1.0.28-5.15.1.src.rpm libsndfile-progs-1.0.28-5.15.1.x86_64.rpm libsndfile1-1.0.28-5.15.1.x86_64.rpm libsndfile1-32bit-1.0.28-5.15.1.x86_64.rpm libsndfile-devel-1.0.28-5.15.1.s390x.rpm libsndfile-progs-1.0.28-5.15.1.s390x.rpm libsndfile1-1.0.28-5.15.1.s390x.rpm libsndfile-devel-1.0.28-5.15.1.ppc64le.rpm libsndfile-progs-1.0.28-5.15.1.ppc64le.rpm libsndfile1-1.0.28-5.15.1.ppc64le.rpm libsndfile-devel-1.0.28-5.15.1.aarch64.rpm libsndfile-progs-1.0.28-5.15.1.aarch64.rpm libsndfile1-1.0.28-5.15.1.aarch64.rpm openSUSE-SLE-15.4-2022-69 low SUSE Updates openSUSE-SLE 15.4 This update for libmspack fixes the following issues: - CVE-2018-18586: Fixed directory traversal in chmextract by adding anti "../" and leading slash protection (bsc#1113040). libmspack-0.6-3.14.1.src.rpm libmspack-devel-0.6-3.14.1.x86_64.rpm libmspack0-0.6-3.14.1.x86_64.rpm libmspack0-32bit-0.6-3.14.1.x86_64.rpm mspack-tools-0.6-3.14.1.x86_64.rpm libmspack-devel-0.6-3.14.1.s390x.rpm libmspack0-0.6-3.14.1.s390x.rpm mspack-tools-0.6-3.14.1.s390x.rpm libmspack-devel-0.6-3.14.1.ppc64le.rpm libmspack0-0.6-3.14.1.ppc64le.rpm mspack-tools-0.6-3.14.1.ppc64le.rpm libmspack-devel-0.6-3.14.1.aarch64.rpm libmspack0-0.6-3.14.1.aarch64.rpm mspack-tools-0.6-3.14.1.aarch64.rpm openSUSE-SLE-15.4-2022-62 important SUSE Updates openSUSE-SLE 15.4 This update for openexr fixes the following issues: - CVE-2021-45942: Fixed heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute. (bsc#1194333) libIlmImf-2_2-23-2.2.1-3.41.1.x86_64.rpm libIlmImf-2_2-23-32bit-2.2.1-3.41.1.x86_64.rpm libIlmImfUtil-2_2-23-2.2.1-3.41.1.x86_64.rpm libIlmImfUtil-2_2-23-32bit-2.2.1-3.41.1.x86_64.rpm openexr-2.2.1-3.41.1.src.rpm openexr-2.2.1-3.41.1.x86_64.rpm openexr-devel-2.2.1-3.41.1.x86_64.rpm openexr-doc-2.2.1-3.41.1.x86_64.rpm libIlmImf-2_2-23-2.2.1-3.41.1.s390x.rpm libIlmImfUtil-2_2-23-2.2.1-3.41.1.s390x.rpm openexr-2.2.1-3.41.1.s390x.rpm openexr-devel-2.2.1-3.41.1.s390x.rpm openexr-doc-2.2.1-3.41.1.s390x.rpm libIlmImf-2_2-23-2.2.1-3.41.1.ppc64le.rpm libIlmImfUtil-2_2-23-2.2.1-3.41.1.ppc64le.rpm openexr-2.2.1-3.41.1.ppc64le.rpm openexr-devel-2.2.1-3.41.1.ppc64le.rpm openexr-doc-2.2.1-3.41.1.ppc64le.rpm libIlmImf-2_2-23-2.2.1-3.41.1.aarch64.rpm libIlmImfUtil-2_2-23-2.2.1-3.41.1.aarch64.rpm openexr-2.2.1-3.41.1.aarch64.rpm openexr-devel-2.2.1-3.41.1.aarch64.rpm openexr-doc-2.2.1-3.41.1.aarch64.rpm openSUSE-SLE-15.4-2022-182 important SUSE Updates openSUSE-SLE 15.4 This update for webkit2gtk3 fixes the following issues: - Update to version 2.34.3 (bsc#1194019). - CVE-2021-30887: Fixed logic issue allowing unexpectedly unenforced Content Security Policy when processing maliciously crafted web content. - CVE-2021-30890: Fixed logic issue allowing universal cross site scripting when processing maliciously crafted web content. libwebkit2gtk3-lang-2.34.3-23.3.noarch.rpm webkit2gtk3-2.34.3-23.3.src.rpm openSUSE-SLE-15.4-2022-188 moderate SUSE Updates openSUSE-SLE 15.4 This update for hunspell fixes the following issues: - Fix myspell english dictionary not being installed (bsc#1193627) hunspell-1.6.2-3.8.1.src.rpm hunspell-1.6.2-3.8.1.x86_64.rpm hunspell-devel-1.6.2-3.8.1.x86_64.rpm hunspell-devel-32bit-1.6.2-3.8.1.x86_64.rpm hunspell-tools-1.6.2-3.8.1.x86_64.rpm libhunspell-1_6-0-1.6.2-3.8.1.x86_64.rpm libhunspell-1_6-0-32bit-1.6.2-3.8.1.x86_64.rpm hunspell-1.6.2-3.8.1.s390x.rpm hunspell-devel-1.6.2-3.8.1.s390x.rpm hunspell-tools-1.6.2-3.8.1.s390x.rpm libhunspell-1_6-0-1.6.2-3.8.1.s390x.rpm hunspell-1.6.2-3.8.1.ppc64le.rpm hunspell-devel-1.6.2-3.8.1.ppc64le.rpm hunspell-tools-1.6.2-3.8.1.ppc64le.rpm libhunspell-1_6-0-1.6.2-3.8.1.ppc64le.rpm hunspell-1.6.2-3.8.1.aarch64.rpm hunspell-devel-1.6.2-3.8.1.aarch64.rpm hunspell-tools-1.6.2-3.8.1.aarch64.rpm libhunspell-1_6-0-1.6.2-3.8.1.aarch64.rpm openSUSE-SLE-15.4-2022-87 moderate SUSE Updates openSUSE-SLE 15.4 This update for go1.16 fixes the following issues: Update to go1.16.13 (bsc#1182345) - it includes fixes to the compiler, linker, runtime, and the net/http package. * x/net/http2: `http.Server.WriteTimeout` does not fire if the http2 stream's window is out of space. * runtime/race: building for iOS, but linking in object file built for macOS * runtime: race detector `SIGABRT` or `SIGSEGV` on macOS Monterey * runtime: mallocs cause "base outside usable address space" panic when running on iOS 14 * cmd/link: does not set section type of `.init_array` correctly * cmd/link: support more load commands on `Mach-O` * cmd/compile: internal compiler error: `Op...LECall and OpDereference have mismatched mem` go1.16-1.16.13-1.40.1.src.rpm go1.16-1.16.13-1.40.1.x86_64.rpm go1.16-doc-1.16.13-1.40.1.x86_64.rpm go1.16-race-1.16.13-1.40.1.x86_64.rpm go1.16-1.16.13-1.40.1.s390x.rpm go1.16-doc-1.16.13-1.40.1.s390x.rpm go1.16-1.16.13-1.40.1.ppc64le.rpm go1.16-doc-1.16.13-1.40.1.ppc64le.rpm go1.16-1.16.13-1.40.1.aarch64.rpm go1.16-doc-1.16.13-1.40.1.aarch64.rpm go1.16-race-1.16.13-1.40.1.aarch64.rpm openSUSE-SLE-15.4-2022-88 moderate SUSE Updates openSUSE-SLE 15.4 This update for ghostscript fixes the following issues: - CVE-2021-45944: Fixed use-after-free in sampled_data_sample (bsc#1194303) - CVE-2021-45949: Fixed heap-based buffer overflow in sampled_data_finish (bsc#1194304) ghostscript-9.52-161.1.src.rpm ghostscript-9.52-161.1.x86_64.rpm ghostscript-devel-9.52-161.1.x86_64.rpm ghostscript-x11-9.52-161.1.x86_64.rpm ghostscript-9.52-161.1.s390x.rpm ghostscript-devel-9.52-161.1.s390x.rpm ghostscript-x11-9.52-161.1.s390x.rpm ghostscript-9.52-161.1.ppc64le.rpm ghostscript-devel-9.52-161.1.ppc64le.rpm ghostscript-x11-9.52-161.1.ppc64le.rpm ghostscript-9.52-161.1.aarch64.rpm ghostscript-devel-9.52-161.1.aarch64.rpm ghostscript-x11-9.52-161.1.aarch64.rpm openSUSE-SLE-15.4-2022-100 moderate SUSE Updates openSUSE-SLE 15.4 This update for hwdata fixes the following issues: - Update hwdata from version 0.353 to 0.355 which includes updated pci, usb and vendor ids (bsc#1194338) hwdata-0.355-3.39.1.noarch.rpm hwdata-0.355-3.39.1.src.rpm openSUSE-SLE-15.4-2022-104 important SUSE Updates openSUSE-SLE 15.4 This update for SDL2 fixes the following issues: - CVE-2020-14409: Fixed Integer Overflow resulting in heap corruption in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP (bsc#1181202). - CVE-2020-14410: Fixed heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP (bsc#1181201). SDL2-2.0.8-11.3.1.src.rpm libSDL2-2_0-0-2.0.8-11.3.1.x86_64.rpm libSDL2-2_0-0-32bit-2.0.8-11.3.1.x86_64.rpm libSDL2-devel-2.0.8-11.3.1.x86_64.rpm libSDL2-devel-32bit-2.0.8-11.3.1.x86_64.rpm libSDL2-2_0-0-2.0.8-11.3.1.s390x.rpm libSDL2-devel-2.0.8-11.3.1.s390x.rpm libSDL2-2_0-0-2.0.8-11.3.1.ppc64le.rpm libSDL2-devel-2.0.8-11.3.1.ppc64le.rpm libSDL2-2_0-0-2.0.8-11.3.1.aarch64.rpm libSDL2-devel-2.0.8-11.3.1.aarch64.rpm openSUSE-SLE-15.4-2022-228 moderate SUSE Updates openSUSE-SLE 15.4 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) boost-1.66.0-12.3.1.src.rpm libboost_mpi_python-py2_7-1_66_0-1.66.0-12.3.1.x86_64.rpm libboost_mpi_python-py2_7-1_66_0-devel-1.66.0-12.3.1.x86_64.rpm libboost_numpy-py2_7-1_66_0-1.66.0-12.3.1.x86_64.rpm libboost_numpy-py2_7-1_66_0-devel-1.66.0-12.3.1.x86_64.rpm libboost_python-py2_7-1_66_0-1.66.0-12.3.1.x86_64.rpm libboost_python-py2_7-1_66_0-32bit-1.66.0-12.3.1.x86_64.rpm libboost_python-py2_7-1_66_0-devel-1.66.0-12.3.1.x86_64.rpm python2-boost_parallel_mpi1_66_0-1.66.0-12.3.1.x86_64.rpm libboost_mpi_python-py2_7-1_66_0-1.66.0-12.3.1.s390x.rpm libboost_mpi_python-py2_7-1_66_0-devel-1.66.0-12.3.1.s390x.rpm libboost_numpy-py2_7-1_66_0-1.66.0-12.3.1.s390x.rpm libboost_numpy-py2_7-1_66_0-devel-1.66.0-12.3.1.s390x.rpm libboost_python-py2_7-1_66_0-1.66.0-12.3.1.s390x.rpm libboost_python-py2_7-1_66_0-devel-1.66.0-12.3.1.s390x.rpm python2-boost_parallel_mpi1_66_0-1.66.0-12.3.1.s390x.rpm libboost_mpi_python-py2_7-1_66_0-1.66.0-12.3.1.ppc64le.rpm libboost_mpi_python-py2_7-1_66_0-devel-1.66.0-12.3.1.ppc64le.rpm libboost_numpy-py2_7-1_66_0-1.66.0-12.3.1.ppc64le.rpm libboost_numpy-py2_7-1_66_0-devel-1.66.0-12.3.1.ppc64le.rpm libboost_python-py2_7-1_66_0-1.66.0-12.3.1.ppc64le.rpm libboost_python-py2_7-1_66_0-devel-1.66.0-12.3.1.ppc64le.rpm python2-boost_parallel_mpi1_66_0-1.66.0-12.3.1.ppc64le.rpm libboost_mpi_python-py2_7-1_66_0-1.66.0-12.3.1.aarch64.rpm libboost_mpi_python-py2_7-1_66_0-devel-1.66.0-12.3.1.aarch64.rpm libboost_numpy-py2_7-1_66_0-1.66.0-12.3.1.aarch64.rpm libboost_numpy-py2_7-1_66_0-devel-1.66.0-12.3.1.aarch64.rpm libboost_python-py2_7-1_66_0-1.66.0-12.3.1.aarch64.rpm libboost_python-py2_7-1_66_0-devel-1.66.0-12.3.1.aarch64.rpm python2-boost_parallel_mpi1_66_0-1.66.0-12.3.1.aarch64.rpm openSUSE-SLE-15.4-2022-184 important SUSE Updates openSUSE-SLE 15.4 This update for json-c fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479) json-c-0.13-3.3.1.src.rpm libjson-c-devel-0.13-3.3.1.x86_64.rpm libjson-c-doc-0.13-3.3.1.noarch.rpm libjson-c3-0.13-3.3.1.x86_64.rpm libjson-c3-32bit-0.13-3.3.1.x86_64.rpm libjson-c-devel-0.13-3.3.1.s390x.rpm libjson-c3-0.13-3.3.1.s390x.rpm libjson-c-devel-0.13-3.3.1.ppc64le.rpm libjson-c3-0.13-3.3.1.ppc64le.rpm libjson-c-devel-0.13-3.3.1.aarch64.rpm libjson-c3-0.13-3.3.1.aarch64.rpm openSUSE-SLE-15.4-2022-222 moderate SUSE Updates openSUSE-SLE 15.4 This update for xrdp fixes the following issues: - Fix crash in xrdp-fate318398-change-expired-password.patch (bsc#1187258) libpainter0-0.9.13.1-4.12.1.x86_64.rpm librfxencode0-0.9.13.1-4.12.1.x86_64.rpm xrdp-0.9.13.1-4.12.1.src.rpm xrdp-0.9.13.1-4.12.1.x86_64.rpm xrdp-devel-0.9.13.1-4.12.1.x86_64.rpm libpainter0-0.9.13.1-4.12.1.s390x.rpm librfxencode0-0.9.13.1-4.12.1.s390x.rpm xrdp-0.9.13.1-4.12.1.s390x.rpm xrdp-devel-0.9.13.1-4.12.1.s390x.rpm libpainter0-0.9.13.1-4.12.1.ppc64le.rpm librfxencode0-0.9.13.1-4.12.1.ppc64le.rpm xrdp-0.9.13.1-4.12.1.ppc64le.rpm xrdp-devel-0.9.13.1-4.12.1.ppc64le.rpm libpainter0-0.9.13.1-4.12.1.aarch64.rpm librfxencode0-0.9.13.1-4.12.1.aarch64.rpm xrdp-0.9.13.1-4.12.1.aarch64.rpm xrdp-devel-0.9.13.1-4.12.1.aarch64.rpm openSUSE-SLE-15.4-2022-141 moderate SUSE Updates openSUSE-SLE 15.4 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). permissions-20181225-23.12.1.src.rpm permissions-20181225-23.12.1.x86_64.rpm permissions-zypp-plugin-20181225-23.12.1.noarch.rpm permissions-20181225-23.12.1.s390x.rpm permissions-20181225-23.12.1.ppc64le.rpm permissions-20181225-23.12.1.aarch64.rpm openSUSE-SLE-15.4-2022-210 low SUSE Updates openSUSE-SLE 15.4 This update for qemu fixes the following issues: - CVE-2020-13253: Fixed an OOB access that could crash the guest resulting in DoS (bsc#1172033) - CVE-2021-20196: Fixed null pointer dereference that may lead to guest crash (bsc#1181361). qemu-4.2.1-11.34.2.src.rpm qemu-s390-4.2.1-11.34.2.x86_64.rpm qemu-s390-4.2.1-11.34.2.s390x.rpm qemu-s390-4.2.1-11.34.2.ppc64le.rpm qemu-s390-4.2.1-11.34.2.aarch64.rpm openSUSE-SLE-15.4-2022-150 important SUSE Updates openSUSE-SLE 15.4 This update for aide fixes the following issues: - CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735) aide-0.16-24.1.src.rpm aide-0.16-24.1.x86_64.rpm aide-test-0.16-24.1.x86_64.rpm aide-0.16-24.1.s390x.rpm aide-test-0.16-24.1.s390x.rpm aide-0.16-24.1.ppc64le.rpm aide-test-0.16-24.1.ppc64le.rpm aide-0.16-24.1.aarch64.rpm aide-test-0.16-24.1.aarch64.rpm openSUSE-SLE-15.4-2022-493 important SUSE Updates openSUSE-SLE 15.4 This update for clamav fixes the following issues: - CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. (bsc#1194731) clamav-0.103.5-3.35.1.src.rpm clamav-0.103.5-3.35.1.x86_64.rpm clamav-devel-0.103.5-3.35.1.x86_64.rpm libclamav9-0.103.5-3.35.1.x86_64.rpm libfreshclam2-0.103.5-3.35.1.x86_64.rpm clamav-0.103.5-3.35.1.s390x.rpm clamav-devel-0.103.5-3.35.1.s390x.rpm libclamav9-0.103.5-3.35.1.s390x.rpm libfreshclam2-0.103.5-3.35.1.s390x.rpm clamav-0.103.5-3.35.1.ppc64le.rpm clamav-devel-0.103.5-3.35.1.ppc64le.rpm libclamav9-0.103.5-3.35.1.ppc64le.rpm libfreshclam2-0.103.5-3.35.1.ppc64le.rpm clamav-0.103.5-3.35.1.aarch64.rpm clamav-devel-0.103.5-3.35.1.aarch64.rpm libclamav9-0.103.5-3.35.1.aarch64.rpm libfreshclam2-0.103.5-3.35.1.aarch64.rpm openSUSE-SLE-15.4-2022-157 important SUSE Updates openSUSE-SLE 15.4 This update for zxing-cpp fixes the following issues: - CVE-2021-28021: Fixed buffer overflow vulnerability in function stbi__extend_receive in stb_image.h via a crafted JPEG file. (bsc#1191743). - CVE-2021-42715: Fixed buffer overflow in stb_image PNM loader (bsc#1191942). - CVE-2021-42716: Fixed denial of service in stb_image HDR loader when reading crafted HDR files (bsc#1191944). libZXing1-1.2.0-9.7.1.x86_64.rpm libZXing1-32bit-1.2.0-9.7.1.x86_64.rpm zxing-cpp-1.2.0-9.7.1.src.rpm zxing-cpp-devel-1.2.0-9.7.1.x86_64.rpm libZXing1-1.2.0-9.7.1.s390x.rpm zxing-cpp-devel-1.2.0-9.7.1.s390x.rpm libZXing1-1.2.0-9.7.1.ppc64le.rpm zxing-cpp-devel-1.2.0-9.7.1.ppc64le.rpm libZXing1-1.2.0-9.7.1.aarch64.rpm zxing-cpp-devel-1.2.0-9.7.1.aarch64.rpm openSUSE-SLE-15.4-2022-176 important SUSE Updates openSUSE-SLE 15.4 This update for unbound fixes the following issues: - CVE-2019-25031: Fixed configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack (bsc#1185382). - CVE-2019-25032: Fixed integer overflow in the regional allocator via regional_alloc (bsc#1185383). - CVE-2019-25033: Fixed integer overflow in the regional allocator via the ALIGN_UP macro (bsc#1185384). - CVE-2019-25034: Fixed integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write (bsc#1185385). - CVE-2019-25035: Fixed out-of-bounds write in sldns_bget_token_par (bsc#1185386). - CVE-2019-25036: Fixed assertion failure and denial of service in synth_cname (bsc#1185387). - CVE-2019-25037: Fixed assertion failure and denial of service in dname_pkt_copy via an invalid packet (bsc#1185388). - CVE-2019-25038: Fixed integer overflow in a size calculation in dnscrypt/dnscrypt.c (bsc#1185389). - CVE-2019-25039: Fixed integer overflow in a size calculation in respip/respip.c (bsc#1185390). - CVE-2019-25040: Fixed infinite loop via a compressed name in dname_pkt_copy (bsc#1185391). - CVE-2019-25041: Fixed assertion failure via a compressed name in dname_pkt_copy (bsc#1185392). - CVE-2019-25042: Fixed out-of-bounds write via a compressed name in rdata_copy (bsc#1185393). - CVE-2020-28935: Fixed symbolic link traversal when writing PID file (bsc#1179191). libunbound2-1.6.8-10.6.1.x86_64.rpm unbound-1.6.8-10.6.1.src.rpm unbound-1.6.8-10.6.1.x86_64.rpm unbound-anchor-1.6.8-10.6.1.x86_64.rpm unbound-devel-1.6.8-10.6.1.x86_64.rpm unbound-munin-1.6.8-10.6.1.noarch.rpm unbound-python-1.6.8-10.6.1.x86_64.rpm libunbound2-1.6.8-10.6.1.s390x.rpm unbound-1.6.8-10.6.1.s390x.rpm unbound-anchor-1.6.8-10.6.1.s390x.rpm unbound-devel-1.6.8-10.6.1.s390x.rpm unbound-python-1.6.8-10.6.1.s390x.rpm libunbound2-1.6.8-10.6.1.ppc64le.rpm unbound-1.6.8-10.6.1.ppc64le.rpm unbound-anchor-1.6.8-10.6.1.ppc64le.rpm unbound-devel-1.6.8-10.6.1.ppc64le.rpm unbound-python-1.6.8-10.6.1.ppc64le.rpm libunbound2-1.6.8-10.6.1.aarch64.rpm unbound-1.6.8-10.6.1.aarch64.rpm unbound-anchor-1.6.8-10.6.1.aarch64.rpm unbound-devel-1.6.8-10.6.1.aarch64.rpm unbound-python-1.6.8-10.6.1.aarch64.rpm openSUSE-SLE-15.4-2022-226 important SUSE Updates openSUSE-SLE 15.4 This update for log4j12 fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. (bsc#1194844) - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. (bsc#1194843) - CVE-2022-23302: Fix remote code execution by removing src/main/java/org/apache/log4j/net/JMSSink.java. (bsc#1194842) log4j12-1.2.17-4.9.1.noarch.rpm log4j12-1.2.17-4.9.1.src.rpm log4j12-javadoc-1.2.17-4.9.1.noarch.rpm log4j12-manual-1.2.17-4.9.1.noarch.rpm openSUSE-SLE-15.4-2022-198 important SUSE Updates openSUSE-SLE 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk (bsc#1194985). - CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302). - CVE-2021-46283: nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace (bnc#1194518). - CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc function (bsc#1193927). - CVE-2021-4202: Fixed a race condition during NFC device remove which could lead to a use-after-free memory corruption (bsc#1194529) - CVE-2021-4083: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allowed a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4 (bnc#1193727). - CVE-2021-4149: Fixed a locking condition in btrfs which could lead to system deadlocks (bsc#1194001). - CVE-2021-45485: In the IPv6 implementation in net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses (bnc#1194094). - CVE-2021-45486: In the IPv4 implementation in net/ipv4/route.c has an information leak because the hash table is very small (bnc#1194087). The following non-security bugs were fixed: - ACPI: APD: Check for NULL pointer after calling devm_ioremap() (git-fixes). - ACPI: Add stubs for wakeup handler functions (git-fixes). - ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes (git-fixes). - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ALSA: ctl: Fix copy of updated id with element read/write (git-fixes). - ALSA: drivers: opl3: Fix incorrect use of vp->state (git-fixes). - ALSA: hda/hdmi: Disable silent stream on GLK (git-fixes). - ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 mute LED (git-fixes). - ALSA: hda/realtek: Add quirk for ASRock NUC Box 1100 (git-fixes). - ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6 (git-fixes). - ALSA: hda/realtek: Fix quirk for Clevo NJ51CU (git-fixes). - ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek: Fixes HP Spectre x360 15-eb1xxx speakers (git-fixes). - ALSA: hda/realtek: Headset fixup for Clevo NH77HJQ (git-fixes). - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ALSA: hda: Make proper use of timecounter (git-fixes). - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ALSA: jack: Check the return value of kstrdup() (git-fixes). - ALSA: oss: fix compile error when OSS_DEBUG is enabled (git-fixes). - ALSA: pcm: oss: Fix negative period/buffer sizes (git-fixes). - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (git-fixes). - ALSA: pcm: oss: Limit the period size to 16MB (git-fixes). - ALSA: usb-audio: Drop superfluous '0' in Presonus Studio 1810c's ID (git-fixes). - ALSA: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk (git-fixes). - ASoC: codecs: wcd934x: handle channel mappping list correctly (git-fixes). - ASoC: codecs: wcd934x: return correct value from mixer put (git-fixes). - ASoC: codecs: wcd934x: return error code correctly from hw_params (git-fixes). - ASoC: codecs: wsa881x: fix return values from kcontrol put (git-fixes). - ASoC: cs42l42: Correct configuring of switch inversion from ts-inv (git-fixes). - ASoC: cs42l42: Disable regulators if probe fails (git-fixes). - ASoC: cs42l42: Use device_property API instead of of_property (git-fixes). - ASoC: fsl_asrc: refine the check of available clock divider (git-fixes). - ASoC: fsl_mqs: fix MODULE_ALIAS (git-fixes). - ASoC: mediatek: Check for error clk pointer (git-fixes). - ASoC: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s (git-fixes). - ASoC: meson: aiu: fifo: Add missing dma_coerce_mask_and_coherent() (git-fixes). - ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer (git-fixes). - ASoC: rt5663: Handle device_property_read_u32_array error codes (git-fixes). - ASoC: samsung: idma: Check of ioremap return value (git-fixes). - ASoC: soc-core: fix null-ptr-deref in snd_soc_del_component_unlocked() (git-fixes). - ASoC: sunxi: fix a sound binding broken reference (git-fixes). - ASoC: tegra: Fix kcontrol put callback in ADMAIF (git-fixes). - ASoC: tegra: Fix kcontrol put callback in AHUB (git-fixes). - ASoC: tegra: Fix kcontrol put callback in DMIC (git-fixes). - ASoC: tegra: Fix kcontrol put callback in DSPK (git-fixes). - ASoC: tegra: Fix kcontrol put callback in I2S (git-fixes). - ASoC: tegra: Fix wrong value type in ADMAIF (git-fixes). - ASoC: tegra: Fix wrong value type in DMIC (git-fixes). - ASoC: tegra: Fix wrong value type in DSPK (git-fixes). - ASoC: tegra: Fix wrong value type in I2S (git-fixes). - ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA (git-fixes). - Add cherry-picked IDs for qemu fw_cfg patches - Bluetooth: L2CAP: Fix using wrong mode (git-fixes). - Bluetooth: bfusb: fix division by zero in send path (git-fixes). - Bluetooth: btmtksdio: fix resume failure (git-fixes). - Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() (git-fixes). - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (git-fixes). - Bluetooth: hci_bcm: Check for error irq (git-fixes). - Bluetooth: hci_qca: Stop IBS timer during BT OFF (git-fixes). - Bluetooth: stop proccessing malicious adv data (git-fixes). - Documentation: ACPI: Fix data node reference documentation (git-fixes). - Documentation: dmaengine: Correctly describe dmatest with channel unset (git-fixes). - Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (git-fixes). - HID: add USB_HID dependancy to hid-chicony (git-fixes). - HID: add USB_HID dependancy to hid-prodikeys (git-fixes). - HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option (git-fixes). - HID: bigbenff: prevent null pointer dereference (git-fixes). - HID: google: add eel USB id (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init (git-fixes). - HID: quirks: Add quirk for the Microsoft Surface 3 type-cover (git-fixes). - Input: appletouch - initialize work before device registration (git-fixes). - Input: atmel_mxt_ts - fix double free in mxt_read_info_block (git-fixes). - Input: elantech - fix stack out of bound access in elantech_change_report_id() (git-fixes). - Input: i8042 - add deferred probe support (bsc#1190256). - Input: i8042 - enable deferred probe quirk for ASUS UM325UA (bsc#1190256). - Input: max8925_onkey - do not mark comment as kernel-doc (git-fixes). - Input: spaceball - fix parsing of movement data packets (git-fixes). - Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes). - Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes). - Move upstreamed patches into sorted section - NFC: st21nfca: Fix memory leak in device probe and remove (git-fixes). - NFSD: Fix zero-length NFSv3 WRITEs (git-fixes). - NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). - NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). - PCI/ACPI: Fix acpi_pci_osc_control_set() kernel-doc comment (git-fixes). - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes). - PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity() (git-fixes). - PCI/MSI: Mask MSI-X vectors only on success (git-fixes). - PCI: cadence: Add cdns_plat_pcie_probe() missing return (git-fixes). - PCI: dwc: Do not remap invalid res (git-fixes). - PCI: mvebu: Check for errors from pci_bridge_emul_init() call (git-fixes). - PCI: mvebu: Do not modify PCI IO type bits in conf_write (git-fixes). - PCI: mvebu: Fix support for DEVCAP2, DEVCTL2 and LNKCTL2 registers on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_EXP_DEVCTL on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_EXP_RTSTA on emulated bridge (git-fixes). - PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space (git-fixes). - PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device (git-fixes). - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault (git-fixes). - PCI: xgene: Fix IB window setup (git-fixes). - PM: runtime: Defer suspending suppliers (git-fixes). - PM: sleep: Do not assume that "mem" is always present (git-fixes). - RDMA/hns: Replace kfree() with kvfree() (jsc#SLE-14777). - Revert "PM: sleep: Do not assume that "mem" is always present" (git-fixes). - Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" (git-fixes). - Revert "net/mlx5: Add retry mechanism to the command entry index allocation" (jsc#SLE-15172). - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status (git-fixes). - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub (git-fixes). - USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) (git-fixes). - USB: cdc-acm: fix break reporting (git-fixes). - USB: cdc-acm: fix racy tty buffer accesses (git-fixes). - USB: chipidea: fix interrupt deadlock (git-fixes). - USB: core: Fix bug in resuming hub's handling of wakeup requests (git-fixes). - USB: gadget: bRequestType is a bitfield, not a enum (git-fixes). - USB: gadget: detect too-big endpoint 0 requests (git-fixes). - USB: gadget: zero allocate endpoint 0 buffers (git-fixes). - USB: serial: cp210x: fix CP2105 GPIO registration (git-fixes). - USB: serial: option: add Telit FN990 compositions (git-fixes). - Update patches.suse/tpm-fix-potential-NULL-pointer-access-in-tpm_del_cha.patch (git-fixes bsc#1193660 ltc#195634). - Updated mpi3mr entry in supported.conf (bsc#1194578 jsc#SLE-18120) Moving this driver into the "supported" package. - amd/display: downgrade validation failure log level (git-fixes). - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile (git-fixes). - atlantic: Fix buff_ring OOB in aq_ring_rx_clean (git-fixes). - ax25: NPD bug when detaching AX25 device (git-fixes). - backlight: qcom-wled: Fix off-by-one maximum with default num_strings (git-fixes). - backlight: qcom-wled: Override default length with qcom,enabled-strings (git-fixes). - backlight: qcom-wled: Pass number of elements to read to read_u32_array (git-fixes). - backlight: qcom-wled: Validate enabled string indices in DT (git-fixes). - batman-adv: mcast: do not send link-local multicast to mcast routers (git-fixes). - blk-cgroup: synchronize blkg creation against policy deactivation (bsc#1194584). - block/scsi-ioctl: Fix kernel-infoleak in scsi_put_cdrom_generic_arg() (git-fixes). - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (git-fixes). - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (git-fixes). - can: kvaser_usb: get CAN clock frequency from device (git-fixes). - can: sja1000: fix use after free in ems_pcmcia_add_card() (git-fixes). - can: softing: softing_startstop(): fix set but not used variable warning (git-fixes). - can: softing_cs: softingcs_probe(): fix memleak on registration failure (git-fixes). - can: usb_8dev: remove unused member echo_skb from struct usb_8dev_priv (git-fixes). - can: xilinx_can: xcan_probe(): check for error irq (git-fixes). - char/mwave: Adjust io port register size (git-fixes). - clk: Do not parent clks until the parent is fully registered (git-fixes). - clk: Gemini: fix struct name in kernel-doc (git-fixes). - clk: bcm-2835: Pick the closest clock rate (git-fixes). - clk: bcm-2835: Remove rounding up the dividers (git-fixes). - clk: imx8mn: Fix imx8mn_clko1_sels (git-fixes). - clk: imx: pllv1: fix kernel-doc notation for struct clk_pllv1 (git-fixes). - clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk (git-fixes). - clk: qcom: regmap-mux: fix parent clock lookup (git-fixes). - clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system enter shell (git-fixes). - crypto: caam - replace this_cpu_ptr with raw_cpu_ptr (git-fixes). - crypto: mxs-dcp - Use sg_mapping_iter to copy data (git-fixes). - crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() (git-fixes). - crypto: qat - do not ignore errors from enable_vf2pf_comms() (git-fixes). - crypto: qat - fix reuse of completion variable (git-fixes). - crypto: qat - handle both source of interrupt in VF ISR (git-fixes). - crypto: qce - fix uaf on qce_ahash_register_one (git-fixes). - crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (git-fixes). - crypto: stm32/cryp - fix double pm exit (git-fixes). - crypto: stm32/cryp - fix lrw chaining mode (git-fixes). - crypto: stm32/cryp - fix xts and race condition in crypto_engine requests (git-fixes). - debugfs: lockdown: Allow reading debugfs files that are not world readable (bsc#1193328 ltc#195566). - device property: Fix documentation for FWNODE_GRAPH_DEVICE_DISABLED (git-fixes). - dm crypt: document encrypted keyring key option (git-fixes). - dm writecache: add "cleaner" and "max_age" to Documentation (git-fixes). - dm writecache: advance the number of arguments when reporting max_age (git-fixes). - dm writecache: fix performance degradation in ssd mode (git-fixes). - dm writecache: flush origin device when writing and cache is full (git-fixes). - dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() (git-fixes). - dmaengine: at_xdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (git-fixes). - dmaengine: at_xdmac: Fix concurrency over xfers_list (git-fixes). - dmaengine: at_xdmac: Fix lld view setting (git-fixes). - dmaengine: at_xdmac: Print debug message after realeasing the lock (git-fixes). - dmaengine: bestcomm: fix system boot lockups (git-fixes). - dmaengine: idxd: add module parameter to force disable of SVA (bsc#1192931). - dmaengine: idxd: enable SVA feature for IOMMU (bsc#1192931). - dmaengine: pxa/mmp: stop referencing config->slave_id (git-fixes). - dmaengine: st_fdma: fix MODULE_ALIAS (git-fixes). - drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10 (git-fixes). - drm/amd/display: Fix for the no Audio bug with Tiled Displays (git-fixes). - drm/amd/display: Update bounding box states (v2) (git-fixes). - drm/amd/display: Update number of DCN3 clock states (git-fixes). - drm/amd/display: add connector type check for CRC source set (git-fixes). - drm/amd/display: dcn20_resource_construct reduce scope of FPU enabled (git-fixes). - drm/amd/display: fix incorrect CM/TF programming sequence in dwb (git-fixes). - drm/amd/display: fix missing writeback disablement if plane is removed (git-fixes). - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (git-fixes). - drm/amdgpu: Fix a printing message (git-fixes). - drm/amdgpu: Fix amdgpu_ras_eeprom_init() (git-fixes). - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE (git-fixes). - drm/amdgpu: revert "Add autodump debugfs node for gpu reset v8" (git-fixes). - drm/amdkfd: Account for SH/SE count when setting up cu masks (git-fixes). - drm/amdkfd: Check for null pointer after calling kmemdup (git-fixes). - drm/ast: potential dereference of null pointer (git-fixes). - drm/atomic: Check new_crtc_state->active to determine if CRTC needs disable in self refresh mode (git-fixes). - drm/bridge: analogix_dp: Make PSR-exit block less (git-fixes). - drm/bridge: display-connector: fix an uninitialized pointer in probe() (git-fixes). - drm/bridge: nwl-dsi: Avoid potential multiplication overflow on 32-bit (git-fixes). - drm/bridge: ti-sn65dsi86: Set max register for regmap (git-fixes). - drm/display: fix possible null-pointer dereference in dcn10_set_clock() (git-fixes). - drm/exynos: Always initialize mapping in exynos_drm_register_dma() (git-fixes). - drm/i915/fb: Fix rounding error in subsampled plane size calculation (git-fixes). - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (git-fixes). - drm/mediatek: Check plane visibility in atomic_update (git-fixes). - drm/msm/dpu: fix safe status debugfs file (git-fixes). - drm/msm/dsi: Fix DSI and DSI PHY regulator config from SDM660 (git-fixes). - drm/msm/dsi: set default num_data_lanes (git-fixes). - drm/msm/mdp5: fix cursor-related warnings (git-fixes). - drm/msm: mdp4: drop vblank get/put from prepare/complete_commit (git-fixes). - drm/msm: prevent NULL dereference in msm_gpu_crashstate_capture() (git-fixes). - drm/panel: innolux-p079zca: Delete panel on attach() failure (git-fixes). - drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure (git-fixes). - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (git-fixes). - drm/rockchip: dsi: Disable PLL clock on bind error (git-fixes). - drm/rockchip: dsi: Fix unbalanced clock on probe error (git-fixes). - drm/rockchip: dsi: Hold pm-runtime across bind/unbind (git-fixes). - drm/rockchip: dsi: Reconfigure hardware on resume() (git-fixes). - drm/sun4i: dw-hdmi: Fix missing put_device() call in sun8i_hdmi_phy_get (git-fixes). - drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY (git-fixes). - drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence (git-fixes). - drm/tegra: vic: Fix DMA API misuse (git-fixes). - drm/vboxvideo: fix a NULL vs IS_ERR() check (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered up during bind (git-fixes). - drm/vc4: hdmi: Set HD_CTL_WHOLSMP and HD_CTL_CHALIGN_SET (git-fixes). - drm/vc4: hdmi: Set a default HSM rate (git-fixes). - drm: fix null-ptr-deref in drm_dev_init_release() (git-fixes). - drm: xlnx: zynqmp: release reset to DP controller before accessing DP registers (git-fixes). - drm: xlnx: zynqmp_dpsub: Call pm_runtime_get_sync before setting pixel clock (git-fixes). - eeprom: idt_89hpesx: Put fwnode in matching case during ->probe() (git-fixes). - eeprom: idt_89hpesx: Restore printing the unsupported fwnode name (git-fixes). - ext4: Avoid trim error on fs with small groups (bsc#1191271). - ext4: fix lazy initialization next schedule time computation in more granular unit (bsc#1194580). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - firmware: Update Kconfig help text for Google firmware (git-fixes). - firmware: arm_scmi: pm: Propagate return value to caller (git-fixes). - firmware: arm_scpi: Fix string overflow in SCPI genpd driver (git-fixes). - firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available() (git-fixes). - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries (git-fixes). - firmware: qemu_fw_cfg: fix kobject leak in probe error path (git-fixes). - firmware: qemu_fw_cfg: fix sysfs information leak (git-fixes). - firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()' (git-fixes). - firmware: smccc: Fix check for ARCH_SOC_ID not implemented (git-fixes). - firmware: tegra: Fix error application of sizeof() to pointer (git-fixes). - firmware: tegra: Reduce stack usage (git-fixes). - firmware_loader: fix pre-allocated buf built-in firmware use (git-fixes). - floppy: Fix hang in watchdog when disk is ejected (git-fixes). - flow_offload: return EOPNOTSUPP for the unsupported mpls action type (bsc#1154353). - fuse: Pass correct lend value to filemap_write_and_wait_range() (bsc#1194953). - gpiolib: acpi: Make set-debounce-timeout failures non fatal (git-fixes). - gpu: host1x: Add back arm_iommu_detach_device() (git-fixes). - hwmon: (lm90) Add basic support for TI TMP461 (git-fixes). - hwmon: (lm90) Add max6654 support to lm90 driver (git-fixes). - hwmon: (lm90) Do not report 'busy' status bit as alarm (git-fixes). - hwmon: (lm90) Drop critical attribute support for MAX6654 (git-fixes). - hwmon: (lm90) Fix usage of CONFIG2 register in detect function (git-fixes). - hwmon: (lm90) Introduce flag indicating extended temperature support (git-fixes). - i2c: rk3x: Handle a spurious start completion interrupt flag (git-fixes). - i2c: validate user data in compat ioctl (git-fixes). - i3c: fix incorrect address slot lookup on 64-bit (git-fixes). - i3c: master: dw: check return of dw_i3c_master_get_free_pos() (git-fixes). - i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (git-fixes). - i40e: Fix for displaying message regarding NVM version (git-fixes). - i40e: Fix incorrect netdev's real number of RX/TX queues (git-fixes). - i40e: Fix to not show opcode msg on unsuccessful VF MAC change (git-fixes). - i40e: fix use-after-free in i40e_sync_filters_subtask() (git-fixes). - iavf: Fix limit of total number of queues to active queues of VF (git-fixes). - iavf: restore MSI state on reset (git-fixes). - ieee802154: atusb: fix uninit value in atusb_set_extended_addr (git-fixes). - ieee802154: fix error return code in ieee802154_llsec_getparams() (git-fixes). - ieee802154: fix error return code in ieee802154_add_iface() (git-fixes). - ieee802154: hwsim: Fix memory leak in hwsim_add_one (git-fixes). - ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others (git-fixes). - ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl() (git-fixes). - ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi (git-fixes). - igb: Fix removal of unicast MAC filters of VFs (git-fixes). - igbvf: fix double free in `igbvf_probe` (git-fixes). - igc: Fix typo in i225 LTR functions (jsc#SLE-13533). - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (git-fixes). - iio: ad7768-1: Call iio_trigger_notify_done() on error (git-fixes). - iio: adc: axp20x_adc: fix charging current reporting on AXP22x (git-fixes). - iio: at91-sama5d2: Fix incorrect sign extension (git-fixes). - iio: dln2-adc: Fix lockdep complaint (git-fixes). - iio: dln2: Check return value of devm_iio_trigger_register() (git-fixes). - iio: itg3200: Call iio_trigger_notify_done() on error (git-fixes). - iio: kxsd9: Do not return error code in trigger handler (git-fixes). - iio: ltr501: Do not return error code in trigger handler (git-fixes). - iio: mma8452: Fix trigger reference couting (git-fixes). - iio: stk3310: Do not return error code in interrupt handler (git-fixes). - iio: trigger: Fix reference counting (git-fixes). - iio: trigger: stm32-timer: fix MODULE_ALIAS (git-fixes). - ionic: Initialize the 'lif->dbid_inuse' bitmap (bsc#1167773). - isofs: Fix out of bound access for corrupted isofs image (bsc#1194591). - iwlwifi: fw: correctly limit to monitor dump (git-fixes). - iwlwifi: mvm: Fix scan channel flags settings (git-fixes). - iwlwifi: mvm: Use div_s64 instead of do_div in iwl_mvm_ftm_rtt_smoothing() (git-fixes). - iwlwifi: mvm: avoid static queue number aliasing (git-fixes). - iwlwifi: mvm: disable RX-diversity in powersave (git-fixes). - iwlwifi: mvm: fix 32-bit build in FTM (git-fixes). - iwlwifi: mvm: fix access to BSS elements (git-fixes). - iwlwifi: mvm: test roc running status bits before removing the sta (git-fixes). - iwlwifi: pcie: free RBs during configure (git-fixes). - ixgbe: set X550 MDIO speed before talking to PHY (git-fixes). - kmod: make request_module() return an error when autoloading is disabled (git-fixes). - kobject: Restore old behaviour of kobject_del(NULL) (git-fixes). - kobject_uevent: remove warning in init_uevent_argv() (git-fixes). - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - libata: add horkage for ASMedia 1092 (git-fixes). - libata: if T_LENGTH is zero, dma direction should be DMA_NONE (git-fixes). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - lockdown: Allow unprivileged users to see lockdown status (git-fixes). - mISDN: change function names to avoid conflicts (git-fixes). - mac80211: Fix monitor MTU limit so that A-MSDUs get through (git-fixes). - mac80211: agg-tx: do not schedule_and_wake_txq() under sta->lock (git-fixes). - mac80211: do not access the IV when it was stripped (git-fixes). - mac80211: fix lookup when adding AddBA extension element (git-fixes). - mac80211: fix regression in SSN handling of addba tx (git-fixes). - mac80211: initialize variable have_higher_than_11mbit (git-fixes). - mac80211: mark TX-during-stop for TX in in_reconfig (git-fixes). - mac80211: send ADDBA requests using the tid/queue of the aggregation session (git-fixes). - mac80211: track only QoS data frames for admission control (git-fixes). - mac80211: validate extended element ID is present (git-fixes). - mailbox: hi3660: convert struct comments to kernel-doc notation (git-fixes). - media: Revert "media: uvcvideo: Set unique vdev name based in type" (bsc#1193255). - media: aspeed: Update signal status immediately to ensure sane hw state (git-fixes). - media: aspeed: fix mode-detect always time out at 2nd run (git-fixes). - media: cpia2: fix control-message timeouts (git-fixes). - media: dib0700: fix undefined behavior in tuner shutdown (git-fixes). - media: dib8000: Fix a memleak in dib8000_init() (git-fixes). - media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes). - media: dw2102: Fix use after free (git-fixes). - media: em28xx: fix control-message timeouts (git-fixes). - media: em28xx: fix memory leak in em28xx_init_dev (git-fixes). - media: flexcop-usb: fix control-message timeouts (git-fixes). - media: hantro: Fix probe func error path (git-fixes). - media: i2c: imx274: fix trivial typo expsoure/exposure (git-fixes). - media: i2c: imx274: fix trivial typo obainted/obtained (git-fixes). - media: imx-pxp: Initialize the spinlock prior to using it (git-fixes). - media: mceusb: fix control-message timeouts (git-fixes). - media: msi001: fix possible null-ptr-deref in msi001_probe() (git-fixes). - media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (git-fixes). - media: pvrusb2: fix control-message timeouts (git-fixes). - media: rcar-csi2: Correct the selection of hsfreqrange (git-fixes). - media: rcar-csi2: Optimize the selection PHTW register (git-fixes). - media: redrat3: fix control-message timeouts (git-fixes). - media: s2255: fix control-message timeouts (git-fixes). - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (git-fixes). - media: si2157: Fix "warm" tuner state detection (git-fixes). - media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() (git-fixes). - media: stk1160: fix control-message timeouts (git-fixes). - media: streamzap: remove unnecessary ir_raw_event_reset and handle (git-fixes). - media: uvcvideo: fix division by zero at stream start (git-fixes). - media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()' (git-fixes). - memblock: ensure there is no overflow in memblock_overlaps_region() (git-fixes). - memory: emif: Remove bogus debugfs error handling (git-fixes). - mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (git-fixes). - misc: fastrpc: Add missing lock before accessing find_vma() (git-fixes). - misc: fastrpc: fix improper packet size calculation (git-fixes). - misc: lattice-ecp3-config: Fix task hung when firmware load failed (git-fixes). - mmc: meson-mx-sdio: add IRQ check (git-fixes). - mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (git-fixes). - mmc: sdhci-esdhc-imx: disable CMDQ support (git-fixes). - mmc: sdhci-pci: Add PCI ID for Intel ADL (git-fixes). - mmc: sdhci-tegra: Fix switch to HS400ES mode (git-fixes). - move to "mainline soon" section: - patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch - moxart: fix potential use-after-free on remove path (bsc#1194516). - mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode (git-fixes). - mt76: mt7915: fix an off-by-one bound check (git-fixes). - mtd: rawnand: fsmc: Fix timing computation (git-fixes). - mtd: rawnand: fsmc: Take instruction delay into account (git-fixes). - mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip() (git-fixes). - mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (git-fixes). - mwifiex: Fix possible ABBA deadlock (git-fixes). - mwifiex: Try waking the firmware until we get an interrupt (git-fixes). - net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources (jsc#SLE-8464). - net/mlx5: Set command entry semaphore up once got index free (jsc#SLE-15172). - net/mlx5e: Fix wrong features assignment in case of error (git-fixes). - net/mlx5e: Wrap the tx reporter dump callback to extract the sq (jsc#SLE-15172). - net/sched: fq_pie: prevent dismantle issue (jsc#SLE-15172). - net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1176774). - net: create netdev->dev_addr assignment helpers (git-fixes). - net: ena: Fix error handling when calculating max IO queues number (bsc#1154492). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1154492). - net: ena: Fix wrong rx request id by resetting device (git-fixes). - net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (jsc#SLE-14777). - net: usb: lan78xx: add Allied Telesis AT29M2-AF (git-fixes). - net: usb: pegasus: Do not drop long Ethernet frames (git-fixes). - netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone (bsc#1176447). - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (git-fixes). - nfc: fix segfault in nfc_genl_dump_devices_done (git-fixes). - nfsd: Fix nsfd startup race (again) (git-fixes). - nft_set_pipapo: Fix bucket load in AVX2 lookup routine for six 8-bit groups (bsc#1176447). - nvme-tcp: block BH in sk state_change sk callback (git-fixes). - nvme-tcp: can't set sk_user_data without write_lock (git-fixes). - nvme-tcp: check sgl supported by target (git-fixes). - nvme-tcp: do not update queue count when failing to set io queues (git-fixes). - nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU (git-fixes). - nvme-tcp: fix crash triggered with a dataless request submission (git-fixes). - nvme-tcp: fix error codes in nvme_tcp_setup_ctrl() (git-fixes). - nvme-tcp: fix io_work priority inversion (git-fixes). - nvme-tcp: fix possible data corruption with bio merges (git-fixes). - nvme-tcp: fix possible req->offset corruption (git-fixes). - nvme-tcp: fix wrong setting of request iov_iter (git-fixes). - nvme-tcp: get rid of unused helper function (git-fixes). - nvme-tcp: pair send_mutex init with destroy (git-fixes). - nvme-tcp: pass multipage bvec to request iov_iter (git-fixes). - nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME (git-fixes). - pcmcia: fix setting of kthread task states (git-fixes). - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (git-fixes). - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (git-fixes). - pcnet32: Use pci_resource_len to validate PCI resource (git-fixes). - pinctrl: mediatek: fix global-out-of-bounds issue (git-fixes). - pinctrl: qcom: spmi-gpio: correct parent irqspec translation (git-fixes). - pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (git-fixes). - pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume() (git-fixes). - pipe: increase minimum default pipe size to 2 pages (bsc#1194587). - platform/x86: apple-gmux: use resource_size() with res (git-fixes). - platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (git-fixes). - power: reset: ltc2952: Fix use of floating point literals (git-fixes). - power: supply: core: Break capacity loop (git-fixes). - power: supply: max17042_battery: Clear status bits in interrupt handler (git-fixes). - powerpc/64s: fix program check interrupt emergency stack path (bsc#1156395). - powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic (bsc#1193901 ltc#194976). - powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC (bsc#1156395). - powerpc/perf: Fix data source encodings for L2.1 and L3.1 accesses (bsc#1065729). - powerpc/prom_init: Fix improper check of prom_getprop() (bsc#1065729). - powerpc/pseries/cpuhp: cache node corrections (bsc#1065729). - powerpc/pseries/cpuhp: delete add/remove_by_count code (bsc#1065729). - powerpc/pseries/mobility: ignore ibm, platform-facilities updates (bsc#1065729). - powerpc/traps: do not enable irqs in _exception (bsc#1065729). - powerpc/xive: Add missing null check after calling kmalloc (bsc#1177437 ltc#188522 jsc#SLE-13294 git-fixes). - powerpc: add interrupt_cond_local_irq_enable helper (bsc#1065729). - powerpc: handle kdump appropriately with crash_kexec_post_notifiers option (bsc#1193901 ltc#194976). - pwm: mxs: Do not modify HW state in .probe() after the PWM chip was registered (git-fixes). - pwm: tiecap: Drop .free() callback (git-fixes). - qlcnic: potential dereference null pointer of rx_queue->page_ring (git-fixes). - quota: check block number when reading the block in quota file (bsc#1194589). - quota: correct error number in free_dqentry() (bsc#1194590). - random: fix data race on crng init time (git-fixes). - random: fix data race on crng_node_pool (git-fixes). - regmap: Call regmap_debugfs_exit() prior to _init() (git-fixes). - rndis_host: support Hytera digital radios (git-fixes). - rpmsg: core: Clean up resources on announce_create failure (git-fixes). - rtl8xxxu: Fix the handling of TX A-MPDU aggregation (git-fixes). - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (git-fixes). - rtw88: use read_poll_timeout instead of fixed sleep (git-fixes). - rtw88: wow: build wow function only if CONFIG_PM is on (git-fixes). - rtw88: wow: fix size access error of probe request (git-fixes). - sata: nv: fix debug format string mismatch (git-fixes). - scsi: lpfc: Add additional debugfs support for CMF (bsc#1194266). - scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc#1194266). - scsi: lpfc: Cap CMF read bytes to MBPI (bsc#1194266). - scsi: lpfc: Change return code on I/Os received during link bounce (bsc#1194266). - scsi: lpfc: Fix NPIV port deletion crash (bsc#1194266). - scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV (bsc#1194266). - scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc#1194266). - scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup (bsc#1194266). - scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc#1194266). - scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id() (git-fixes). - scsi: qla2xxx: Format log strings only if needed (git-fixes). - scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes). - scsi: qla2xxx: edif: Fix app start delay (git-fixes). - scsi: qla2xxx: edif: Fix app start fail (git-fixes). - scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() (git-fixes). - scsi: qla2xxx: edif: Flush stale events and msgs on session down (git-fixes). - scsi: qla2xxx: edif: Increase ELS payload (git-fixes). - select: Fix indefinitely sleeping task in poll_schedule_timeout() (bsc#1194027). - selftests: KVM: Explicitly use movq to read xmm registers (git-fixes). - selinux: fix potential memleak in selinux_add_opt() (git-fixes). - seq_buf: Fix overflow in seq_buf_putmem_hex() (git-fixes). - seq_buf: Make trace_seq_putmem_hex() support data longer than 8 (git-fixes). - serial: pl011: Add ACPI SBSA UART match id (git-fixes). - serial: tty: uartlite: fix console setup (git-fixes). - sfc: Check null pointer of rx_queue->page_ring (git-fixes). - sfc: The RX page_ring is optional (git-fixes). - sfc: falcon: Check null pointer of rx_queue->page_ring (git-fixes). - sfc_ef100: potential dereference of null pointer (jsc#SLE-16683). - shmem: shmem_writepage() split unlikely i915 THP (git-fixes). - slimbus: qcom: fix potential NULL dereference in qcom_slim_prg_slew() (git-fixes). - soc/tegra: fuse: Fix bitwise vs. logical OR warning (git-fixes). - soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read (git-fixes). - soc: fsl: dpio: rename the enqueue descriptor variable (git-fixes). - soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id (git-fixes). - soc: fsl: dpio: use an explicit NULL instead of 0 (git-fixes). - soc: fsl: dpio: use the combined functions to protect critical zone (git-fixes). - spi: change clk_disable_unprepare to clk_unprepare (git-fixes). - spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (git-fixes). - spi: spi-rspi: Drop redeclaring ret variable in qspi_transfer_in() (git-fixes). - staging: emxx_udc: Fix passing of NULL to dma_alloc_coherent() (git-fixes). - staging: fbtft: Do not spam logs when probe is deferred (git-fixes). - staging: fbtft: Rectify GPIO handling (git-fixes). - staging: fieldbus: anybuss: jump to correct label in an error path (git-fixes). - staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC (git-fixes). - staging: rtl8192e: return error code from rtllib_softmac_init() (git-fixes). - staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib() (git-fixes). - staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (git-fixes). - string.h: fix incompatibility between FORTIFY_SOURCE and KASAN (git-fixes). - thermal/drivers/imx8mm: Enable ADC when enabling monitor (git-fixes). - thermal/drivers/int340x: Do not set a wrong tcc offset on resume (git-fixes). - thermal: core: Reset previous low and high trip during thermal zone init (git-fixes). - tpm: add request_locality before write TPM_INT_ENABLE (git-fixes). - tpm: fix potential NULL pointer access in tpm_del_char_device (git-fixes). - tracing/kprobes: 'nmissed' not showed correctly for kretprobe (git-fixes). - tracing/uprobes: Check the return value of kstrdup() for tu->filename (git-fixes). - tracing: Add test for user space strings when filtering on string pointers (git-fixes). - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (git-fixes). - tty: max310x: fix flexible_array.cocci warnings (git-fixes). - tty: serial: atmel: Call dma_async_issue_pending() (git-fixes). - tty: serial: atmel: Check return code of dmaengine_submit() (git-fixes). - tty: serial: earlycon dependency (git-fixes). - tty: serial: qcom_geni_serial: Drop __init from qcom_geni_console_setup (git-fixes). - tty: serial: uartlite: allow 64 bit address (git-fixes). - tty: synclink_gt: rename a conflicting function name (git-fixes). - udf: Fix crash after seekdir (bsc#1194592). - uio: uio_dmem_genirq: Catch the Exception (git-fixes). - usb: core: config: fix validation of wMaxPacketValue entries (git-fixes). - usb: core: config: using bit mask instead of individual bits (git-fixes). - usb: dwc2: check return value after calling platform_get_resource() (git-fixes). - usb: dwc3: gadget: Continue to process pending requests (git-fixes). - usb: dwc3: gadget: Ignore EP queue requests during bus reset (git-fixes). - usb: dwc3: gadget: Reclaim extra TRBs after request completion (git-fixes). - usb: dwc3: pci: Enable dis_uX_susphy_quirk for Intel Merrifield (git-fixes). - usb: dwc3: ulpi: Fix USB2.0 HS/FS/LS PHY suspend regression (git-fixes). - usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one (git-fixes). - usb: dwc3: ulpi: fix checkpatch warning (git-fixes). - usb: ftdi-elan: fix memory leak on device disconnect (git-fixes). - usb: gadget: composite: Allow bMaxPower=0 if self-powered (git-fixes). - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear (git-fixes). - usb: gadget: u_ether: fix race in setting MAC address in setup phase (git-fixes). - usb: mtu3: add memory barrier before set GPD's HWO (git-fixes). - usb: mtu3: fix interval value for intr and isoc (git-fixes). - usb: mtu3: fix list_head check warning (git-fixes). - usb: mtu3: set interval of FS intr and isoc endpoint (git-fixes). - usb: typec: tcpm: handle SRC_STARTUP state if cc changes (git-fixes). - usb: xhci: Extend support for runtime power management for AMD's Yellow carp (git-fixes). - usermodehelper: reset umask to default before executing user process (git-fixes). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - video: backlight: Drop maximum brightness override for brightness zero (git-fixes). - watchdog: Fix OMAP watchdog early handling (git-fixes). - watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (git-fixes). - wcn36xx: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (git-fixes). - wcn36xx: Release DMA channel descriptor allocations (git-fixes). - wcn36xx: handle connection loss indication (git-fixes). - wireguard: allowedips: add missing __rcu annotation to satisfy sparse (git-fixes). - wireguard: device: reset peer src endpoint when netns exits (git-fixes). - wireguard: ratelimiter: use kvcalloc() instead of kvzalloc() (git-fixes). - wireguard: receive: drop handshakes if queue lock is contended (git-fixes). - wireguard: receive: use ring buffer for incoming handshakes (git-fixes). - wireguard: selftests: actually test for routing loops (git-fixes). - wireguard: selftests: increase default dmesg log size (git-fixes). - wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma (git-fixes). - x86/platform/uv: Add more to secondary CPU kdump info (bsc#1194493). - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set (git-fixes). - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (git-fixes). - xhci: avoid race between disable slot command and host runtime suspend (git-fixes). - xhci: fix unsafe memory usage in xhci tracing (git-fixes). cluster-md-kmp-preempt-5.3.18-150300.59.43.1.x86_64.rpm True dlm-kmp-preempt-5.3.18-150300.59.43.1.x86_64.rpm True gfs2-kmp-preempt-5.3.18-150300.59.43.1.x86_64.rpm True kernel-preempt-5.3.18-150300.59.43.1.nosrc.rpm True kernel-preempt-5.3.18-150300.59.43.1.x86_64.rpm True kernel-preempt-devel-5.3.18-150300.59.43.1.x86_64.rpm True kernel-preempt-extra-5.3.18-150300.59.43.1.x86_64.rpm True kernel-preempt-livepatch-devel-5.3.18-150300.59.43.1.x86_64.rpm True kernel-preempt-optional-5.3.18-150300.59.43.1.x86_64.rpm True kselftests-kmp-preempt-5.3.18-150300.59.43.1.x86_64.rpm True ocfs2-kmp-preempt-5.3.18-150300.59.43.1.x86_64.rpm True reiserfs-kmp-preempt-5.3.18-150300.59.43.1.x86_64.rpm True dtb-aarch64-5.3.18-150300.59.43.1.src.rpm True dtb-al-5.3.18-150300.59.43.1.aarch64.rpm True dtb-zte-5.3.18-150300.59.43.1.aarch64.rpm True openSUSE-SLE-15.4-2022-491 moderate SUSE Updates openSUSE-SLE 15.4 This update for rust fixes the following issues: - CVE-2022-21658: Fixed race condition in std::fs::remove_dir_all (bsc#1194767). cargo-doc-1.53.0-22.1.noarch.rpm rust-1.53.0-22.1.src.rpm rust-analysis-1.53.0-22.1.x86_64.rpm rust-doc-1.53.0-22.1.x86_64.rpm rust-src-1.53.0-22.1.noarch.rpm rust-analysis-1.53.0-22.1.aarch64.rpm rust-doc-1.53.0-22.1.aarch64.rpm openSUSE-SLE-15.4-2022-492 important SUSE Updates openSUSE-SLE 15.4 This update for strongswan fixes the following issues: - CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471) strongswan-5.8.2-11.24.1.src.rpm strongswan-5.8.2-11.24.1.x86_64.rpm strongswan-doc-5.8.2-11.24.1.noarch.rpm strongswan-hmac-5.8.2-11.24.1.x86_64.rpm strongswan-ipsec-5.8.2-11.24.1.x86_64.rpm strongswan-libs0-5.8.2-11.24.1.x86_64.rpm strongswan-mysql-5.8.2-11.24.1.x86_64.rpm strongswan-nm-5.8.2-11.24.1.x86_64.rpm strongswan-sqlite-5.8.2-11.24.1.x86_64.rpm strongswan-5.8.2-11.24.1.s390x.rpm strongswan-hmac-5.8.2-11.24.1.s390x.rpm strongswan-ipsec-5.8.2-11.24.1.s390x.rpm strongswan-libs0-5.8.2-11.24.1.s390x.rpm strongswan-mysql-5.8.2-11.24.1.s390x.rpm strongswan-nm-5.8.2-11.24.1.s390x.rpm strongswan-sqlite-5.8.2-11.24.1.s390x.rpm strongswan-5.8.2-11.24.1.ppc64le.rpm strongswan-hmac-5.8.2-11.24.1.ppc64le.rpm strongswan-ipsec-5.8.2-11.24.1.ppc64le.rpm strongswan-libs0-5.8.2-11.24.1.ppc64le.rpm strongswan-mysql-5.8.2-11.24.1.ppc64le.rpm strongswan-nm-5.8.2-11.24.1.ppc64le.rpm strongswan-sqlite-5.8.2-11.24.1.ppc64le.rpm strongswan-5.8.2-11.24.1.aarch64.rpm strongswan-hmac-5.8.2-11.24.1.aarch64.rpm strongswan-ipsec-5.8.2-11.24.1.aarch64.rpm strongswan-libs0-5.8.2-11.24.1.aarch64.rpm strongswan-mysql-5.8.2-11.24.1.aarch64.rpm strongswan-nm-5.8.2-11.24.1.aarch64.rpm strongswan-sqlite-5.8.2-11.24.1.aarch64.rpm openSUSE-SLE-15.4-2022-214 important SUSE Updates openSUSE-SLE 15.4 This update for log4j fixes the following issues: - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. (bsc#1194844) - CVE-2022-23305: Fixed SQL injection when application is configured to use JDBCAppender. (bsc#1194843) - CVE-2022-23302: Fixed remote code execution when application is configured to use JMSSink. (bsc#1194842) log4j-1.2.17-5.9.1.src.rpm log4j-manual-1.2.17-5.9.1.noarch.rpm openSUSE-SLE-15.4-2022-282 low SUSE Updates openSUSE-SLE 15.4 This is a relogin-suggested test update for SUSE:SLE-15-SP2:Update update-test-relogin-suggested-5.1-33.2.x86_64.rpm True update-test-relogin-suggested-5.1-33.2.s390x.rpm True update-test-relogin-suggested-5.1-33.2.ppc64le.rpm True update-test-relogin-suggested-5.1-33.2.aarch64.rpm True openSUSE-SLE-15.4-2022-274 low SUSE Updates openSUSE-SLE 15.4 This is a affects-package-manager test update for SUSE:SLE-15-SP2:Update update-test-affects-package-manager-5.1-33.2.x86_64.rpm True update-test-affects-package-manager-5.1-33.2.s390x.rpm True update-test-affects-package-manager-5.1-33.2.ppc64le.rpm True update-test-affects-package-manager-5.1-33.2.aarch64.rpm True openSUSE-SLE-15.4-2022-275 low SUSE Updates openSUSE-SLE 15.4 This is a retracted test update for SUSE:SLE-15-SP2:Update update-test-retracted-5.1-33.2.x86_64.rpm update-test-retracted-5.1-33.2.s390x.rpm update-test-retracted-5.1-33.2.ppc64le.rpm update-test-retracted-5.1-33.2.aarch64.rpm openSUSE-SLE-15.4-2022-276 low SUSE Updates openSUSE-SLE 15.4 This is a optional test update for SUSE:SLE-15-SP2:Update update-test-optional-5.1-33.2.x86_64.rpm update-test-optional-5.1-33.2.s390x.rpm update-test-optional-5.1-33.2.ppc64le.rpm update-test-optional-5.1-33.2.aarch64.rpm openSUSE-SLE-15.4-2022-277 important SUSE Updates openSUSE-SLE 15.4 This is a security test update for SUSE:SLE-15-SP2:Update update-test-security-5.1-33.2.x86_64.rpm update-test-security-5.1-33.2.s390x.rpm update-test-security-5.1-33.2.ppc64le.rpm update-test-security-5.1-33.2.aarch64.rpm openSUSE-SLE-15.4-2022-278 low SUSE Updates openSUSE-SLE 15.4 This is a trivial test update for SUSE:SLE-15-SP2:Update update-test-trivial-5.1-33.2.src.rpm update-test-trivial-5.1-33.2.x86_64.rpm update-test-trivial-5.1-33.2.s390x.rpm update-test-trivial-5.1-33.2.ppc64le.rpm update-test-trivial-5.1-33.2.aarch64.rpm openSUSE-SLE-15.4-2022-279 low SUSE Updates openSUSE-SLE 15.4 This is a feature test update for SUSE:SLE-15-SP2:Update update-test-feature-5.1-33.2.x86_64.rpm update-test-feature-5.1-33.2.s390x.rpm update-test-feature-5.1-33.2.ppc64le.rpm update-test-feature-5.1-33.2.aarch64.rpm openSUSE-SLE-15.4-2022-280 low SUSE Updates openSUSE-SLE 15.4 This is a reboot-needed test update for SUSE:SLE-15-SP2:Update update-test-reboot-needed-5.1-33.2.x86_64.rpm True update-test-reboot-needed-5.1-33.2.s390x.rpm True update-test-reboot-needed-5.1-33.2.ppc64le.rpm True update-test-reboot-needed-5.1-33.2.aarch64.rpm True openSUSE-SLE-15.4-2022-281 low SUSE Updates openSUSE-SLE 15.4 This is a interactive test update for SUSE:SLE-15-SP2:Update Is this message visible? update-test-interactive-5.1-33.2.x86_64.rpm update-test-interactive-5.1-33.2.s390x.rpm update-test-interactive-5.1-33.2.ppc64le.rpm update-test-interactive-5.1-33.2.aarch64.rpm openSUSE-SLE-15.4-2022-476 moderate SUSE Updates openSUSE-SLE 15.4 This update for nfs-utils fixes the following issues: - If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661) nfs-client-2.1.1-10.21.1.x86_64.rpm nfs-doc-2.1.1-10.21.1.x86_64.rpm nfs-kernel-server-2.1.1-10.21.1.x86_64.rpm nfs-utils-2.1.1-10.21.1.src.rpm nfs-client-2.1.1-10.21.1.s390x.rpm nfs-doc-2.1.1-10.21.1.s390x.rpm nfs-kernel-server-2.1.1-10.21.1.s390x.rpm nfs-client-2.1.1-10.21.1.ppc64le.rpm nfs-doc-2.1.1-10.21.1.ppc64le.rpm nfs-kernel-server-2.1.1-10.21.1.ppc64le.rpm nfs-client-2.1.1-10.21.1.aarch64.rpm nfs-doc-2.1.1-10.21.1.aarch64.rpm nfs-kernel-server-2.1.1-10.21.1.aarch64.rpm openSUSE-SLE-15.4-2022-287 critical SUSE Updates openSUSE-SLE 15.4 This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859) libndr0-32bit-4.11.14+git.319.91d693db37c-4.35.1.x86_64.rpm libndr0-4.11.14+git.319.91d693db37c-4.35.1.x86_64.rpm samba-4.11.14+git.319.91d693db37c-4.35.1.src.rpm libndr0-4.11.14+git.319.91d693db37c-4.35.1.s390x.rpm libndr0-4.11.14+git.319.91d693db37c-4.35.1.ppc64le.rpm libndr0-4.11.14+git.319.91d693db37c-4.35.1.aarch64.rpm