AusCERT - Security Bulletins

Subscribe to AusCERT - Security Bulletins hírcsatorna
Latest published security bulletins. See https://www.auscert.org.au/rss/ for feed information.
Frissítve: 36 perc 1 másodperc
2022. március 10.

ESB-2022.1004 - [SUSE] Linux Kernel: CVSS (Max): 7.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1004 Security update for the Linux Kernel 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-24959 CVE-2022-24448 CVE-2022-0644 CVE-2022-0617 CVE-2022-0492 CVE-2022-0487 CVE-2022-0002 CVE-2022-0001 CVE-2021-44879 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20220768-1 Comment: CVSS (Max): 7.0 CVE-2022-0492 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0768-1 Rating: important References: #1185973 #1191580 #1194516 #1195536 #1195543 #1195612 #1195840 #1195897 #1195908 #1195949 #1195987 #1196079 #1196155 #1196584 #1196612 Cross-References: CVE-2021-44879 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-24448 CVE-2022-24959 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 6 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: o CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). o CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc# 1191580). o CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) o CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). o CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). o CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/ hamradio/yam.c (bsc#1195897). o CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc# 1194516). o CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). o CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: o crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). o lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-768=1 o SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-768=1 o SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-768=1 o SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-768=1 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-768=1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-768=1 o SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-768=1 o SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-768=1 o SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. I will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): kernel-default-4.12.14-197.108.1 kernel-default-base-4.12.14-197.108.1 kernel-default-base-debuginfo-4.12.14-197.108.1 kernel-default-debuginfo-4.12.14-197.108.1 kernel-default-debugsource-4.12.14-197.108.1 kernel-default-devel-4.12.14-197.108.1 kernel-default-devel-debuginfo-4.12.14-197.108.1 kernel-obs-build-4.12.14-197.108.1 kernel-obs-build-debugsource-4.12.14-197.108.1 kernel-syms-4.12.14-197.108.1 reiserfs-kmp-default-4.12.14-197.108.1 reiserfs-kmp-default-debuginfo-4.12.14-197.108.1 o SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): kernel-devel-4.12.14-197.108.1 kernel-docs-4.12.14-197.108.1 kernel-macros-4.12.14-197.108.1 kernel-source-4.12.14-197.108.1 o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.108.1 kernel-default-base-4.12.14-197.108.1 kernel-default-base-debuginfo-4.12.14-197.108.1 kernel-default-debuginfo-4.12.14-197.108.1 kernel-default-debugsource-4.12.14-197.108.1 kernel-default-devel-4.12.14-197.108.1 kernel-default-devel-debuginfo-4.12.14-197.108.1 kernel-obs-build-4.12.14-197.108.1 kernel-obs-build-debugsource-4.12.14-197.108.1 kernel-syms-4.12.14-197.108.1 reiserfs-kmp-default-4.12.14-197.108.1 reiserfs-kmp-default-debuginfo-4.12.14-197.108.1 o SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): kernel-devel-4.12.14-197.108.1 kernel-docs-4.12.14-197.108.1 kernel-macros-4.12.14-197.108.1 kernel-source-4.12.14-197.108.1 o SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): kernel-default-man-4.12.14-197.108.1 kernel-zfcpdump-debuginfo-4.12.14-197.108.1 kernel-zfcpdump-debugsource-4.12.14-197.108.1 o SUSE Linux Enterprise Server 15-SP1-BCL (noarch): kernel-devel-4.12.14-197.108.1 kernel-docs-4.12.14-197.108.1 kernel-macros-4.12.14-197.108.1 kernel-source-4.12.14-197.108.1 o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): kernel-default-4.12.14-197.108.1 kernel-default-base-4.12.14-197.108.1 kernel-default-base-debuginfo-4.12.14-197.108.1 kernel-default-debuginfo-4.12.14-197.108.1 kernel-default-debugsource-4.12.14-197.108.1 kernel-default-devel-4.12.14-197.108.1 kernel-default-devel-debuginfo-4.12.14-197.108.1 kernel-obs-build-4.12.14-197.108.1 kernel-obs-build-debugsource-4.12.14-197.108.1 kernel-syms-4.12.14-197.108.1 reiserfs-kmp-default-4.12.14-197.108.1 reiserfs-kmp-default-debuginfo-4.12.14-197.108.1 o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.108.1 kernel-default-debugsource-4.12.14-197.108.1 kernel-default-livepatch-4.12.14-197.108.1 kernel-default-livepatch-devel-4.12.14-197.108.1 kernel-livepatch-4_12_14-197_108-default-1-3.3.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): kernel-default-4.12.14-197.108.1 kernel-default-base-4.12.14-197.108.1 kernel-default-base-debuginfo-4.12.14-197.108.1 kernel-default-debuginfo-4.12.14-197.108.1 kernel-default-debugsource-4.12.14-197.108.1 kernel-default-devel-4.12.14-197.108.1 kernel-default-devel-debuginfo-4.12.14-197.108.1 kernel-obs-build-4.12.14-197.108.1 kernel-obs-build-debugsource-4.12.14-197.108.1 kernel-syms-4.12.14-197.108.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): kernel-devel-4.12.14-197.108.1 kernel-docs-4.12.14-197.108.1 kernel-macros-4.12.14-197.108.1 kernel-source-4.12.14-197.108.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): kernel-default-4.12.14-197.108.1 kernel-default-base-4.12.14-197.108.1 kernel-default-base-debuginfo-4.12.14-197.108.1 kernel-default-debuginfo-4.12.14-197.108.1 kernel-default-debugsource-4.12.14-197.108.1 kernel-default-devel-4.12.14-197.108.1 kernel-default-devel-debuginfo-4.12.14-197.108.1 kernel-obs-build-4.12.14-197.108.1 kernel-obs-build-debugsource-4.12.14-197.108.1 kernel-syms-4.12.14-197.108.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): kernel-devel-4.12.14-197.108.1 kernel-docs-4.12.14-197.108.1 kernel-macros-4.12.14-197.108.1 kernel-source-4.12.14-197.108.1 o SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.108.1 cluster-md-kmp-default-debuginfo-4.12.14-197.108.1 dlm-kmp-default-4.12.14-197.108.1 dlm-kmp-default-debuginfo-4.12.14-197.108.1 gfs2-kmp-default-4.12.14-197.108.1 gfs2-kmp-default-debuginfo-4.12.14-197.108.1 kernel-default-debuginfo-4.12.14-197.108.1 kernel-default-debugsource-4.12.14-197.108.1 ocfs2-kmp-default-4.12.14-197.108.1 ocfs2-kmp-default-debuginfo-4.12.14-197.108.1 o SUSE Enterprise Storage 6 (aarch64 x86_64): kernel-default-4.12.14-197.108.1 kernel-default-base-4.12.14-197.108.1 kernel-default-base-debuginfo-4.12.14-197.108.1 kernel-default-debuginfo-4.12.14-197.108.1 kernel-default-debugsource-4.12.14-197.108.1 kernel-default-devel-4.12.14-197.108.1 kernel-default-devel-debuginfo-4.12.14-197.108.1 kernel-obs-build-4.12.14-197.108.1 kernel-obs-build-debugsource-4.12.14-197.108.1 kernel-syms-4.12.14-197.108.1 reiserfs-kmp-default-4.12.14-197.108.1 reiserfs-kmp-default-debuginfo-4.12.14-197.108.1 o SUSE Enterprise Storage 6 (noarch): kernel-devel-4.12.14-197.108.1 kernel-docs-4.12.14-197.108.1 kernel-macros-4.12.14-197.108.1 kernel-source-4.12.14-197.108.1 o SUSE CaaS Platform 4.0 (x86_64): kernel-default-4.12.14-197.108.1 kernel-default-base-4.12.14-197.108.1 kernel-default-base-debuginfo-4.12.14-197.108.1 kernel-default-debuginfo-4.12.14-197.108.1 kernel-default-debugsource-4.12.14-197.108.1 kernel-default-devel-4.12.14-197.108.1 kernel-default-devel-debuginfo-4.12.14-197.108.1 kernel-obs-build-4.12.14-197.108.1 kernel-obs-build-debugsource-4.12.14-197.108.1 kernel-syms-4.12.14-197.108.1 reiserfs-kmp-default-4.12.14-197.108.1 reiserfs-kmp-default-debuginfo-4.12.14-197.108.1 o SUSE CaaS Platform 4.0 (noarch): kernel-devel-4.12.14-197.108.1 kernel-docs-4.12.14-197.108.1 kernel-macros-4.12.14-197.108.1 kernel-source-4.12.14-197.108.1 References: o https://www.suse.com/security/cve/CVE-2021-44879.html o https://www.suse.com/security/cve/CVE-2022-0001.html o https://www.suse.com/security/cve/CVE-2022-0002.html o https://www.suse.com/security/cve/CVE-2022-0487.html o https://www.suse.com/security/cve/CVE-2022-0492.html o https://www.suse.com/security/cve/CVE-2022-0617.html o https://www.suse.com/security/cve/CVE-2022-0644.html o https://www.suse.com/security/cve/CVE-2022-24448.html o https://www.suse.com/security/cve/CVE-2022-24959.html o https://bugzilla.suse.com/1185973 o https://bugzilla.suse.com/1191580 o https://bugzilla.suse.com/1194516 o https://bugzilla.suse.com/1195536 o https://bugzilla.suse.com/1195543 o https://bugzilla.suse.com/1195612 o https://bugzilla.suse.com/1195840 o https://bugzilla.suse.com/1195897 o https://bugzilla.suse.com/1195908 o https://bugzilla.suse.com/1195949 o https://bugzilla.suse.com/1195987 o https://bugzilla.suse.com/1196079 o https://bugzilla.suse.com/1196155 o https://bugzilla.suse.com/1196584 o https://bugzilla.suse.com/1196612 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYiluuONLKJtyKPYoAQhHiA/8Dt7jl2XRw9+y0uHTSZHhoEcGiRxyVqbE 4QVgYZXZbaF4Z2vUW7+Z7nvuCgBjA4Rc9/XfjsTVHSJJXUbrW5m7HlYSgiMvGBhL d8gmBTmgSbsGvelOdMi3PggEm/9+GC2+21A9GkaGnHbfeU5ZWzw7PL9Je8n97Sc4 T/ICd149VEBknri7CvkYJ1fYhdzffKqLyv0aJHqJ7Hl9SEec72qtl7s/3H5UdJxT O1+JzNngqEICWD8yNKjq7vDVl9hck//pgGNAJ9A+K+qDO+aMG7YNHGOjTXtRPLBU j0YqX8m/C0lITfbp8QJYCBzhhhQAXec8VeyXLa5Dec13RKsNcmjDfOeNbPXUqzcX FD4TQfIzGj8nnHEx85XvdSMwQQgjWVHDJvu9q2NQyeEzCrfRxo8s9FxNof85Waaa wgca+DL4EdAF39gLCS+UUXQgSydsfG82yjExHqp6/fXMi0sg7BVhJd4IJndDU53c 2xPC04rJyOCzm5e36lOvPNPmv2u7akkHEDEKw1pgruKkKBtbyaKuq2gqVCkoUAGo BNKKQ2d6/srGj5v7DKu9tuepBaj6k52L1eN4IoVCbbMIlVWnID5+n/WJJZRJK0aD bdBFlXvIoqq103VZDigf/dnGXSig+xT2luSRTKLakDs1BNK8VFREcZlbOpVHQ7ZE ec33BvybB1A= =ox2Q -----END PGP SIGNATURE-----
2022. március 10.

ESB-2022.1003 - [SUSE] libcaca: CVSS (Max): 9.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1003 Security update for libcaca 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libcaca Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2021-30499 CVE-2021-30498 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20220769-1 Comment: CVSS (Max): 9.8 CVE-2021-30499 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for libcaca ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0769-1 Rating: important References: #1184751 #1184752 Cross-References: CVE-2021-30498 CVE-2021-30499 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libcaca fixes the following issues: o CVE-2021-30498, CVE-2021-30499: If an image has a size of 0x0, when exporting, no data is written and space is allocated for the header only, not taking into account that sprintf appends a NUL byte (bsc#1184751, bsc# 1184752). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-769=1 o SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-769=1 o SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-769=1 o SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-769=1 o SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-769=1 o SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-769=1 o SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-769=1 o SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-769=1 o SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-769=1 o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-769=1 o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-769=1 o SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-769=1 Package List: o SUSE Manager Server 4.1 (ppc64le s390x x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 o SUSE Manager Retail Branch Server 4.1 (x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 o SUSE Manager Proxy 4.1 (x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 o SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 o SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 o SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 o SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 o SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 o SUSE Enterprise Storage 7 (aarch64 x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 References: o https://www.suse.com/security/cve/CVE-2021-30498.html o https://www.suse.com/security/cve/CVE-2021-30499.html o https://bugzilla.suse.com/1184751 o https://bugzilla.suse.com/1184752 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYiluqONLKJtyKPYoAQjnLBAAhM/YAkhY+itdzox/2JCeRUbGye8qEGW+ geLMJ+Ytr5Il2vmIrLm/70iAcOyTe9yw8tcmgQ3ahv2/qtmTTfSlmIroTCstQ1je llXLj9tnx5GVh31gOGIjR7d10HiM0GeinSe5JK1YQEsmPDcHn+odBHUTsGtNLxaO zzn4mXHdrLRNHzXhxK/kPQ/G/T3SpaVHHs24wT23iVYCwJb1UwO1vsPTSas9RHKR uwNLHD74MwJphmoFxFvPfR2esy3F9HW0ui23LyKvLQBi4lzvILJqTLrPGGU4vBZ3 opON7LPuRJw/iT7l5fCJNkRc4kzDEL5vLkOYpZ6eWz5Xd7HO4Vk2RfWReXbq9XDr C3onNCRU7qDOJtjlxoFS7yWSv7g6pL/Vb/zEPjaYJqjONodBNovoSdPOppXIial0 E8ATbi9x/irbhYK6jmSPxSyvUwFA5Rn8Dp8c9VIA/sDI9GvvTKwVr8010o0N69Tl nc2Q5G05t3ZTgqmoMIIG7wEb4wwR0PTpcvn5Jaf9WtUQE4+GKVJHkCpKHPiBJHCG PdMl77bzrEIR6N5QGOC8T/IhoE6SK7uBXj782UJc1GaQQfh6e2NqdGT1SQ6AAKww hMEs/AHLH9o5K/qUrKjXNjLCxQa6qgpRrfBJIDW57dO2ymvTzqXYTP1sTffGTsa6 /Uxu4A3k1lY= =bPJv -----END PGP SIGNATURE-----
2022. március 10.

ESB-2022.1002 - [SUSE] Linux Kernel: CVSS (Max): 5.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1002 Security update for the Linux Kernel 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-0002 CVE-2022-0001 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20220764-1 Comment: CVSS (Max): 5.6 CVE-2022-0002 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0764-1 Rating: important References: #1191580 #1192483 #1195701 #1195995 #1196584 Cross-References: CVE-2022-0001 CVE-2022-0002 Affected Products: SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Module for Realtime 15-SP2 SUSE Linux Enterprise Real Time 15-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: o CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). o CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc# 1191580). The following non-security bugs were fixed: o btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). o lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). o nfsd: allow delegation state ids to be revoked and then freed (bsc# 1192483). o nfsd: allow open state ids to be revoked and then freed (bsc#1192483). o nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). o nfsd: prepare for supporting admin-revocation of state (bsc#1192483). o powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2022-764=1 o SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-764=1 Package List: o SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch): kernel-devel-rt-5.3.18-76.1 kernel-source-rt-5.3.18-76.1 o SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): cluster-md-kmp-rt-5.3.18-76.1 cluster-md-kmp-rt-debuginfo-5.3.18-76.1 dlm-kmp-rt-5.3.18-76.1 dlm-kmp-rt-debuginfo-5.3.18-76.1 gfs2-kmp-rt-5.3.18-76.1 gfs2-kmp-rt-debuginfo-5.3.18-76.1 kernel-rt-5.3.18-76.1 kernel-rt-debuginfo-5.3.18-76.1 kernel-rt-debugsource-5.3.18-76.1 kernel-rt-devel-5.3.18-76.1 kernel-rt-devel-debuginfo-5.3.18-76.1 kernel-rt_debug-5.3.18-76.1 kernel-rt_debug-debuginfo-5.3.18-76.1 kernel-rt_debug-debugsource-5.3.18-76.1 kernel-rt_debug-devel-5.3.18-76.1 kernel-rt_debug-devel-debuginfo-5.3.18-76.1 kernel-syms-rt-5.3.18-76.1 ocfs2-kmp-rt-5.3.18-76.1 ocfs2-kmp-rt-debuginfo-5.3.18-76.1 o SUSE Linux Enterprise Micro 5.0 (x86_64): kernel-rt-5.3.18-76.1 kernel-rt-debuginfo-5.3.18-76.1 kernel-rt-debugsource-5.3.18-76.1 References: o https://www.suse.com/security/cve/CVE-2022-0001.html o https://www.suse.com/security/cve/CVE-2022-0002.html o https://bugzilla.suse.com/1191580 o https://bugzilla.suse.com/1192483 o https://bugzilla.suse.com/1195701 o https://bugzilla.suse.com/1195995 o https://bugzilla.suse.com/1196584 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYilb+uNLKJtyKPYoAQgJDw/+J5MSh1yIre+XSXMb3p3ny0uBbc6yYooo t1qtXm9758Jt5/lmX9ynY1bPZx+ACHWiIZMxVMLBHV7mp6vcFnCTZbQMGa69QAI2 KObMYtka8t0Gh2FSthZyyr9z2oAY/D6xYTi6H+w+6W2/z8PvBs4lwHuSu/UvfP4w NaT1EgNENiQZWR6VrP+O/dEhPtrILxIZ7+/upsc92CBNRw2fcEucP3WPURp4jMvf GKM9/tF12hjoAoL+1mI9yLEhvmVnNyfeoX09WpEAdJYleJjGH6kkZr1ZETjZ4EOX UBporeUivlzM5UeMSNNldW34AjV8IVOFKqihZtP68haAQ3d9+ZavPv6vas4KTK4m T0qkeSf/EMN0tGnOK4Ac4kEWDn6scHINYVyT3eNDTOFyPrvY0keHIxdcJsHpQRm1 13skfvPmbPOXwk+uD1yzQLbe5AufCFV5WCv+m+wBBKV8ghgwePICNEsD7ps92isy v9n3zF7GyWqWvkOzDgNcr1wEcIxBdPuO/XTdV2PM42jICfTsSvoXtupJedkzw3AX 5Mc28MgEAUtCdTUsy4/48ZT0fUMxfK/e6dcvlRivdpVq9jnye00Xh5l+/96/Q5rF RXKjGS0izkUQub7jjiPUf1rpE7seLV04pp3UBlV/bIlb6+xjdNFGprkUFBg3Lbtv ZI6msXW/QX4= =Bx1w -----END PGP SIGNATURE-----
2022. március 10.

