AusCERT - Security Bulletins
Latest published security bulletins. See https://www.auscert.org.au/rss/ for feed information.
Frissítve: 2 óra 33 perc
ESB-2022.2396 - [SUSE] tiff: CVSS (Max): 7.8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2396
Security update for tiff
17 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: tiff
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-1056 CVE-2022-0924 CVE-2022-0909
CVE-2022-0908 CVE-2022-0891 CVE-2022-0865
CVE-2022-0562 CVE-2022-0561
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221667-1
Comment: CVSS (Max): 7.8 CVE-2022-0891 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for tiff
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1667-1
Rating: important
References: #1195964 #1195965 #1197066 #1197068 #1197072 #1197073
#1197074 #1197631
Cross-References: CVE-2022-0561 CVE-2022-0562 CVE-2022-0865 CVE-2022-0891
CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 CVE-2022-1056
Affected Products:
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
______________________________________________________________________________
An update that fixes 8 vulnerabilities is now available.
Description:
This update for tiff fixes the following issues:
o CVE-2022-0561: Fixed null source pointer passed as an argument to memcpy()
within TIFFFetchStripThing() in tif_dirread.c (bsc#1195964).
o CVE-2022-0562: Fixed null source pointer passed as an argument to memcpy()
within TIFFReadDirectory() in tif_dirread.c (bsc#1195965).
o CVE-2022-0865: Fixed assertion failure in TIFFReadAndRealloc (bsc#1197066).
o CVE-2022-0909: Fixed divide by zero error in tiffcrop that could have led
to a denial-of-service via a crafted tiff file (bsc#1197072).
o CVE-2022-0924: Fixed out-of-bounds read error in tiffcp that could have led
to a denial-of-service via a crafted tiff file (bsc#1197073).
o CVE-2022-0908: Fixed null source pointer passed as an argument to memcpy in
TIFFFetchNormalTag() (bsc#1197074).
o CVE-2022-1056: Fixed out-of-bounds read error in tiffcrop that could have
led to a denial-of-service via a crafted tiff file (bsc#1197631).
o CVE-2022-0891: Fixed heap buffer overflow in extractImageSection (bsc#
1197068).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1667=1
o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1667=1
Package List:
o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
s390x x86_64):
libtiff-devel-4.0.9-44.48.1
tiff-debuginfo-4.0.9-44.48.1
tiff-debugsource-4.0.9-44.48.1
o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
libtiff5-4.0.9-44.48.1
libtiff5-debuginfo-4.0.9-44.48.1
tiff-4.0.9-44.48.1
tiff-debuginfo-4.0.9-44.48.1
tiff-debugsource-4.0.9-44.48.1
o SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
libtiff5-32bit-4.0.9-44.48.1
libtiff5-debuginfo-32bit-4.0.9-44.48.1
References:
o https://www.suse.com/security/cve/CVE-2022-0561.html
o https://www.suse.com/security/cve/CVE-2022-0562.html
o https://www.suse.com/security/cve/CVE-2022-0865.html
o https://www.suse.com/security/cve/CVE-2022-0891.html
o https://www.suse.com/security/cve/CVE-2022-0908.html
o https://www.suse.com/security/cve/CVE-2022-0909.html
o https://www.suse.com/security/cve/CVE-2022-0924.html
o https://www.suse.com/security/cve/CVE-2022-1056.html
o https://bugzilla.suse.com/1195964
o https://bugzilla.suse.com/1195965
o https://bugzilla.suse.com/1197066
o https://bugzilla.suse.com/1197068
o https://bugzilla.suse.com/1197072
o https://bugzilla.suse.com/1197073
o https://bugzilla.suse.com/1197074
o https://bugzilla.suse.com/1197631
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoL2SskNZI30y1K9AQir4w//eGCuX+UMsteHbRbdfB6GTVRrQ1CFiEbF
tY7keHCXI4on8xDCDDZPuy1or5ouAwxuQs9gCKLn53y37UbGKeQWAxtt0nnAaL1n
HaXVuNCiCulidF8ZUthuzJCF8XBOvlkrfnVCswkZ8d1NB7rWcDiUyAOBDtTx3URf
/oGv1ZCTw3b+xNeYC41Z+hHCNqPlvOm6A7XkFpNNE/ZvLMZ43f2xyG+aHc6xRwF/
kThcek4q4RQJ3iGcx+aWqh6RNqldflEsScQqjOkc5t6giNoQERjb8RpLsD/hXIx3
k5hrmPiF+uNpKt1ZF0b64IACODs1YzPdJjJ+sC7jZnDMuGVwmGrPAI9nI/NFOAY+
QBfKiF+Cc9feeHqH6Y3o/yOGGu/X4fUOocLay4RIdb7Mzgl2psGw6ZZivYD6gcLb