openSUSE-SLE-15.4-2022-284 critical SUSE Updates openSUSE-SLE 15.4 This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859) libsamba-policy-python-devel-4.9.5+git.483.212a7ebca6b-3.64.1.x86_64.rpm libsamba-policy0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1.x86_64.rpm libsamba-policy0-4.9.5+git.483.212a7ebca6b-3.64.1.x86_64.rpm samba-4.9.5+git.483.212a7ebca6b-3.64.1.src.rpm samba-libs-python-32bit-4.9.5+git.483.212a7ebca6b-3.64.1.x86_64.rpm samba-libs-python-4.9.5+git.483.212a7ebca6b-3.64.1.x86_64.rpm samba-python-4.9.5+git.483.212a7ebca6b-3.64.1.x86_64.rpm libsamba-policy-python-devel-4.9.5+git.483.212a7ebca6b-3.64.1.s390x.rpm libsamba-policy0-4.9.5+git.483.212a7ebca6b-3.64.1.s390x.rpm samba-libs-python-4.9.5+git.483.212a7ebca6b-3.64.1.s390x.rpm samba-python-4.9.5+git.483.212a7ebca6b-3.64.1.s390x.rpm libsamba-policy-python-devel-4.9.5+git.483.212a7ebca6b-3.64.1.ppc64le.rpm libsamba-policy0-4.9.5+git.483.212a7ebca6b-3.64.1.ppc64le.rpm samba-libs-python-4.9.5+git.483.212a7ebca6b-3.64.1.ppc64le.rpm samba-python-4.9.5+git.483.212a7ebca6b-3.64.1.ppc64le.rpm libsamba-policy-python-devel-4.9.5+git.483.212a7ebca6b-3.64.1.aarch64.rpm libsamba-policy0-4.9.5+git.483.212a7ebca6b-3.64.1.aarch64.rpm samba-libs-python-4.9.5+git.483.212a7ebca6b-3.64.1.aarch64.rpm samba-python-4.9.5+git.483.212a7ebca6b-3.64.1.aarch64.rpm openSUSE-SLE-15.4-2022-330 important SUSE Updates openSUSE-SLE 15.4 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for "unix" (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) glibc-2.31-150300.9.12.1.src.rpm glibc-2.31-150300.9.12.1.x86_64.rpm glibc-32bit-2.31-150300.9.12.1.x86_64.rpm glibc-devel-2.31-150300.9.12.1.x86_64.rpm glibc-devel-32bit-2.31-150300.9.12.1.x86_64.rpm glibc-devel-static-2.31-150300.9.12.1.x86_64.rpm glibc-devel-static-32bit-2.31-150300.9.12.1.x86_64.rpm glibc-extra-2.31-150300.9.12.1.x86_64.rpm glibc-html-2.31-150300.9.12.1.noarch.rpm glibc-i18ndata-2.31-150300.9.12.1.noarch.rpm glibc-info-2.31-150300.9.12.1.noarch.rpm glibc-lang-2.31-150300.9.12.1.noarch.rpm glibc-locale-2.31-150300.9.12.1.x86_64.rpm glibc-locale-base-2.31-150300.9.12.1.x86_64.rpm glibc-locale-base-32bit-2.31-150300.9.12.1.x86_64.rpm glibc-profile-2.31-150300.9.12.1.x86_64.rpm glibc-profile-32bit-2.31-150300.9.12.1.x86_64.rpm glibc-utils-2.31-150300.9.12.1.x86_64.rpm glibc-utils-32bit-2.31-150300.9.12.1.x86_64.rpm glibc-utils-src-2.31-150300.9.12.1.src.rpm nscd-2.31-150300.9.12.1.x86_64.rpm glibc-2.31-150300.9.12.1.s390x.rpm glibc-devel-2.31-150300.9.12.1.s390x.rpm glibc-devel-static-2.31-150300.9.12.1.s390x.rpm glibc-extra-2.31-150300.9.12.1.s390x.rpm glibc-locale-2.31-150300.9.12.1.s390x.rpm glibc-locale-base-2.31-150300.9.12.1.s390x.rpm glibc-profile-2.31-150300.9.12.1.s390x.rpm glibc-utils-2.31-150300.9.12.1.s390x.rpm nscd-2.31-150300.9.12.1.s390x.rpm glibc-2.31-150300.9.12.1.ppc64le.rpm glibc-devel-2.31-150300.9.12.1.ppc64le.rpm glibc-devel-static-2.31-150300.9.12.1.ppc64le.rpm glibc-extra-2.31-150300.9.12.1.ppc64le.rpm glibc-locale-2.31-150300.9.12.1.ppc64le.rpm glibc-locale-base-2.31-150300.9.12.1.ppc64le.rpm glibc-profile-2.31-150300.9.12.1.ppc64le.rpm glibc-utils-2.31-150300.9.12.1.ppc64le.rpm nscd-2.31-150300.9.12.1.ppc64le.rpm glibc-2.31-150300.9.12.1.aarch64.rpm glibc-devel-2.31-150300.9.12.1.aarch64.rpm glibc-devel-static-2.31-150300.9.12.1.aarch64.rpm glibc-extra-2.31-150300.9.12.1.aarch64.rpm glibc-locale-2.31-150300.9.12.1.aarch64.rpm glibc-locale-base-2.31-150300.9.12.1.aarch64.rpm glibc-profile-2.31-150300.9.12.1.aarch64.rpm glibc-utils-2.31-150300.9.12.1.aarch64.rpm nscd-2.31-150300.9.12.1.aarch64.rpm openSUSE-SLE-15.4-2022-546 important SUSE Updates openSUSE-SLE 15.4 This update for monitoring-plugins fixes the following issues: the patch just reverts the problem, if you get more than 64K on stdout - recommend syslog for monitoring-plugins-log, as people probably want to analize logs generated by (r)syslog or journald check_snmp will segfaults at line 489 if number of lines returned by SNMPD is greater than number of defined thresholds - Remove unneeded build requirement on "syslog" - Remove unneeded BuildRequires on python-devel (bsc#1191011) - Call gettextize with --no-changelog to make package build reproducible (bsc#1047218) - Update to 2.3.1: Enhancements * check_curl: Add an option to verify the peer certificate and host using the system CA's Fixes * check_curl: fixed help, usage and errors for TLS 1.3 * check_curl: fixed a potential buffer overflow in url buffer * check_dns: split multiple IP addresses passed in one -a argument * check_curl: added string_statuscode function for printing HTTP/1.1 and HTTP/2 correctly * check_curl: fix crash if http header contains leading spaces * check_curl: display a specific human-readable error message where possible * check_pgsql: Using snprintf which honors the buffers size and guarantees null termination. * check_snmp: put the "c" (to mark a counter) after the perfdata value * check_http: Increase regexp limit * check_http: make -C obvious * check_curl: Increase regexp limit (to 1024 as in check_http) * check_curl: make -C obvious (from check_http) - Update to 2.3 (final): Enhancements * check_dns: allow 'expected address' (-a) to be specified in CIDR notation (IPv4 only). * check_dns: allow for IPv6 RDNS * check_dns: Accept CIDR * check_dns: allow unsorted addresses * check_dns: allow forcing complete match of all addresses * check_apt: add --only-critical switch * check_apt: add -l/--list option to print packages * check_file_age: add range checking * check_file_age: enable to test for maximum file size * check_apt: adding packages-warning option * check_load: Adding top consuming processes option * check_http: Adding Proxy-Authorization and extra headers * check_snmp: make calcualtion of timeout value in help output more clear * check_uptime: new plugin for checking uptime to see how long the system is running * check_curl: check_http replacement based on libcurl * check_http: Allow user to specify HTTP method after proxy CONNECT * check_http: Add new flag --show-body/-B to print body * check_cluster: Added data argument validation * check_icmp: Add IPv6 support * check_icmp: Automatically detect IP protocol * check_icmp: emit error if multiple protocol version * check_disk: add support to display inodes usage in perfdata * check_hpjd: Added -D option to disable warning on 'out of paper' * check_http: support the --show-body/-B flag when --expect is used * check_mysql: allow mariadbclient to be used * check_tcp: add --sni * check_dns: detect unreachable dns service in nslookup output Fixes * Fix regression where check_dhcp was rereading response in a tight loop * check_dns: fix error detection on sles nslookup * check_disk_smb: fix timeout issue * check_swap: repaired -n behaviour * check_icmp: Correctly set address_family on lookup * check_icmp: Do not overwrite -4,-6 on lookup * check_smtp: initializes n before it is used * check_dns: fix typo in parameter description * check_by_ssh: fix child process leak on timeouts * check_mysql: Allow sockets to be specified to -H * check_procs: improve command examples for 'at least' processes * check_disk: include -P switch in help * check_mailq: restore accidentially removed options - change version to 2.3~alpha.$date.$commit changes summarized * detect unreachable dns service in nslookup output * check_curl: host_name may be null * update test parameter according to check_http * check_curl: use CURLOPT_RESOLVE to fix connecting to the right ip * workaround for issue #1550 - better use "ping -4" instead of "ping" if supported * Use size_t instead of int when calling sysctl(3) * check_tcp: add --sni * Fix timeout_interval declarations * check_curl: NSS, parse more date formats from certificate (in -C cert check) * check_curl: more tolerant CN= parsing when checking certificates (hit on Centos 8) * setting no_body to TRUE when we have a HEAD request * some LIBCURL_VERSION checks around HTTP/2 feature * added --http-version option to check_curl to choose HTTP * improved curlhelp_parse_statusline to handle both HTTP/1.x and HTTP/2 * check_curl: updates embedded picohttpparser to newest git version * setting progname of check_curl plugin to check_curl (at least for now) * Allow mariadbclient to be used for check_mysql * fix maxfd being zero * include -P switch in help * check_swap: repaired "-n" behaviour * improve command examples for 'at least' processes * check_mysql: Allow sockets to be specified to -H * Adding packages-warning option to check_apt plugin * Adding print top consuming processes option to check_load * check_snmp: make calcualtion of timeout value in help output more clear * [check_disk] add support to display inodes usage in perfdata * check_by_ssh: fix child process leak on timeouts * check_icmp: Add IPv6 support * check_dns: fix typo in parameter description * Also support the --show-body/-B flag when --expect is used * check_dns: improve support for checking multiple addresses * check_hpjd: Added -D option to disable warning on 'out of paper' * check_icmp: Do not overwrite -4,-6 on lookup * check_icmp: emit error if multiple protocol version * check_icmp: move opts string into a variable * check_cluster.c: Added data argument validation. * check_icmp: Correctly set address_family on lookup * check_icmp: process protocol version args first * check_icmp: Add IPv6 support - drop explicit attr in filelist for check_host and check_rta_multi as they are symlinks to check_icmp - add new subpackage monitoring-plugins-uptime - include upstream fixes for check_swap - simply fix the plugin name in the comment - improve the output if the swap has zero size - use unknown exit code for help/version in plugins - updated context in - monitoring-plugins-mysql should also provide monitoring-plugins-mysql_query - Provide/Obsolete nagios-plugins in old version for better compatibility and to allow dist upgrade (bsc#1114483) freeradius-client-1.1.7-3.2.1.src.rpm freeradius-client-1.1.7-3.2.1.x86_64.rpm freeradius-client-devel-1.1.7-3.2.1.x86_64.rpm freeradius-client-libs-1.1.7-3.2.1.x86_64.rpm monitoring-plugins-2.3.1-3.9.2.src.rpm monitoring-plugins-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-all-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-breeze-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-by_ssh-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-cluster-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-common-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-cups-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-dbi-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-dbi-mysql-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-dbi-pgsql-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-dbi-sqlite3-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-dhcp-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-dig-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-disk-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-disk_smb-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-dns-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-dummy-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-extras-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-file_age-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-flexlm-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-fping-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-hpjd-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-http-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-icmp-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-ide_smart-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-ifoperstatus-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-ifstatus-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-ircd-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-ldap-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-load-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-log-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-mailq-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-mrtg-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-mrtgtraf-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-mysql-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-nagios-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-nt-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-ntp_peer-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-ntp_time-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-nwstat-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-oracle-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-overcr-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-pgsql-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-ping-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-procs-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-radius-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-real-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-rpc-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-sensors-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-smtp-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-snmp-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-ssh-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-swap-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-tcp-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-time-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-ups-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-users-2.3.1-3.9.2.x86_64.rpm monitoring-plugins-wave-2.3.1-3.9.2.x86_64.rpm perl-Crypt-DES-2.07-3.2.1.src.rpm perl-Crypt-DES-2.07-3.2.1.x86_64.rpm perl-Crypt-Rijndael-1.13-3.2.1.src.rpm perl-Crypt-Rijndael-1.13-3.2.1.x86_64.rpm perl-Net-SNMP-6.0.1-3.2.1.noarch.rpm perl-Net-SNMP-6.0.1-3.2.1.src.rpm freeradius-client-1.1.7-3.2.1.s390x.rpm freeradius-client-devel-1.1.7-3.2.1.s390x.rpm freeradius-client-libs-1.1.7-3.2.1.s390x.rpm monitoring-plugins-2.3.1-3.9.2.s390x.rpm monitoring-plugins-all-2.3.1-3.9.2.s390x.rpm monitoring-plugins-breeze-2.3.1-3.9.2.s390x.rpm monitoring-plugins-by_ssh-2.3.1-3.9.2.s390x.rpm monitoring-plugins-cluster-2.3.1-3.9.2.s390x.rpm monitoring-plugins-common-2.3.1-3.9.2.s390x.rpm monitoring-plugins-cups-2.3.1-3.9.2.s390x.rpm monitoring-plugins-dbi-2.3.1-3.9.2.s390x.rpm monitoring-plugins-dbi-mysql-2.3.1-3.9.2.s390x.rpm monitoring-plugins-dbi-pgsql-2.3.1-3.9.2.s390x.rpm monitoring-plugins-dbi-sqlite3-2.3.1-3.9.2.s390x.rpm monitoring-plugins-dhcp-2.3.1-3.9.2.s390x.rpm monitoring-plugins-dig-2.3.1-3.9.2.s390x.rpm monitoring-plugins-disk-2.3.1-3.9.2.s390x.rpm monitoring-plugins-disk_smb-2.3.1-3.9.2.s390x.rpm monitoring-plugins-dns-2.3.1-3.9.2.s390x.rpm monitoring-plugins-dummy-2.3.1-3.9.2.s390x.rpm monitoring-plugins-extras-2.3.1-3.9.2.s390x.rpm monitoring-plugins-file_age-2.3.1-3.9.2.s390x.rpm monitoring-plugins-flexlm-2.3.1-3.9.2.s390x.rpm monitoring-plugins-fping-2.3.1-3.9.2.s390x.rpm monitoring-plugins-hpjd-2.3.1-3.9.2.s390x.rpm monitoring-plugins-http-2.3.1-3.9.2.s390x.rpm monitoring-plugins-icmp-2.3.1-3.9.2.s390x.rpm monitoring-plugins-ide_smart-2.3.1-3.9.2.s390x.rpm monitoring-plugins-ifoperstatus-2.3.1-3.9.2.s390x.rpm monitoring-plugins-ifstatus-2.3.1-3.9.2.s390x.rpm monitoring-plugins-ircd-2.3.1-3.9.2.s390x.rpm monitoring-plugins-ldap-2.3.1-3.9.2.s390x.rpm monitoring-plugins-load-2.3.1-3.9.2.s390x.rpm monitoring-plugins-log-2.3.1-3.9.2.s390x.rpm monitoring-plugins-mailq-2.3.1-3.9.2.s390x.rpm monitoring-plugins-mrtg-2.3.1-3.9.2.s390x.rpm monitoring-plugins-mrtgtraf-2.3.1-3.9.2.s390x.rpm monitoring-plugins-mysql-2.3.1-3.9.2.s390x.rpm monitoring-plugins-nagios-2.3.1-3.9.2.s390x.rpm monitoring-plugins-nt-2.3.1-3.9.2.s390x.rpm monitoring-plugins-ntp_peer-2.3.1-3.9.2.s390x.rpm monitoring-plugins-ntp_time-2.3.1-3.9.2.s390x.rpm monitoring-plugins-nwstat-2.3.1-3.9.2.s390x.rpm monitoring-plugins-oracle-2.3.1-3.9.2.s390x.rpm monitoring-plugins-overcr-2.3.1-3.9.2.s390x.rpm monitoring-plugins-pgsql-2.3.1-3.9.2.s390x.rpm monitoring-plugins-ping-2.3.1-3.9.2.s390x.rpm monitoring-plugins-procs-2.3.1-3.9.2.s390x.rpm monitoring-plugins-radius-2.3.1-3.9.2.s390x.rpm monitoring-plugins-real-2.3.1-3.9.2.s390x.rpm monitoring-plugins-rpc-2.3.1-3.9.2.s390x.rpm monitoring-plugins-smtp-2.3.1-3.9.2.s390x.rpm monitoring-plugins-snmp-2.3.1-3.9.2.s390x.rpm monitoring-plugins-ssh-2.3.1-3.9.2.s390x.rpm monitoring-plugins-swap-2.3.1-3.9.2.s390x.rpm monitoring-plugins-tcp-2.3.1-3.9.2.s390x.rpm monitoring-plugins-time-2.3.1-3.9.2.s390x.rpm monitoring-plugins-ups-2.3.1-3.9.2.s390x.rpm monitoring-plugins-users-2.3.1-3.9.2.s390x.rpm monitoring-plugins-wave-2.3.1-3.9.2.s390x.rpm perl-Crypt-DES-2.07-3.2.1.s390x.rpm perl-Crypt-Rijndael-1.13-3.2.1.s390x.rpm freeradius-client-1.1.7-3.2.1.ppc64le.rpm freeradius-client-devel-1.1.7-3.2.1.ppc64le.rpm freeradius-client-libs-1.1.7-3.2.1.ppc64le.rpm monitoring-plugins-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-all-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-breeze-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-by_ssh-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-cluster-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-common-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-cups-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-dbi-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-dbi-mysql-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-dbi-pgsql-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-dbi-sqlite3-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-dhcp-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-dig-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-disk-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-disk_smb-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-dns-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-dummy-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-extras-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-file_age-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-flexlm-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-fping-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-hpjd-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-http-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-icmp-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-ide_smart-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-ifoperstatus-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-ifstatus-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-ircd-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-ldap-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-load-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-log-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-mailq-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-mrtg-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-mrtgtraf-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-mysql-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-nagios-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-nt-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-ntp_peer-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-ntp_time-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-nwstat-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-oracle-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-overcr-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-pgsql-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-ping-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-procs-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-radius-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-real-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-rpc-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-sensors-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-smtp-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-snmp-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-ssh-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-swap-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-tcp-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-time-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-ups-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-users-2.3.1-3.9.2.ppc64le.rpm monitoring-plugins-wave-2.3.1-3.9.2.ppc64le.rpm perl-Crypt-DES-2.07-3.2.1.ppc64le.rpm perl-Crypt-Rijndael-1.13-3.2.1.ppc64le.rpm freeradius-client-1.1.7-3.2.1.aarch64.rpm freeradius-client-devel-1.1.7-3.2.1.aarch64.rpm freeradius-client-libs-1.1.7-3.2.1.aarch64.rpm