ESB-2022.1001 - [SUSE] Linux Kernel: CVSS (Max): 5.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1001 Security update for the Linux Kernel 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-25375 CVE-2022-0002 CVE-2022-0001 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20220763-1 Comment: CVSS (Max): 5.6 CVE-2022-0002 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0763-1 Rating: important References: #1089644 #1154353 #1157038 #1157923 #1176447 #1176940 #1178134 #1181147 #1181588 #1183872 #1187716 #1188404 #1189126 #1190812 #1190972 #1191580 #1191655 #1191741 #1192210 #1192483 #1193096 #1193233 #1193243 #1193787 #1194163 #1194967 #1195012 #1195081 #1195286 #1195352 #1195378 #1195506 #1195668 #1195701 #1195798 #1195799 #1195823 #1195928 #1195957 #1195995 #1196195 #1196235 #1196339 #1196400 #1196516 #1196584 Cross-References: CVE-2022-0001 CVE-2022-0002 CVE-2022-25375 Affected Products: SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Realtime 15-SP3 SUSE Linux Enterprise Real Time 15-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities, contains three features and has 43 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: o CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). o CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc# 1191580). o CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bnc#1196235 ). The following non-security bugs were fixed: o ACPI/IORT: Check node revision for PMCG resources (git-fixes). o ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). o ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). o ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). o ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). o ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). o ALSA: hda: Fix regression on forced probe mask option (git-fixes). o ASoC: Revert "ASoC: mediatek: Check for error clk pointer" (git-fixes). o ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). o ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). o ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). o ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). o ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). o Align s390 NVME target options with other architectures (bsc#1188404, jsc# SLE-22494). CONFIG_NVME_TARGET=m CONFIG_NVME_TARGET_PASSTHRU=y CONFIG_NVME_TARGET_LOOP=m CONFIG_NVME_TARGET_RDMA=m CONFIG_NVME_TARGET_FC=m CONFIG_NVME_TARGET_FCLOOP=m CONFIG_NVME_TARGET_TCP=m o EDAC/xgene: Fix deferred probing (bsc#1178134). o HID:Add support for UGTABLET WP5540 (git-fixes). o IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes). o IB/hfi1: Fix AIP early init panic (jsc#SLE-13208). o KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674). o NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). o PM: hibernate: Remove register_nosave_region_late() (git-fixes). o PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). o RDMA/cma: Use correct address when leaving multicast group (bsc#1181147). o RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147). o USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). o USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). o USB: serial: cp210x: add NCR Retail IO box id (git-fixes). o USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). o USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes). o USB: serial: option: add ZTE MF286D modem (git-fixes). o ata: libata-core: Disable TRIM on M88V29 (git-fixes). o ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). o blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787). o blk-mq: avoid to iterate over stale request (bsc#1193787). o blk-mq: clear stale request in tags->rq before freeing one request pool (bsc#1193787). o blk-mq: clearing flush request reference in tags->rqs (bsc#1193787). o blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787 git-fixes). o blk-mq: fix is_flush_rq (bsc#1193787 git-fixes). o blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes). o blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter (bsc#1193787). o blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787). o blk-tag: Hide spin_lock (bsc#1193787). o block: avoid double io accounting for flush request (bsc#1193787). o block: do not send a rezise udev event for hidden block device (bsc# 1193096). o block: mark flush request as IDLE when it is really finished (bsc#1193787). o bonding: pair enable_port with slave_arr_updates (git-fixes). o btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). o btrfs: check worker before need_preemptive_reclaim (bsc#1196195). o btrfs: do not do preemptive flushing if the majority is global rsv (bsc# 1196195). o btrfs: do not include the global rsv size in the preemptive used amount (bsc#1196195). o btrfs: handle preemptive delalloc flushing slightly differently (bsc# 1196195). o btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210). o btrfs: only clamp the first time we have to start flushing (bsc#1196195). o btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc# 1196195). o btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195). o btrfs: take into account global rsv in need_preemptive_reclaim (bsc# 1196195). o btrfs: use the global rsv size in the preemptive thresh calculation (bsc# 1196195). o ceph: properly put ceph_string reference after async create attempt (bsc# 1195798). o ceph: set pool_ns in new inode layout for async creates (bsc#1195799). o drm/amdgpu: fix logic inversion in check (git-fixes). o drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). o drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). o drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). o drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). o drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). o drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). o drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). o drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). o drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). o drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). o drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). o ext4: check for inconsistent extents between index and leaf block (bsc# 1194163 bsc#1196339). o ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339). o ext4: prevent partial update of the extent blocks (bsc#1194163 bsc# 1196339). o gve: Add RX context (bsc#1191655). o gve: Add a jumbo-frame device option (bsc#1191655). o gve: Add consumed counts to ethtool stats (bsc#1191655). o gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). o gve: Correct order of processing device options (bsc#1191655). o gve: Fix GFP flags when allocing pages (git-fixes). o gve: Fix off by one in gve_tx_timeout() (bsc#1191655). o gve: Implement packet continuation for RX (bsc#1191655). o gve: Implement suspend/resume/shutdown (bsc#1191655). o gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). o gve: Recording rx queue before sending to napi (bsc#1191655). o gve: Recover from queue stall due to missed IRQ (bsc#1191655). o gve: Update gve_free_queue_page_list signature (bsc#1191655). o gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). o gve: fix for null pointer dereference (bsc#1191655). o gve: fix the wrong AdminQ buffer queue index check (bsc#1176940). o gve: fix unmatched u64_stats_update_end() (bsc#1191655). o gve: remove memory barrier around seqno (bsc#1191655). o i2c: brcmstb: fix support for DSL and CM variants (git-fixes). o i40e: Fix for failed to init adminq while VF reset (git-fixes). o i40e: Fix issue when maximum queues is exceeded (git-fixes). o i40e: Fix queues reservation for XDP (git-fixes). o i40e: Increase delay to 1 s after global EMP reset (git-fixes). o i40e: fix unsigned stat widths (git-fixes). o ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). o ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). o ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). o ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). o ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). o ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). o ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). o ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). o ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). o ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). o ice: fix IPIP and SIT TSO offload (git-fixes). o ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878). o ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). o ima: Do not print policy rule with inactive LSM labels (git-fixes). o ima: Remove ima_policy file before directory (git-fixes). o integrity: Make function integrity_add_key() static (git-fixes). o integrity: check the return value of audit_log_start() (git-fixes). o integrity: double check iint_cache was initialized (git-fixes). o iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). o iommu/amd: Remove useless irq affinity notifier (git-fixes). o iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). o iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). o iommu/amd: X2apic mode: re-enable after resume (git-fixes). o iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). o iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). o iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). o iommu/iova: Fix race between FQ timeout and teardown (git-fixes). o iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). o iwlwifi: fix use-after-free (git-fixes). o iwlwifi: pcie: fix locking when "HW not ready" (git-fixes). o iwlwifi: pcie: gen2: fix locking when "HW not ready" (git-fixes). o ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). o kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC# 194674). o kABI: Fix kABI for AMD IOMMU driver (git-fixes). o kabi: Hide changes to s390/AP structures (jsc#SLE-20807). o lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). o libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). o md/raid5: fix oops during stripe resizing (bsc#1181588). o misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). o mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). o mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). o mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). o mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). o net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc #1089644 ltc#166495 ltc#165544 git-fixes). o net/mlx5e: Fix handling of wrong devices during bond netevent (jsc# SLE-15172). o net: macb: Align the dma and coherent dma masks (git-fixes). o net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447). o net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). o net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). o net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes). o net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). o nfp: flower: fix ida_idx not being released (bsc#1154353). o nfsd: allow delegation state ids to be revoked and then freed (bsc# 1192483). o nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). o nfsd: allow open state ids to be revoked and then freed (bsc#1192483). o nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). o nfsd: prepare for supporting admin-revocation of state (bsc#1192483). o nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc# 1195012). o nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). o nvme: do not return an error from nvme_configure_metadata (git-fixes). o nvme: let namespace probing continue for unsupported features (git-fixes). o powerpc/64: Move paca allocation later in boot (bsc#1190812). o powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc# 1157923 ltc#182612 git-fixes). o powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394). o powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc# 193451). o powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). o powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc #1157923 ltc#182612 git-fixes). o s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807). o s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes). o s390/bpf: Fix optimizing out zero-extensions (git-fixes). o s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549). o s390/cio: verify the driver availability for path_event call (bsc#1195928 LTC#196418). o s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC# 196088). o s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc# 1195081 LTC#196088). o s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC# 195540). o s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028). o s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135). o s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816). o s390/uv: add prot virt guest/host indication files (jsc#SLE-22135). o s390/uv: fix prot virt host indication compilation (jsc#SLE-22135). o scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc# 1195506). o scsi: core: Add limitless cmd retry support (bsc#1195506). o scsi: core: No retries on abort success (bsc#1195506). o scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506). o scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506). o scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). o scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). o scsi: qla2xxx: Add marginal path handling support (bsc#1195506). o scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). o scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). o scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). o scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). o scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). o scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). o scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). o scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). o scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). o scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). o scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). o scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc# 1195823). o scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). o scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). o scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). o scsi: qla2xxx: Remove a declaration (bsc#1195823). o scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc #1195823). o scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). o scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc# 1195823). o scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). o scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). o scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). o scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). o scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). o scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). o scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). o scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc# 1195506). o scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506). o scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). o scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195378 LTC#196244). o scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506). o staging/fbtft: Fix backlight (git-fixes). o staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). o tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). o tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). o tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). o tracing: Have traceon and traceoff trigger honor the instance (git-fixes). o tracing: Propagate is_signed to expression (git-fixes). o usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes). o usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). o usb: dwc3: do not set gadget->is_otg flag (git-fixes). o usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). o usb: f_fs: Fix use-after-free for epfile (git-fixes). o usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). o usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). o usb: gadget: s3c: remove unused 'udc' variable (git-fixes). o usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). o usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). o usb: ulpi: Call of_node_put correctly (git-fixes). o usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-763=1 o SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-763=1 Package List: o SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch): kernel-devel-rt-5.3.18-150300.79.1 kernel-source-rt-5.3.18-150300.79.1 o SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64): cluster-md-kmp-rt-5.3.18-150300.79.1 cluster-md-kmp-rt-debuginfo-5.3.18-150300.79.1 dlm-kmp-rt-5.3.18-150300.79.1 dlm-kmp-rt-debuginfo-5.3.18-150300.79.1 gfs2-kmp-rt-5.3.18-150300.79.1 gfs2-kmp-rt-debuginfo-5.3.18-150300.79.1 kernel-rt-5.3.18-150300.79.1 kernel-rt-debuginfo-5.3.18-150300.79.1 kernel-rt-debugsource-5.3.18-150300.79.1 kernel-rt-devel-5.3.18-150300.79.1 kernel-rt-devel-debuginfo-5.3.18-150300.79.1 kernel-rt_debug-debuginfo-5.3.18-150300.79.1 kernel-rt_debug-debugsource-5.3.18-150300.79.1 kernel-rt_debug-devel-5.3.18-150300.79.1 kernel-rt_debug-devel-debuginfo-5.3.18-150300.79.1 kernel-syms-rt-5.3.18-150300.79.1 ocfs2-kmp-rt-5.3.18-150300.79.1 ocfs2-kmp-rt-debuginfo-5.3.18-150300.79.1 o SUSE Linux Enterprise Micro 5.1 (x86_64): kernel-rt-5.3.18-150300.79.1 kernel-rt-debuginfo-5.3.18-150300.79.1 kernel-rt-debugsource-5.3.18-150300.79.1 References: o https://www.suse.com/security/cve/CVE-2022-0001.html o https://www.suse.com/security/cve/CVE-2022-0002.html o https://www.suse.com/security/cve/CVE-2022-25375.html o https://bugzilla.suse.com/1089644 o https://bugzilla.suse.com/1154353 o https://bugzilla.suse.com/1157038 o https://bugzilla.suse.com/1157923 o https://bugzilla.suse.com/1176447 o https://bugzilla.suse.com/1176940 o https://bugzilla.suse.com/1178134 o https://bugzilla.suse.com/1181147 o https://bugzilla.suse.com/1181588 o https://bugzilla.suse.com/1183872 o https://bugzilla.suse.com/1187716 o https://bugzilla.suse.com/1188404 o https://bugzilla.suse.com/1189126 o https://bugzilla.suse.com/1190812 o https://bugzilla.suse.com/1190972 o https://bugzilla.suse.com/1191580 o https://bugzilla.suse.com/1191655 o https://bugzilla.suse.com/1191741 o https://bugzilla.suse.com/1192210 o https://bugzilla.suse.com/1192483 o https://bugzilla.suse.com/1193096 o https://bugzilla.suse.com/1193233 o https://bugzilla.suse.com/1193243 o https://bugzilla.suse.com/1193787 o https://bugzilla.suse.com/1194163 o https://bugzilla.suse.com/1194967 o https://bugzilla.suse.com/1195012 o https://bugzilla.suse.com/1195081 o https://bugzilla.suse.com/1195286 o https://bugzilla.suse.com/1195352 o https://bugzilla.suse.com/1195378 o https://bugzilla.suse.com/1195506 o https://bugzilla.suse.com/1195668 o https://bugzilla.suse.com/1195701 o https://bugzilla.suse.com/1195798 o https://bugzilla.suse.com/1195799 o https://bugzilla.suse.com/1195823 o https://bugzilla.suse.com/1195928 o https://bugzilla.suse.com/1195957 o https://bugzilla.suse.com/1195995 o https://bugzilla.suse.com/1196195 o https://bugzilla.suse.com/1196235 o https://bugzilla.suse.com/1196339 o https://bugzilla.suse.com/1196400 o https://bugzilla.suse.com/1196516 o https://bugzilla.suse.com/1196584 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYilb9ONLKJtyKPYoAQjxZBAAjiFQ2oAKhexLsId//D6wyNXioj5SMdmw gy2sIaZx1J2jZAXISUL2DWfUZakYaiymSyXyqLfrQmStFAYoqa9yKXD4EnCIKUuB 2aG31B2ROr8VH9UEoTgXrzFhPJC07Yk7lugQDHRE1dFt3ByZHcsngKcTFfAHZ1+Y 2an8frcZUbNEoQ9DbHtMZF3tMGpwL6sNV4i0D0vRQbpxku8IBppI+4kpoGBx+GOk Yj6eveGg86XtyUiR5ybtzhRups6AaMo40F9mOyGKv5nl2vwn2dJc6+ulU37ykIYn acj340s/X6aGUD7NyhsyNgMJS6sT7qEcCyG7yR5jeg0HVxiNAr64qh4aKq8kbfTv oxZ5rjDEzzFXlqx3NQesO2XjcH6TFgh+sDRzu7/NRH5H6+idBbQ/ZTtHhg5Pi625 uOnYzImSofW+Je6Q0nxXNMEDyinKEVk1zfRv0pj9ke3zGJE1dIeox+ZQiFiYTUmQ nh2eZQQFKk1c8S1M0ntMwZZy1vEAk/dNJlA8ROUHe02lPkgJX6LHTpdOVv246mLm 6wFxIcWhhcIhyeg8N7EgxxjCJo1h1C8HcGyI4drjquI4FnMWfTQ1ToKL1pvoOpw1 /W1tX1P3+xOc8zYa2kwST0qSCb0Zzq6diTY/KT9iWJR6095foFUGa5UEwzDtdfkS JdPWKRYzftE= =Nsdn -----END PGP SIGNATURE-----
2022. március 10.