EMp/f+e54qoBK57x6/1FxvJ7N+LIUDeWkw2JVGp9QQfQT3UkPG6f4lpNyMjW4k2k
4C3coP0FkbRXLINlKt67IhHEjPAClpcKrC9sTT4mmugTjTjMu81LltJCeMSMbfRd
n0yRNR5cmo4/rK1Ucl65P+Rp7fX/KHEBdNrx/mzYC/1E+e/iDqbE0WUpjLkosU54
AVpsvKWIaljDuydS17GIvIWhrV13pNKCq+3lvyuhDMKhrtr/tqj51+OaUWESKIK6
2O/9BAAZ0OM=
=u460
-----END PGP SIGNATURE-----
ESB-2022.2395 - [SUSE] Linux Kernel: CVSS (Max): 8.8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2395
Security update for the Linux Kernel
17 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-29156 CVE-2022-28893 CVE-2022-28748
CVE-2022-28356 CVE-2022-1516 CVE-2022-1419
CVE-2022-1353 CVE-2022-1280 CVE-2022-1158
CVE-2022-0812 CVE-2021-38208 CVE-2021-20321
CVE-2021-20292 CVE-2021-4154 CVE-2021-0707
CVE-2020-27835
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221676-1
Comment: CVSS (Max): 8.8 CVE-2021-4154 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1676-1
Rating: important
References: #1028340 #1065729 #1071995 #1121726 #1137728 #1152489
#1177028 #1179878 #1182073 #1183723 #1187055 #1191647
#1193556 #1193842 #1195926 #1196018 #1196114 #1196367
#1196514 #1196639 #1196942 #1197157 #1197391 #1197656
#1197660 #1197914 #1197926 #1198217 #1198330 #1198400
#1198413 #1198437 #1198448 #1198484 #1198515 #1198516
#1198660 #1198742 #1198825 #1199012 #1199024
Cross-References: CVE-2020-27835 CVE-2021-0707 CVE-2021-20292 CVE-2021-20321
CVE-2021-38208 CVE-2021-4154 CVE-2022-0812 CVE-2022-1158
CVE-2022-1280 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516
CVE-2022-28356 CVE-2022-28748 CVE-2022-28893 CVE-2022-29156
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Public Cloud 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 16 vulnerabilities, contains 6 features and has 25 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2020-27835: Fixed a use after free vulnerability in infiniband hfi1
driver in the way user calls Ioctl after open dev file and fork. A local
user could use this flaw to crash the system (bnc#1179878).
o CVE-2021-0707: Fixed a use after free vulnerability in dma_buf_release of
dma-buf.c, which may lead to local escalation of privilege with no
additional execution privileges needed (bnc#1198437).
o CVE-2021-20292: Fixed object validation prior to performing operations on
the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#
1183723).
o CVE-2021-20321: Fixed a race condition accessing file object in the
OverlayFS subsystem in the way users do rename in specific way with
OverlayFS. A local user could have used this flaw to crash the system (bnc#
1191647).
o CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and
BUG) by making a getsockname call after a certain type of failure of a bind
call (bnc#1187055).
o CVE-2021-4154: Fixed a use-after-free vulnerability in cgroup1_parse_param
in kernel/cgroup/cgroup-v1.c, allowing a local privilege escalation by an
attacker with user privileges by exploiting the fsconfig syscall parameter,
leading to a container breakout and a denial of service on the system (bnc#
1193842).
o CVE-2022-0812: Fixed information leak when a file is read from RDMA (bsc#
1196639)
o CVE-2022-1158: Fixed a vulnerability in the kvm module that may lead to a
use-after-free write or denial of service (bsc#1197660).
o CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in
drivers/gpu/drm/drm_lease.c (bnc#1197914).
o CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register
function in net/key/af_key.c (bnc#1198516).
o CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create
(bsc#1198742).
o CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
o CVE-2022-28356: Fixed a refcount leak bug in net/llc/af_llc.c (bnc#
1197391).
o CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices
(bsc#1196018).
o CVE-2022-28893: Fixed a use after free vulnerability in inet_put_port where
some sockets are not closed before xs_xprt_free() (bsc#1198330).
o CVE-2022-29156: Fixed a double free vulnerability related to
rtrs_clt_dev_release.ate (jsc#SLE-15176 bsc#1198515).