monitoring-plugins-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-all-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-breeze-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-by_ssh-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-cluster-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-common-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-cups-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-dbi-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-dbi-mysql-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-dbi-pgsql-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-dbi-sqlite3-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-dhcp-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-dig-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-disk-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-disk_smb-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-dns-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-dummy-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-extras-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-file_age-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-flexlm-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-fping-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-hpjd-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-http-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-icmp-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-ide_smart-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-ifoperstatus-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-ifstatus-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-ircd-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-ldap-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-load-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-log-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-mailq-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-mrtg-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-mrtgtraf-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-mysql-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-nagios-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-nt-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-ntp_peer-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-ntp_time-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-nwstat-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-oracle-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-overcr-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-pgsql-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-ping-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-procs-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-radius-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-real-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-rpc-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-sensors-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-smtp-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-snmp-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-ssh-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-swap-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-tcp-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-time-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-ups-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-users-2.3.1-3.9.2.aarch64.rpm monitoring-plugins-wave-2.3.1-3.9.2.aarch64.rpm perl-Crypt-DES-2.07-3.2.1.aarch64.rpm perl-Crypt-Rijndael-1.13-3.2.1.aarch64.rpm openSUSE-SLE-15.4-2022-480 important SUSE Updates openSUSE-SLE 15.4 This update for tiff fixes the following issues: - CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb (bsc#1071031). - CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image (bsc#1154365). - CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS via the invertImage() function (bsc#1190312). - CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808). - CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809). - CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811). - CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812). - CVE-2022-22844: Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c (bsc#1194539). libtiff-devel-32bit-4.0.9-45.5.1.x86_64.rpm libtiff-devel-4.0.9-45.5.1.x86_64.rpm libtiff5-32bit-4.0.9-45.5.1.x86_64.rpm libtiff5-4.0.9-45.5.1.x86_64.rpm tiff-4.0.9-45.5.1.src.rpm tiff-4.0.9-45.5.1.x86_64.rpm libtiff-devel-4.0.9-45.5.1.s390x.rpm libtiff5-4.0.9-45.5.1.s390x.rpm tiff-4.0.9-45.5.1.s390x.rpm libtiff-devel-4.0.9-45.5.1.ppc64le.rpm libtiff5-4.0.9-45.5.1.ppc64le.rpm tiff-4.0.9-45.5.1.ppc64le.rpm libtiff-devel-4.0.9-45.5.1.aarch64.rpm libtiff5-4.0.9-45.5.1.aarch64.rpm tiff-4.0.9-45.5.1.aarch64.rpm openSUSE-SLE-15.4-2022-520 moderate SUSE Updates openSUSE-SLE 15.4 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) python-rpm-4.14.3-150300.46.1.src.rpm python2-rpm-4.14.3-150300.46.1.x86_64.rpm python2-rpm-4.14.3-150300.46.1.s390x.rpm python2-rpm-4.14.3-150300.46.1.ppc64le.rpm python2-rpm-4.14.3-150300.46.1.aarch64.rpm openSUSE-SLE-15.4-2022-523 moderate SUSE Updates openSUSE-SLE 15.4 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce "none" for loop devices (bsc#1193759). systemd-234-24.105.1.src.rpm True systemd-bash-completion-234-24.105.1.noarch.rpm True openSUSE-SLE-15.4-2022-366 critical SUSE Updates openSUSE-SLE 15.4 The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c (bnc#1194087). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845) - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227). - CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001). - CVE-2021-4135: Fixed zero-initialize memory inside netdevsim for new map's value in function nsim_bpf_map_alloc (bsc#1193927). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4002: Fixed incorrect TLBs flush in hugetlbfs after huge_pmd_unshare (bsc#1192946). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877) - CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442). - CVE-2021-28714: Fixed issue with xen/netback to handle rx queue stall detection (XSA-392) (bsc#1193442). - CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032). - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1193731). - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device (bsc#1179599). - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka "Kr00k". (bsc#1167162) - CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575). The following non-security bugs were fixed: - Bluetooth: fix the erroneous flush_work() order (git-fixes). - Build: Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241 bsc#1195166). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - elfcore: fix building with clang (bsc#1169514). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241 bsc#1195166). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). - kernel-binary.spec.in: add zstd to BuildRequires if used - kernel-binary.spec.in: make sure zstd is supported by kmod if used - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge. - kernel-binary.spec: Require dwarves for kernel-binary-devel when BTF is enabled (jsc#SLE-17288). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - kernel-source.spec: install-kernel-tools also required on 15.4 - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). The semantic changed in an incompatible way so invoking the macro now causes a build failure. - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - memstick: rtsx_usb_ms: fix UAF (bsc#1194516). - moxart: fix potential use-after-free on remove path (bsc#1194516). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net: Using proper atomic helper (bsc#1186222). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: mana: Allow setting the number of queues while the NIC is down (bsc#1193506). - net: mana: Fix spelling mistake "calledd" -> "called" (bsc#1193506). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193506). - net: mana: Improve the HWC error handling (bsc#1193506). - net: mana: Support hibernation and kexec (bsc#1193506). - net: mana: Use kcalloc() instead of kzalloc() (bsc#1193506). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - post.sh: detect /usr mountpoint too - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306). - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305). - rpm/kernel-source.rpmlintrc: ignore new include/config files. - rpm/kernel-source.spec.in: do some more for vanilla_only. - rpm: Abolish image suffix (bsc#1189841). - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. - rpm: Define $certs as rpm macro (bsc#1189841). - rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - tty: hvc: replace BUG_ON() with negative return value. - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). kernel-debug-4.12.14-197.105.1.nosrc.rpm True kernel-debug-base-4.12.14-197.105.1.x86_64.rpm True kernel-default-4.12.14-197.105.1.nosrc.rpm True kernel-kvmsmall-4.12.14-197.105.1.nosrc.rpm True kernel-kvmsmall-base-4.12.14-197.105.1.x86_64.rpm True kernel-vanilla-4.12.14-197.105.1.nosrc.rpm True kernel-vanilla-4.12.14-197.105.1.x86_64.rpm True kernel-vanilla-base-4.12.14-197.105.1.x86_64.rpm True kernel-vanilla-devel-4.12.14-197.105.1.x86_64.rpm True kernel-vanilla-livepatch-devel-4.12.14-197.105.1.x86_64.rpm True kernel-default-man-4.12.14-197.105.1.s390x.rpm True kernel-vanilla-4.12.14-197.105.1.s390x.rpm True kernel-vanilla-base-4.12.14-197.105.1.s390x.rpm True kernel-vanilla-devel-4.12.14-197.105.1.s390x.rpm True kernel-vanilla-livepatch-devel-4.12.14-197.105.1.s390x.rpm True kernel-zfcpdump-4.12.14-197.105.1.nosrc.rpm True kernel-zfcpdump-man-4.12.14-197.105.1.s390x.rpm True kernel-debug-base-4.12.14-197.105.1.ppc64le.rpm True kernel-vanilla-4.12.14-197.105.1.ppc64le.rpm True kernel-vanilla-base-4.12.14-197.105.1.ppc64le.rpm True kernel-vanilla-devel-4.12.14-197.105.1.ppc64le.rpm True kernel-vanilla-livepatch-devel-4.12.14-197.105.1.ppc64le.rpm True kernel-vanilla-4.12.14-197.105.1.aarch64.rpm True kernel-vanilla-base-4.12.14-197.105.1.aarch64.rpm True kernel-vanilla-devel-4.12.14-197.105.1.aarch64.rpm True kernel-vanilla-livepatch-devel-4.12.14-197.105.1.aarch64.rpm True openSUSE-SLE-15.4-2022-522 moderate SUSE Updates openSUSE-SLE 15.4 This update for fetchmail fixes the following issues: - Restore autoprobe functionality (bsc#1193894) fetchmail-6.4.22-20.26.1.src.rpm fetchmail-6.4.22-20.26.1.x86_64.rpm fetchmailconf-6.4.22-20.26.1.x86_64.rpm fetchmail-6.4.22-20.26.1.s390x.rpm fetchmailconf-6.4.22-20.26.1.s390x.rpm fetchmail-6.4.22-20.26.1.ppc64le.rpm fetchmailconf-6.4.22-20.26.1.ppc64le.rpm fetchmail-6.4.22-20.26.1.aarch64.rpm fetchmailconf-6.4.22-20.26.1.aarch64.rpm openSUSE-SLE-15.4-2022-344 moderate SUSE Updates openSUSE-SLE 15.4 This update for obs-service-kiwi_metainfo_helper fixes the following issues: - Generate OS_VERSION based on os-release VERSION (bsc#1195061). - Add test suite obs-service-kiwi_metainfo_helper-0.5-1.15.1.noarch.rpm obs-service-kiwi_metainfo_helper-0.5-1.15.1.src.rpm openSUSE-SLE-15.4-2022-479 important SUSE Updates openSUSE-SLE 15.4 This update for virglrenderer fixes the following issues: - CVE-2022-0135: Fixed out-of-bonds write in read_transfer_data() (bsc#1195389). libvirglrenderer0-0.6.0-4.9.1.x86_64.rpm virglrenderer-0.6.0-4.9.1.src.rpm libvirglrenderer0-0.6.0-4.9.1.s390x.rpm libvirglrenderer0-0.6.0-4.9.1.ppc64le.rpm libvirglrenderer0-0.6.0-4.9.1.aarch64.rpm openSUSE-SLE-15.4-2022-519 moderate SUSE Updates openSUSE-SLE 15.4 This update for sysstat fixes the following issues: - Fix possible segfault (bsc#1194679). sysstat-12.0.2-3.33.1.src.rpm sysstat-12.0.2-3.33.1.x86_64.rpm sysstat-isag-12.0.2-3.33.1.x86_64.rpm sysstat-12.0.2-3.33.1.s390x.rpm sysstat-isag-12.0.2-3.33.1.s390x.rpm sysstat-12.0.2-3.33.1.ppc64le.rpm sysstat-isag-12.0.2-3.33.1.ppc64le.rpm sysstat-12.0.2-3.33.1.aarch64.rpm sysstat-isag-12.0.2-3.33.1.aarch64.rpm openSUSE-SLE-15.4-2022-595 moderate SUSE Updates openSUSE-SLE 15.4 This update fixes the following issues: ansible: - Require python macros for building mgr-cfg: - Version 4.2.6-1 * Do not build python 2 package for SLE15SP4 and higher - Version 4.2.5-1 * do not build python 2 package for SLE15 - Version 4.2.4-1 * Fix python selinux package name depending on build target (bsc#1193600) mgr-custom-info: - Version 4.2.3-1 * require python macros for building mgr-osad: - Version 4.2.7-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building mgr-push: - Version 4.2.4-1 * Do not build python 2 package for SLE15SP4 and higher mgr-virtualization: - Version 4.2.3-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building rhnlib: - Version 4.2.5-1 * do not build python 2 package for SLE15 spacecmd: - Version 4.2.15-1 * require python macros for building spacewalk-client-tools: - Version 4.2.16-1 * do not build python 2 package for SLE15 * require python macros for building spacewalk-koan: - Version 4.2.5-1 * Do not build python 2 package for SLE15SP4 and higher spacewalk-oscap: - Version 4.2.3-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building spacewalk-remote-utils: - Version 4.2.2-1 * require python macros for building suseRegisterInfo: - Version 4.2.5-1 * require python macros for building * Do not build python 2 package for SLE15 and higher uyuni-common-libs: - Version 4.2.6-1 * Read modularity data from DISTTAG tag as fallback (bsc#1192487) * require python macros for building zypp-plugin-spacewalk: - 1.0.11 * require python macros for building ansible-2.9.21-1.10.1.noarch.rpm ansible-2.9.21-1.10.1.src.rpm ansible-doc-2.9.21-1.10.1.noarch.rpm ansible-test-2.9.21-1.10.1.noarch.rpm python2-rhnlib-4.2.5-3.31.1.noarch.rpm python3-rhnlib-4.2.5-3.31.1.noarch.rpm rhnlib-4.2.5-3.31.1.src.rpm spacecmd-4.2.15-3.74.1.noarch.rpm spacecmd-4.2.15-3.74.1.src.rpm openSUSE-SLE-15.4-2022-652 moderate SUSE Updates openSUSE-SLE 15.4 This update for raspberrypi-eeprom fixes the following issues: Update to version 2021.04.29 (bsc#1194950) - Use upstream version schema (year.month.day) instead of arbitrary 0.0 - Add support for NVMe to the bootloader with a new NVMe boot mode - Add support for [cm4] and [pi400] config conditionals filters - TFTP - reply to duplicate ACKS - Skip rendering of HDMI diagnostics display for the first 8 seconds unless an error occurs - Add support for the BCM2711 XHCI controller - BOOT_ORDER 0x5 - Add XHCI protocol layer fixes for non-VLI controllers - Avoid USB MSD timeout of there is only one device - Fix recovery.bin error handler so that the LED error pattern is still displayed even if HDMI or SDRAM fail - Fix GPIO expander reset issue on some Pi4B 1.1 to 1.3 boards - Fix regression for GPIO expander reset change which caused PMIC reset to get card out of 1V8 mode to be missed - Timeout USB MSD commands and move to the next boot mode if a device stops responding - Add support for booting from the BCM2711 XHCI controller which is the USB-C socket on Pi 4B / Pi 400 and the type A sockets on Compute Module 4 IO board - Validate SDRAM in recovery mode raspberrypi-eeprom-2021.04.29-150300.3.3.1.noarch.rpm raspberrypi-eeprom-2021.04.29-150300.3.3.1.src.rpm raspberrypi-eeprom-firmware-2021.04.29-150300.3.3.1.noarch.rpm openSUSE-SLE-15.4-2022-525 moderate SUSE Updates openSUSE-SLE 15.4 This update for polkit fixes the following issues: - CVE-2021-4115: Fixed a denial of service via file descriptor leak (bsc#1195542). libpolkit0-0.116-3.9.1.x86_64.rpm libpolkit0-32bit-0.116-3.9.1.x86_64.rpm polkit-0.116-3.9.1.src.rpm polkit-0.116-3.9.1.x86_64.rpm polkit-devel-0.116-3.9.1.x86_64.rpm polkit-doc-0.116-3.9.1.noarch.rpm typelib-1_0-Polkit-1_0-0.116-3.9.1.x86_64.rpm libpolkit0-0.116-3.9.1.s390x.rpm polkit-0.116-3.9.1.s390x.rpm polkit-devel-0.116-3.9.1.s390x.rpm typelib-1_0-Polkit-1_0-0.116-3.9.1.s390x.rpm libpolkit0-0.116-3.9.1.ppc64le.rpm polkit-0.116-3.9.1.ppc64le.rpm polkit-devel-0.116-3.9.1.ppc64le.rpm typelib-1_0-Polkit-1_0-0.116-3.9.1.ppc64le.rpm libpolkit0-0.116-3.9.1.aarch64.rpm polkit-0.116-3.9.1.aarch64.rpm polkit-devel-0.116-3.9.1.aarch64.rpm typelib-1_0-Polkit-1_0-0.116-3.9.1.aarch64.rpm openSUSE-SLE-15.4-2022-675 moderate SUSE Updates openSUSE-SLE 15.4 This update for ldns fixes the following issues: - CVE-2020-19860: Fixed heap-based out of bounds read when verifying a zone file (bsc#1195057). - CVE-2020-19861: Fixed heap-based out of bounds read in ldns_nsec3_salt_data() (bsc#1195058). ldns-1.7.0-4.6.1.src.rpm ldns-1.7.0-4.6.1.x86_64.rpm ldns-devel-1.7.0-4.6.1.x86_64.rpm libldns2-1.7.0-4.6.1.x86_64.rpm perl-DNS-LDNS-1.7.0-4.6.1.x86_64.rpm python3-ldns-1.7.0-4.6.1.x86_64.rpm ldns-1.7.0-4.6.1.s390x.rpm ldns-devel-1.7.0-4.6.1.s390x.rpm libldns2-1.7.0-4.6.1.s390x.rpm perl-DNS-LDNS-1.7.0-4.6.1.s390x.rpm python3-ldns-1.7.0-4.6.1.s390x.rpm ldns-1.7.0-4.6.1.ppc64le.rpm ldns-devel-1.7.0-4.6.1.ppc64le.rpm libldns2-1.7.0-4.6.1.ppc64le.rpm perl-DNS-LDNS-1.7.0-4.6.1.ppc64le.rpm python3-ldns-1.7.0-4.6.1.ppc64le.rpm ldns-1.7.0-4.6.1.aarch64.rpm ldns-devel-1.7.0-4.6.1.aarch64.rpm libldns2-1.7.0-4.6.1.aarch64.rpm perl-DNS-LDNS-1.7.0-4.6.1.aarch64.rpm python3-ldns-1.7.0-4.6.1.aarch64.rpm openSUSE-SLE-15.4-2022-370 critical SUSE Updates openSUSE-SLE 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723). The following non-security bugs were fixed: - ACPI: battery: Add the ThinkPad "Not Charging" quirk (git-fixes). - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes). - ACPICA: Fix wrong interpretation of PCC address (git-fixes). - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes). - ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes). - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes). - ALSA: seq: Set upper limit of processed events (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: mediatek: mt8173: fix device_node leak (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes). - Bluetooth: refactor malicious adv data check (git-fixes). - Documentation: fix firewire.rst ABI file path error (git-fixes). - HID: apple: Do not reset quirks when the Fn key is not found (git-fixes). - HID: quirks: Allow inverting the absolute X/Y values (git-fixes). - HID: uhid: Fix worker destroying device without any protection (git-fixes). - HID: wacom: Reset expected and received contact counts at the same time (git-fixes). - IB/cm: Avoid a loop when device has 255 ports (git-fixes) - IB/hfi1: Fix error return code in parse_platform_config() (git-fixes) - IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes) - IB/isert: Fix a use after free in isert_connect_request (git-fixes) - IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes) - IB/mlx5: Add missing error code (git-fixes) - IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes) - IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes) - IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes) - IB/umad: Return EIO in case of when device disassociated (git-fixes) - IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes) - Input: wm97xx: Simplify resource management (git-fixes). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFSv4: Handle case where the lookup of a directory fails (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - RDMA/addr: Be strict with gid size (git-fixes) - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes) - RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes) - RDMA/bnxt_re: Set queue pair state when being queried (git-fixes) - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes) - RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176). - RDMA/core: Do not access cm_id after its destruction (git-fixes) - RDMA/core: Do not indicate device ready when device enablement fails (git-fixes) - RDMA/core: Fix corrupted SL on passive side (git-fixes) - RDMA/core: Unify RoCE check and re-factor code (git-fixes) - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes) - RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes) - RDMA/cxgb4: Validate the number of CQEs (git-fixes) - RDMA/cxgb4: add missing qpid increment (git-fixes) - RDMA/hns: Add a check for current state before modifying QP (git-fixes) - RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes) - RDMA/hns: Remove unnecessary access right set during INIT2INIT (git-fixes) - RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes) - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes) - RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes) - RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes) - RDMA/mlx5: Fix query DCT via DEVX (git-fixes) - RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters() (git-fixes) - RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes) - RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes) - RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes) - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes) - RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() (git-fixes) - RDMA/rxe: Clear all QP fields if creation failed (git-fixes) - RDMA/rxe: Compute PSN windows correctly (git-fixes) - RDMA/rxe: Correct skb on loopback path (git-fixes) - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes) - RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes) - RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes) - RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176). - RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes) - RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes) - RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes) - RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes) - RDMA/siw: Properly check send and receive CQ pointers (git-fixes) - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes) - RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes) - RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes) - RMDA/sw: Do not allow drivers using dma_virt_ops on highmem configs (git-fixes) - USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). - USB: serial: mos7840: fix probe error handling (git-fixes). - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes). - arm64: Kconfig: add a choice for endianness (jsc#SLE-23432). - asix: fix wrong return value in asix_check_host_enable() (git-fixes). - ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes). - ath10k: Fix tx hanging (git-fixes). - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes). - batman-adv: allow netlink usage in unprivileged containers (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (bsc#1195481). - blk-mq: introduce blk_mq_set_request_complete (git-fixes). - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291). - clk: si5341: Fix clock HW provider cleanup (git-fixes). - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes). - drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes). - drm/etnaviv: limit submit sizes (git-fixes). - drm/etnaviv: relax submit size limits (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes). - drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes). - drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes). - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes). - drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes). - drm/msm: Fix wrong size calculation (git-fixes). - drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes). - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267). - floppy: Add max size check for user space request (git-fixes). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195479). - fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478). - gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes). - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes). - hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes). - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes). - i2c: i801: Do not silently correct invalid transfer size (git-fixes). - i2c: mpc: Correct I2C reset procedure (git-fixes). - i40iw: Add support to make destroy QP synchronous (git-fixes) - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - ibmvnic: Update driver return codes (bsc#1195293 ltc#196198). - ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713). - ibmvnic: remove unused defines (bsc#1195293 ltc#196198). - igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634). - iwlwifi: fix leaks/bad data after failed firmware load (git-fixes). - iwlwifi: mvm: Fix calculation of frame length (git-fixes). - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes). - iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes). - iwlwifi: remove module loading failure message (git-fixes). - lib82596: Fix IRQ check in sni_82596_probe (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881). - mac80211: allow non-standard VHT MCS-10/11 (git-fixes). - media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). - media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes). - media: igorplugusb: receiver overflow should be reported (git-fixes). - media: m920x: do not use stack on USB reads (git-fixes). - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). - mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488). - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes). - mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes). - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes). - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464). - net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172). - net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447). - net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447). - net: bridge: vlan: fix single net device option dumping (bsc#1176447). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353). - netdevsim: set .owner to THIS_MODULE (bsc#1154353). - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes). - nvme-core: use list_add_tail_rcu instead of list_add_tail for nvme_init_ns_head (git-fixes). - nvme-fabrics: avoid double completions in nvmf_fail_nonready_command (git-fixes). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (git-fixes). - nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options (git-fixes). - nvme-tcp: fix data digest pointer calculation (git-fixes). - nvme-tcp: fix incorrect h2cdata pdu offset accounting (git-fixes). - nvme-tcp: fix memory leak when freeing a queue (git-fixes). - nvme-tcp: fix possible use-after-completion (git-fixes). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - nvme: fix use after free when disconnecting a reconnecting ctrl (git-fixes). - nvme: introduce a nvme_host_path_error helper (git-fixes). - nvme: refactor ns->ctrl by request (git-fixes). - phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes). - phylib: fix potential use-after-free (git-fixes). - pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes). - pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (git-fixes). - rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes). - sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)). - sched/numa: Fix is_core_idle() (git fixes (sched/numa)). - scripts/dtc: dtx_diff: remove broken example from help text (git-fixes). - scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting (git-fixes). - serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes). - serial: Fix incorrect rs485 polarity on uart open (git-fixes). - serial: amba-pl011: do not request memory region twice (git-fixes). - serial: core: Keep mctrl register state and cached copy in sync (git-fixes). - serial: pl010: Drop CR register reset on set_termios (git-fixes). - serial: stm32: fix software flow control transfer (git-fixes). - spi: bcm-qspi: check for valid cs before applying chip select (git-fixes). - spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes). - spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes). - supported.conf: mark rtw88 modules as supported (jsc#SLE-22690) - tty: Add support for Brainboxes UC cards (git-fixes). - tty: n_gsm: fix SW flow control encoding/handling (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - udf: Fix NULL ptr deref when converting from inline format (bsc#1195476). - udf: Restore i_lenAlloc when inode expansion fails (bsc#1195477). - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). - usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes). - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes). - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes). - usb: roles: fix include/linux/usb/role.h compile issue (git-fixes). - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). - usb: uhci: add aspeed ast2600 uhci support (git-fixes). - vfio/iommu_type1: replace kfree with kvfree (git-fixes). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353). - workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062). - x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). cluster-md-kmp-preempt-5.3.18-150300.59.49.1.x86_64.rpm True dlm-kmp-preempt-5.3.18-150300.59.49.1.x86_64.rpm True gfs2-kmp-preempt-5.3.18-150300.59.49.1.x86_64.rpm True kernel-preempt-5.3.18-150300.59.49.1.nosrc.rpm True kernel-preempt-5.3.18-150300.59.49.1.x86_64.rpm True kernel-preempt-devel-5.3.18-150300.59.49.1.x86_64.rpm True kernel-preempt-extra-5.3.18-150300.59.49.1.x86_64.rpm True kernel-preempt-livepatch-devel-5.3.18-150300.59.49.1.x86_64.rpm True kernel-preempt-optional-5.3.18-150300.59.49.1.x86_64.rpm True kselftests-kmp-preempt-5.3.18-150300.59.49.1.x86_64.rpm True ocfs2-kmp-preempt-5.3.18-150300.59.49.1.x86_64.rpm True reiserfs-kmp-preempt-5.3.18-150300.59.49.1.x86_64.rpm True cluster-md-kmp-preempt-5.3.18-150300.59.49.1.aarch64.rpm True dlm-kmp-preempt-5.3.18-150300.59.49.1.aarch64.rpm True dtb-aarch64-5.3.18-150300.59.49.1.src.rpm True dtb-al-5.3.18-150300.59.49.1.aarch64.rpm True dtb-zte-5.3.18-150300.59.49.1.aarch64.rpm True gfs2-kmp-preempt-5.3.18-150300.59.49.1.aarch64.rpm True kernel-preempt-5.3.18-150300.59.49.1.aarch64.rpm True kernel-preempt-devel-5.3.18-150300.59.49.1.aarch64.rpm True kernel-preempt-extra-5.3.18-150300.59.49.1.aarch64.rpm True kernel-preempt-livepatch-devel-5.3.18-150300.59.49.1.aarch64.rpm True kernel-preempt-optional-5.3.18-150300.59.49.1.aarch64.rpm True kselftests-kmp-preempt-5.3.18-150300.59.49.1.aarch64.rpm True ocfs2-kmp-preempt-5.3.18-150300.59.49.1.aarch64.rpm True reiserfs-kmp-preempt-5.3.18-150300.59.49.1.aarch64.rpm True openSUSE-SLE-15.4-2022-539 moderate SUSE Updates openSUSE-SLE 15.4 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) systemd-246.16-150300.7.39.1.src.rpm systemd-logger-246.16-150300.7.39.1.x86_64.rpm systemd-logger-246.16-150300.7.39.1.s390x.rpm systemd-logger-246.16-150300.7.39.1.ppc64le.rpm systemd-logger-246.16-150300.7.39.1.aarch64.rpm openSUSE-SLE-15.4-2022-540 moderate SUSE Updates openSUSE-SLE 15.4 This update for ImageMagick fixes the following issues: - CVE-2022-0284: Fixed heap buffer overread in GetPixelAlpha() in MagickCore/pixel-accessor.h (bsc#1195563). ImageMagick-7.0.7.34-10.21.1.src.rpm libMagick++-7_Q16HDRI4-32bit-7.0.7.34-10.21.1.x86_64.rpm libMagick++-7_Q16HDRI4-7.0.7.34-10.21.1.x86_64.rpm libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-10.21.1.x86_64.rpm libMagickCore-7_Q16HDRI6-7.0.7.34-10.21.1.x86_64.rpm libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-10.21.1.x86_64.rpm libMagickWand-7_Q16HDRI6-7.0.7.34-10.21.1.x86_64.rpm libMagick++-7_Q16HDRI4-7.0.7.34-10.21.1.s390x.rpm libMagickCore-7_Q16HDRI6-7.0.7.34-10.21.1.s390x.rpm libMagickWand-7_Q16HDRI6-7.0.7.34-10.21.1.s390x.rpm libMagick++-7_Q16HDRI4-7.0.7.34-10.21.1.ppc64le.rpm libMagickCore-7_Q16HDRI6-7.0.7.34-10.21.1.ppc64le.rpm libMagickWand-7_Q16HDRI6-7.0.7.34-10.21.1.ppc64le.rpm libMagick++-7_Q16HDRI4-7.0.7.34-10.21.1.aarch64.rpm libMagickCore-7_Q16HDRI6-7.0.7.34-10.21.1.aarch64.rpm libMagickWand-7_Q16HDRI6-7.0.7.34-10.21.1.aarch64.rpm openSUSE-SLE-15.4-2022-373 moderate SUSE Updates openSUSE-SLE 15.4 This update for rpmlint fixes the following issues: - Whitelisting `kdenetwork-filesharing`. (bsc#1195548) - Whitelisting of `powerdevil5`. (bsc#1195662) - Whitelisting of `plasma5-disks`. (bsc#1195491) rpmlint-1.10-7.38.1.noarch.rpm rpmlint-1.10-7.38.1.src.rpm openSUSE-SLE-15.4-2022-384 moderate SUSE Updates openSUSE-SLE 15.4 This update for python-python-docs-theme fixes the following issues: - Switch to setup.py based installation for compatibility with old SLE distros. - Update to 2022.1: - Add a configuration for license URL. - Exclude the floating navbar from CHM help. - Make sidebar scrollable and sticky (on modern browsers) - Fix monospace again, on buggy Google Chrome - Add the copyright_url variable in the theme - Improve readability - Remove #searchbox on mobile to fix a layout bug - Fix the appearance of version/language selects - Make the theme responsive - Use default pygments theme - Test Github action to validate the theme against docsbuild scripts. - Add the copy button to pycon3 highlighted code blocks. - Updated the readme, to remind user to install the package in a virtual environment. - Updated the package url, using the GitHub repository instead of docs.python.org - Added license information to the footer of the doc - Fixed typo in the footer - Added information on how to use the package - Fixed code formatting - Fixed code bgcolor and codetextcolor for Sphinx 3.1.0+ python-python-docs-theme-2022.1-150300.3.3.1.src.rpm python3-python-docs-theme-2022.1-150300.3.3.1.noarch.rpm openSUSE-SLE-15.4-2022-716 important SUSE Updates openSUSE-SLE 15.4 This update for wpa_supplicant fixes the following issues: - CVE-2022-23303: Fixed side-channel attacks in SAE (bsc#1194732). - CVE-2022-23304: Fixed side-channel attacks in EAP-pwd (bsc#1194733). wpa_supplicant-2.9-4.33.1.src.rpm wpa_supplicant-2.9-4.33.1.x86_64.rpm wpa_supplicant-gui-2.9-4.33.1.x86_64.rpm wpa_supplicant-2.9-4.33.1.s390x.rpm wpa_supplicant-gui-2.9-4.33.1.s390x.rpm wpa_supplicant-2.9-4.33.1.ppc64le.rpm wpa_supplicant-gui-2.9-4.33.1.ppc64le.rpm wpa_supplicant-2.9-4.33.1.aarch64.rpm wpa_supplicant-gui-2.9-4.33.1.aarch64.rpm openSUSE-SLE-15.4-2022-696 important SUSE Updates openSUSE-SLE 15.4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682) - CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service - CVE-2022-22754: Extensions could have bypassed permission confirmation during update - CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable - CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements - CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types - CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages - CVE-2022-22763: Script Execution during invalid object state - CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 Firefox Extended Support Release 91.5.1 ESR (bsc#1195230) - Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry MozillaFirefox-91.6.0-152.15.1.src.rpm MozillaFirefox-91.6.0-152.15.1.x86_64.rpm MozillaFirefox-branding-upstream-91.6.0-152.15.1.x86_64.rpm MozillaFirefox-devel-91.6.0-152.15.1.x86_64.rpm MozillaFirefox-translations-common-91.6.0-152.15.1.x86_64.rpm MozillaFirefox-translations-other-91.6.0-152.15.1.x86_64.rpm MozillaFirefox-91.6.0-152.15.1.s390x.rpm MozillaFirefox-branding-upstream-91.6.0-152.15.1.s390x.rpm MozillaFirefox-devel-91.6.0-152.15.1.s390x.rpm MozillaFirefox-translations-common-91.6.0-152.15.1.s390x.rpm MozillaFirefox-translations-other-91.6.0-152.15.1.s390x.rpm MozillaFirefox-91.6.0-152.15.1.ppc64le.rpm MozillaFirefox-branding-upstream-91.6.0-152.15.1.ppc64le.rpm MozillaFirefox-devel-91.6.0-152.15.1.ppc64le.rpm MozillaFirefox-translations-common-91.6.0-152.15.1.ppc64le.rpm MozillaFirefox-translations-other-91.6.0-152.15.1.ppc64le.rpm MozillaFirefox-91.6.0-152.15.1.aarch64.rpm MozillaFirefox-branding-upstream-91.6.0-152.15.1.aarch64.rpm MozillaFirefox-devel-91.6.0-152.15.1.aarch64.rpm MozillaFirefox-translations-common-91.6.0-152.15.1.aarch64.rpm MozillaFirefox-translations-other-91.6.0-152.15.1.aarch64.rpm openSUSE-SLE-15.4-2022-718 moderate SUSE Updates openSUSE-SLE 15.4 This feature update for duperemove fixes the following issue: Update from version 0.11.beta4 to version 0.11.3 (jsc#SLE-11306) - Increase open file limit. - Create hash database file with 600 permission for improved security. - Read more data per pread, for v2 hashfile format this reduces the overall number of syscalls made which in turns results in better performance. - Fix truncated file handling, eliminating a an infinite loop case. btrfs-extent-same-0.11.3-3.3.1.x86_64.rpm duperemove-0.11.3-3.3.1.src.rpm duperemove-0.11.3-3.3.1.x86_64.rpm btrfs-extent-same-0.11.3-3.3.1.s390x.rpm duperemove-0.11.3-3.3.1.s390x.rpm btrfs-extent-same-0.11.3-3.3.1.ppc64le.rpm duperemove-0.11.3-3.3.1.ppc64le.rpm btrfs-extent-same-0.11.3-3.3.1.aarch64.rpm duperemove-0.11.3-3.3.1.aarch64.rpm openSUSE-SLE-15.4-2022-692 moderate SUSE Updates openSUSE-SLE 15.4 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). filesystem-15.0-11.5.1.src.rpm filesystem-15.0-11.5.1.x86_64.rpm filesystem-15.0-11.5.1.s390x.rpm filesystem-15.0-11.5.1.ppc64le.rpm filesystem-15.0-11.5.1.aarch64.rpm openSUSE-SLE-15.4-2022-503 important SUSE Updates openSUSE-SLE 15.4 This update for xerces-j2 fixes the following issues: - CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108). xerces-j2-2.12.0-3.3.1.noarch.rpm xerces-j2-2.12.0-3.3.1.src.rpm xerces-j2-demo-2.12.0-3.3.1.noarch.rpm xerces-j2-javadoc-2.12.0-3.3.1.noarch.rpm openSUSE-SLE-15.4-2022-500 important SUSE Updates openSUSE-SLE 15.4 This update for xerces-j2 fixes the following issues: - CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108). xerces-j2-2.11.0-4.3.1.src.rpm xerces-j2-scripts-2.11.0-4.3.1.noarch.rpm xerces-j2-xml-apis-2.11.0-4.3.1.noarch.rpm xerces-j2-xml-resolver-2.11.0-4.3.1.noarch.rpm openSUSE-SLE-15.4-2022-499 important SUSE Updates openSUSE-SLE 15.4 This update for python-Twisted fixes the following issues: - CVE-2022-21712: Fixed secret exposure in cross-origin redirects by properly removing sensitive headers when redirecting to a different origin (bsc#1195667). python-Twisted-19.10.0-3.6.1.src.rpm python2-Twisted-19.10.0-3.6.1.x86_64.rpm python2-Twisted-19.10.0-3.6.1.s390x.rpm python2-Twisted-19.10.0-3.6.1.ppc64le.rpm python2-Twisted-19.10.0-3.6.1.aarch64.rpm openSUSE-SLE-15.4-2022-574 important SUSE Updates openSUSE-SLE 15.4 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220207 release. - CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615) - CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779) - CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780) - CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781) - Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html) - Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html) ucode-intel-20220207-10.1.src.rpm ucode-intel-20220207-10.1.x86_64.rpm openSUSE-SLE-15.4-2022-562 moderate SUSE Updates openSUSE-SLE 15.4 This update for jasper fixes the following issues: - CVE-2021-27845: Fixed divide-by-zery issue in cp_create() (bsc#1188437). jasper-2.0.14-3.22.1.src.rpm jasper-2.0.14-3.22.1.x86_64.rpm libjasper-devel-2.0.14-3.22.1.x86_64.rpm libjasper4-2.0.14-3.22.1.x86_64.rpm libjasper4-32bit-2.0.14-3.22.1.x86_64.rpm jasper-2.0.14-3.22.1.s390x.rpm libjasper-devel-2.0.14-3.22.1.s390x.rpm libjasper4-2.0.14-3.22.1.s390x.rpm jasper-2.0.14-3.22.1.ppc64le.rpm libjasper-devel-2.0.14-3.22.1.ppc64le.rpm libjasper4-2.0.14-3.22.1.ppc64le.rpm jasper-2.0.14-3.22.1.aarch64.rpm libjasper-devel-2.0.14-3.22.1.aarch64.rpm libjasper4-2.0.14-3.22.1.aarch64.rpm openSUSE-SLE-15.4-2022-699 moderate SUSE Updates openSUSE-SLE 15.4 This update for php7 fixes the following issues: - CVE-2017-8923: Fixed denial of service (application crash) when using .