ESB-2022.1000 - [SUSE] Linux Kernel: CVSS (Max): 7.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1000 Security update for the Linux Kernel 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-24448 CVE-2022-0617 CVE-2022-0492 CVE-2022-0002 CVE-2022-0001 CVE-2021-0920 CVE-2016-10905 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20220762-1 Comment: CVSS (Max): 7.8 CVE-2021-0920 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0762-1 Rating: important References: #1146312 #1185973 #1191580 #1193731 #1194463 #1195536 #1195543 #1195612 #1195908 #1195939 #1196079 #1196612 Cross-References: CVE-2016-10905 CVE-2021-0920 CVE-2022-0001 CVE-2022-0002 CVE-2022-0492 CVE-2022-0617 CVE-2022-24448 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise High Performance Computing 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 5 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: o CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). o CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc# 1191580). o CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) o CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). o CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). o CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free bug in unix_gc (bsc#1193731). o CVE-2016-10905: Fixed a use-after-free is gfs2_clear_rgrpd() and read_rindex_entry() (bsc#1146312). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-762=1 o SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-762=1 o SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-762=1 o SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-762=1 o SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-762=1 o SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2022-762=1 o HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-762=1 Package List: o SUSE OpenStack Cloud Crowbar 8 (noarch): kernel-devel-4.4.180-94.156.1 kernel-macros-4.4.180-94.156.1 kernel-source-4.4.180-94.156.1 o SUSE OpenStack Cloud Crowbar 8 (x86_64): kernel-default-4.4.180-94.156.1 kernel-default-base-4.4.180-94.156.1 kernel-default-base-debuginfo-4.4.180-94.156.1 kernel-default-debuginfo-4.4.180-94.156.1 kernel-default-debugsource-4.4.180-94.156.1 kernel-default-devel-4.4.180-94.156.1 kernel-default-kgraft-4.4.180-94.156.1 kernel-syms-4.4.180-94.156.1 kgraft-patch-4_4_180-94_156-default-1-4.3.1 kgraft-patch-4_4_180-94_156-default-debuginfo-1-4.3.1 o SUSE OpenStack Cloud 8 (noarch): kernel-devel-4.4.180-94.156.1 kernel-macros-4.4.180-94.156.1 kernel-source-4.4.180-94.156.1 o SUSE OpenStack Cloud 8 (x86_64): kernel-default-4.4.180-94.156.1 kernel-default-base-4.4.180-94.156.1 kernel-default-base-debuginfo-4.4.180-94.156.1 kernel-default-debuginfo-4.4.180-94.156.1 kernel-default-debugsource-4.4.180-94.156.1 kernel-default-devel-4.4.180-94.156.1 kernel-default-kgraft-4.4.180-94.156.1 kernel-syms-4.4.180-94.156.1 kgraft-patch-4_4_180-94_156-default-1-4.3.1 kgraft-patch-4_4_180-94_156-default-debuginfo-1-4.3.1 o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kernel-default-4.4.180-94.156.1 kernel-default-base-4.4.180-94.156.1 kernel-default-base-debuginfo-4.4.180-94.156.1 kernel-default-debuginfo-4.4.180-94.156.1 kernel-default-debugsource-4.4.180-94.156.1 kernel-default-devel-4.4.180-94.156.1 kernel-default-kgraft-4.4.180-94.156.1 kernel-syms-4.4.180-94.156.1 kgraft-patch-4_4_180-94_156-default-1-4.3.1 kgraft-patch-4_4_180-94_156-default-debuginfo-1-4.3.1 o SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): kernel-devel-4.4.180-94.156.1 kernel-macros-4.4.180-94.156.1 kernel-source-4.4.180-94.156.1 o SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.4.180-94.156.1 kernel-default-base-4.4.180-94.156.1 kernel-default-base-debuginfo-4.4.180-94.156.1 kernel-default-debuginfo-4.4.180-94.156.1 kernel-default-debugsource-4.4.180-94.156.1 kernel-default-devel-4.4.180-94.156.1 kernel-syms-4.4.180-94.156.1 o SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kernel-default-kgraft-4.4.180-94.156.1 kgraft-patch-4_4_180-94_156-default-1-4.3.1 kgraft-patch-4_4_180-94_156-default-debuginfo-1-4.3.1 o SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): kernel-devel-4.4.180-94.156.1 kernel-macros-4.4.180-94.156.1 kernel-source-4.4.180-94.156.1 o SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): kernel-default-man-4.4.180-94.156.1 o SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): kernel-default-4.4.180-94.156.1 kernel-default-base-4.4.180-94.156.1 kernel-default-base-debuginfo-4.4.180-94.156.1 kernel-default-debuginfo-4.4.180-94.156.1 kernel-default-debugsource-4.4.180-94.156.1 kernel-default-devel-4.4.180-94.156.1 kernel-syms-4.4.180-94.156.1 o SUSE Linux Enterprise Server 12-SP3-BCL (noarch): kernel-devel-4.4.180-94.156.1 kernel-macros-4.4.180-94.156.1 kernel-source-4.4.180-94.156.1 o SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.180-94.156.1 cluster-md-kmp-default-debuginfo-4.4.180-94.156.1 dlm-kmp-default-4.4.180-94.156.1 dlm-kmp-default-debuginfo-4.4.180-94.156.1 gfs2-kmp-default-4.4.180-94.156.1 gfs2-kmp-default-debuginfo-4.4.180-94.156.1 kernel-default-debuginfo-4.4.180-94.156.1 kernel-default-debugsource-4.4.180-94.156.1 ocfs2-kmp-default-4.4.180-94.156.1 ocfs2-kmp-default-debuginfo-4.4.180-94.156.1 o HPE Helion Openstack 8 (x86_64): kernel-default-4.4.180-94.156.1 kernel-default-base-4.4.180-94.156.1 kernel-default-base-debuginfo-4.4.180-94.156.1 kernel-default-debuginfo-4.4.180-94.156.1 kernel-default-debugsource-4.4.180-94.156.1 kernel-default-devel-4.4.180-94.156.1 kernel-default-kgraft-4.4.180-94.156.1 kernel-syms-4.4.180-94.156.1 kgraft-patch-4_4_180-94_156-default-1-4.3.1 kgraft-patch-4_4_180-94_156-default-debuginfo-1-4.3.1 o HPE Helion Openstack 8 (noarch): kernel-devel-4.4.180-94.156.1 kernel-macros-4.4.180-94.156.1 kernel-source-4.4.180-94.156.1 References: o https://www.suse.com/security/cve/CVE-2016-10905.html o https://www.suse.com/security/cve/CVE-2021-0920.html o https://www.suse.com/security/cve/CVE-2022-0001.html o https://www.suse.com/security/cve/CVE-2022-0002.html o https://www.suse.com/security/cve/CVE-2022-0492.html o https://www.suse.com/security/cve/CVE-2022-0617.html o https://www.suse.com/security/cve/CVE-2022-24448.html o https://bugzilla.suse.com/1146312 o https://bugzilla.suse.com/1185973 o https://bugzilla.suse.com/1191580 o https://bugzilla.suse.com/1193731 o https://bugzilla.suse.com/1194463 o https://bugzilla.suse.com/1195536 o https://bugzilla.suse.com/1195543 o https://bugzilla.suse.com/1195612 o https://bugzilla.suse.com/1195908 o https://bugzilla.suse.com/1195939 o https://bugzilla.suse.com/1196079 o https://bugzilla.suse.com/1196612 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYilb2+NLKJtyKPYoAQiGsg//R8/quzWT5WXIpwBz/a4McbB4iZ2OSBFC 244AsQH1E9A9/wpAkPwnSofidvusNmOUgG7+rNTvF7ok2MUG/AAFAepptn8dcg/m y/p0QndqnO31+cFYIwMYxvjmc1+78KcqW3zO4GLPIStr3/luF5WqJjBl6pHlbnxu BXz1KYSxUx2HjYet5Y9FctsW/uZVH/+i/AkCBwdidKM4N3ayPCQAT29ZpkoPqhfV asx3b7qjvLATBJI0HP+/fNcaC/O/fHrJnmgVE+nRAOJ0RTwb2BT+GkvyXC547v/A 9skqb9Vz7uGv6q8TWzBXfUyVFiOyhEx67DUF22E0i1maVtnz8vdN59uwbPbyjQmv NauKEZresRoqpdmMAPgOY1rXEtqVdnw7MPAUDIjASKWsMCx7+Vg3x6iYlIkVeMw0 F0tGnPMogcjCrz30E0GcVSD8Bf8yhQijzDydm/FhTvpP++JnVVY7jd6/Usq+FZei 313MERnzWN5xFDFLuUMT2X4y+JDgy31Dq6kfJqRdtJnn2sbERQGL18R0ryr6bQgB trqrvRH5hSeZKHQDQhzMe4+xxwVQQGdpZjGJTbU/KizqcyZzQzvYxm2wPHI19wIp 81ltWTRdsJYAlDRIdRst5eUQt8bYT5SHOF11xNiJONnjOmik0xWo4krIf2scaL1F IsGQlr57KhU= =Vnpv -----END PGP SIGNATURE-----
2022. március 10.

ESB-2022.0999 - [SUSE] Linux Kernel: CVSS (Max): 7.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0999 Security update for the Linux Kernel 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-24959 CVE-2022-24448 CVE-2022-0644 CVE-2022-0617 CVE-2022-0492 CVE-2022-0487 CVE-2022-0002 CVE-2022-0001 CVE-2021-45095 CVE-2021-44879 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20220765-1 Comment: CVSS (Max): 7.0 CVE-2022-0492 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0765-1 Rating: important References: #1046306 #1050244 #1089644 #1094978 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1101674 #1101816 #1103991 #1109837 #1111981 #1112374 #1114648 #1114685 #1114893 #1117495 #1118661 #1119113 #1136460 #1136461 #1157038 #1157923 #1158533 #1174852 #1185377 #1185973 #1187716 #1189126 #1191271 #1191580 #1191655 #1193857 #1193867 #1194048 #1194516 #1195080 #1195377 #1195536 #1195543 #1195612 #1195638 #1195795 #1195823 #1195840 #1195897 #1195908 #1195934 #1195949 #1195987 #1195995 #1196079 #1196155 #1196400 #1196516 #1196584 #1196612 Cross-References: CVE-2021-44879 CVE-2021-45095 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-24448 CVE-2022-24959 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 10 vulnerabilities, contains one feature and has 50 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: o CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). o CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc# 1191580). o CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) o CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). o CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). o CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/ hamradio/yam.c (bsc#1195897). o CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bsc#1193867). o CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc# 1194516). o CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). o CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: o Bluetooth: bfusb: fix division by zero in send path (git-fixes). o Bluetooth: fix the erroneous flush_work() order (git-fixes). o EDAC/xgene: Fix deferred probing (bsc#1114648). o IB/rdmavt: Validate remote_addr during loopback atomic tests (bsc#1114685). o NFSv4.x: by default serialize open/close operations (bsc#1114893 bsc# 1195934). Make this work-around optional o NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). o NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). o NFSv4: Handle case where the lookup of a directory fails (git-fixes). o NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). o PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). o RDMA/bnxt_re: Fix query SRQ failure (bsc#1050244). o RDMA/mlx5: Set user priority for DCT (bsc#1103991). o RDMA/netlink: Add __maybe_unused to static inline in C file (bsc#1046306). o Replace with an alternative fix for bsc#1185377 o crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). o cxgb4: fix eeprom len when diagnostics not implemented (bsc#1097585 bsc# 1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). o e1000e: Fix packet loss on Tiger Lake and later (bsc#1158533). o ext4: avoid trim error on fs with small groups (bsc#1191271). o fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1195795). o gve: Add RX context (bsc#1191655). o gve: Add a jumbo-frame device option (bsc#1191655). o gve: Add consumed counts to ethtool stats (bsc#1191655). o gve: Add netif_set_xps_queue call (bsc#1191655). o gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). o gve: Add rx buffer pagecnt bias (bsc#1191655). o gve: Allow pageflips on larger pages (bsc#1191655). o gve: Avoid freeing NULL pointer (bsc#1191655). o gve: Correct available tx qpl check (bsc#1191655). o gve: Correct order of processing device options (bsc#1191655). o gve: DQO: avoid unused variable warnings (bsc#1191655). o gve: Do lazy cleanup in TX path (bsc#1191655). o gve: Fix GFP flags when allocing pages (bsc#1191655). o gve: Implement packet continuation for RX (bsc#1191655). o gve: Implement suspend/resume/shutdown (bsc#1191655). o gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). o gve: Properly handle errors in gve_assign_qpl (bsc#1191655). o gve: Recording rx queue before sending to napi (bsc#1191655). o gve: Switch to use napi_complete_done (bsc#1191655). o gve: Track RX buffer allocation failures (bsc#1191655). o gve: Update gve_free_queue_page_list signature (bsc#1191655). o gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). o gve: fix for null pointer dereference (bsc#1191655). o gve: fix gve_get_stats() (bsc#1191655). o gve: fix the wrong AdminQ buffer queue index check (bsc#1191655). o gve: fix unmatched u64_stats_update_end() (bsc#1191655). o gve: remove memory barrier around seqno (bsc#1191655). o gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc# 1191655). o i40e: Fix changing previously set num_queue_pairs for PFs (bsc#1094978). o i40e: Fix correct max_pkt_size on VF RX queue (bsc#1101816 ). o i40e: Fix creation of first queue by omitting it if is not power of two (bsc#1101816). o i40e: Fix display error code in dmesg (bsc#1109837 bsc#1111981 ). o i40e: Fix for displaying message regarding NVM version (jsc#SLE-4797). o i40e: Fix freeing of uninitialized misc IRQ vector (bsc#1101816 ). o i40e: Fix ping is lost after configuring ADq on VF (bsc#1094978). o i40e: Fix pre-set max number of queues for VF (bsc#1111981 ). o i40e: Increase delay to 1 s after global EMP reset (bsc#1101816 ). o iavf: Fix limit of total number of queues to active queues of VF (bsc# 1111981). o iavf: prevent accidental free of filter structure (bsc#1111981 ). o ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). o ibmvnic: Update driver return codes (bsc#1196516 ltc#196391). o ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). o ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). o ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). o ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). o ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). o ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). o ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). o ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). o ice: Delete always true check of PF pointer (bsc#1118661 ). o ice: ignore dropped packets during init (bsc#1118661 ). o igb: Fix removal of unicast MAC filters of VFs (bsc#1117495). o ixgbevf: Require large buffers for build_skb on 82599VF (bsc#1101674). o kabi: Hide changes to s390/AP structures (jsc#SLE-20809). o lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). o mqprio: Correct stats in mqprio_dump_class_stats() (bsc#1109837). o net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc #1089644 ltc#166495 ltc#165544 git-fixes). o net: Prevent infinite while loop in skb_tx_hash() (bsc#1109837). o net: ena: Fix error handling when calculating max IO queues number (bsc# 1174852). o net: ena: Fix undefined state when tx request id is out of bounds (bsc# 1174852). o net: marvell: mvpp2: Fix the computation of shared CPUs (bsc#1119113). o net: phylink: avoid mvneta warning when setting pause parameters (bsc# 1119113). o net: usb: pegasus: Do not drop long Ethernet frames (git-fixes). o nfsd: fix use-after-free due to delegation race (git-fixes). o phylib: fix potential use-after-free (bsc#1119113). o platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (bsc# 1112374). o powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc# 1157923 ltc#182612 git-fixes). o powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394). o powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc# 193451). o powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc #1157923 ltc#182612 git-fixes). o qed: Handle management FW error (git-fixes). o qed: rdma - do not wait for resources under hw error recovery flow (bsc# 1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). o rndis_host: support Hytera digital radios (git-fixes). o s390/AP: support new dynamic AP bus size limit (jsc#SLE-20809). o s390/ap: rework crypto config info and default domain code (jsc#SLE-20809). o s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195080 LTC# 196090). o s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc# 1195080 LTC#196090). o s390/hypfs: include z/VM guests with access control group set (bsc#1195638 LTC#196354). o scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put () (git-fixes). o scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). o scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes). o scsi: nsp_cs: Check of ioremap return value (git-fixes). o scsi: qedf: Fix potential dereference of NULL pointer (git-fixes). o scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). o scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). o scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). o scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). o scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). o scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). o scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). o scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). o scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). o scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). o scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). o scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). o scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc# 1195823). o scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). o scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). o scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). o scsi: qla2xxx: Remove a declaration (bsc#1195823). o scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc #1195823). o scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). o scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc# 1195823). o scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). o scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). o scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). o scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). o scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). o scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). o scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). o scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select () (git-fixes). o scsi: ufs: Fix race conditions related to driver data (git-fixes). o scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195377 LTC#196245). o sunrpc/auth_gss: support timeout on gss upcalls (bsc#1193857). o tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). o tracing: Have traceon and traceoff trigger honor the instance (git-fixes). o usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). o usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). o xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-765=1 Package List: o SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.91.1 kernel-azure-base-4.12.14-16.91.1 kernel-azure-base-debuginfo-4.12.14-16.91.1 kernel-azure-debuginfo-4.12.14-16.91.1 kernel-azure-debugsource-4.12.14-16.91.1 kernel-azure-devel-4.12.14-16.91.1 kernel-syms-azure-4.12.14-16.91.1 o SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.91.1 kernel-source-azure-4.12.14-16.91.1 References: o https://www.suse.com/security/cve/CVE-2021-44879.html o https://www.suse.com/security/cve/CVE-2021-45095.html o https://www.suse.com/security/cve/CVE-2022-0001.html o https://www.suse.com/security/cve/CVE-2022-0002.html o https://www.suse.com/security/cve/CVE-2022-0487.html o https://www.suse.com/security/cve/CVE-2022-0492.html o https://www.suse.com/security/cve/CVE-2022-0617.html o https://www.suse.com/security/cve/CVE-2022-0644.html o https://www.suse.com/security/cve/CVE-2022-24448.html o https://www.suse.com/security/cve/CVE-2022-24959.html o https://bugzilla.suse.com/1046306 o https://bugzilla.suse.com/1050244 o https://bugzilla.suse.com/1089644 o https://bugzilla.suse.com/1094978 o https://bugzilla.suse.com/1097583 o https://bugzilla.suse.com/1097584 o https://bugzilla.suse.com/1097585 o https://bugzilla.suse.com/1097586 o https://bugzilla.suse.com/1097587 o https://bugzilla.suse.com/1097588 o https://bugzilla.suse.com/1101674 o https://bugzilla.suse.com/1101816 o https://bugzilla.suse.com/1103991 o https://bugzilla.suse.com/1109837 o https://bugzilla.suse.com/1111981 o https://bugzilla.suse.com/1112374 o https://bugzilla.suse.com/1114648 o https://bugzilla.suse.com/1114685 o https://bugzilla.suse.com/1114893 o https://bugzilla.suse.com/1117495 o https://bugzilla.suse.com/1118661 o https://bugzilla.suse.com/1119113 o https://bugzilla.suse.com/1136460 o https://bugzilla.suse.com/1136461 o https://bugzilla.suse.com/1157038 o https://bugzilla.suse.com/1157923 o https://bugzilla.suse.com/1158533 o https://bugzilla.suse.com/1174852 o https://bugzilla.suse.com/1185377 o https://bugzilla.suse.com/1185973 o https://bugzilla.suse.com/1187716 o https://bugzilla.suse.com/1189126 o https://bugzilla.suse.com/1191271 o https://bugzilla.suse.com/1191580 o https://bugzilla.suse.com/1191655 o https://bugzilla.suse.com/1193857 o https://bugzilla.suse.com/1193867 o https://bugzilla.suse.com/1194048 o https://bugzilla.suse.com/1194516 o https://bugzilla.suse.com/1195080 o https://bugzilla.suse.com/1195377 o https://bugzilla.suse.com/1195536 o https://bugzilla.suse.com/1195543 o https://bugzilla.suse.com/1195612 o https://bugzilla.suse.com/1195638 o https://bugzilla.suse.com/1195795 o https://bugzilla.suse.com/1195823 o https://bugzilla.suse.com/1195840 o https://bugzilla.suse.com/1195897 o https://bugzilla.suse.com/1195908 o https://bugzilla.suse.com/1195934 o https://bugzilla.suse.com/1195949 o https://bugzilla.suse.com/1195987 o https://bugzilla.suse.com/1195995 o https://bugzilla.suse.com/1196079 o https://bugzilla.suse.com/1196155 o https://bugzilla.suse.com/1196400 o https://bugzilla.suse.com/1196516 o https://bugzilla.suse.com/1196584 o https://bugzilla.suse.com/1196612 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYilb1eNLKJtyKPYoAQgesQ//QdrHqtlYQsyxhQE88RRoXnPcekqzBxv2 Rj12hrqD00A7LZM+1A1ZFxAmfmvKm8Vg8E5ykRYFwjJtqyCVK3F2uhImKvvgLXIA 81T94biRWDJjigMOz9nWBIGHZt1uLBpyIzVmZhrqVGUQfn6WkuCcmA9O9+MJ1/tI wuU6Wp/Xye+vSnBCnlDMdeIZK/H4Z1WLl5syk4/t2HLKCx+rLRqlRdPP16Oj+tLV Nt2Ljmg9wxoyGF7W4UDLgGJ2Y+k4vTzKRe/oLLDKZj/Fm22bS3tSc7xthVaJfyA7 rHea9E55R98MN1iL2JjKrltoprqcg+wTPFIzaNS09eoESha15Mpg59TSgxcHMVm3 4uG/e95xMtwPUYcmgci9xM2JL0EE7O6GvAEEjxOe+bQTKLb1KM+0lHMFEXHl3P6n Cy56UCzkFg0BgDXmmxGqxAYF6qoocGNyAaVvvNJgqP5qO+QxYst1NOmdFovd359T tmXYBAZ3K6rrcBsXxJBavXtHZOcq88HYLabnVtHXUTz+VkLyk8h3MI+KX0vzeTff ecAZM8v97GxZMIkof/WDjbxps6BFuRKe2l86UQldoht4LMIMTqgt5MH8FGfRdAWF r/tgOD776md1/1uTOt82/XRjDoap+XWY3OXQzM6J9BVydrb27NeDnpie1TQbOMs8 jf925Z+pJcY= =HeLU -----END PGP SIGNATURE-----
2022. március 10.