The following non-security bugs were fixed:
o ACPI/APEI: Limit printable size of BERT table data (git-fixes).
o ACPI: processor idle: Check for architectural support for LPI (git-fixes).
o ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes).
o ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes).
o ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes).
o ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes).
o ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes).
o ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
(git-fixes).
o ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
(git-fixes).
o ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb
(git-fixes).
o ALSA: usb-audio: Increase max buffer size (git-fixes).
o ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes).
o ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
(git-fixes).
o ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use
(git-fixes).
o ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes).
o ASoC: msm8916-wcd-digital: Check failure for
devm_snd_soc_register_component (git-fixes).
o ASoC: soc-compress: Change the check for codec_dai (git-fixes).
o ASoC: soc-compress: prevent the potentially use of null pointer
(git-fixes).
o ASoC: soc-core: skip zero num_dai component in searching dai name
(git-fixes).
o ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes).
o Bluetooth: Fix use after free in hci_send_acl (git-fixes).
o Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes).
o Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes).
o Documentation: add link to stable release candidate tree (git-fixes).
o HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes).
o IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208).
o Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes).
o KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes).
o NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
o PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge
(git-fixes).
o PCI: aardvark: Fix support for MSI interrupts (git-fixes).
o PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes).
o PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes).
o PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).
o PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes).
o RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449).
o RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175).
o RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175).
o RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#
SLE-15175).
o SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
(git-fixes).
o SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
o SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes).
o SUNRPC: Handle low memory situations in call_status() (git-fixes).
o SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
o USB: serial: pl2303: add IBM device IDs (git-fixes).
o USB: serial: simple: add Nokia phone driver (git-fixes).
o USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes).
o USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
(git-fixes).
o USB: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
(git-fixes).
o USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes).
o adm8211: fix error return code in adm8211_probe() (git-fixes).
o arm64/sve: Use correct size when reinitialising SVE state (git-fixes)
o arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1
(git-fixes)
o arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes)
o arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes)
o arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes)
o arm64: dts: ls1028a: fix memory node (git-fixes)
o arm64: dts: ls1028a: fix node name for the sysclk (git-fixes)
o arm64: dts: lx2160a: fix scl-gpios property name (git-fixes)
o arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes)
o arm64: dts: marvell: armada-37xx: Fix reg for standard variant of
(git-fixes)
o arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0
(git-fixes)
o arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes)
o arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes)
o arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes)
o arm64: head: avoid over-mapping in map_memory (git-fixes)
o ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
(git-fixes).
o ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes).
o ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
(git-fixes).
o ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
o ath5k: fix building with LEDS=m (git-fixes).
o ath9k: Fix usage of driver-private space in tx_info (git-fixes).
o ath9k: Properly clear TX status area before reporting to mac80211
(git-fixes).
o ath9k_htc: fix uninit value bugs (git-fixes).
o bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172).
o bfq: Avoid merging queues with different parents (bsc#1197926).
o bfq: Drop pointless unlock-lock pair (bsc#1197926).
o bfq: Get rid of __bio_blkcg() usage (bsc#1197926).
o bfq: Make sure bfqg for which we are queueing requests is online (bsc#
1197926).
o bfq: Remove pointless bfq_init_rq() calls (bsc#1197926).
o bfq: Split shared queues on move between cgroups (bsc#1197926).
o bfq: Track whether bfq_group is still online (bsc#1197926).
o bfq: Update cgroup information before merging bio (bsc#1197926).
o block: Drop leftover references to RQF_SORTED (bsc#1182073).
o bnx2x: fix napi API usage sequence (bsc#1198217).
o bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT
(git-fixes bsc#1177028).
o brcmfmac: firmware: Allocate space for default boardrev in nvram
(git-fixes).
o brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes).
o brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
(git-fixes).
o brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
(git-fixes).
o carl9170: fix missing bit-wise or operator for tx_params (git-fixes).
o cfg80211: hold bss_lock while updating nontrans_list (git-fixes).
o cifs: fix bad fids sent over wire (bsc#1197157).
o clk: Enforce that disjoints limits are invalid (git-fixes).
o clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes).
o direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656).
o direct-io: defer alignment check until after the EOF check (bsc#1197656).
o direct-io: do not force writeback for reads beyond EOF (bsc#1197656).
o dma-debug: fix return value of __setup handlers (git-fixes).
o dma: at_xdmac: fix a missing check on list iterator (git-fixes).
o dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
(git-fixes).
o dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes).
o dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes).
o dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes).
o dmaengine: mediatek:Fix PM usage reference leak of
mtk_uart_apdma_alloc_chan_resources (git-fixes).
o drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes).
o drm/amd/display: Fix a NULL pointer dereference in
amdgpu_dm_connector_add_common_modes() (git-fixes).
o drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes).
o drm/amd/display: do not ignore alpha property on pre-multiplied mode
(git-fixes).
o drm/amd: Add USBC connector ID (git-fixes).
o drm/amdgpu: Fix recursive locking warning (git-fixes).
o drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes).
o drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes).
o drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes).