= with a long string (zend_string_extend func in Zend/zend_string.h) (bsc#1038980). php7-7.4.6-3.32.1.src.rpm php7-firebird-7.4.6-3.32.1.x86_64.rpm php7-firebird-7.4.6-3.32.1.s390x.rpm php7-firebird-7.4.6-3.32.1.ppc64le.rpm php7-firebird-7.4.6-3.32.1.aarch64.rpm openSUSE-SLE-15.4-2022-681 critical SUSE Updates openSUSE-SLE 15.4 This update for cloud-regionsrv-client fixes the following issues: - Update -addon-azure to 1.0.2 (bsc#1196305) - Fix regression in the cloud-regionsrv-client' with OnDemand images - Update to version 10.0.0 (bsc#1195414, bsc#1195564) - Refactor removes check_registration() function in utils implementation - Only start the registration service for PAYG images - addon-azure sub-package to version 1.0.1 cloud-regionsrv-client-10.0.0-6.62.1.noarch.rpm cloud-regionsrv-client-10.0.0-6.62.1.src.rpm cloud-regionsrv-client-addon-azure-1.0.2-6.62.1.noarch.rpm cloud-regionsrv-client-generic-config-1.0.0-6.62.1.noarch.rpm cloud-regionsrv-client-plugin-azure-2.0.0-6.62.1.noarch.rpm cloud-regionsrv-client-plugin-ec2-1.0.2-6.62.1.noarch.rpm cloud-regionsrv-client-plugin-gce-1.0.0-6.62.1.noarch.rpm openSUSE-SLE-15.4-2022-687 moderate SUSE Updates openSUSE-SLE 15.4 This update for libvirt fixes the following issues: - libxl: Mark auto-allocated graphics ports to used on reconnect. - libxl: Release all auto-allocated graphics ports. (bsc#1191668) - libxl: Add lock process indicator to saved VM state. (bsc#1191668) - spec: Weaken apparmor-abstractions dependency to Recommends. (bsc#1192119, jsc#SLE-23394) libvirt-7.1.0-150300.6.26.1.src.rpm libvirt-admin-7.1.0-150300.6.26.1.x86_64.rpm libvirt-bash-completion-7.1.0-150300.6.26.1.noarch.rpm libvirt-admin-7.1.0-150300.6.26.1.s390x.rpm libvirt-admin-7.1.0-150300.6.26.1.ppc64le.rpm libvirt-admin-7.1.0-150300.6.26.1.aarch64.rpm openSUSE-SLE-15.4-2022-572 moderate SUSE Updates openSUSE-SLE 15.4 This update for psmisc fixes the following issues: - Determine the namespace of a process only once to speed up the parsing of 'fdinfo'. (bsc#1194172) psmisc-23.0-6.19.1.src.rpm psmisc-23.0-6.19.1.x86_64.rpm psmisc-lang-23.0-6.19.1.noarch.rpm psmisc-23.0-6.19.1.s390x.rpm psmisc-23.0-6.19.1.ppc64le.rpm psmisc-23.0-6.19.1.aarch64.rpm openSUSE-SLE-15.4-2022-599 moderate SUSE Updates openSUSE-SLE 15.4 This feature update for golang-github-prometheus-prometheus provides the following changes: Upgrade `golang-github-prometheus-prometheus` from version 2.27.1 to version 2.32.1: (jsc#SLE-22863) - Use `obs-service-go_modules` - Added hardening to systemd service(s). Modified `prometheus.service` (bsc#1181400) - Bugfixes: * Scrape: Fix reporting metrics when sample limit is reached during the report. * Scrape: Ensure that scrape interval and scrape timeout are always set. * TSDB: Expose and fix bug in iterators' Seek() method. * TSDB: Add more size checks when writing individual sections in the index. * PromQL: Make deriv() return zero values for constant series. * TSDB: Fix panic when checkpoint directory is empty. #9687 * TSDB: Fix panic, out of order chunks, and race warning during WAL replay. * UI: Correctly render links for targets with IPv6 addresses that contain a Zone ID. * Promtool: Fix checking of `authorization.credentials_file` and `bearer_token_file` fields. * Uyuni SD: Fix null pointer exception during initialization. * TSDB: Fix queries after a failed snapshot replay. * SD: Fix a panic when the experimental discovery manager receives targets during a reload. * Backfill: Apply rule labels after query labels. * Scrape: Resolve conflicts between multiple exported label prefixes. * Scrape: Restart scrape loops when __scrape_interval__ is changed. * TSDB: Fix memory leak in samples deletion. * UI: Use consistent margin-bottom for all alert kinds. * TSDB: Fix panic on failed snapshot replay. * TSDB: Don't fail snapshot replay with exemplar storage disabled when the snapshot contains exemplars. * TSDB: Don't error on overlapping m-mapped chunks during WAL replay. * promtool rules backfill: Prevent creation of data before the start time. * promtool rules backfill: Do not query after the end time. * Azure SD: Fix panic when no computername is set. * Exemplars: Fix panic when resizing exemplar storage from 0 to a non-zero size. * TSDB: Correctly decrement `prometheus_tsdb_head_active_appenders` when the append has no samples. * promtool rules backfill: Return 1 if backfill was unsuccessful. * promtool rules backfill: Avoid creation of overlapping blocks. * config: Fix a panic when reloading configuration with a null relabel action. * Fix Kubernetes SD failing to discover Ingress in Kubernetes v1.22. * Fix data race in loading write-ahead-log (WAL). * TSDB: align atomically accessed int64 to prevent panic in 32-bit archs. * Log when total symbol size exceeds 2^32 bytes, causing compaction to fail, and skip compaction. * Fix incorrect target_limit reloading of zero value. * Fix head GC and pending readers race condition. * Fix timestamp handling in OpenMetrics parser. * Fix potential duplicate metrics in /federate endpoint when specifying multiple matchers. * Fix server configuration and validation for authentication via client cert. * Allow start and end again as label names in PromQL queries. They were disallowed since the introduction of @ timestamp feature. * HTTP SD: Allow charset specification in Content-Type header. * HTTP SD: Fix handling of disappeared target groups. * Fix incorrect log-level handling after moving to go-kit/log. * UI: In the experimental PromQL editor, fix autocompletion and parsing for special float values and improve series metadata fetching. * TSDB: When merging chunks, split resulting chunks if they would contain more than the maximum of 120 samples. * SD: Fix the computation of the `prometheus_sd_discovered_targets` metric when using multiple service discoveries. - Change: * remote-write: Change default max retry time from 100ms to 5 seconds. * UI: Remove standard PromQL editor in favour of the codemirror-based editor. * Promote `--storage.tsdb.allow-overlapping-blocks` flag to stable. * Promote `--storage.tsdb.retention.size` flag to stable. * UI: Make the new experimental PromQL editor the default. - Features: * Agent: New mode of operation optimized for remote-write only scenarios, without local storage. * Promtool: Add promtool check service-discovery command. * PromQL: Add trigonometric functions and atan2 binary operator. * Remote: Add support for exemplar in the remote write receiver endpoint. * SD: Add PuppetDB service discovery. * SD: Add Uyuni service discovery. * Web: Add support for security-related HTTP headers. * experimental TSDB: Snapshot in-memory chunks on shutdown for faster restarts. * experimental Scrape: Configure scrape interval and scrape timeout via relabeling using `__scrape_interval__` and `__scrape_timeout__` labels respectively. * Scrape: Add scrape_timeout_seconds and scrape_sample_limit metric. * Add Kuma service discovery. * Add present_over_time PromQL function. * Allow configuring exemplar storage via file and make it reloadable. * UI: Allow selecting time range with mouse drag. * promtool: Add feature flags flag `--enable-feature`. * promtool: Add `file_sd` file validation. * Linode SD: Add Linode service discovery. * HTTP SD: Add generic HTTP-based service discovery. * Kubernetes SD: Allow configuring API Server access via a kubeconfig file. * UI: Add exemplar display support to the graphing interface. * Consul SD: Add namespace support for Consul Enterprise. - Enhancements: * Promtool: Improve test output. * Promtool: Use kahan summation for better numerical stability. * Remote-write: Reuse memory for marshalling. * Scrape: Add scrape_body_size_bytes scrape metric behind the `--enable-feature=extra-scrape-metrics` flag. * TSDB: Add windows arm64 support. * TSDB: Optimize query by skipping unneeded sorting in TSDB. * Templates: Support int and uint as datatypes for template formatting. * UI: Prefer rate over rad, delta over deg, and count over cos in autocomplete. * Azure SD: Add proxy_url, follow_redirects, tls_config. * Backfill: Add `--max-block-duration` in promtool `create-blocks-from` rules. * Config: Print human-readable sizes with unit instead of raw numbers. * HTTP: Re-enable HTTP/2. * Kubernetes SD: Warn user if number of endpoints exceeds limit. * OAuth2: Add TLS configuration to token requests. * PromQL: Several optimizations. * PromQL: Make aggregations deterministic in instant queries. * Rules: Add the ability to limit number of alerts or series. * SD: Experimental discovery manager to avoid restarts upon reload. * UI: Debounce timerange setting changes. * Remote Write: Redact remote write URL when used for metric label. * UI: Redact remote write URL and proxy URL passwords in the /config page. * Scrape: Add --scrape.timestamp-tolerance flag to adjust scrape timestamp tolerance when enabled via `--scrape.adjust-timestamps`. * Remote Write: Improve throughput when sending exemplars. * TSDB: Optimise WAL loading by removing extra map and caching min-time * promtool: Speed up checking for duplicate rules. * Scrape: Reduce allocations when parsing the metrics. * docker_sd: Support host network mode * Reduce blocking of outgoing remote write requests from series garbage collection. * Improve write-ahead-log decoding performance. * Improve append performance in TSDB by reducing mutexes usage. * Allow configuring max_samples_per_send for remote write metadata. * Add `__meta_gce_interface_ipv4_<name>` meta label to GCE discovery. * Add `__meta_ec2_availability_zone_id` meta label to EC2 discovery. * Add `__meta_azure_machine_computer_name` meta label to Azure discovery. * Add `__meta_hetzner_hcloud_labelpresent_<labelname>` meta label to Hetzner discovery. * promtool: Add compaction efficiency to promtool tsdb analyze reports. * promtool: Allow configuring max block duration for backfilling via `--max-block-duration` flag. * UI: Add sorting and filtering to flags page. * UI: Improve alerts page rendering performance. * Promtool: Allow silencing output when importing / backfilling data. * Consul SD: Support reading tokens from file. * Rules: Add a new .ExternalURL alert field templating variable, containing the external URL of the Prometheus server. * Scrape: Add experimental body_size_limit scrape configuration setting to limit the allowed response body size for target scrapes. * Kubernetes SD: Add ingress class name label for ingress discovery. * UI: Show a startup screen with progress bar when the TSDB is not ready yet. * SD: Add a target creation failure counter `prometheus_target_sync_failed_total` and improve target creation failure handling. * TSDB: Improve validation of exemplar label set length. * TSDB: Add a prometheus_tsdb_clean_start metric that indicates whether a TSDB lockfile from a previous run still existed upon startup. golang-github-prometheus-prometheus-2.32.1-4.3.2.src.rpm golang-github-prometheus-prometheus-2.32.1-4.3.2.x86_64.rpm golang-github-prometheus-prometheus-2.32.1-4.3.2.s390x.rpm golang-github-prometheus-prometheus-2.32.1-4.3.2.ppc64le.rpm golang-github-prometheus-prometheus-2.32.1-4.3.2.aarch64.rpm openSUSE-SLE-15.4-2022-724 important SUSE Updates openSUSE-SLE 15.4 This update for go1.16 fixes the following issues: - CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838). - CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835). - CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834). The following non-security bugs were fixed: - go#50977 crypto/elliptic: IsOnCurve returns true for invalid field elements - go#50700 math/big: Rat.SetString may consume large amount of RAM and crash - go#50686 cmd/go: do not treat branches with semantic-version names as releases - go#50866 cmd/compile: incorrect use of CMN on arm64 - go#50832 runtime/race: NoRaceMutexPureHappensBefore failures - go#50811 cmd/go: remove bitbucket VCS probing - go#50780 runtime: incorrect frame information in traceback traversal may hang the process. - go#50721 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error - go#50682 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg - go#50645 testing: surprising interaction of subtests with TempDir - go#50585 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch - go#50245 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of "plugin" Package go1.16-1.16.14-1.43.1.src.rpm go1.16-1.16.14-1.43.1.x86_64.rpm go1.16-doc-1.16.14-1.43.1.x86_64.rpm go1.16-race-1.16.14-1.43.1.x86_64.rpm go1.16-1.16.14-1.43.1.s390x.rpm go1.16-doc-1.16.14-1.43.1.s390x.rpm go1.16-1.16.14-1.43.1.ppc64le.rpm go1.16-doc-1.16.14-1.43.1.ppc64le.rpm go1.16-1.16.14-1.43.1.aarch64.rpm go1.16-doc-1.16.14-1.43.1.aarch64.rpm go1.16-race-1.16.14-1.43.1.aarch64.rpm openSUSE-SLE-15.4-2022-723 important SUSE Updates openSUSE-SLE 15.4 This update for go1.17 fixes the following issues: - CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838). - CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835). - CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834). The following non-security bugs were fixed: - go#50978 crypto/elliptic: IsOnCurve returns true for invalid field elements - go#50701 math/big: Rat.SetString may consume large amount of RAM and crash - go#50687 cmd/go: do not treat branches with semantic-version names as releases - go#50942 cmd/asm: "compile: loop" compiler bug? - go#50867 cmd/compile: incorrect use of CMN on arm64 - go#50812 cmd/go: remove bitbucket VCS probing - go#50781 runtime: incorrect frame information in traceback traversal may hang the process. - go#50722 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error - go#50683 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg - go#50586 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch - go#50297 cmd/link: does not set section type of .init_array correctly - go#50246 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of "plugin" Package go1.17-1.17.7-1.20.1.src.rpm go1.17-1.17.7-1.20.1.x86_64.rpm go1.17-doc-1.17.7-1.20.1.x86_64.rpm go1.17-race-1.17.7-1.20.1.x86_64.rpm go1.17-1.17.7-1.20.1.s390x.rpm go1.17-doc-1.17.7-1.20.1.s390x.rpm go1.17-1.17.7-1.20.1.ppc64le.rpm go1.17-doc-1.17.7-1.20.1.ppc64le.rpm go1.17-1.17.7-1.20.1.aarch64.rpm go1.17-doc-1.17.7-1.20.1.aarch64.rpm go1.17-race-1.17.7-1.20.1.aarch64.rpm openSUSE-SLE-15.4-2022-704 important SUSE Updates openSUSE-SLE 15.4 This update for nodejs8 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). nodejs8-8.17.0-10.19.2.src.rpm nodejs8-8.17.0-10.19.2.x86_64.rpm nodejs8-devel-8.17.0-10.19.2.x86_64.rpm nodejs8-docs-8.17.0-10.19.2.noarch.rpm npm8-8.17.0-10.19.2.x86_64.rpm nodejs8-8.17.0-10.19.2.s390x.rpm nodejs8-devel-8.17.0-10.19.2.s390x.rpm npm8-8.17.0-10.19.2.s390x.rpm nodejs8-8.17.0-10.19.2.ppc64le.rpm nodejs8-devel-8.17.0-10.19.2.ppc64le.rpm npm8-8.17.0-10.19.2.ppc64le.rpm nodejs8-8.17.0-10.19.2.aarch64.rpm nodejs8-devel-8.17.0-10.19.2.aarch64.rpm npm8-8.17.0-10.19.2.aarch64.rpm openSUSE-SLE-15.4-2022-705 important SUSE Updates openSUSE-SLE 15.4 This update for webkit2gtk3 fixes the following issues: Update to version 2.34.6 (bsc#1196133): - CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution. Update to version 2.34.5 (bsc#1195735): - CVE-2022-22589: A validation issue was addressed with improved input sanitization. - CVE-2022-22590: A use after free issue was addressed with improved memory management. - CVE-2022-22592: A logic issue was addressed with improved state management. Update to version 2.34.4 (bsc#1195064): - CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling. - CVE-2021-30936: A use after free issue was addressed with improved memory management. - CVE-2021-30951: A use after free issue was addressed with improved memory management. - CVE-2021-30952: An integer overflow was addressed with improved input validation. - CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking. - CVE-2021-30954: A type confusion issue was addressed with improved memory handling. - CVE-2021-30984: A race condition was addressed with improved state handling. - CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation. The following CVEs were addressed in a previous update: - CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create. - CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild. - CVE-2021-45483: A use-after-free in WebCore::Frame::page. libwebkit2gtk3-lang-2.34.6-29.1.noarch.rpm webkit2gtk3-2.34.6-29.1.src.rpm openSUSE-SLE-15.4-2022-657 important SUSE Updates openSUSE-SLE 15.4 This update for nodejs12 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). nodejs12-12.22.10-4.29.3.src.rpm nodejs12-12.22.10-4.29.3.x86_64.rpm nodejs12-devel-12.22.10-4.29.3.x86_64.rpm nodejs12-docs-12.22.10-4.29.3.noarch.rpm npm12-12.22.10-4.29.3.x86_64.rpm nodejs12-12.22.10-4.29.3.s390x.rpm nodejs12-devel-12.22.10-4.29.3.s390x.rpm npm12-12.22.10-4.29.3.s390x.rpm nodejs12-12.22.10-4.29.3.ppc64le.rpm nodejs12-devel-12.22.10-4.29.3.ppc64le.rpm npm12-12.22.10-4.29.3.ppc64le.rpm nodejs12-12.22.10-4.29.3.aarch64.rpm nodejs12-devel-12.22.10-4.29.3.aarch64.rpm npm12-12.22.10-4.29.3.aarch64.rpm openSUSE-SLE-15.4-2022-722 important SUSE Updates openSUSE-SLE 15.4 This update for wireshark fixes the following issues: Update to Wireshark 3.6.2: - CVE-2022-0586: RTMPT dissector infinite loop (bsc#1195866) - CVE-2022-0585: Large loops in multiple dissectors (bsc#1195867) - CVE-2022-0583: PVFS dissector crash (bsc#1195868) - CVE-2022-0582: CSN.1 dissector crash (bsc#1195869) - CVE-2022-0581: CMS dissector crash (bsc#1195870) libwireshark15-3.6.2-3.71.1.x86_64.rpm libwiretap12-3.6.2-3.71.1.x86_64.rpm libwsutil13-3.6.2-3.71.1.x86_64.rpm wireshark-3.6.2-3.71.1.src.rpm wireshark-3.6.2-3.71.1.x86_64.rpm wireshark-devel-3.6.2-3.71.1.x86_64.rpm wireshark-ui-qt-3.6.2-3.71.1.x86_64.rpm libwireshark15-3.6.2-3.71.1.s390x.rpm libwiretap12-3.6.2-3.71.1.s390x.rpm libwsutil13-3.6.2-3.71.1.s390x.rpm wireshark-3.6.2-3.71.1.s390x.rpm wireshark-devel-3.6.2-3.71.1.s390x.rpm wireshark-ui-qt-3.6.2-3.71.1.s390x.rpm libwireshark15-3.6.2-3.71.1.ppc64le.rpm libwiretap12-3.6.2-3.71.1.ppc64le.rpm libwsutil13-3.6.2-3.71.1.ppc64le.rpm wireshark-3.6.2-3.71.1.ppc64le.rpm wireshark-devel-3.6.2-3.71.1.ppc64le.rpm wireshark-ui-qt-3.6.2-3.71.1.ppc64le.rpm libwireshark15-3.6.2-3.71.1.aarch64.rpm libwiretap12-3.6.2-3.71.1.aarch64.rpm libwsutil13-3.6.2-3.71.1.aarch64.rpm wireshark-3.6.2-3.71.1.aarch64.rpm wireshark-devel-3.6.2-3.71.1.aarch64.rpm wireshark-ui-qt-3.6.2-3.71.1.aarch64.rpm openSUSE-SLE-15.4-2022-715 important SUSE Updates openSUSE-SLE 15.4 This update for nodejs14 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). nodejs14-14.19.0-15.27.1.src.rpm nodejs14-14.19.0-15.27.1.x86_64.rpm nodejs14-devel-14.19.0-15.27.1.x86_64.rpm nodejs14-docs-14.19.0-15.27.1.noarch.rpm npm14-14.19.0-15.27.1.x86_64.rpm nodejs14-14.19.0-15.27.1.s390x.rpm nodejs14-devel-14.19.0-15.27.1.s390x.rpm npm14-14.19.0-15.27.1.s390x.rpm nodejs14-14.19.0-15.27.1.ppc64le.rpm nodejs14-devel-14.19.0-15.27.1.ppc64le.rpm npm14-14.19.0-15.27.1.ppc64le.rpm nodejs14-14.19.0-15.27.1.aarch64.rpm nodejs14-devel-14.19.0-15.27.1.aarch64.rpm npm14-14.19.0-15.27.1.aarch64.rpm openSUSE-SLE-15.4-2022-559 important SUSE Updates openSUSE-SLE 15.4 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 91.6.1 / MFSA 2022-07 (bsc#1196072) * CVE-2022-0566 (bmo#1753094) Crafted email could trigger an out-of-bounds write - Mozilla Thunderbird 91.6 / MFSA 2022-06 (bsc#1195682) * CVE-2022-22753 (bmo#1732435) Privilege Escalation to SYSTEM on Windows via Maintenance Service * CVE-2022-22754 (bmo#1750565) Extensions could have bypassed permission confirmation during update * CVE-2022-22756 (bmo#1317873) Drag and dropping an image could have resulted in the dropped object being an executable * CVE-2022-22759 (bmo#1739957) Sandboxed iframes could have executed script if the parent appended elements * CVE-2022-22760 (bmo#1740985, bmo#1748503) Cross-Origin responses could be distinguished between script and non-script content-types * CVE-2022-22761 (bmo#1745566) frame-ancestors Content Security Policy directive was not enforced for framed extension pages * CVE-2022-22763 (bmo#1740534) Script Execution during invalid object state * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545, bmo#1748210, bmo#1748279) Memory safety bugs fixed in Thunderbird 91.6 MozillaThunderbird-91.6.1-8.54.1.src.rpm MozillaThunderbird-91.6.1-8.54.1.x86_64.rpm MozillaThunderbird-translations-common-91.6.1-8.54.1.x86_64.rpm MozillaThunderbird-translations-other-91.6.1-8.54.1.x86_64.rpm MozillaThunderbird-91.6.1-8.54.1.s390x.rpm MozillaThunderbird-translations-common-91.6.1-8.54.1.s390x.rpm MozillaThunderbird-translations-other-91.6.1-8.54.1.s390x.rpm MozillaThunderbird-91.6.1-8.54.1.ppc64le.rpm MozillaThunderbird-translations-common-91.6.1-8.54.1.ppc64le.rpm MozillaThunderbird-translations-other-91.6.1-8.54.1.ppc64le.rpm MozillaThunderbird-91.6.1-8.54.1.aarch64.rpm MozillaThunderbird-translations-common-91.6.1-8.54.1.aarch64.rpm MozillaThunderbird-translations-other-91.6.1-8.54.1.aarch64.rpm openSUSE-SLE-15.4-2022-739 moderate SUSE Updates openSUSE-SLE 15.4 This update for mdadm fixes the following issues: - Monitor: print message before quit for no array to monitor (bsc#1183229) mdadm-4.1-150300.24.9.1.src.rpm mdadm-4.1-150300.24.9.1.x86_64.rpm mdadm-4.1-150300.24.9.1.s390x.rpm mdadm-4.1-150300.24.9.1.ppc64le.rpm mdadm-4.1-150300.24.9.1.aarch64.rpm openSUSE-SLE-15.4-2022-743 important SUSE Updates openSUSE-SLE 15.4 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). cyrus-sasl-2.1.27-150300.4.6.1.src.rpm cyrus-sasl-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-32bit-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-bdb-2.1.27-150300.4.6.1.src.rpm cyrus-sasl-bdb-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-bdb-crammd5-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-bdb-devel-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-bdb-digestmd5-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-bdb-gs2-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-bdb-gssapi-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-bdb-ntlm-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-bdb-otp-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-bdb-plain-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-bdb-scram-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-crammd5-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-crammd5-32bit-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-devel-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-devel-32bit-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-digestmd5-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-digestmd5-32bit-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-gs2-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-gssapi-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-gssapi-32bit-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-ldap-auxprop-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-ldap-auxprop-32bit-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-ldap-auxprop-bdb-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-ntlm-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-otp-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-otp-32bit-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-plain-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-plain-32bit-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-saslauthd-2.1.27-150300.4.6.1.src.rpm