ESB-2022.0998 - [SUSE] Linux Kernel: CVSS (Max): 7.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0998 Security update for the Linux Kernel 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-24959 CVE-2022-24448 CVE-2022-0644 CVE-2022-0617 CVE-2022-0492 CVE-2022-0487 CVE-2022-0002 CVE-2022-0001 CVE-2021-44879 Reference: ESB-2022.0995 ESB-2022.0994 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20220766-1 Comment: CVSS (Max): 7.0 CVE-2022-0492 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0766-1 Rating: important References: #1107207 #1185973 #1191580 #1194516 #1195536 #1195543 #1195612 #1195840 #1195897 #1195908 #1195949 #1195987 #1196079 #1196155 #1196584 #1196612 Cross-References: CVE-2021-44879 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-24448 CVE-2022-24959 Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 7 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: o CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). o CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc# 1191580). o CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) o CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). o CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). o CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/ hamradio/yam.c (bsc#1195897). o CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc# 1194516). o CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). o CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: o crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). o hv_netvsc: fix network namespace issues with VF support (bsc#1107207). o hv_netvsc: move VF to same namespace as netvsc device (bsc#1107207). o lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-766=1 o SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-766=1 o SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-766=1 o SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-766=1 o SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-766=1 o SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-766=1 Package List: o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): kernel-default-4.12.14-150.86.1 kernel-default-base-4.12.14-150.86.1 kernel-default-debuginfo-4.12.14-150.86.1 kernel-default-debugsource-4.12.14-150.86.1 kernel-default-devel-4.12.14-150.86.1 kernel-default-devel-debuginfo-4.12.14-150.86.1 kernel-obs-build-4.12.14-150.86.1 kernel-obs-build-debugsource-4.12.14-150.86.1 kernel-syms-4.12.14-150.86.1 kernel-vanilla-base-4.12.14-150.86.1 kernel-vanilla-base-debuginfo-4.12.14-150.86.1 kernel-vanilla-debuginfo-4.12.14-150.86.1 kernel-vanilla-debugsource-4.12.14-150.86.1 reiserfs-kmp-default-4.12.14-150.86.1 reiserfs-kmp-default-debuginfo-4.12.14-150.86.1 o SUSE Linux Enterprise Server for SAP 15 (noarch): kernel-devel-4.12.14-150.86.1 kernel-docs-4.12.14-150.86.1 kernel-macros-4.12.14-150.86.1 kernel-source-4.12.14-150.86.1 o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): kernel-default-4.12.14-150.86.1 kernel-default-base-4.12.14-150.86.1 kernel-default-debuginfo-4.12.14-150.86.1 kernel-default-debugsource-4.12.14-150.86.1 kernel-default-devel-4.12.14-150.86.1 kernel-default-devel-debuginfo-4.12.14-150.86.1 kernel-obs-build-4.12.14-150.86.1 kernel-obs-build-debugsource-4.12.14-150.86.1 kernel-syms-4.12.14-150.86.1 kernel-vanilla-base-4.12.14-150.86.1 kernel-vanilla-base-debuginfo-4.12.14-150.86.1 kernel-vanilla-debuginfo-4.12.14-150.86.1 kernel-vanilla-debugsource-4.12.14-150.86.1 reiserfs-kmp-default-4.12.14-150.86.1 reiserfs-kmp-default-debuginfo-4.12.14-150.86.1 o SUSE Linux Enterprise Server 15-LTSS (noarch): kernel-devel-4.12.14-150.86.1 kernel-docs-4.12.14-150.86.1 kernel-macros-4.12.14-150.86.1 kernel-source-4.12.14-150.86.1 o SUSE Linux Enterprise Server 15-LTSS (s390x): kernel-default-man-4.12.14-150.86.1 kernel-zfcpdump-debuginfo-4.12.14-150.86.1 kernel-zfcpdump-debugsource-4.12.14-150.86.1 o SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.86.1 kernel-default-debugsource-4.12.14-150.86.1 kernel-default-livepatch-4.12.14-150.86.1 kernel-livepatch-4_12_14-150_86-default-1-1.3.1 kernel-livepatch-4_12_14-150_86-default-debuginfo-1-1.3.1 o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): kernel-default-4.12.14-150.86.1 kernel-default-base-4.12.14-150.86.1 kernel-default-debuginfo-4.12.14-150.86.1 kernel-default-debugsource-4.12.14-150.86.1 kernel-default-devel-4.12.14-150.86.1 kernel-default-devel-debuginfo-4.12.14-150.86.1 kernel-obs-build-4.12.14-150.86.1 kernel-obs-build-debugsource-4.12.14-150.86.1 kernel-syms-4.12.14-150.86.1 kernel-vanilla-base-4.12.14-150.86.1 kernel-vanilla-base-debuginfo-4.12.14-150.86.1 kernel-vanilla-debuginfo-4.12.14-150.86.1 kernel-vanilla-debugsource-4.12.14-150.86.1 o SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): kernel-devel-4.12.14-150.86.1 kernel-docs-4.12.14-150.86.1 kernel-macros-4.12.14-150.86.1 kernel-source-4.12.14-150.86.1 o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150.86.1 kernel-default-base-4.12.14-150.86.1 kernel-default-debuginfo-4.12.14-150.86.1 kernel-default-debugsource-4.12.14-150.86.1 kernel-default-devel-4.12.14-150.86.1 kernel-default-devel-debuginfo-4.12.14-150.86.1 kernel-obs-build-4.12.14-150.86.1 kernel-obs-build-debugsource-4.12.14-150.86.1 kernel-syms-4.12.14-150.86.1 kernel-vanilla-base-4.12.14-150.86.1 kernel-vanilla-base-debuginfo-4.12.14-150.86.1 kernel-vanilla-debuginfo-4.12.14-150.86.1 kernel-vanilla-debugsource-4.12.14-150.86.1 o SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): kernel-devel-4.12.14-150.86.1 kernel-docs-4.12.14-150.86.1 kernel-macros-4.12.14-150.86.1 kernel-source-4.12.14-150.86.1 o SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150.86.1 cluster-md-kmp-default-debuginfo-4.12.14-150.86.1 dlm-kmp-default-4.12.14-150.86.1 dlm-kmp-default-debuginfo-4.12.14-150.86.1 gfs2-kmp-default-4.12.14-150.86.1 gfs2-kmp-default-debuginfo-4.12.14-150.86.1 kernel-default-debuginfo-4.12.14-150.86.1 kernel-default-debugsource-4.12.14-150.86.1 ocfs2-kmp-default-4.12.14-150.86.1 ocfs2-kmp-default-debuginfo-4.12.14-150.86.1 References: o https://www.suse.com/security/cve/CVE-2021-44879.html o https://www.suse.com/security/cve/CVE-2022-0001.html o https://www.suse.com/security/cve/CVE-2022-0002.html o https://www.suse.com/security/cve/CVE-2022-0487.html o https://www.suse.com/security/cve/CVE-2022-0492.html o https://www.suse.com/security/cve/CVE-2022-0617.html o https://www.suse.com/security/cve/CVE-2022-0644.html o https://www.suse.com/security/cve/CVE-2022-24448.html o https://www.suse.com/security/cve/CVE-2022-24959.html o https://bugzilla.suse.com/1107207 o https://bugzilla.suse.com/1185973 o https://bugzilla.suse.com/1191580 o https://bugzilla.suse.com/1194516 o https://bugzilla.suse.com/1195536 o https://bugzilla.suse.com/1195543 o https://bugzilla.suse.com/1195612 o https://bugzilla.suse.com/1195840 o https://bugzilla.suse.com/1195897 o https://bugzilla.suse.com/1195908 o https://bugzilla.suse.com/1195949 o https://bugzilla.suse.com/1195987 o https://bugzilla.suse.com/1196079 o https://bugzilla.suse.com/1196155 o https://bugzilla.suse.com/1196584 o https://bugzilla.suse.com/1196612 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYilb0ONLKJtyKPYoAQjY+RAAhaazNom6d0UN2eHnmbEBAQqGnzPFtjbk +gLW66QUy1fZnvepzwwQ5xavEl9pvlVyKdiDmcpwHYJHxINTQsW/yAzshCBJGUYy iaEuQHqF5fOad6Am7q0MYXz/ICLBvOMrMJlB5Mh1xKdwK6hcw6rXaGNm/2wO9z+J uDc591qOt7n1h9t4fvvVuUKstnGrr6n8hMhI0QZFUiwRw5gn8sxQp1wgzUDwnSLa 5Evz7Ixqf1WtWH5ZlYOHkSnvIcIhY0k5F1yx7erDOz+70A2ibev5drmvGTJyFUW1 Ij7f59cvuedjBKQx6Nt1qD4C3dLKvTyEq/xvwmEG7JKWeynQ+/8yfDrhGoiDb/s6 tKwrnPvenPGaGWCIk0WX4YOOJYX44gVVCq8DbzthmSbVYOfsgVssEhKEncRLc9W4 4c/wchytpXBG9jh0xwrzza6RrJ91qbpTWNCheaTKol6IjeRG4+TwtZbI4Ggf7QxI EbT92PXjTw3oNk4yExSuFPXO/aXyzYX/RQaEyhn1yRc5mIG8NuG5zi7RvrXSZN5c w8V4Vl/EVMGYK5Gg5R9wHIWceX3myMOS9JleahfCmSbZHsGqM0Du+XTFfENlNmun +8yJMEx3xeFsjJdiawV7uJ2caBsmxlnuqoA699jo2++Co4Kg5489/cm0SSFo0Gi3 IGk0GrEuGMI= =soTy -----END PGP SIGNATURE-----
2022. március 10.

ESB-2022.0997 - [SUSE] buildah: CVSS (Max): 9.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0997 Security update for buildah 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: buildah Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2021-20206 CVE-2020-10696 CVE-2019-10214 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20220770-1 Comment: CVSS (Max): 9.0 CVE-2019-10214 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for buildah ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0770-1 Rating: moderate References: #1187812 #1192999 Cross-References: CVE-2019-10214 CVE-2020-10696 CVE-2021-20206 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes three vulnerabilities, contains one feature is now available. Description: This update for buildah fixes the following issues: buildah was updated to version 1.23.1: Update to version 1.22.3: o Update dependencies o Post-branch commit o Accept repositories on login/logout Update to version 1.22.0: o c/image, c/storage, c/common vendor before Podman 3.3 release o Proposed patch for 3399 (shadowutils) o Fix handling of --restore shadow-utils o runtime-flag (debug) test: handle old & new runc o Allow dst and destination for target in secret mounts o Multi-arch: Always push updated version-tagged img o imagebuildah.stageExecutor.prepare(): remove pseudonym check o refine dangling filter o Chown with environment variables not set should fail o Just restore protections of shadow-utils o Remove specific kernel version number requirement from install.md o Multi-arch image workflow: Make steps generic o chroot: fix environment value leakage to intermediate processes o Update nix pin with `make nixpkgs` o buildah source - create and manage source images o Update cirrus-cron notification GH workflow o Reuse code from containers/common/pkg/parse o Cirrus: Freshen VM images o Fix excludes exception begining with / or ./ o Fix syntax for --manifest example o vendor containers/common@main o Cirrus: Drop dependence on fedora-minimal o Adjust conformance-test error-message regex o Workaround appearance of differing debug messages o Cirrus: Install docker from package cache o Switch rusagelogfile to use options.Out o Turn stdio back to blocking when command finishes o Add support for default network creation o Cirrus: Updates for master->main rename o Change references from master to main o Add `--env` and `--workingdir` flags to run command o [CI:DOCS] buildah bud: spelling --ignore-file requires parameter o [CI:DOCS] push/pull: clarify supported transports o Remove unused function arguments o Create mountOptions for mount command flags o Extract version command implementation to function o Add --json flags to `mount` and `version` commands o copier.Put(): set xattrs after ownership o buildah add/copy: spelling o buildah copy and buildah add should support .containerignore o Remove unused util.StartsWithValidTransport o Fix documentation of the --format option of buildah push o Don't use alltransports.ParseImageName with known transports o man pages: clarify `rmi` removes dangling parents o [CI:DOCS] Fix links to c/image master branch o imagebuildah: use the specified logger for logging preprocessing warnings o Fix copy into workdir for a single file o Fix docs links due to branch rename o Update nix pin with `make nixpkgs` o fix(docs): typo o Move to v1.22.0-dev o Fix handling of auth.json file while in a user namespace o Add rusage-logfile flag to optionally send rusage to a file o imagebuildah: redo step logging o Add volumes to make running buildah within a container easier o Add and use a "copy" helper instead of podman load/save o Bump github.com/containers/common from 0.38.4 to 0.39.0 o containerImageRef/containerImageSource: don't buffer uncompressed layers o containerImageRef(): squashed images have no parent images o Sync. workflow across skopeo, buildah, and podman o Bump github.com/containers/storage from 1.31.1 to 1.31.2 o Bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95 o Bump to v1.21.1-dev [NO TESTS NEEDED] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-770=1 Package List: o SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): buildah-1.23.1-150300.8.3.1 References: o https://www.suse.com/security/cve/CVE-2019-10214.html o https://www.suse.com/security/cve/CVE-2020-10696.html o https://www.suse.com/security/cve/CVE-2021-20206.html o https://bugzilla.suse.com/1187812 o https://bugzilla.suse.com/1192999 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYilbyuNLKJtyKPYoAQgxYw/+MFtb2udju0KlEd5mzyWxVr1IYfqo59SW nCwKl7+vQ8j4361y2sYg9t0dgxvVQbv0g+dxxd61LkOsnconZ3qwoCjP5petntsg BnYMqUPeAdd/IGrKqY8oLA+/vnPE21ghEgI/z45X/0bxnzcLPuCpz3QRDYso6AET rKFGBmq++qqimB8FPFT8Q4TqN3edReu2W3msQmn3BVmH0X2ZN0Q6cSCs2NcQwtrR Xp3goW5BubpAYcevJxZ/F/kVk9SjoLiLSbiRfIXXv6thkjuW47X+G0I8QVD8k4TM WzFuFvGpv7tK43hzVPpgprKg+SbDPAtsfotf+7r03Kt1/JsiNaFi7rVI3zdACtkU BizYGDgisEDWEYN89lUpet+P6TACbilp+ZgLLWJHucKtnorLAo8oaMK16B5Wc/cw AlBjeLihN9c8Ca6o8vUZyt2eW3O3aqyeqkG+2xUEgJV5WLWme/Yefy9OK5U6dYcS gkGY97kDnyWR+L17CAWr33NPlSBYp3OL53J0NSOgvbnPYU+7sTZX5+lB3QbO580u 9LDH4im4BEciLTTIJdsFBTt/8XKq0kFkqPuNnvD8yP5mNstzDrH70UMGh8850iWT 8QAq0MH5I//aSR0RBeF+jlbDOr8LPFuaHz6MZuxWr2U3wXu+8ekmU6OMJJXANXpt 3Y0flIMYdgw= =eyxF -----END PGP SIGNATURE-----
2022. március 10.

ESB-2022.0996 - [SUSE] tcpdump: CVSS (Max): 5.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0996 Security update for tcpdump 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: tcpdump Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2018-16301 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20220774-1 Comment: CVSS (Max): 5.3 CVE-2018-16301 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0774-1 Rating: moderate References: #1195825 Cross-References: CVE-2018-16301 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tcpdump fixes the following issues: o CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-774=1 o SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-774=1 o SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-774=1 o SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-774=1 o SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-774=1 o SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-774=1 o SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-774=1 o SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-774=1 o SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-774=1 o SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-774=1 o SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-774=1 o SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-774=1 o SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-774=1 o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-774=1 o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-774=1 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-774=1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-774=1 o SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-774=1 o SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-774=1 o SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-774=1 o SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-774=1 o SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. I will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: o SUSE Manager Server 4.1 (ppc64le s390x x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Manager Retail Branch Server 4.1 (x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Manager Proxy 4.1 (x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Enterprise Storage 7 (aarch64 x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE Enterprise Storage 6 (aarch64 x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 o SUSE CaaS Platform 4.0 (x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 References: o https://www.suse.com/security/cve/CVE-2018-16301.html o https://bugzilla.suse.com/1195825 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYik9CeNLKJtyKPYoAQiUZw//e1FIpgqpZhwDLXq9BucGEx4+GglZWNrq yo8DKYLrzpQnmqmLn4O2VigWXhphRqbR2b3GKdq/MrnebM96QQeAlup8TrucPs2S VTQ7uIsirtiYR7c3M85m/7iAO3jr5Ekr8ciDYr+4wmauG68WCs6dTNfE0JXAE4/M x93Zz3JM31QPwPTJfJWzNVwOwawPN3q05KhTThHX4M4Gh8C7GhIEIkuRdUuLGLdF MBim6nZVHb4dFIzOKBh+277m8ZM5S/ObJwFVydFcDg9TKcYq84JBh+0Mdc9pZwa9 f2UVzOe7O03JUSkn9siVsQpcPwQH0mywu8Bj4szLWgFoiHA/hrh2fxsOlXit0Tx2 JxrD+QPTFYYXB+gJuoyWttexc+7nQEd0Et+bclm3R3w0uUCa3VHylYQz6LpsRyZ/ 7rsjtbmH0FWiFGoZZP73hK3ix4olvgidb+EjCsyG3ZMa30kmALKiQzDLL046twyt tIH3dvDs27MBILkiaX5Nj665ikGIkCS0FWYkUDMXd5viIml9DmWif2FKn9KnOjcH IgvHHjYZS53+enI4798mo/ZP/1eVc6Dbv8ZCwzKmvr9mhSeAKSLRQB2Qo+/sSC5u TpxfjwQpbXZ94IAPE5wmPDxDbi+BndB3Ca7QsdEHVSs4JIhtvJmFyzj+72t3Ka7a u/8vwH6SdUw= =Nj+U -----END PGP SIGNATURE-----
2022. március 10.