o drm/amdkfd: make CRAT table missing message informational only (git-fixes).
o drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe
(git-fixes).
o drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
(git-fixes).
o drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt
(git-fixes).
o drm/edid: Do not clear formats if using deep color (git-fixes).
o drm/edid: check basic audio support on CEA extension block (git-fixes).
o drm/i915/gem: Flush coherency domains on first set-domain-ioctl
(git-fixes).
o drm/i915: Call i915_globals_exit() if pci_register_device() fails
(git-fixes).
o drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes).
o drm/mediatek: Add AAL output size configuration (git-fixes).
o drm/mediatek: Fix aal size config (git-fixes).
o drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init()
(git-fixes).
o drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
(git-fixes).
o drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
(git-fixes).
o drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes).
o drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage
(git-fixes).
o drm: Add orientation quirk for GPD Win Max (git-fixes).
o drm: add a locked version of drm_is_current_master (bsc#1197914).
o drm: add a locked version of drm_is_current_master (bsc#1197914).
o drm: drm_file struct kABI compatibility workaround (bsc#1197914).
o drm: drm_file struct kABI compatibility workaround (bsc#1197914).
o drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
o drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
o drm: serialize drm_file.master with a new spinlock (bsc#1197914).
o drm: serialize drm_file.master with a new spinlock (bsc#1197914).
o drm: use the lookup lock in drm_is_current_master (bsc#1197914).
o drm: use the lookup lock in drm_is_current_master (bsc#1197914).
o e1000e: Fix possible overflow in LTR decoding (git-fixes).
o fibmap: Reject negative block numbers (bsc#1198448).
o fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448).
o firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes).
o gpiolib: acpi: use correct format characters (git-fixes).
o gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes).
o hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes).
o i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes).
o ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
(git-fixes).
o ipmi: Move remove_work to dedicated workqueue (git-fixes).
o ipmi: bail out if init_srcu_struct fails (git-fixes).
o iwlwifi: Fix -EIO error code that is never returned (git-fixes).
o iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes).
o livepatch: Do not block removal of patches that are safe to unload (bsc#
1071995).
o lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes).
o media: cx88-mpeg: clear interrupt status register before streaming video
(git-fixes).
o media: hdpvr: initialize dev->worker at hdpvr_register_videodev
(git-fixes).
o memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes).
o mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes).
o mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes).
o mmc: host: Return an error when ->enable_sdio_irq() ops is missing
(git-fixes).
o mmc: mmci: stm32: correctly check all elements of sg list (git-fixes).
o mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes).
o mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is
complete (git-fixes).
o mtd: onenand: Check for error irq (git-fixes).
o mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
(git-fixes).
o mtd: rawnand: gpmi: fix controller timings setting (git-fixes).
o mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes).
o net: asix: add proper error handling of usb read errors (git-fixes).
o net: mcs7830: handle usb read errors properly (git-fixes).
o net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes).
o nfc: nci: add flush_workqueue to prevent uaf (git-fixes).
o power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
(git-fixes).
o power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes).
o power: supply: axp20x_battery: properly report current when discharging
(git-fixes).
o power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes).
o power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false
return (git-fixes).
o power: supply: wm8350-power: Add missing free in free_charger_irq
(git-fixes).
o power: supply: wm8350-power: Handle error for wm8350_register_irq
(git-fixes).
o powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes).
o powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106,
git-fixes).
o ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#
1198413).
o random: check for signal_pending() outside of need_resched() check
(git-fixes).
o ray_cs: Check ioremap return value (git-fixes).
o regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes).
o rtc: check if __rtc_read_time was successful (git-fixes).
o rtc: wm8350: Handle error for wm8350_register_irq (git-fixes).
o scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
(git-fixes).
o scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove()
(git-fixes).
o scsi: mpt3sas: Page fault in reply q processing (git-fixes).
o scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#
1198825).
o spi: Fix erroneous sgs value with min_t() (git-fixes).
o spi: Fix invalid sgs value (git-fixes).
o spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and
controller (git-fixes).
o spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()
(git-fixes).
o spi: mxic: Fix the transmit path (git-fixes).
o spi: tegra20: Use of_device_get_match_data() (git-fixes).
o staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes).
o vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#
1152489)
o video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes).
o video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes).
o video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
(git-fixes).
o video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes).
o video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes).
o video: fbdev: udlfb: properly check endpoint type (bsc#1152489)
o video: fbdev: w100fb: Reset global state (git-fixes).
o virtio_console: break out of buf poll on remove (git-fixes).
o virtio_console: eliminate anonymous module_init & module_exit (git-fixes).
o w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes).
o x86/pm: Save the MSR validity status at context setup (bsc#1198400).