cyrus-sasl-saslauthd-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-saslauthd-bdb-2.1.27-150300.4.6.1.src.rpm cyrus-sasl-saslauthd-bdb-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-scram-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-sqlauxprop-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-sqlauxprop-32bit-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-sqlauxprop-bdb-2.1.27-150300.4.6.1.x86_64.rpm libsasl2-3-2.1.27-150300.4.6.1.x86_64.rpm libsasl2-3-32bit-2.1.27-150300.4.6.1.x86_64.rpm cyrus-sasl-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-bdb-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-bdb-crammd5-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-bdb-devel-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-bdb-digestmd5-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-bdb-gs2-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-bdb-gssapi-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-bdb-ntlm-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-bdb-otp-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-bdb-plain-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-bdb-scram-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-crammd5-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-devel-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-digestmd5-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-gs2-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-gssapi-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-ldap-auxprop-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-ldap-auxprop-bdb-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-ntlm-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-otp-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-plain-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-saslauthd-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-saslauthd-bdb-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-scram-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-sqlauxprop-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-sqlauxprop-bdb-2.1.27-150300.4.6.1.s390x.rpm libsasl2-3-2.1.27-150300.4.6.1.s390x.rpm cyrus-sasl-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-bdb-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-bdb-crammd5-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-bdb-devel-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-bdb-digestmd5-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-bdb-gs2-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-bdb-gssapi-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-bdb-ntlm-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-bdb-otp-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-bdb-plain-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-bdb-scram-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-crammd5-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-devel-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-digestmd5-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-gs2-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-gssapi-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-ldap-auxprop-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-ldap-auxprop-bdb-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-ntlm-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-otp-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-plain-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-saslauthd-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-saslauthd-bdb-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-scram-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-sqlauxprop-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-sqlauxprop-bdb-2.1.27-150300.4.6.1.ppc64le.rpm libsasl2-3-2.1.27-150300.4.6.1.ppc64le.rpm cyrus-sasl-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-bdb-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-bdb-crammd5-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-bdb-devel-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-bdb-digestmd5-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-bdb-gs2-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-bdb-gssapi-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-bdb-ntlm-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-bdb-otp-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-bdb-plain-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-bdb-scram-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-crammd5-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-devel-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-digestmd5-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-gs2-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-gssapi-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-ldap-auxprop-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-ldap-auxprop-bdb-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-ntlm-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-otp-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-plain-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-saslauthd-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-saslauthd-bdb-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-scram-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-sqlauxprop-2.1.27-150300.4.6.1.aarch64.rpm cyrus-sasl-sqlauxprop-bdb-2.1.27-150300.4.6.1.aarch64.rpm libsasl2-3-2.1.27-150300.4.6.1.aarch64.rpm openSUSE-SLE-15.4-2022-726 important SUSE Updates openSUSE-SLE 15.4 This update for mariadb fixes the following issues: - Update to 10.4.24 (bsc#1196016): * 10.4.24: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668 CVE-2021-46663 * 10.4.23: CVE-2022-24052 CVE-2022-24051 CVE-2022-24050 CVE-2022-24048 CVE-2021-46659, bsc#1195339 - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: CVE-2021-46658, bsc#1195334 CVE-2021-46657, bsc#1195325 mariadb-10.4.24-3.25.1.src.rpm mariadb-galera-10.4.24-3.25.1.x86_64.rpm mariadb-galera-10.4.24-3.25.1.s390x.rpm mariadb-galera-10.4.24-3.25.1.ppc64le.rpm mariadb-galera-10.4.24-3.25.1.aarch64.rpm openSUSE-SLE-15.4-2022-725 important SUSE Updates openSUSE-SLE 15.4 This update for mariadb fixes the following issues: - Update to 10.2.43 (bsc#1196016): 10.2.43: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668 CVE-2021-46663 10.2.42: CVE-2022-24052 CVE-2022-24051 CVE-2022-24050 CVE-2022-24048 CVE-2021-46659, bsc#1195339 - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: CVE-2021-46658, bsc#1195334 CVE-2021-46657, bsc#1195325 libmysqld-devel-10.2.43-3.51.1.x86_64.rpm libmysqld19-10.2.43-3.51.1.x86_64.rpm mariadb-10.2.43-3.51.1.src.rpm libmysqld-devel-10.2.43-3.51.1.s390x.rpm libmysqld19-10.2.43-3.51.1.s390x.rpm libmysqld-devel-10.2.43-3.51.1.ppc64le.rpm libmysqld19-10.2.43-3.51.1.ppc64le.rpm libmysqld-devel-10.2.43-3.51.1.aarch64.rpm libmysqld19-10.2.43-3.51.1.aarch64.rpm openSUSE-SLE-15.4-2022-736 important SUSE Updates openSUSE-SLE 15.4 This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570). - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893). - CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481). - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294). - CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298). - CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556). - CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066). - CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126). - CVE-2022-0361: Fixed buffer overflow (bsc#1195126). - CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356). gvim-8.0.1568-5.17.1.x86_64.rpm vim-8.0.1568-5.17.1.src.rpm vim-8.0.1568-5.17.1.x86_64.rpm vim-data-8.0.1568-5.17.1.noarch.rpm vim-data-common-8.0.1568-5.17.1.noarch.rpm vim-small-8.0.1568-5.17.1.x86_64.rpm gvim-8.0.1568-5.17.1.s390x.rpm vim-8.0.1568-5.17.1.s390x.rpm vim-small-8.0.1568-5.17.1.s390x.rpm gvim-8.0.1568-5.17.1.ppc64le.rpm vim-8.0.1568-5.17.1.ppc64le.rpm vim-small-8.0.1568-5.17.1.ppc64le.rpm gvim-8.0.1568-5.17.1.aarch64.rpm vim-8.0.1568-5.17.1.aarch64.rpm vim-small-8.0.1568-5.17.1.aarch64.rpm openSUSE-SLE-15.4-2022-658 moderate SUSE Updates openSUSE-SLE 15.4 This update for mysql-connector-java fixes the following issues: - CVE-2021-2471: Fixed unauthorized access to critical data or complete access to all MySQL Connectors (bsc#1195557). mysql-connector-java-5.1.47-3.6.1.noarch.rpm mysql-connector-java-5.1.47-3.6.1.src.rpm openSUSE-SLE-15.4-2022-735 important SUSE Updates openSUSE-SLE 15.4 This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion (bsc#1196435). - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEGED option (bsc#1163882). zsh-5.6-7.5.1.src.rpm zsh-5.6-7.5.1.x86_64.rpm zsh-htmldoc-5.6-7.5.1.x86_64.rpm zsh-5.6-7.5.1.s390x.rpm zsh-htmldoc-5.6-7.5.1.s390x.rpm zsh-5.6-7.5.1.ppc64le.rpm zsh-htmldoc-5.6-7.5.1.ppc64le.rpm zsh-5.6-7.5.1.aarch64.rpm zsh-htmldoc-5.6-7.5.1.aarch64.rpm openSUSE-SLE-15.4-2022-682 important SUSE Updates openSUSE-SLE 15.4 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.6 (bsc#1195095, bsc#1195096) - Include cloud-init logs whenever they are present - Update the packages we track in AWS, Azure, and Google - Include the ecs logs for AWS ECS instances supportutils-plugin-suse-public-cloud-1.0.6-3.9.1.noarch.rpm supportutils-plugin-suse-public-cloud-1.0.6-3.9.1.src.rpm openSUSE-SLE-15.4-2022-768 important SUSE Updates openSUSE-SLE 15.4 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: - crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). kernel-debug-4.12.14-197.108.1.nosrc.rpm True kernel-debug-base-4.12.14-197.108.1.x86_64.rpm True kernel-default-4.12.14-197.108.1.nosrc.rpm True kernel-kvmsmall-4.12.14-197.108.1.nosrc.rpm True kernel-kvmsmall-base-4.12.14-197.108.1.x86_64.rpm True kernel-vanilla-4.12.14-197.108.1.nosrc.rpm True kernel-vanilla-4.12.14-197.108.1.x86_64.rpm True kernel-vanilla-base-4.12.14-197.108.1.x86_64.rpm True kernel-vanilla-devel-4.12.14-197.108.1.x86_64.rpm True kernel-vanilla-livepatch-devel-4.12.14-197.108.1.x86_64.rpm True kernel-default-man-4.12.14-197.108.1.s390x.rpm True kernel-vanilla-4.12.14-197.108.1.s390x.rpm True kernel-vanilla-base-4.12.14-197.108.1.s390x.rpm True kernel-vanilla-devel-4.12.14-197.108.1.s390x.rpm True kernel-vanilla-livepatch-devel-4.12.14-197.108.1.s390x.rpm True kernel-zfcpdump-4.12.14-197.108.1.nosrc.rpm True kernel-zfcpdump-man-4.12.14-197.108.1.s390x.rpm True kernel-debug-base-4.12.14-197.108.1.ppc64le.rpm True kernel-vanilla-4.12.14-197.108.1.ppc64le.rpm True kernel-vanilla-base-4.12.14-197.108.1.ppc64le.rpm True kernel-vanilla-devel-4.12.14-197.108.1.ppc64le.rpm True kernel-vanilla-livepatch-devel-4.12.14-197.108.1.ppc64le.rpm True kernel-vanilla-4.12.14-197.108.1.aarch64.rpm True kernel-vanilla-base-4.12.14-197.108.1.aarch64.rpm True kernel-vanilla-devel-4.12.14-197.108.1.aarch64.rpm True kernel-vanilla-livepatch-devel-4.12.14-197.108.1.aarch64.rpm True openSUSE-SLE-15.4-2022-720 moderate SUSE Updates openSUSE-SLE 15.4 This update for containerd fixes the following issues: - CVE-2022-23648: A specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host (bsc#1196441). containerd-1.4.12-63.1.src.rpm containerd-1.4.12-63.1.x86_64.rpm containerd-ctr-1.4.12-63.1.x86_64.rpm containerd-1.4.12-63.1.s390x.rpm containerd-ctr-1.4.12-63.1.s390x.rpm containerd-1.4.12-63.1.ppc64le.rpm containerd-ctr-1.4.12-63.1.ppc64le.rpm containerd-1.4.12-63.1.aarch64.rpm containerd-ctr-1.4.12-63.1.aarch64.rpm openSUSE-SLE-15.4-2022-760 important SUSE Updates openSUSE-SLE 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bnc#1196235 ). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). The following non-security bugs were fixed: - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ASoC: Revert "ASoC: mediatek: Check for error clk pointer" (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - Align s390 NVME target options with other architectures (bsc#1188404, jsc#SLE-22494). - Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352) - EDAC/xgene: Fix deferred probing (bsc#1178134). - HID:Add support for UGTABLET WP5540 (git-fixes). - IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes). - IB/hfi1: Fix AIP early init panic (jsc#SLE-13208). - KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (bsc#1181147). - RDMA/core: Always release restrack object (git-fixes) - RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes) - RDMA/siw: Release xarray entry (git-fixes) - RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147). - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - USB: serial: cp210x: add NCR Retail IO box id (git-fixes). - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes). - USB: serial: option: add ZTE MF286D modem (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787). - blk-mq: avoid to iterate over stale request (bsc#1193787). - blk-mq: clear stale request in tags->rq before freeing one request pool (bsc#1193787). - blk-mq: clearing flush request reference in tags->rqs (bsc#1193787). - blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787 git-fixes). - blk-mq: fix is_flush_rq (bsc#1193787 git-fixes). - blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes). - blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter (bsc#1193787). - blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787). - blk-tag: Hide spin_lock (bsc#1193787). - block: avoid double io accounting for flush request (bsc#1193787). - block: do not send a rezise udev event for hidden block device (bsc#1193096). - block: mark flush request as IDLE when it is really finished (bsc#1193787). - bonding: pair enable_port with slave_arr_updates (git-fixes). - bpf: Adjust BTF log size limit (git-fixes). - bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes). - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - btrfs: check worker before need_preemptive_reclaim (bsc#1196195). - btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195). - btrfs: do not include the global rsv size in the preemptive used amount (bsc#1196195). - btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195). - btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210). - btrfs: only clamp the first time we have to start flushing (bsc#1196195). - btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195). - btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195). - btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195). - btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195). - ceph: properly put ceph_string reference after async create attempt (bsc#1195798). - ceph: set pool_ns in new inode layout for async creates (bsc#1195799). - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339). - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339). - ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339). - gve: Add RX context (bsc#1191655). - gve: Add a jumbo-frame device option (bsc#1191655). - gve: Add consumed counts to ethtool stats (bsc#1191655). - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). - gve: Correct order of processing device options (bsc#1191655). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: Fix off by one in gve_tx_timeout() (bsc#1191655). - gve: Implement packet continuation for RX (bsc#1191655). - gve: Implement suspend/resume/shutdown (bsc#1191655). - gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). - gve: Recording rx queue before sending to napi (bsc#1191655). - gve: Recover from queue stall due to missed IRQ (bsc#1191655). - gve: Update gve_free_queue_page_list signature (bsc#1191655). - gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). - gve: fix for null pointer dereference (bsc#1191655). - gve: fix the wrong AdminQ buffer queue index check (bsc#1176940). - gve: fix unmatched u64_stats_update_end() (bsc#1191655). - gve: remove memory barrier around seqno (bsc#1191655). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - integrity: Make function integrity_add_key() static (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - integrity: double check iint_cache was initialized (git-fixes). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: pcie: fix locking when "HW not ready" (git-fixes). - iwlwifi: pcie: gen2: fix locking when "HW not ready" (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC#194674). - kABI: Fix kABI for AMD IOMMU driver (git-fixes). - kabi: Hide changes to s390/AP structures (jsc#SLE-20807). - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - md/raid5: fix oops during stripe resizing (bsc#1181588). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/mlx5e: Fix handling of wrong devices during bond netevent (jsc#SLE-15172). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - nfp: flower: fix ida_idx not being released (bsc#1154353). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012). - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: let namespace probing continue for unsupported features (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes). - s390/bpf: Fix optimizing out zero-extensions (git-fixes). - s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549). - s390/cio: verify the driver availability for path_event call (bsc#1195928 LTC#196418). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC#196088). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195081 LTC#196088). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC#195540). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028). - s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135). - s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816). - s390/uv: add prot virt guest/host indication files (jsc#SLE-22135). - s390/uv: fix prot virt host indication compilation (jsc#SLE-22135). - scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506). - scsi: core: Add limitless cmd retry support (bsc#1195506). - scsi: core: No retries on abort success (bsc#1195506). - scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506). - scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add marginal path handling support (bsc#1195506). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506). - scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195378 LTC#196244). - scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506). - staging/fbtft: Fix backlight (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: do not set gadget->is_otg flag (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: s3c: remove unused 'udc' variable (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). cluster-md-kmp-preempt-5.3.18-150300.59.54.1.x86_64.rpm True dlm-kmp-preempt-5.3.18-150300.59.54.1.x86_64.rpm True gfs2-kmp-preempt-5.3.18-150300.59.54.1.x86_64.rpm True kernel-preempt-5.3.18-150300.59.54.1.nosrc.rpm True kernel-preempt-5.3.18-150300.59.54.1.x86_64.rpm True kernel-preempt-devel-5.3.18-150300.59.54.1.x86_64.rpm True kernel-preempt-extra-5.3.18-150300.59.54.1.x86_64.rpm True kernel-preempt-livepatch-devel-5.3.18-150300.59.54.1.x86_64.rpm True kernel-preempt-optional-5.3.18-150300.59.54.1.x86_64.rpm True kselftests-kmp-preempt-5.3.18-150300.59.54.1.x86_64.rpm True ocfs2-kmp-preempt-5.3.18-150300.59.54.1.x86_64.rpm True reiserfs-kmp-preempt-5.3.18-150300.59.54.1.x86_64.rpm True cluster-md-kmp-preempt-5.3.18-150300.59.54.1.aarch64.rpm True dlm-kmp-preempt-5.3.18-150300.59.54.1.aarch64.rpm True dtb-aarch64-5.3.18-150300.59.54.1.src.rpm True dtb-al-5.3.18-150300.59.54.1.aarch64.rpm True dtb-zte-5.3.18-150300.59.54.1.aarch64.rpm True gfs2-kmp-preempt-5.3.18-150300.59.54.1.aarch64.rpm True kernel-preempt-5.3.18-150300.59.54.1.aarch64.rpm True kernel-preempt-devel-5.3.18-150300.59.54.1.aarch64.rpm True kernel-preempt-extra-5.3.18-150300.59.54.1.aarch64.rpm True kernel-preempt-livepatch-devel-5.3.18-150300.59.54.1.aarch64.rpm True kernel-preempt-optional-5.3.18-150300.59.54.1.aarch64.rpm True kselftests-kmp-preempt-5.3.18-150300.59.54.1.aarch64.rpm True ocfs2-kmp-preempt-5.3.18-150300.59.54.1.aarch64.rpm True reiserfs-kmp-preempt-5.3.18-150300.59.54.1.aarch64.rpm True