ESB-2022.0995 - [SUSE] Linux Kernel: CVSS (Max): 7.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0995 Security Update: Security update for the Linux Kernel 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-24959 CVE-2022-0644 CVE-2022-0617 CVE-2022-0492 CVE-2022-0002 CVE-2022-0001 CVE-2021-44879 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20220761-1 Comment: CVSS (Max): 7.0 CVE-2022-0492 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0761-1 Rating: important References: #1046306 #1050244 #1089644 #1094978 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1101674 #1101816 #1103991 #1109837 #1111981 #1112374 #1114648 #1114685 #1114893 #1117495 #1118661 #1119113 #1136460 #1136461 #1157038 #1157923 #1158533 #1174852 #1185973 #1187716 #1189126 #1191271 #1191580 #1191655 #1193857 #1195080 #1195377 #1195536 #1195543 #1195638 #1195795 #1195823 #1195840 #1195897 #1195908 #1195934 #1195987 #1195995 #1196079 #1196155 #1196400 #1196516 #1196584 #1196612 Cross-References: CVE-2021-44879 CVE-2022-0001 CVE-2022-0002 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-24959 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 7 vulnerabilities, contains one feature and has 47 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. o CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). o CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc# 1191580). o CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) o CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). o CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). o CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/ hamradio/yam.c (bsc#1195897). o CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). The following non-security bugs were fixed: o Bluetooth: bfusb: fix division by zero in send path (git-fixes). o EDAC/xgene: Fix deferred probing (bsc#1114648). o IB/rdmavt: Validate remote_addr during loopback atomic tests (bsc#1114685). o NFSv4.x: by default serialize open/close operations (bsc#1114893 bsc# 1195934). Make this work-around optional o NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). o NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). o NFSv4: Handle case where the lookup of a directory fails (git-fixes). o NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). o PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). o RDMA/bnxt_re: Fix query SRQ failure (bsc#1050244). o RDMA/mlx5: Set user priority for DCT (bsc#1103991). o RDMA/netlink: Add __maybe_unused to static inline in C file (bsc#1046306). o crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). o cxgb4: fix eeprom len when diagnostics not implemented (bsc#1097585 bsc# 1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). o e1000e: Fix packet loss on Tiger Lake and later (bsc#1158533). o ext4: avoid trim error on fs with small groups (bsc#1191271). o fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1195795). o gve: Add RX context (bsc#1191655). o gve: Add a jumbo-frame device option (bsc#1191655). o gve: Add consumed counts to ethtool stats (bsc#1191655). o gve: Add netif_set_xps_queue call (bsc#1191655). o gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). o gve: Add rx buffer pagecnt bias (bsc#1191655). o gve: Allow pageflips on larger pages (bsc#1191655). o gve: Avoid freeing NULL pointer (bsc#1191655). o gve: Correct available tx qpl check (bsc#1191655). o gve: Correct order of processing device options (bsc#1191655). o gve: DQO: avoid unused variable warnings (bsc#1191655). o gve: Do lazy cleanup in TX path (bsc#1191655). o gve: Fix GFP flags when allocing pages (bsc#1191655). o gve: Implement packet continuation for RX (bsc#1191655). o gve: Implement suspend/resume/shutdown (bsc#1191655). o gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). o gve: Properly handle errors in gve_assign_qpl (bsc#1191655). o gve: Recording rx queue before sending to napi (bsc#1191655). o gve: Switch to use napi_complete_done (bsc#1191655). o gve: Track RX buffer allocation failures (bsc#1191655). o gve: Update gve_free_queue_page_list signature (bsc#1191655). o gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). o gve: fix for null pointer dereference (bsc#1191655). o gve: fix gve_get_stats() (bsc#1191655). o gve: fix the wrong AdminQ buffer queue index check (bsc#1191655). o gve: fix unmatched u64_stats_update_end() (bsc#1191655). o gve: remove memory barrier around seqno (bsc#1191655). o gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc# 1191655). o i40e: Fix changing previously set num_queue_pairs for PFs (bsc#1094978). o i40e: Fix correct max_pkt_size on VF RX queue (bsc#1101816 ). o i40e: Fix creation of first queue by omitting it if is not power of two (bsc#1101816). o i40e: Fix display error code in dmesg (bsc#1109837 bsc#1111981 ). o i40e: Fix for displaying message regarding NVM version (jsc#SLE-4797). o i40e: Fix freeing of uninitialized misc IRQ vector (bsc#1101816 ). o i40e: Fix ping is lost after configuring ADq on VF (bsc#1094978). o i40e: Fix pre-set max number of queues for VF (bsc#1111981 ). o i40e: Increase delay to 1 s after global EMP reset (bsc#1101816 ). o iavf: Fix limit of total number of queues to active queues of VF (bsc# 1111981). o iavf: prevent accidental free of filter structure (bsc#1111981 ). o ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). o ibmvnic: Update driver return codes (bsc#1196516 ltc#196391). o ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). o ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). o ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). o ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). o ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). o ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). o ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). o ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). o ice: Delete always true check of PF pointer (bsc#1118661 ). o ice: ignore dropped packets during init (bsc#1118661 ). o igb: Fix removal of unicast MAC filters of VFs (bsc#1117495). o ixgbevf: Require large buffers for build_skb on 82599VF (bsc#1101674). o kabi: Hide changes to s390/AP structures (jsc#SLE-20809). o lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). o mqprio: Correct stats in mqprio_dump_class_stats() (bsc#1109837). o net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc #1089644 ltc#166495 ltc#165544 git-fixes). o net: Prevent infinite while loop in skb_tx_hash() (bsc#1109837). o net: ena: Fix error handling when calculating max IO queues number (bsc# 1174852). o net: ena: Fix undefined state when tx request id is out of bounds (bsc# 1174852). o net: marvell: mvpp2: Fix the computation of shared CPUs (bsc#1119113). o net: phylink: avoid mvneta warning when setting pause parameters (bsc# 1119113). o net: usb: pegasus: Do not drop long Ethernet frames (git-fixes). o nfsd: fix use-after-free due to delegation race (git-fixes). o phylib: fix potential use-after-free (bsc#1119113). o platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (bsc# 1112374). o powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc# 1157923 ltc#182612 git-fixes). o powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394). o powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc# 193451). o powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc #1157923 ltc#182612 git-fixes). o qed: Handle management FW error (git-fixes). o qed: rdma - do not wait for resources under hw error recovery flow (bsc# 1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). o rndis_host: support Hytera digital radios (git-fixes). o s390/AP: support new dynamic AP bus size limit (jsc#SLE-20809). o s390/ap: rework crypto config info and default domain code (jsc#SLE-20809). o s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195080 LTC# 196090). o s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc# 1195080 LTC#196090). o s390/hypfs: include z/VM guests with access control group set (bsc#1195638 LTC#196354). o scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put () (git-fixes). o scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). o scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes). o scsi: nsp_cs: Check of ioremap return value (git-fixes). o scsi: qedf: Fix potential dereference of NULL pointer (git-fixes). o scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). o scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). o scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). o scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). o scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). o scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). o scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). o scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). o scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). o scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). o scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). o scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). o scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc# 1195823). o scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). o scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). o scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). o scsi: qla2xxx: Remove a declaration (bsc#1195823). o scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc #1195823). o scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). o scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc# 1195823). o scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). o scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). o scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). o scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). o scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). o scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). o scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). o scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select () (git-fixes). o scsi: ufs: Fix race conditions related to driver data (git-fixes). o scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195377 LTC#196245). o sunrpc/auth_gss: support timeout on gss upcalls (bsc#1193857). o tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). o tracing: Have traceon and traceoff trigger honor the instance (git-fixes). o usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). o usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2022-761=1 Package List: o SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.81.1 cluster-md-kmp-rt-debuginfo-4.12.14-10.81.1 dlm-kmp-rt-4.12.14-10.81.1 dlm-kmp-rt-debuginfo-4.12.14-10.81.1 gfs2-kmp-rt-4.12.14-10.81.1 gfs2-kmp-rt-debuginfo-4.12.14-10.81.1 kernel-rt-4.12.14-10.81.1 kernel-rt-base-4.12.14-10.81.1 kernel-rt-base-debuginfo-4.12.14-10.81.1 kernel-rt-debuginfo-4.12.14-10.81.1 kernel-rt-debugsource-4.12.14-10.81.1 kernel-rt-devel-4.12.14-10.81.1 kernel-rt-devel-debuginfo-4.12.14-10.81.1 kernel-rt_debug-4.12.14-10.81.1 kernel-rt_debug-debuginfo-4.12.14-10.81.1 kernel-rt_debug-debugsource-4.12.14-10.81.1 kernel-rt_debug-devel-4.12.14-10.81.1 kernel-rt_debug-devel-debuginfo-4.12.14-10.81.1 kernel-syms-rt-4.12.14-10.81.1 ocfs2-kmp-rt-4.12.14-10.81.1 ocfs2-kmp-rt-debuginfo-4.12.14-10.81.1 o SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.81.1 kernel-source-rt-4.12.14-10.81.1 References: o https://www.suse.com/security/cve/CVE-2021-44879.html o https://www.suse.com/security/cve/CVE-2022-0001.html o https://www.suse.com/security/cve/CVE-2022-0002.html o https://www.suse.com/security/cve/CVE-2022-0492.html o https://www.suse.com/security/cve/CVE-2022-0617.html o https://www.suse.com/security/cve/CVE-2022-0644.html o https://www.suse.com/security/cve/CVE-2022-24959.html o https://bugzilla.suse.com/1046306 o https://bugzilla.suse.com/1050244 o https://bugzilla.suse.com/1089644 o https://bugzilla.suse.com/1094978 o https://bugzilla.suse.com/1097583 o https://bugzilla.suse.com/1097584 o https://bugzilla.suse.com/1097585 o https://bugzilla.suse.com/1097586 o https://bugzilla.suse.com/1097587 o https://bugzilla.suse.com/1097588 o https://bugzilla.suse.com/1101674 o https://bugzilla.suse.com/1101816 o https://bugzilla.suse.com/1103991 o https://bugzilla.suse.com/1109837 o https://bugzilla.suse.com/1111981 o https://bugzilla.suse.com/1112374 o https://bugzilla.suse.com/1114648 o https://bugzilla.suse.com/1114685 o https://bugzilla.suse.com/1114893 o https://bugzilla.suse.com/1117495 o https://bugzilla.suse.com/1118661 o https://bugzilla.suse.com/1119113 o https://bugzilla.suse.com/1136460 o https://bugzilla.suse.com/1136461 o https://bugzilla.suse.com/1157038 o https://bugzilla.suse.com/1157923 o https://bugzilla.suse.com/1158533 o https://bugzilla.suse.com/1174852 o https://bugzilla.suse.com/1185973 o https://bugzilla.suse.com/1187716 o https://bugzilla.suse.com/1189126 o https://bugzilla.suse.com/1191271 o https://bugzilla.suse.com/1191580 o https://bugzilla.suse.com/1191655 o https://bugzilla.suse.com/1193857 o https://bugzilla.suse.com/1195080 o https://bugzilla.suse.com/1195377 o https://bugzilla.suse.com/1195536 o https://bugzilla.suse.com/1195543 o https://bugzilla.suse.com/1195638 o https://bugzilla.suse.com/1195795 o https://bugzilla.suse.com/1195823 o https://bugzilla.suse.com/1195840 o https://bugzilla.suse.com/1195897 o https://bugzilla.suse.com/1195908 o https://bugzilla.suse.com/1195934 o https://bugzilla.suse.com/1195987 o https://bugzilla.suse.com/1195995 o https://bugzilla.suse.com/1196079 o https://bugzilla.suse.com/1196155 o https://bugzilla.suse.com/1196400 o https://bugzilla.suse.com/1196516 o https://bugzilla.suse.com/1196584 o https://bugzilla.suse.com/1196612 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYik83+NLKJtyKPYoAQjxdQ/+J3Hr31Adhqd0pXR8D+Sv9w0DwP4ByJN1 eUbmHloy5BPg7nja5kPpy9cy6R454+/3LDpchMOpyd9uPqQ2IWWP/lGLaExrm/zC Op4dHJxxjxOj9kb1gr+LOSrqSyc81VjqWXrmlJlsG9sShYnivKIy31ifh0n6vWHg XRBECgBFL61zZkvx+dnBlPMFdWRqh3olAUhMQP5edrm4xP1qX/kxjqs6z1L3DD1N OQBPRrEVe4+FZSTABDm89rEWq7Le7jWwD2rMRTmwaPMXQ0QIVYh5jcwaytC0PBBy UM80ubXJU+mZJQ9Wl1YTT5Tbhhh/9zQ1CqYx3xtrejcHmmJmk5Rs9Oo4W7Z+oE+g Lz1Tg+N8KeynaqtIKMsQzVpRGs82LSNhjEVQwXsrhUR7jcPWGXbffTXTLR/IVUqY keAveZe7YXhpE/gEpJU7KjEPAqpdvMRKKvAxw1oTdkppY0zHGifKvuKTWqVSXzRv Ei4CTgUwM4aqUudyhMU6qdboumzmTl2OrZ2iGoNexYeeu5Dr/ZWezX3dCS16xgW6 Vkwl5TIFSlQO/qnF/paK/+9JxswIWSlWI+6U7nnL6pl8/n+gce5z5YZwbMoX4E/A WiyD9A6eR/3IqIy7UX/VdufftLDFO42J7QupBx5Vv5t2HekSF4A16uBH2ImWGzlu 6QZZGMaXmZw= =XY+5 -----END PGP SIGNATURE-----
2022. március 10.