o x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO
(git-fixes).
o x86/speculation: Restore speculation related MSRs during S3 resume (bsc#
1198400).
o xen/blkfront: fix comment for need_copy (git-fixes).
o xen/x86: obtain full video frame buffer address for Dom0 also under EFI
(bsc#1193556).
o xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#
1193556).
o xen: fix is_xen_pmu() (git-fixes).
o xhci: fix runtime PM imbalance in USB2 resume (git-fixes).
o xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
(git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1676=1
o SUSE Linux Enterprise Module for Public Cloud 15-SP3:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-1676=1
Package List:
o openSUSE Leap 15.3 (noarch):
kernel-devel-azure-5.3.18-150300.38.56.1
kernel-source-azure-5.3.18-150300.38.56.1
o openSUSE Leap 15.3 (x86_64):
cluster-md-kmp-azure-5.3.18-150300.38.56.1
cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.56.1
dlm-kmp-azure-5.3.18-150300.38.56.1
dlm-kmp-azure-debuginfo-5.3.18-150300.38.56.1
gfs2-kmp-azure-5.3.18-150300.38.56.1
gfs2-kmp-azure-debuginfo-5.3.18-150300.38.56.1
kernel-azure-5.3.18-150300.38.56.1
kernel-azure-debuginfo-5.3.18-150300.38.56.1
kernel-azure-debugsource-5.3.18-150300.38.56.1
kernel-azure-devel-5.3.18-150300.38.56.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.56.1
kernel-azure-extra-5.3.18-150300.38.56.1
kernel-azure-extra-debuginfo-5.3.18-150300.38.56.1
kernel-azure-livepatch-devel-5.3.18-150300.38.56.1
kernel-azure-optional-5.3.18-150300.38.56.1
kernel-azure-optional-debuginfo-5.3.18-150300.38.56.1
kernel-syms-azure-5.3.18-150300.38.56.1
kselftests-kmp-azure-5.3.18-150300.38.56.1
kselftests-kmp-azure-debuginfo-5.3.18-150300.38.56.1
ocfs2-kmp-azure-5.3.18-150300.38.56.1
ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.56.1
reiserfs-kmp-azure-5.3.18-150300.38.56.1
reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.56.1
o SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):
kernel-devel-azure-5.3.18-150300.38.56.1
kernel-source-azure-5.3.18-150300.38.56.1
o SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64):
kernel-azure-5.3.18-150300.38.56.1
kernel-azure-debuginfo-5.3.18-150300.38.56.1
kernel-azure-debugsource-5.3.18-150300.38.56.1
kernel-azure-devel-5.3.18-150300.38.56.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.56.1
kernel-syms-azure-5.3.18-150300.38.56.1
References:
o https://www.suse.com/security/cve/CVE-2020-27835.html
o https://www.suse.com/security/cve/CVE-2021-0707.html
o https://www.suse.com/security/cve/CVE-2021-20292.html
o https://www.suse.com/security/cve/CVE-2021-20321.html
o https://www.suse.com/security/cve/CVE-2021-38208.html
o https://www.suse.com/security/cve/CVE-2021-4154.html
o https://www.suse.com/security/cve/CVE-2022-0812.html
o https://www.suse.com/security/cve/CVE-2022-1158.html
o https://www.suse.com/security/cve/CVE-2022-1280.html
o https://www.suse.com/security/cve/CVE-2022-1353.html
o https://www.suse.com/security/cve/CVE-2022-1419.html
o https://www.suse.com/security/cve/CVE-2022-1516.html
o https://www.suse.com/security/cve/CVE-2022-28356.html
o https://www.suse.com/security/cve/CVE-2022-28748.html
o https://www.suse.com/security/cve/CVE-2022-28893.html
o https://www.suse.com/security/cve/CVE-2022-29156.html
o https://bugzilla.suse.com/1028340
o https://bugzilla.suse.com/1065729
o https://bugzilla.suse.com/1071995
o https://bugzilla.suse.com/1121726
o https://bugzilla.suse.com/1137728
o https://bugzilla.suse.com/1152489
o https://bugzilla.suse.com/1177028
o https://bugzilla.suse.com/1179878
o https://bugzilla.suse.com/1182073
o https://bugzilla.suse.com/1183723
o https://bugzilla.suse.com/1187055
o https://bugzilla.suse.com/1191647
o https://bugzilla.suse.com/1193556
o https://bugzilla.suse.com/1193842
o https://bugzilla.suse.com/1195926
o https://bugzilla.suse.com/1196018