ESB-2022.0994 - [SUSE] Linux Kernel: CVSS (Max): 7.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0994 Security Update: Security update for the Linux Kernel 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-24959 CVE-2022-24448 CVE-2022-0644 CVE-2022-0617 CVE-2022-0492 CVE-2022-0487 CVE-2022-0002 CVE-2022-0001 CVE-2021-45095 CVE-2021-44879 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20220767-1 Comment: CVSS (Max): 7.0 CVE-2022-0492 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0767-1 Rating: important References: #1046306 #1050244 #1089644 #1094978 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1101674 #1101816 #1103991 #1109837 #1111981 #1112374 #1114648 #1114685 #1114893 #1117495 #1118661 #1119113 #1136460 #1136461 #1157038 #1157923 #1158533 #1174852 #1185377 #1185973 #1187716 #1189126 #1191271 #1191580 #1191655 #1193857 #1193867 #1194048 #1194516 #1195080 #1195377 #1195536 #1195543 #1195612 #1195638 #1195795 #1195823 #1195840 #1195897 #1195908 #1195934 #1195949 #1195987 #1195995 #1196079 #1196155 #1196400 #1196516 #1196584 #1196612 Cross-References: CVE-2021-44879 CVE-2021-45095 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-24448 CVE-2022-24959 Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that solves 10 vulnerabilities, contains one feature and has 50 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: o CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). o CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc# 1191580). o CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) o CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). o CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). o CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/ hamradio/yam.c (bsc#1195897). o CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc# 1194516). o CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). o CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). o CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bsc#1193867). The following non-security bugs were fixed: o Bluetooth: bfusb: fix division by zero in send path (git-fixes). o Bluetooth: fix the erroneous flush_work() order (git-fixes). o EDAC/xgene: Fix deferred probing (bsc#1114648). o IB/rdmavt: Validate remote_addr during loopback atomic tests (bsc#1114685). o NFSv4.x: by default serialize open/close operations (bsc#1114893 bsc# 1195934). Make this work-around optional o NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). o NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). o NFSv4: Handle case where the lookup of a directory fails (git-fixes). o NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). o PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). o RDMA/bnxt_re: Fix query SRQ failure (bsc#1050244). o RDMA/mlx5: Set user priority for DCT (bsc#1103991). o RDMA/netlink: Add __maybe_unused to static inline in C file (bsc#1046306). o Replace with an alternative fix for bsc#1185377 o crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). o cxgb4: fix eeprom len when diagnostics not implemented (bsc#1097585 bsc# 1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). o e1000e: Fix packet loss on Tiger Lake and later (bsc#1158533). o ext4: avoid trim error on fs with small groups (bsc#1191271). o fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1195795). o gve: Add RX context (bsc#1191655). o gve: Add a jumbo-frame device option (bsc#1191655). o gve: Add consumed counts to ethtool stats (bsc#1191655). o gve: Add netif_set_xps_queue call (bsc#1191655). o gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). o gve: Add rx buffer pagecnt bias (bsc#1191655). o gve: Allow pageflips on larger pages (bsc#1191655). o gve: Avoid freeing NULL pointer (bsc#1191655). o gve: Correct available tx qpl check (bsc#1191655). o gve: Correct order of processing device options (bsc#1191655). o gve: DQO: avoid unused variable warnings (bsc#1191655). o gve: Do lazy cleanup in TX path (bsc#1191655). o gve: Fix GFP flags when allocing pages (bsc#1191655). o gve: Implement packet continuation for RX (bsc#1191655). o gve: Implement suspend/resume/shutdown (bsc#1191655). o gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). o gve: Properly handle errors in gve_assign_qpl (bsc#1191655). o gve: Recording rx queue before sending to napi (bsc#1191655). o gve: Switch to use napi_complete_done (bsc#1191655). o gve: Track RX buffer allocation failures (bsc#1191655). o gve: Update gve_free_queue_page_list signature (bsc#1191655). o gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). o gve: fix for null pointer dereference (bsc#1191655). o gve: fix gve_get_stats() (bsc#1191655). o gve: fix the wrong AdminQ buffer queue index check (bsc#1191655). o gve: fix unmatched u64_stats_update_end() (bsc#1191655). o gve: remove memory barrier around seqno (bsc#1191655). o gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc# 1191655). o i40e: Fix changing previously set num_queue_pairs for PFs (bsc#1094978). o i40e: Fix correct max_pkt_size on VF RX queue (bsc#1101816 ). o i40e: Fix creation of first queue by omitting it if is not power of two (bsc#1101816). o i40e: Fix display error code in dmesg (bsc#1109837 bsc#1111981 ). o i40e: Fix for displaying message regarding NVM version (jsc#SLE-4797). o i40e: Fix freeing of uninitialized misc IRQ vector (bsc#1101816 ). o i40e: Fix ping is lost after configuring ADq on VF (bsc#1094978). o i40e: Fix pre-set max number of queues for VF (bsc#1111981 ). o i40e: Increase delay to 1 s after global EMP reset (bsc#1101816 ). o iavf: Fix limit of total number of queues to active queues of VF (bsc# 1111981). o iavf: prevent accidental free of filter structure (bsc#1111981 ). o ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). o ibmvnic: Update driver return codes (bsc#1196516 ltc#196391). o ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). o ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). o ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). o ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). o ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). o ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). o ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). o ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). o ice: Delete always true check of PF pointer (bsc#1118661 ). o ice: ignore dropped packets during init (bsc#1118661 ). o igb: Fix removal of unicast MAC filters of VFs (bsc#1117495). o ixgbevf: Require large buffers for build_skb on 82599VF (bsc#1101674). o kabi: Hide changes to s390/AP structures (jsc#SLE-20809). o lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). o mqprio: Correct stats in mqprio_dump_class_stats() (bsc#1109837). o net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc #1089644 ltc#166495 ltc#165544 git-fixes). o net: Prevent infinite while loop in skb_tx_hash() (bsc#1109837). o net: ena: Fix error handling when calculating max IO queues number (bsc# 1174852). o net: ena: Fix undefined state when tx request id is out of bounds (bsc# 1174852). o net: marvell: mvpp2: Fix the computation of shared CPUs (bsc#1119113). o net: phylink: avoid mvneta warning when setting pause parameters (bsc# 1119113). o net: usb: pegasus: Do not drop long Ethernet frames (git-fixes). o nfsd: fix use-after-free due to delegation race (git-fixes). o phylib: fix potential use-after-free (bsc#1119113). o platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (bsc# 1112374). o powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc# 1157923 ltc#182612 git-fixes). o powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394). o powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc# 193451). o powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc #1157923 ltc#182612 git-fixes). o qed: Handle management FW error (git-fixes). o qed: rdma - do not wait for resources under hw error recovery flow (bsc# 1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). o rndis_host: support Hytera digital radios (git-fixes). o s390/AP: support new dynamic AP bus size limit (jsc#SLE-20809). o s390/ap: rework crypto config info and default domain code (jsc#SLE-20809). o s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195080 LTC# 196090). o s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc# 1195080 LTC#196090). o s390/hypfs: include z/VM guests with access control group set (bsc#1195638 LTC#196354). o scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put () (git-fixes). o scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). o scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes). o scsi: nsp_cs: Check of ioremap return value (git-fixes). o scsi: qedf: Fix potential dereference of NULL pointer (git-fixes). o scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). o scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). o scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). o scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). o scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). o scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). o scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). o scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). o scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). o scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). o scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). o scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). o scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc# 1195823). o scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). o scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). o scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). o scsi: qla2xxx: Remove a declaration (bsc#1195823). o scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc #1195823). o scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). o scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc# 1195823). o scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). o scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). o scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). o scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). o scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). o scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). o scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select () (git-fixes). o scsi: ufs: Fix race conditions related to driver data (git-fixes). o scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195377 LTC#196245). o sunrpc/auth_gss: support timeout on gss upcalls (bsc#1193857). o tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). o tracing: Have traceon and traceoff trigger honor the instance (git-fixes). o usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). o usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). o xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-767=1 o SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-767=1 o SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-767=1 o SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-767=1 o SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-767=1 Package List: o SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.113.1 kernel-default-debugsource-4.12.14-122.113.1 kernel-default-extra-4.12.14-122.113.1 kernel-default-extra-debuginfo-4.12.14-122.113.1 o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.113.1 kernel-obs-build-debugsource-4.12.14-122.113.1 o SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.113.1 o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.113.1 kernel-default-base-4.12.14-122.113.1 kernel-default-base-debuginfo-4.12.14-122.113.1 kernel-default-debuginfo-4.12.14-122.113.1 kernel-default-debugsource-4.12.14-122.113.1 kernel-default-devel-4.12.14-122.113.1 kernel-syms-4.12.14-122.113.1 o SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.113.1 kernel-macros-4.12.14-122.113.1 kernel-source-4.12.14-122.113.1 o SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.113.1 o SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.113.1 o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.113.1 kernel-default-debugsource-4.12.14-122.113.1 kernel-default-kgraft-4.12.14-122.113.1 kernel-default-kgraft-devel-4.12.14-122.113.1 kgraft-patch-4_12_14-122_113-default-1-8.3.1 o SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.113.1 cluster-md-kmp-default-debuginfo-4.12.14-122.113.1 dlm-kmp-default-4.12.14-122.113.1 dlm-kmp-default-debuginfo-4.12.14-122.113.1 gfs2-kmp-default-4.12.14-122.113.1 gfs2-kmp-default-debuginfo-4.12.14-122.113.1 kernel-default-debuginfo-4.12.14-122.113.1 kernel-default-debugsource-4.12.14-122.113.1 ocfs2-kmp-default-4.12.14-122.113.1 ocfs2-kmp-default-debuginfo-4.12.14-122.113.1 References: o https://www.suse.com/security/cve/CVE-2021-44879.html o https://www.suse.com/security/cve/CVE-2021-45095.html o https://www.suse.com/security/cve/CVE-2022-0001.html o https://www.suse.com/security/cve/CVE-2022-0002.html o https://www.suse.com/security/cve/CVE-2022-0487.html o https://www.suse.com/security/cve/CVE-2022-0492.html o https://www.suse.com/security/cve/CVE-2022-0617.html o https://www.suse.com/security/cve/CVE-2022-0644.html o https://www.suse.com/security/cve/CVE-2022-24448.html o https://www.suse.com/security/cve/CVE-2022-24959.html o https://bugzilla.suse.com/1046306 o https://bugzilla.suse.com/1050244 o https://bugzilla.suse.com/1089644 o https://bugzilla.suse.com/1094978 o https://bugzilla.suse.com/1097583 o https://bugzilla.suse.com/1097584 o https://bugzilla.suse.com/1097585 o https://bugzilla.suse.com/1097586 o https://bugzilla.suse.com/1097587 o https://bugzilla.suse.com/1097588 o https://bugzilla.suse.com/1101674 o https://bugzilla.suse.com/1101816 o https://bugzilla.suse.com/1103991 o https://bugzilla.suse.com/1109837 o https://bugzilla.suse.com/1111981 o https://bugzilla.suse.com/1112374 o https://bugzilla.suse.com/1114648 o https://bugzilla.suse.com/1114685 o https://bugzilla.suse.com/1114893 o https://bugzilla.suse.com/1117495 o https://bugzilla.suse.com/1118661 o https://bugzilla.suse.com/1119113 o https://bugzilla.suse.com/1136460 o https://bugzilla.suse.com/1136461 o https://bugzilla.suse.com/1157038 o https://bugzilla.suse.com/1157923 o https://bugzilla.suse.com/1158533 o https://bugzilla.suse.com/1174852 o https://bugzilla.suse.com/1185377 o https://bugzilla.suse.com/1185973 o https://bugzilla.suse.com/1187716 o https://bugzilla.suse.com/1189126 o https://bugzilla.suse.com/1191271 o https://bugzilla.suse.com/1191580 o https://bugzilla.suse.com/1191655 o https://bugzilla.suse.com/1193857 o https://bugzilla.suse.com/1193867 o https://bugzilla.suse.com/1194048 o https://bugzilla.suse.com/1194516 o https://bugzilla.suse.com/1195080 o https://bugzilla.suse.com/1195377 o https://bugzilla.suse.com/1195536 o https://bugzilla.suse.com/1195543 o https://bugzilla.suse.com/1195612 o https://bugzilla.suse.com/1195638 o https://bugzilla.suse.com/1195795 o https://bugzilla.suse.com/1195823 o https://bugzilla.suse.com/1195840 o https://bugzilla.suse.com/1195897 o https://bugzilla.suse.com/1195908 o https://bugzilla.suse.com/1195934 o https://bugzilla.suse.com/1195949 o https://bugzilla.suse.com/1195987 o https://bugzilla.suse.com/1195995 o https://bugzilla.suse.com/1196079 o https://bugzilla.suse.com/1196155 o https://bugzilla.suse.com/1196400 o https://bugzilla.suse.com/1196516 o https://bugzilla.suse.com/1196584 o https://bugzilla.suse.com/1196612 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYik82ONLKJtyKPYoAQjngw/+PhTL5Yl7DtVVKLHc79N3y+3v5QucoK2+ /+LwYaTd5WxiG0h1uV6wotzh0SO923VyL/PnqBPFbA/m6F6xed7RLwMIhD0dvsr5 qMxzSjG/CJ6kQ9r+9susP2wwuTDJYo8rHet3+CrPtb65ygS1jsgmBP/V+S8ZdNKZ PyfGItxmY2GvB3dS3eIFkt4aYNtAI7CH1Ek7s+VGxdoymDlhjWM7DXvzUWSO13uM 7ntZlDEWLTz7bq2XuoW3Sam9aVrIgkacHDy15I4E7st/QYxxU7PwuO8rWx5aap8o sNxouCUYRM5EA5cmi23AdbNUcu7mmMmbjyYCD6GNnd8MrdFdC8FtFpvIyqgEBGgQ BRnnL4/R77WcYHTi8512azZFJIMNGAiOQUjs0mBgbKR1Pt6DNfoGavmxB73n8Nij bHmeg5EXSVMZ7ODR0eQowq0/yG8Lm1LnrRId46wIKGM06sA1n0XSWrB9rqtcpFx7 0RSgvj3zsv3OKYJcMEEBgefIxZkEpo4Qifn600gXb5JCYfaUqMKFjGJd37KSTz3L g5rju1J2j8yiQlVjxB9ABD4mbqs/Ce+a5+pb/VuDUDzeI/kHcYZmjt6AL9d+eoSj IQP58nSRcMBH6gg+K8av53UiJzdXiJ4a7wQ6nyjmsbdfrijNGvcoq/mrzIQaLj6g aqj/1s4Y3Ow= =iEKc -----END PGP SIGNATURE-----
2022. március 10.

ESB-2022.0993 - [SUSE] tomcat: CVSS (Max): 7.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0993 Security update for tomcat 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: tomcat Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-23181 CVE-2020-9484 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20220784-1 Comment: CVSS (Max): 7.0 CVE-2022-23181 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0784-1 Rating: important References: #1195255 #1196091 #1196137 Cross-References: CVE-2022-23181 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for tomcat fixes the following issues: Security issues fixed: o CVE-2022-23181: Fixed time of check, time of use vulnerability that allowed local privilege escalation. (bsc#1195255) o Remove log4j dependency, which is currently directly in use (bsc#1196137) o Make the package RPM conflict even more specific to conflict with java-openjdk-headless >= 9 (bsc#1196091) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-784=1 o SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-784=1 o SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-784=1 o SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-784=1 o SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-784=1 o SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-784=1 o SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-784=1 o SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-784=1 o HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-784=1 Package List: o SUSE OpenStack Cloud Crowbar 9 (noarch): tomcat-9.0.36-3.84.1 tomcat-admin-webapps-9.0.36-3.84.1 tomcat-docs-webapp-9.0.36-3.84.1 tomcat-el-3_0-api-9.0.36-3.84.1 tomcat-javadoc-9.0.36-3.84.1 tomcat-jsp-2_3-api-9.0.36-3.84.1 tomcat-lib-9.0.36-3.84.1 tomcat-servlet-4_0-api-9.0.36-3.84.1 tomcat-webapps-9.0.36-3.84.1 o SUSE OpenStack Cloud Crowbar 9 (x86_64): javapackages-filesystem-5.3.1-14.5.1 o SUSE OpenStack Cloud Crowbar 8 (x86_64): javapackages-filesystem-5.3.1-14.5.1 o SUSE OpenStack Cloud 9 (noarch): tomcat-9.0.36-3.84.1 tomcat-admin-webapps-9.0.36-3.84.1 tomcat-docs-webapp-9.0.36-3.84.1 tomcat-el-3_0-api-9.0.36-3.84.1 tomcat-javadoc-9.0.36-3.84.1 tomcat-jsp-2_3-api-9.0.36-3.84.1 tomcat-lib-9.0.36-3.84.1 tomcat-servlet-4_0-api-9.0.36-3.84.1 tomcat-webapps-9.0.36-3.84.1 o SUSE OpenStack Cloud 9 (x86_64): javapackages-filesystem-5.3.1-14.5.1 o SUSE OpenStack Cloud 8 (x86_64): javapackages-filesystem-5.3.1-14.5.1 o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): javapackages-filesystem-5.3.1-14.5.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): javapackages-filesystem-5.3.1-14.5.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): tomcat-9.0.36-3.84.1 tomcat-admin-webapps-9.0.36-3.84.1 tomcat-docs-webapp-9.0.36-3.84.1 tomcat-el-3_0-api-9.0.36-3.84.1 tomcat-javadoc-9.0.36-3.84.1 tomcat-jsp-2_3-api-9.0.36-3.84.1 tomcat-lib-9.0.36-3.84.1 tomcat-servlet-4_0-api-9.0.36-3.84.1 tomcat-webapps-9.0.36-3.84.1 o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): javapackages-filesystem-5.3.1-14.5.1 o SUSE Linux Enterprise Server 12-SP5 (noarch): tomcat-9.0.36-3.84.1 tomcat-admin-webapps-9.0.36-3.84.1 tomcat-docs-webapp-9.0.36-3.84.1 tomcat-el-3_0-api-9.0.36-3.84.1 tomcat-javadoc-9.0.36-3.84.1 tomcat-jsp-2_3-api-9.0.36-3.84.1 tomcat-lib-9.0.36-3.84.1 tomcat-servlet-4_0-api-9.0.36-3.84.1 tomcat-webapps-9.0.36-3.84.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): javapackages-filesystem-5.3.1-14.5.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): tomcat-9.0.36-3.84.1 tomcat-admin-webapps-9.0.36-3.84.1 tomcat-docs-webapp-9.0.36-3.84.1 tomcat-el-3_0-api-9.0.36-3.84.1 tomcat-javadoc-9.0.36-3.84.1 tomcat-jsp-2_3-api-9.0.36-3.84.1 tomcat-lib-9.0.36-3.84.1 tomcat-servlet-4_0-api-9.0.36-3.84.1 tomcat-webapps-9.0.36-3.84.1 o HPE Helion Openstack 8 (x86_64): javapackages-filesystem-5.3.1-14.5.1 References: o https://www.suse.com/security/cve/CVE-2022-23181.html o https://bugzilla.suse.com/1195255 o https://bugzilla.suse.com/1196091 o https://bugzilla.suse.com/1196137 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYik6/+NLKJtyKPYoAQj3fQ/+NRpu0wtg/cjTFHlx/wNRt+g/CuyKMU6C UBW8eKcWmdeorQ+giMFGr9D32lmlcYwxF5cQaborJAcqzZqrf4t8x4QoL1LW57Kw IbTvi89w9FzQMPKjw/FlrP/+nvRTBysY4azZJtJfqQQbKNFM/qBVASpfUH8qMcB+ XeT78h6r8ReXpZZmcyob1dccMdoxs2/kuAd+nX7M5K+CLo3nQbZvJibSQhfImZLk sFYR3k9aWAt13Ns1l0A9TQoJaZp2c9t4sVSBaa6JwGlKMyVL+Mw1RnKfqxpoty82 lrvSQ4Wd+XRVz0dTscpLROeJht/Pn5duV9j62hP2Ql+UZsKIHWa+BMNX2uo0oMaE T9ADolldrM/T1qgvhvMz3EeROgYkDkHJVIyhS0IR3/KHPGiF8EbYKZmdqsbv3eSz 8kjVL2jZapJkXePI3KKpr90yDANGEnMhhU1EJAZlrGjIWKwPDWbkqUAPgc2U2QnV sXF5ej822Nt8+c73yJ9dRgMQ6zC0J3jnKQkTHgu4TrDB7TOnfP3uvF4PokVO2GPz 2lBhkbZCiy7skKFQAIerUD/4bIHahxPv885QT/3kw7oRXn7c97P+ol9GGb4gkYOg rjk0ECELzejOQ0X3FuAS6vK9R/W92s+oOLgiGTkd3+jm9yh0+IMcRPdgxqzxKBEU d5QUMPsx8go= =uRSm -----END PGP SIGNATURE-----
2022. március 10.

ESB-2022.0992 - [SUSE] MozillaFirefox: CVSS (Max): 8.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0992 Security update for MozillaFirefox 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: MozillaFirefox Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-26486 CVE-2022-26485 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20220777-1 Comment: CVSS (Max): 8.8 CVE-2022-26486 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0777-1 Rating: important References: #1196809 Cross-References: CVE-2022-26485 CVE-2022-26486 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.1 ESR (bsc#1196809): o CVE-2022-26485: Use-after-free in XSLT parameter processing o CVE-2022-26486: Use-after-free in WebGPU IPC Framework Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-777=1 o SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-777=1 o SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-777=1 o SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-777=1 o SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-777=1 o SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-777=1 o SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-777=1 o SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-777=1 o SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-777=1 o SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-777=1 o SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-777=1 o SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-777=1 o HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-777=1 Package List: o SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 o SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 o SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 o SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 o SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 o SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 o SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 o HPE Helion Openstack 8 (x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 References: o https://www.suse.com/security/cve/CVE-2022-26485.html o https://www.suse.com/security/cve/CVE-2022-26486.html o https://bugzilla.suse.com/1196809 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYik6+eNLKJtyKPYoAQivVBAAqRt9tXb08K4If84xX0UaPVTndjuhwIy/ naEh7pcEy2N9SR1+XJSIYN2q5JPox4zGGfM0bchxx1ZaOK20uXlRQrXRtf1Bj0o8 mZWTE1w7DuMaCUAFp0Gi859+A8YpH6F/PLTXzusjmx3mWPjYWYNs0zfNTRtHVxzM fXXTH8aMNXUW7/P7TdN4g4MiiPy5s0Qbkki5PwGP0+5nKGO3KiNnpD7vdSOvGmjJ CZyAHhqNYBI1hh6tSnaPjWB4yxYefCvnng051r4A9yC2n5gXJfpmC+mI45Pwqma4 It6MWjm6VAqvpas7g+DX0ZOd584s/ZgM7j+oJf4Z3rqPyu6AsDoh7tfddUp+D2Wy JFLw9r1kt0e2uZXwRKIzjQ3bKdJz9rS9OGoWB8ORfrPfTxpY3AaEPhE4Acuu6lAw XOi6avXMqr1f0cllI1BmDoUOvfF9F+0R4Y0wPo54zMD5+bytLuKgGMuRHIoxEVzF w534aI8CVD2MXjsxV/KYWJfgTMil6Vv4joYLvX4kdpiRQMEfOa3vX+7VKpTwQ35/ QZyCDt/n99xsXssB3r7N7DluFj+tgkx/hR25l03MylqcEr4ev8zxLB2+5p/2eB5h msch03OjkGyFn2DIXIfoMZEtFwASmuBUJlyZMiPZ7QipntnYshPuk4W9kV4rjO5+ iUeyYVVJumk= =zslC -----END PGP SIGNATURE-----
2022. március 10.