o https://bugzilla.suse.com/1196114
o https://bugzilla.suse.com/1196367
o https://bugzilla.suse.com/1196514
o https://bugzilla.suse.com/1196639
o https://bugzilla.suse.com/1196942
o https://bugzilla.suse.com/1197157
o https://bugzilla.suse.com/1197391
o https://bugzilla.suse.com/1197656
o https://bugzilla.suse.com/1197660
o https://bugzilla.suse.com/1197914
o https://bugzilla.suse.com/1197926
o https://bugzilla.suse.com/1198217
o https://bugzilla.suse.com/1198330
o https://bugzilla.suse.com/1198400
o https://bugzilla.suse.com/1198413
o https://bugzilla.suse.com/1198437
o https://bugzilla.suse.com/1198448
o https://bugzilla.suse.com/1198484
o https://bugzilla.suse.com/1198515
o https://bugzilla.suse.com/1198516
o https://bugzilla.suse.com/1198660
o https://bugzilla.suse.com/1198742
o https://bugzilla.suse.com/1198825
o https://bugzilla.suse.com/1199012
o https://bugzilla.suse.com/1199024
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoL2PskNZI30y1K9AQhfCQ/9Gi81rSygwHKSma5SyUoLYFA3syUEAyD0
o38q/87hyB/Ny75iACHziGzaDPz65B9p8/wbSR0LwZbMk1k9WtvLno1LPS7ZDXaM
+3Rrxeasp33gq204pfb1XaJhHCWgLWzw8tiUJo+mbF55R6kYMpTSdMeee5B9hzn/
O3HsGZIkcnQaru5KkqvsfR30zmm0Y7RHK5+2E6pk2FRg+99E91p9qiBn9QleUK0y
ap98GkLhvmdYTLjPGTsRx6ggkblyer1QM4OXEBU2qnWRGoi7d8XiFNz0iCXm1dA5
Gw7OTmTV0C/dElCEewUCHO6L3+/34aYLu2y093QRz1vv68eyXyuHreRv/CKviEjE
yjkBpYHx4mqUOZ7kCthSXYw+1GgVpGLvYcUk4rChDZDVG8lhJrEU7vJ9BViqzx0R
ujKhQwyEI4VOVFtm0zn1x0DWuhIwv+PJEbSvo1Lj+EekrghZzOCviY5Ow6euDsDJ
stGJZczwNQjWvr92wg5nNQp29svPkUgXzxaCbSHLWEWGKC1lpsWmE5cN8tVjR31m
VC3LwgozWQFjnrLRqbFvdXjs6YloUg7U/XPBqNhiKu8Re1gh+4M9YdfFmhZ0Yv+C
rjlpRbizMAUt7q+VomKByWiaGDr31VzmFWhquYKhjlk9KDSaoN56otXh3oDD/MGB
BUII7adLW84=
=VdGR
-----END PGP SIGNATURE-----
ESB-2022.2394 - [SUSE] Linux Kernel: CVSS (Max): 8.8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2394
Security update for the Linux Kernel
17 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-29156 CVE-2022-28893 CVE-2022-28748
CVE-2022-28356 CVE-2022-1516 CVE-2022-1419
CVE-2022-1353 CVE-2022-1280 CVE-2022-1158
CVE-2022-0812 CVE-2021-38208 CVE-2021-20321
CVE-2021-20292 CVE-2021-4154 CVE-2021-0707
CVE-2020-27835
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221687-1
Comment: CVSS (Max): 8.8 CVE-2021-4154 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1687-1
Rating: important
References: #1028340 #1071995 #1137728 #1152472 #1152489 #1177028
#1179878 #1182073 #1183723 #1187055 #1191647 #1193556
#1193842 #1194625 #1195651 #1195926 #1196018 #1196114
#1196367 #1196514 #1196639 #1196942 #1197157 #1197391
#1197656 #1197660 #1197677 #1197914 #1197926 #1198077
#1198217 #1198330 #1198400 #1198413 #1198437 #1198448
#1198484 #1198515 #1198516 #1198534 #1198742 #1198825
#1198989 #1199012 #1199024
Cross-References: CVE-2020-27835 CVE-2021-0707 CVE-2021-20292 CVE-2021-20321
CVE-2021-38208 CVE-2021-4154 CVE-2022-0812 CVE-2022-1158
CVE-2022-1280 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516
CVE-2022-28356 CVE-2022-28748 CVE-2022-28893 CVE-2022-29156
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 16 vulnerabilities, contains 6 features and has 29 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#
1198515).
o CVE-2022-28893: Ensuring that sockets are in the intended state inside the
SUNRPC subsystem (bnc#1198330).
o CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices
(bsc#1196018).
o CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#
1197391).
o CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
o CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create
(bsc#1198742).
o CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register
function in net/key/af_key.c (bnc#1198516).
o CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in
drivers/gpu/drm/drm_lease.c (bnc#1197914).
o CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user
address (bsc#1197660).
o CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639).
o CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in
kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could
cause a privilege escalation by exploiting the fsconfig syscall parameter
leading to a container breakout and a denial of service on the system (bnc#
1193842).
o CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and
BUG) by making a getsockname call after a certain type of failure of a bind
call (bnc#1187055).
o CVE-2021-20321: Fixed a race condition accessing file object in the
OverlayFS subsystem in the way users do rename in specific way with
OverlayFS. A local user could have used this flaw to crash the system (bnc#
1191647).
o CVE-2021-20292: Fixed object validation prior to performing operations on
the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#
1183723).
o CVE-2021-0707: Fixed possible memory corruption due to a use after free
inside dma_buf_releas e of dma-buf.c (bnc#1198437).
o CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way
user calls Ioctl after open dev file and fork. A local user could use this
flaw to crash the system (bnc#1179878).
The following non-security bugs were fixed:
o ACPI: processor idle: Check for architectural support for LPI (git-fixes).
o ACPI/APEI: Limit printable size of BERT table data (git-fixes).
o ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes).
o adm8211: fix error return code in adm8211_probe() (git-fixes).
o ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes).
o ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes).
o ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes).
o ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes).
o ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
(git-fixes).
o ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
(git-fixes).
o ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb
(git-fixes).
o ALSA: usb-audio: Increase max buffer size (git-fixes).
o ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes).
o arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1
(git-fixes)
o arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes)
o arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes)
o arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes)
o arm64: dts: ls1028a: fix memory node (git-fixes)
o arm64: dts: ls1028a: fix node name for the sysclk (git-fixes)
o arm64: dts: lx2160a: fix scl-gpios property name (git-fixes)
o arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes)
o arm64: dts: marvell: armada-37xx: Fix reg for standard variant of
(git-fixes)
o arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0
(git-fixes)
o arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes)
o arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes)
o arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes)
o arm64: head: avoid over-mapping in map_memory (git-fixes)
o arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#
1199024).
o arm64/sve: Use correct size when reinitialising SVE state (git-fixes)
o ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
(git-fixes).
o ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use
(git-fixes).
o ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes).
o ASoC: msm8916-wcd-digital: Check failure for
devm_snd_soc_register_component (git-fixes).
o ASoC: soc-compress: Change the check for codec_dai (git-fixes).
o ASoC: soc-compress: prevent the potentially use of null pointer
(git-fixes).
o ASoC: soc-core: skip zero num_dai component in searching dai name
(git-fixes).
o ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes).
o ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
(git-fixes).
o ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes).
o ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
(git-fixes).
o ath5k: fix building with LEDS=m (git-fixes).
o ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
o ath9k_htc: fix uninit value bugs (git-fixes).
o ath9k: Fix usage of driver-private space in tx_info (git-fixes).
o ath9k: Properly clear TX status area before reporting to mac80211
(git-fixes).
o backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#
1152489)
o bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172).
o bfq: Avoid merging queues with different parents (bsc#1197926).
o bfq: Drop pointless unlock-lock pair (bsc#1197926).
o bfq: Get rid of __bio_blkcg() usage (bsc#1197926).
o bfq: Make sure bfqg for which we are queueing requests is online (bsc#
1197926).
o bfq: Remove pointless bfq_init_rq() calls (bsc#1197926).
o bfq: Split shared queues on move between cgroups (bsc#1197926).
o bfq: Track whether bfq_group is still online (bsc#1197926).
o bfq: Update cgroup information before merging bio (bsc#1197926).
o block: Drop leftover references to RQF_SORTED (bsc#1182073).
o Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes).
o Bluetooth: Fix use after free in hci_send_acl (git-fixes).
o Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes).
o bnx2x: fix napi API usage sequence (bsc#1198217).
o bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT
(git-fixes bsc#1177028).
o brcmfmac: firmware: Allocate space for default boardrev in nvram
(git-fixes).
o brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes).
o brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
(git-fixes).
o brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
(git-fixes).
o carl9170: fix missing bit-wise or operator for tx_params (git-fixes).
o cfg80211: hold bss_lock while updating nontrans_list (git-fixes).
o cifs: do not skip link targets when an I/O fails (bsc#1194625).
o cifs: fix bad fids sent over wire (bsc#1197157).
o clk: Enforce that disjoints limits are invalid (git-fixes).
o clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes).
o direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656).
o direct-io: defer alignment check until after the EOF check (bsc#1197656).
o direct-io: do not force writeback for reads beyond EOF (bsc#1197656).
o dma-debug: fix return value of __setup handlers (git-fixes).
o dma: at_xdmac: fix a missing check on list iterator (git-fixes).
o dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes).
o dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes).
o dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes).