ESB-2022.0991 - [SUSE] MozillaFirefox: CVSS (Max): 8.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0991 Security update for MozillaFirefox 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: MozillaFirefox Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-26486 CVE-2022-26485 Reference: ESB-2022.0971 ESB-2022.0948 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20220778-1 Comment: CVSS (Max): 8.8 CVE-2022-26486 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0778-1 Rating: important References: #1196809 Cross-References: CVE-2022-26485 CVE-2022-26486 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.1 ESR (bsc#1196809): o CVE-2022-26485: Use-after-free in XSLT parameter processing o CVE-2022-26486: Use-after-free in WebGPU IPC Framework Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-778=1 o SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-778=1 o SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-778=1 o SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-778=1 o SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-778=1 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-778=1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-778=1 o SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-778=1 o SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-778=1 o SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-778=1 o SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. I will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 o SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 o SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 References: o https://www.suse.com/security/cve/CVE-2022-26485.html o https://www.suse.com/security/cve/CVE-2022-26486.html o https://bugzilla.suse.com/1196809 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYik68+NLKJtyKPYoAQhLlRAAlp8vxCMhC5bhdt8DXoMmVNPzImbEQKrO bS6F7ojcazrzO7mt6FxsEGSQCX1JoYQFG7wL23TkQVNhW/ZlSumnBirX/t4TiwxR vrRnDcMKaOEslsyh598sVd/DwVGfXyGdZUW1mocpIRoTCDF8pJ3urwMUKx9K9ZAJ YMRLx08uTbtsQWyFIWm/VEmOL6jIxRoyL/L4wKQ+Ja2ZE4gEn2ZxSKFMPEMR0BpA 7WGMrdEIcWtXhQfKyGNCKEGI7a8FXOrLeYzwlYvGMhqm5QPKIL7NAzco6YabWklG Ero4cGUU6eTBl97ZznYZ727mks+q16zCwCu6+tqG7m5Phro5ncf5tKcGXZ7M0oeo Nz7C9BglIWDUogqzcxO9e739EW3OmWgW5cz2qjiqqQVvxz9SSVi1k9qbRIxUWiH+ hlvTQcUUmjLW6ri9S9Opze6/I2CdOzQr7iimOey2hlMwQpmjlAfWMD2vDVyujFeJ x8o/h7aeXMRihOYLQavBMmNxRX5VYzBfB1AkAEqNq+WT2qDxyDEEc7T+oGavW54l DyMFQrGlVjifqqGRByGtDaCC7elnlJJFwnlmNgcBTBRgQW4yDpP9uIZDDicexLNQ LI13FFf3wpgQz8o4axUtOvdY/hoolZJxwOYXfQCUxSo3rgBkypaC43YGKBan0GcU O7do9qTHJgs= =IIom -----END PGP SIGNATURE-----
2022. március 10.

ESB-2022.0990 - [SUSE] SUSE Package Hub: CVSS (Max): None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0990 Optional update for SUSE Package Hub 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: SUSE Package Hub Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-ou-20220781-1 Comment: CVSS (Max): None available when published - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Optional Update: Optional update for SUSE Package Hub ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:0781-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This optional update provides the following changes: o Provide binaries for non x86_64 architectures directly to SUSE Package Hub. o There are no visible changes for the final user. o Affected source packages: MozillaThunderbird, enigmail Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-781=1 o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-781=1 Package List: o SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-91.6.1-8.56.1 MozillaThunderbird-debuginfo-91.6.1-8.56.1 MozillaThunderbird-debugsource-91.6.1-8.56.1 MozillaThunderbird-translations-common-91.6.1-8.56.1 MozillaThunderbird-translations-other-91.6.1-8.56.1 enigmail-2.2.4-3.27.1 o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): MozillaThunderbird-91.6.1-8.56.1 MozillaThunderbird-debuginfo-91.6.1-8.56.1 MozillaThunderbird-debugsource-91.6.1-8.56.1 MozillaThunderbird-translations-common-91.6.1-8.56.1 MozillaThunderbird-translations-other-91.6.1-8.56.1 enigmail-2.2.4-3.27.1 References: - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYik62eNLKJtyKPYoAQig9xAAhJSVdE0kAhTVXwT8Gsm1Z9+Y9wnF79bK ljLjq8EFIqlKczVDMdE1PgOQhuxs1R5xQJQEjI+0f6kZ8e9O1P6MHPGlsJ+PKuAT g8xoD9i6Wyy6Ft5kUU3LVgOflCouVSPFb+kJQpk47Cs4nLEK6qc2ID9Ji1cRqH9J zGiLQJCA3BJuIcfiwYsLwcOxDJo9WZC1+8pPzeULdK1/txGRHTz2Uw490qk2sHFQ pRlTR4RG9KPDVVFvh1t3LQ5IU/LwyA3y9Mc44+xd0pqqYv0YDTsUSLVn4zOto4Qs riDL1dq/EABb/fyra+F79icmIg9SE6msIhsf/96xX2+o+bnNEfBOZQw2DqWlQmQZ AJukSzAYTUjLsbB/aBdlcGbt2Hi7K2pcq9KVfsHqDGOk8ZbNWQb1krAzEBzioErv cpglgWeE9+g5EGcZHzA5QMkHFU/tOmOcCoobXyMDyRq3mwYt8l8C3RzfQJNd5zUE SI5dG2bDXUvopXJkDEjJJDCX6HbH9onBi4CpVmBGR8SA53CSc4FltsHwpeL5qpaI i/2vth9oLvh4WEUeG/TtMVVKWvWNetATo/pwFSnvnNPOjjzL2yzJbIpItXQ1sYI9 jyb72/Ayy7r9vudoAbnrvda1VjuFrVB+VrQF4Bn09jAKsfRbdlwxG1ryzMVxVxEf H/Xb3mchOaE= =AG8E -----END PGP SIGNATURE-----
2022. március 10.

ESB-2022.0989 - [SUSE] tomcat: CVSS (Max): None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0989 Security update for tomcat 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: tomcat Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20220779-1 Comment: CVSS (Max): None available when published - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0779-1 Rating: moderate References: #1196137 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for tomcat fixes the following issues: o Remove hard log4j dependency, as it is not required by tomcat itself (bsc# 1196137) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-779=1 o SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-779=1 o SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-779=1 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-779=1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-779=1 o SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-779=1 o SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. I will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: o SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): tomcat-9.0.36-4.73.1 tomcat-admin-webapps-9.0.36-4.73.1 tomcat-el-3_0-api-9.0.36-4.73.1 tomcat-jsp-2_3-api-9.0.36-4.73.1 tomcat-lib-9.0.36-4.73.1 tomcat-servlet-4_0-api-9.0.36-4.73.1 tomcat-webapps-9.0.36-4.73.1 o SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): tomcat-9.0.36-4.73.1 tomcat-admin-webapps-9.0.36-4.73.1 tomcat-el-3_0-api-9.0.36-4.73.1 tomcat-jsp-2_3-api-9.0.36-4.73.1 tomcat-lib-9.0.36-4.73.1 tomcat-servlet-4_0-api-9.0.36-4.73.1 tomcat-webapps-9.0.36-4.73.1 o SUSE Linux Enterprise Server 15-SP1-BCL (noarch): tomcat-9.0.36-4.73.1 tomcat-admin-webapps-9.0.36-4.73.1 tomcat-el-3_0-api-9.0.36-4.73.1 tomcat-jsp-2_3-api-9.0.36-4.73.1 tomcat-lib-9.0.36-4.73.1 tomcat-servlet-4_0-api-9.0.36-4.73.1 tomcat-webapps-9.0.36-4.73.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): tomcat-9.0.36-4.73.1 tomcat-admin-webapps-9.0.36-4.73.1 tomcat-el-3_0-api-9.0.36-4.73.1 tomcat-jsp-2_3-api-9.0.36-4.73.1 tomcat-lib-9.0.36-4.73.1 tomcat-servlet-4_0-api-9.0.36-4.73.1 tomcat-webapps-9.0.36-4.73.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): tomcat-9.0.36-4.73.1 tomcat-admin-webapps-9.0.36-4.73.1 tomcat-el-3_0-api-9.0.36-4.73.1 tomcat-jsp-2_3-api-9.0.36-4.73.1 tomcat-lib-9.0.36-4.73.1 tomcat-servlet-4_0-api-9.0.36-4.73.1 tomcat-webapps-9.0.36-4.73.1 o SUSE Enterprise Storage 6 (noarch): tomcat-9.0.36-4.73.1 tomcat-admin-webapps-9.0.36-4.73.1 tomcat-el-3_0-api-9.0.36-4.73.1 tomcat-jsp-2_3-api-9.0.36-4.73.1 tomcat-lib-9.0.36-4.73.1 tomcat-servlet-4_0-api-9.0.36-4.73.1 tomcat-webapps-9.0.36-4.73.1 o SUSE CaaS Platform 4.0 (noarch): tomcat-9.0.36-4.73.1 tomcat-admin-webapps-9.0.36-4.73.1 tomcat-el-3_0-api-9.0.36-4.73.1 tomcat-jsp-2_3-api-9.0.36-4.73.1 tomcat-lib-9.0.36-4.73.1 tomcat-servlet-4_0-api-9.0.36-4.73.1 tomcat-webapps-9.0.36-4.73.1 References: o https://bugzilla.suse.com/1196137 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYik6vuNLKJtyKPYoAQja0Q//cMW815jv7c79Gxe0ZeXZQbhNQ2i0E1qb lTTKOSEqhcyr0zavPR+SN70K0JPhlHIP5CYEAdeGtgEXNMegyUvupK5ZXemKVYFe +fqLGyMASZkDc9yHMg3vA/5MMPdwmPeWBFLAr+CMDIj8MWr2ZjKdiYepUdn8S798 jUeHkNNBvTWBF8+2HGgGnJO4qg3Ax4antt55dxUzUvY4uz/kyPYzUm2UqG6rVwBR DLC73AMOkpoN+3ffCnTw39z5vPvlOvczzyZYeJ2J1SZp2jTip8wJ1XzhRuvvPsvR wJUkKDN/s4cAAWmway+ysQRht6sQqFizoN3eCt3B39iQ1+vQC9kgczd86eJGVLqM 7VAO0KCKtEju9Gvouj09R1VsslkJADZeSjJ18YX7/L4v3IErN0821x8FyVejMfnS +jPX6IvKBYsVEzMAfRPNGBTi55/uPkL/Wm+ZM1d9XufoupqFdOlTIj11zN+nXSbZ axV2kXU1kbMrFXObEmYHU1iEmeXPQQoRVtTPwYVywafTTjkHD9/1SuUxWsGoRKZ9 T0f4KZ+iuk2WmuSycZJSWIwL70qucLxKCKMn8QvqV45/YCnEtCuI5RtVyicX5/GM GjsOiAZ2nhq75CvJeoEm79z/K+0Sg4USMCNTYN7nF+S/CIcs6+yfRTRpLwHiQ5CK V//LULYgGJk= =i9Rm -----END PGP SIGNATURE-----
2022. március 10.

ESB-2022.0988 - [SUSE] MozillaFirefox: CVSS (Max): 8.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0988 Security update for MozillaFirefox 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: MozillaFirefox Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-26486 CVE-2022-26485 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20220783-1 Comment: CVSS (Max): 8.8 CVE-2022-26486 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0783-1 Rating: important References: #1196809 Cross-References: CVE-2022-26485 CVE-2022-26486 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.1 ESR (bsc#1196809): o CVE-2022-26485: Use-after-free in XSLT parameter processing o CVE-2022-26486: Use-after-free in WebGPU IPC Framework Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-783=1 o SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-783=1 o SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-783=1 o SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-783=1 o SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-783=1 o SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-783=1 o SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-783=1 o SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-783=1 o SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-783=1 o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-783=1 o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-783=1 o SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-783=1 Package List: o SUSE Manager Server 4.1 (ppc64le s390x x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 o SUSE Manager Retail Branch Server 4.1 (x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 o SUSE Manager Proxy 4.1 (x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 o SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 o SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 o SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 o SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 o SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 o SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.6.1-152.19.1 o SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 o SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.6.1-152.19.1 o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 o SUSE Enterprise Storage 7 (aarch64 x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 References: o https://www.suse.com/security/cve/CVE-2022-26485.html o https://www.suse.com/security/cve/CVE-2022-26486.html o https://bugzilla.suse.com/1196809 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYik6euNLKJtyKPYoAQipMA/+MCmU2baMpeoeEsLiYaNJs8YTMdYYe1NN aHkgTz7Omu0TcE3tlgcmFCS+JcDp3ufr9x/qqDEk/miTHwJw8FO8z+3T+QPdnZux E6e3t00+axaGtKiGhxdgfFLKLm0hUFYcbYbfNqq2+T7clP+Bj2pQ+1Me6r+QjoBB Jik8YPVVlZrr6ubVJICFzhtVI/UT+XU0i0X607pSdTvYyUFmRn9XyJisxL7G/idj CUa2k1vGxRHQPVVSYeWlUUugJD7c7NN4H6oxM9AAf1gTPjJfCD1hejOvQ4S0cA7W bziWUWpO7AAUrlFh9ZUQH09NSYQmFDLwWpfYlcT0NkwDUHDU6TnGaE+lAwxw+ecY ixVLjs5CmSrtoe3zULPEnxINtZnGwnXIUGbwNECVs0kiGnUvirWvmCgKcR1I+IGf zhsuPtr1R9m2bLT8Z8P+rDRZ/hNxKDHzTjiYQ/1dCCoAmOrYKOw+Uu2OkAdsOzML D7bWjNMWoP47jub2qeaMkAqyu3FaxYQghoO13fiiNQYXYiBg9Yk2L6sVsD2Uz6zy ez0xA2jilh4jK0Z0j2kBBBr0L3yJGW5Rk+CiI0Wwa+N2yB1LQ33xpcu3NcpJ33BN jIVO4T+s0qy6E4a5cjzz2iV0nsXrdOUdcNeyD5EAmPga8WRlrBUxQYvXJL+QSkkb r0I9hsCqlQA= =6AoO -----END PGP SIGNATURE-----
2022. március 10.

ESB-2022.0987 - [Debian] linux: CVSS (Max): 8.4*

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0987 linux security update 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: linux Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-25375 CVE-2022-25258 CVE-2022-24959 CVE-2022-24448 CVE-2022-22942 CVE-2022-0644 CVE-2022-0617 CVE-2022-0492 CVE-2022-0487 CVE-2022-0435 CVE-2022-0330 CVE-2022-0322 CVE-2022-0002 CVE-2022-0001 CVE-2021-45480 CVE-2021-45469 CVE-2021-45095 CVE-2021-44733 CVE-2021-43976 CVE-2021-43975 CVE-2021-43389 CVE-2021-42739 CVE-2021-41864 CVE-2021-39713 CVE-2021-39698 CVE-2021-39686 CVE-2021-39685 CVE-2021-38300 CVE-2021-28950 CVE-2021-28715 CVE-2021-28714 CVE-2021-28713 CVE-2021-28712 CVE-2021-28711 CVE-2021-22600 CVE-2021-20322 CVE-2021-20321 CVE-2021-20317 CVE-2021-4203 CVE-2021-4202 CVE-2021-4155 CVE-2021-4135 CVE-2021-4083 CVE-2021-4002 CVE-2021-3772 CVE-2021-3764 CVE-2021-3760 CVE-2021-3752 CVE-2021-3744 CVE-2021-3640 CVE-2020-36322 CVE-2020-29374 Original Bulletin: https://lists.debian.org/debian-security-announce/2022/msg00063.html Comment: CVSS (Max): 8.4* CVE-2021-45469 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * Not all CVSS available when published - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5096-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 09, 2022 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2020-29374 CVE-2020-36322 CVE-2021-3640 CVE-2021-3744 CVE-2021-3752 CVE-2021-3760 CVE-2021-3764 CVE-2021-3772 CVE-2021-4002 CVE-2021-4083 CVE-2021-4135 CVE-2021-4155 CVE-2021-4203 CVE-2021-20317 CVE-2021-20321 CVE-2021-20322 CVE-2021-22600 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-28950 CVE-2021-38300 CVE-2021-39685 CVE-2021-39686 CVE-2021-39698 CVE-2021-39713 CVE-2021-41864 CVE-2021-42739 CVE-2021-43389 CVE-2021-43975 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45469 CVE-2021-45480 CVE-2022-0001 CVE-2022-0002 CVE-2022-0322 CVE-2022-0330 CVE-2022-0435 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-22942 CVE-2022-24448 CVE-2022-24959 CVE-2022-25258 CVE-2022-25375 Debian Bug : 988044 989285 990411 994050 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2020-29374 Jann Horn of Google reported a flaw in Linux's virtual memory management. A parent and child process initially share all their memory, but when either writes to a shared page, the page is duplicated and unshared (copy-on-write). However, in case an operation such as vmsplice() required the kernel to take an additional reference to a shared page, and a copy-on-write occurs during this operation, the kernel might have accessed the wrong process's memory. For some programs, this could lead to an information leak or data corruption. This issue was already fixed for most architectures, but not on MIPS and System z. This update corrects that. CVE-2020-36322, CVE-2021-28950 The syzbot tool found that the FUSE (filesystem-in-user-space) implementation did not correctly handle a FUSE server returning invalid attributes for a file. A local user permitted to run a FUSE server could use this to cause a denial of service (crash). The original fix for this introduced a different potential denial of service (infinite loop in kernel space), which has also been fixed. CVE-2021-3640 Lin Ma discovered a race condiiton in the Bluetooth protocol implementation that can lead to a use-after-free. A local user could exploit this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2021-3744, CVE-2021-3764 minihanshen reported bugs in the ccp driver for AMD Cryptographic Coprocessors that could lead to a resource leak. On systems using this driver, a local user could exploit this to cause a denial of service. CVE-2021-3752 Likang Luo of NSFOCUS Security Team discovered a flaw in the Bluetooth L2CAP implementation that can lead to a user-after-free. A local user could exploit this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2021-3760, CVE-2021-4202 Lin Ma discovered race conditions in the NCI (NFC Controller Interface) driver, which could lead to a use-after-free. A local user could exploit this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. This driver is not enabled in Debian's official kernel configurations. CVE-2021-3772 A flaw was found in the SCTP protocol implementation, which would allow a networked attacker to break an SCTP association. The attacker would only need to know or guess the IP addresses and ports for the association. CVE-2021-4002 It was discovered that hugetlbfs, the virtual filesystem used by applications to allocate huge pages in RAM, did not flush the CPU's TLB in one case where it was necessary. In some circumstances a local user would be able to read and write huge pages after they are freed and reallocated to a different process. This could lead to privilege escalation, denial of service or information leaks. CVE-2021-4083 Jann Horn reported a race condition in the local (Unix) sockets garbage collector, that can lead to use-after-free. A local user could exploit this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2021-4135 A flaw was found in the netdevsim driver which would lead to an information leak. This driver is not enabled in Debian's official kernel configurations. CVE-2021-4155 Kirill Tkhai discovered a data leak in the way the XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for a size increase of files with unaligned size. A local attacker can take advantage of this flaw to leak data on the XFS filesystem. CVE-2021-4203 Jann Horn reported a race condition in the local (Unix) sockets implementation that can lead to a use-after-free. A local user could exploit this to leak sensitive information from the kernel. CVE-2021-20317 It was discovered that the timer queue structure could become corrupt, leading to waiting tasks never being woken up. A local user with certain privileges could exploit this to cause a denial of service (system hang). CVE-2021-20321 A race condition was discovered in the overlayfs filesystem driver. A local user with access to an overlayfs mount and to its underlying upper directory could exploit this for privilege escalation. CVE-2021-20322 An information leak was discovered in the IPv4 implementation. A remote attacker could exploit this to quickly discover which UDP ports a system is using, making it easier for them to carry out a DNS poisoning attack against that system. CVE-2021-22600 The syzbot tool found a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user with CAP_NET_RAW capability (in any user namespace) could exploit this for denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391) Juergen Gross reported that malicious PV backends can cause a denial of service to guests being serviced by those backends via high frequency events, even if those backends are running in a less privileged environment. CVE-2021-28714, CVE-2021-28715 (XSA-392) Juergen Gross discovered that Xen guests can force the Linux netback driver to hog large amounts of kernel memory, resulting in denial of service. CVE-2021-38300 Piotr Krysiuk discovered a flaw in the classic BPF (cBPF) JIT compiler for MIPS architectures. A local user could exploit this to excute arbitrary code in the kernel. This issue is mitigated by setting sysctl net.core.bpf_jit_enable=0, which is the default. It is *not* mitigated by disabling unprivileged use of eBPF. CVE-2021-39685 Szymon Heidrich discovered a buffer overflow vulnerability in the USB gadget subsystem, resulting in information disclosure, denial of service or privilege escalation. CVE-2021-39686 A race condition was discovered in the Android binder driver, that could lead to incorrect security checks. On systems where the binder driver is loaded, a local user could exploit this for privilege escalation. CVE-2021-39698 Linus Torvalds reported a flaw in the file polling implementation, which could lead to a use-after-free. A local user could exploit this for denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2021-39713 The syzbot tool found a race condition in the network scheduling subsystem which could lead to a use-after-free. A local user could exploit this for denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2021-41864 An integer overflow was discovered in the Extended BPF (eBPF) subsystem. A local user could exploit this for denial of service (memory corruption or crash), or possibly for privilege escalation. This can be mitigated by setting sysctl kernel.unprivileged_bpf_disabled=1, which disables eBPF use by unprivileged users. CVE-2021-42739 A heap buffer overflow was discovered in the firedtv driver for FireWire-connected DVB receivers. A local user with access to a firedtv device could exploit this for denial of service (memory corruption or crash), or possibly for privilege escalation. CVE-2021-43389 The Active Defense Lab of Venustech discovered a flaw in the CMTP subsystem as used by Bluetooth, which could lead to an out-of-bounds read and object type confusion. A local user with CAP_NET_ADMIN capability in the initial user namespace could exploit this for denial of service (memory corruption or crash), or possibly for privilege escalation. CVE-2021-43975 Brendan Dolan-Gavitt reported a flaw in the hw_atl_utils_fw_rpc_wait() function in the aQuantia AQtion ethernet device driver which can result in denial of service or the execution of arbitrary code. CVE-2021-43976 Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver. An attacker able to connect a crafted USB device can take advantage of this flaw to cause a denial of service. CVE-2021-44733 A race condition was discovered in the Trusted Execution Environment (TEE) subsystem for Arm processors, which could lead to a use-after-free. A local user permitted to access a TEE device could exploit this for denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2021-45095 It was discovered that the Phone Network protocol (PhoNet) driver has a reference count leak in the pep_sock_accept() function. CVE-2021-45469 Wenqing Liu reported an out-of-bounds memory access in the f2fs implementation if an inode has an invalid last xattr entry. An attacker able to mount a specially crafted image can take advantage of this flaw for denial of service. CVE-2021-45480 A memory leak flaw was discovered in the __rds_conn_create() function in the RDS (Reliable Datagram Sockets) protocol subsystem. CVE-2022-0001 (INTEL-SA-00598) Researchers at VUSec discovered that the Branch History Buffer in Intel processors can be exploited to create information side- channels with speculative execution. This issue is similar to Spectre variant 2, but requires additional mitigations on some processors. This can be exploited to obtain sensitive information from a different security context, such as from user-space to the kernel, or from a KVM guest to the kernel. CVE-2022-0002 (INTEL-SA-00598) This is a similar issue to CVE-2022-0001, but covers exploitation within a security context, such as from JIT-compiled code in a sandbox to hosting code in the same process. This can be partly mitigated by disabling eBPF for unprivileged users with the sysctl: kernel.unprivileged_bpf_disabled=2. This update does that by default. CVE-2022-0322 Eiichi Tsukata discovered a flaw in the sctp_make_strreset_req() function in the SCTP network protocol implementation which can result in denial of service. CVE-2022-0330 Sushma Venkatesh Reddy discovered a missing GPU TLB flush in the i915 driver, resulting in denial of service or privilege escalation. CVE-2022-0435 Samuel Page and Eric Dumazet reported a stack overflow in the networking module for the Transparent Inter-Process Communication (TIPC) protocol, resulting in denial of service or potentially the execution of arbitrary code. CVE-2022-0487 A use-after-free was discovered in the MOXART SD/MMC Host Controller support driver. This flaw does not impact the Debian binary packages as CONFIG_MMC_MOXART is not set. CVE-2022-0492 Yiqi Sun and Kevin Wang reported that the cgroup-v1 subsystem does not properly restrict access to the release-agent feature. A local user can take advantage of this flaw for privilege escalation and bypass of namespace isolation. CVE-2022-0617 butt3rflyh4ck discovered a NULL pointer dereference in the UDF filesystem. A local user that can mount a specially crafted UDF image can use this flaw to crash the system. CVE-2022-0644 Hao Sun reported a missing check for file read permission in the finit_module() and kexec_file_load() system calls. The security impact of this is unclear, since these system calls are usually only available to the root user. CVE-2022-22942 It was discovered that wrong file file descriptor handling in the VMware Virtual GPU driver (vmwgfx) could result in information leak or privilege escalation. CVE-2022-24448 Lyu Tao reported a flaw in the NFS implementation in the Linux kernel when handling requests to open a directory on a regular file, which could result in a information leak. CVE-2022-24959 A memory leak was discovered in the yam_siocdevprivate() function of the YAM driver for AX.25, which could result in denial of service. CVE-2022-25258 Szymon Heidrich reported the USB Gadget subsystem lacks certain validation of interface OS descriptor requests, resulting in memory corruption. CVE-2022-25375 Szymon Heidrich reported that the RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command, resulting in information leak from kernel memory. For the oldstable distribution (buster), these problems have been fixed in version 4.19.232-1. This update additionally includes many more bug fixes from stable updates 4.19.209-4.19.232 inclusive. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIotm1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RcGg//QBgf4RfElxd+11a+BZ9HWJFBjA5Wp2VStf1+inoZ7X/En7W9QBpVvmks Jum5QFpvA1waEP0zk0/O5MKXHtMbRMFdj0UUYQM7Vi3/vfeP73C10YmXv2yfG2Fw dTGnVHpvvdJSbNzxMG4jruNY5b0Bf/WEQSqtuOM6V2aBiI7Y2pSI6Ak/dvexiu+0 ycz6PTDkX66e/p7NONw+B33L8yTMj9yu1cCdoYdrDihVlrESgbMLHUWO9JKRQykk tsI2a79OIEkaj+yQwfkJu9njoPUTn6OZYUYxD8XaN8XtkDpwx1oVsiyqpslJEmgR vaS1DOEnIZXsq2pscSPeKfFM30uFgqAxkQm/zUpjGGSXib58xaaf/c61LCQoMU2g cSc+8+N1S2Lbcscdxd9TumvrOGJVuP/q/FqcOl4npcz1WLZRmc9f9IprdqUEy2iJ +YLSrFFOfhgMMP0El6KJvG/8Jz60UEAiWuYutT508w1jIRrvMRLW4i6V3NXHrNkx GDofOfPF8jNdt2Www+2sqEY51f+w2kffOSAnHGGPCASvWpuXFOw9ZyxnuyRRKKBE no9PH0X71a636sZGh8bIU25PSKQlhtlAfCP+0Fef7PeEKTz1MJf8Nvo+vgCIsani eGWa9jzdkVxHDEjxplX0stsByglCYyud7JSI1ZE9oLtJU1/xDBc= =5fQT - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYik6YONLKJtyKPYoAQh8ng/7BBH0UYV4WJLoZn014zs7CXTfL2+0LzFV PSSLy1yDb2Xp8EhGbiOsFtIHyJiiXjKCGsZia05H0Q2L+xqZty+6L7R9NLJ+DWI7 n++gZTIRfUUAyDFGhF4gp9B2fS9EpsntkgeVbM/oRyLAkRrvLSkeuirkuGDBO0d+ 5jQJ5KF6uCehIaheg4sD2wZAN5ns5eZ8ktokvHCa2IYOieSUu1xcDv1SQZwtX14T XCwCHM6/ydUZ2FP+V3zB0ix1VdguS1us9T+ydlPZ+eLFXIa2EVXMLjpFYPqfQVqK G9McImNCr4AVzHaEGWq4mADrZMlue6a6EMKjd6OQjQ8n6vqfODHzV/+SuIDy0Ngq 18F+XxKYcFh4skYw4VFrzgOk11v2LeTI6/bvdImJFqsTOx+a1mwCkE0gxldfDnuG 060gjxZl9mlcLMwaKfJNhqi0gKS+v81vGu4GG24nyHL9Y3tsgdR8C+mDtqigJjCT g9OTqgj1SHJekhxEP2uN/mByfgL5xQrvROAX+JLO0QMSwnTosjEiiFN3d4zk0Bpn nqsQUUV49T0TgFSS2xOrsyWezhlMdkWUEuGSsdnx/C7LnmoYN6jrAqjpBv/0V5Gh NGcCCEMHu+DfvAhF8Qyed4UstnJnx0j5f8UsjkZFM4IKY2tAsaTm6vab8gLO8W+M +Bo+pW7kuf0= =MxPT -----END PGP SIGNATURE-----
2022. március 10.

ESB-2022.0986 - [Debian] linux: CVSS (Max): 7.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0986 linux security update 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: linux Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-25636 CVE-2022-0617 CVE-2022-0492 CVE-2022-0487 CVE-2022-0002 CVE-2022-0001 CVE-2020-36310 Original Bulletin: https://lists.debian.org/debian-security-announce/2022/msg00062.html Comment: CVSS (Max): 7.8 CVE-2022-25636 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5095-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 09, 2022 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2020-36310 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-25636 Debian Bug : 990279 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2020-36310 A flaw was discovered in the KVM implementation for AMD processors, which could lead to an infinite loop. A malicious VM guest could exploit this to cause a denial of service. CVE-2022-0001 (INTEL-SA-00598) Researchers at VUSec discovered that the Branch History Buffer in Intel processors can be exploited to create information side- channels with speculative execution. This issue is similar to Spectre variant 2, but requires additional mitigations on some processors. This can be exploited to obtain sensitive information from a different security context, such as from user-space to the kernel, or from a KVM guest to the kernel. CVE-2022-0002 (INTEL-SA-00598) This is a similar issue to CVE-2022-0001, but covers exploitation within a security context, such as from JIT-compiled code in a sandbox to hosting code in the same process. This is partly mitigated by disabling eBPF for unprivileged users with the sysctl: kernel.unprivileged_bpf_disabled=2. This is already the default in Debian 11 "bullseye". CVE-2022-0487 A use-after-free was discovered in the MOXART SD/MMC Host Controller support driver. This flaw does not impact the Debian binary packages as CONFIG_MMC_MOXART is not set. CVE-2022-0492 Yiqi Sun and Kevin Wang reported that the cgroup-v1 subsystem does not properly restrict access to the release-agent feature. A local user can take advantage of this flaw for privilege escalation and bypass of namespace isolation. CVE-2022-0617 butt3rflyh4ck discovered a NULL pointer dereference in the UDF filesystem. A local user that can mount a specially crafted UDF image can use this flaw to crash the system. CVE-2022-25636 Nick Gregory reported a heap out-of-bounds write flaw in the netfilter subsystem. A user with the CAP_NET_ADMIN capability could use this for denial of service or possibly for privilege escalation. For the stable distribution (bullseye), these problems have been fixed in version 5.10.103-1. This update additionally includes many more bug fixes from stable updates 5.10.93-5.10.103 inclusive. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIotmRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qajw//WLCg/HhmykP7eobsnnn7A0U0ONBbZi+Un6Ltueaambvlhme54l5eR4uh f8fLSehpKhEN4bzfWRnDe0vKbws557zsNnd+a000ylfkO6BqEoNL8VwMp0yOVvUt +nB39/ySIM1inH375JAWZ5M2+H8YJVBPrlm0kGxUtBwObC279atwGUINov4xrI5C RzcNa/FQ7tjUMaeBgdGAAJPImnP+zT6shhCUTlR5QLhvB9gyvthtb/OtvhbMcWlM 5gd7papoMFgWBspN21+NPmbadSEXDIpeyPanpfKu9S8Zmht69rTS+pEim6Hm682q 64m/Fb4NgCBgVUH9o8+QJUvJkHv8Z/lNDyfjSn90Eu7kcALDBqh/n+Y0q+SEwKhZ b6UPzuH+hObZk+7GDUY32t9JwlNu0qUk55nCufLVM01bVYkN5ukaXAWCyuCU83ky yY/nHRNHVISFuy6mdfiFRR7lvMcgBD0IPoU9T+cpZPl+WkwzEwyHx16RN/EDVlo6 NomcMiX07XRSwSG7h7wgFs+YxCv9TjvBoAqKS9Q7GwBX6lunItWMwz44+DxcW9SM lJPHFMju9hmqMBHI+UTUX8FMY9aq8Qyk+WFthl7eDZjOJ+lKtkEpTR3b50FXzbdc lTYZEMcNtr7AlThbIxH564DntN8YV3DCV4+Ba/DozvxSJ6kSmrA= =DHkG - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYik6WuNLKJtyKPYoAQgMfxAAh2CsHlf9u7sYASCFu/yIx2YpKLQNOnyh oYRb0Ij+VeVlaTTq34VJwElNrJr1wZeBE2UISWgz1Gxxz5iwFTNKFPGYPcHdTAbL uagskII4NCYMSOtiexJ/U6aSpGK/NltjEiw6jfF4NjZ6haM9L+5oAkML+AWEni/o FNwRf7+gSDdLRLqmsTHL9kUaGfSYYhU4CZVh/Y8C6+0by8RfTWdPWUNZsmZzIuCh eiwDY08uaAJh3PTvxWiAMSAg/lvjgRV9+BT69QbpwMVObPRGOn62radN2D9JDp6H 58YsbvL460/9qliBktWGUJLcmTq64cEevlBaotPfXSpfm1oNjANWVrz9eH2xfNOr 8MJZIpspcQvMptUrsBxNFXjJjhyFQ3+JbjJNt5Y2uBGzxBU0Am/UAxs5iPA2BHNF kvRUQdipJeXbJJxZJrPSTiFkXh3krXBZDKcw6PruQ/f55yq0xkN5cpaSKdqJql9X ozdSzobvPPwnLSYCBNrXjDeLH9P9vaJ/oVYkEsbFqLiLRdKS93ut6MW9Vs0b8Rha gjigUch2jOyvtsERyTBE4AA8qYh5g89ZDv5Oa2IgUUJ4lQs3gkbH5X40R/y2hvc5 Ds+PmX+d3Ppz7xJjfJaiFRODa0WvREzsYuMaJde5XKeQc1EEROjxHqFZUPIQ/gEb j0ot2CDbayk= =/uFd -----END PGP SIGNATURE-----
2022. március 10.

ESB-2022.0985 - [Debian] firefox-esr: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0985 firefox-esr security update 10 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: firefox-esr Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-26387 CVE-2022-26386 CVE-2022-26384 CVE-2022-26383 CVE-2022-26381 Original Bulletin: https://lists.debian.org/debian-security-announce/2022/msg00064.html Comment: CVSS (Max): 7.5 CVE-2022-26387 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5097-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 09, 2022 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, spoofing or sandbox bypass. For the oldstable distribution (buster), these problems have been fixed in version 91.7.0esr-1~deb10u1. For the stable distribution (bullseye), these problems have been fixed in version 91.7.0esr-1~deb11u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmIpIx8ACgkQEMKTtsN8 TjYecBAAkN+pc932dl3RDi2Z0NSU76/pECvB8ZTZtQjSs5j69lguVYKQ9vZlYUG3 tbmrecTf2EL9xH7rLWEwjbbW/SdlXmg0fQeisVEn5p+XoQF1rxTW+fbNXvgpca9l HptbZRvSqKidK9hFHm2YjPYenX+VyXKSX4Mp3eKaZORBrAIwC97mgGjnLpykEQzH i9WRbC7ac9rBgTM0QTNCb+nSriWfCoEM4yAhTJxcpqaJAU2IMIwE5vUIg7NLN78N ars12uRcGonG/rZ6JiEc8llqYxXbOz8PdqozSI9/UNBgwLsraPXjcKYlBh1vRPng pk6kzcpgYOrGDDb6uefLjKjzUf5pHh7xz8ITt9qbrmLD3TMtHysVCYRlPgZ3GJKW ZP+E+myYoUfYtx5KwRwRf6t2s+atwILROGdyQysEkFNZi6sKXP+dEt2cfFzLxrfP uQDb9UzmT6A08UaofEbiXRuqqx0sggjef8xZA8kyhApnTNf87DeU59vPCFKN9Y9T k1/2P1+KolEn0sqlsrLyBXONVtjTp7NtaFDja5AML1jXIRBYM6Y8SEaT4uqjANoA 418R9yQyLlTfaOFi66KkcIB5Mq1BLPfpoA8nmGLjM/vn+W64l3UMoJitQc/ZQmPg VFPtD5TvW+8GEq3tv9wHAEenaGBvl5QP08OsAUwdlEK6aKPY3oU= =4DZH - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYik6UONLKJtyKPYoAQiR0A/9EkcE11/bWIoSQMlNj73UTQgurgiA7OE3 xB7NTkTcJDR1uhbuXAG3+K4FaAQ1n340IqM+9OxRJw0zd6dvBD4Y2W3ZPpUBAFRI k3yrEtTiBh+gOvZ1rcWSM46aO5qOskdQ+6jj0PMoE9Tmd0BMPZaO2x3Z/uB45WaH fTe6D1dHWupEaqNnvlYMp9orkNy/ys3Jki4yGgFSvEw6ppVqQVrPTLlHPofdlopY DqGzmDGP3GB1jEYA0kn/WuqPEXnFupXnXZ2qpgcntRLhwfIWUa7FhI+jeyRnkoya Do+Gl+TBOzaM/wX2UgvtsnS1wNcF4kJy+kdSFZfzhSK1Yml4U3N+QbwqobG96Fwt Yv+5NaOJ6lxk6edNK27lAri86iso2DgmOlFdPqoAGpOHmR6vUcdoeJBl8KRKFz+N xvDF33zyeoE7b908yqeudBdOXg40tfjCfTgWRJbp9pgr1JA8C0dgxUc7SFTFmpPF 8rb/sZncvhg52ilp0sSADoLV0XNQXxs5MVjGVHurvzyAoBKly7Ryu3/1HpwCyK+C ThWhjpTKx1ZJJGl7Yg4wxFmV7gxmhnHA3uFSvozo09ATvORAGdmAxwOKIqduahGt CjaVoEvONzyT6C76yiKIsMnDHPOuDz5t39aGywWogF5zBbxlXDUXKYEf5+RKG1U7 bGj16mpVOCM= =Kg/F -----END PGP SIGNATURE-----