o dmaengine: mediatek:Fix PM usage reference leak of
mtk_uart_apdma_alloc_chan_resources (git-fixes).
o dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
(git-fixes).
o Documentation: add link to stable release candidate tree (git-fixes).
o drm: add a locked version of drm_is_current_master (bsc#1197914).
o drm: Add orientation quirk for GPD Win Max (git-fixes).
o drm: drm_file struct kABI compatibility workaround (bsc#1197914).
o drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
o drm: serialize drm_file.master with a new spinlock (bsc#1197914).
o drm: use the lookup lock in drm_is_current_master (bsc#1197914).
o drm/amd: Add USBC connector ID (git-fixes).
o drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes).
o drm/amd/display: do not ignore alpha property on pre-multiplied mode
(git-fixes).
o drm/amd/display: Fix a NULL pointer dereference in
amdgpu_dm_connector_add_common_modes() (git-fixes).
o drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes).
o drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472)
o drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489)
o drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes).
o drm/amdgpu: Fix recursive locking warning (git-fixes).
o drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes).
o drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes).
o drm/amdkfd: make CRAT table missing message informational only (git-fixes).
o drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe
(git-fixes).
o drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt
(git-fixes).
o drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
(git-fixes).
o drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472)
o drm/edid: check basic audio support on CEA extension block (git-fixes).
o drm/edid: Do not clear formats if using deep color (git-fixes).
o drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472)
o drm/i915: Call i915_globals_exit() if pci_register_device() fails
(git-fixes).
o drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489)
o drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489)
o drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489)
o drm/i915/gem: Flush coherency domains on first set-domain-ioctl
(git-fixes).
o drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes).
o drm/mediatek: Add AAL output size configuration (git-fixes).
o drm/mediatek: Fix aal size config (git-fixes).
o drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init()
(git-fixes).
o drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
(git-fixes).
o drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
(git-fixes).
o drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472)
o drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes).
o drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534)
o drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage
(git-fixes).
o drm/vmwgfx: Remove unused compile options (bsc#1152472)
o e1000e: Fix possible overflow in LTR decoding (git-fixes).
o fibmap: Reject negative block numbers (bsc#1198448).
o fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448).
o firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes).
o gpiolib: acpi: use correct format characters (git-fixes).
o gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes).
o HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes).
o hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes).
o i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes).
o IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208).
o Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes).
o ipmi: bail out if init_srcu_struct fails (git-fixes).
o ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
(git-fixes).
o ipmi: Move remove_work to dedicated workqueue (git-fixes).
o iwlwifi: Fix -EIO error code that is never returned (git-fixes).
o iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes).
o KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes).
o livepatch: Do not block removal of patches that are safe to unload (bsc#
1071995).
o lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes).
o media: cx88-mpeg: clear interrupt status register before streaming video
(git-fixes).
o media: hdpvr: initialize dev->worker at hdpvr_register_videodev
(git-fixes).
o memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes).
o mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes).
o mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes).
o mmc: host: Return an error when ->enable_sdio_irq() ops is missing
(git-fixes).
o mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes).
o mmc: mmci: stm32: correctly check all elements of sg list (git-fixes).
o mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is
complete (git-fixes).
o mtd: onenand: Check for error irq (git-fixes).
o mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
(git-fixes).
o mtd: rawnand: gpmi: fix controller timings setting (git-fixes).
o mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes).
o net: asix: add proper error handling of usb read errors (git-fixes).
o net: mana: Add counter for packet dropped by XDP (bsc#1195651).
o net: mana: Add counter for XDP_TX (bsc#1195651).
o net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
o net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
(bsc#1195651).
o net: mana: Reuse XDP dropped page (bsc#1195651).
o net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#
1195651).
o net: mcs7830: handle usb read errors properly (git-fixes).
o net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes).
o nfc: nci: add flush_workqueue to prevent uaf (git-fixes).
o NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
o PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge
(git-fixes).
o PCI: aardvark: Fix support for MSI interrupts (git-fixes).
o PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes).
o PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes).
o PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).
o PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes).
o power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
(git-fixes).
o power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes).
o power: supply: axp20x_battery: properly report current when discharging
(git-fixes).
o power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes).
o power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false
return (git-fixes).
o power: supply: wm8350-power: Add missing free in free_charger_irq
(git-fixes).
o power: supply: wm8350-power: Handle error for wm8350_register_irq
(git-fixes).
o powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended
regs (bsc#1198077 ltc#197299).
o powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes).
o powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106,
git-fixes).
o powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#
1198077 ltc#197299).
o ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#
1198413).
o random: check for signal_pending() outside of need_resched() check
(git-fixes).
o ray_cs: Check ioremap return value (git-fixes).
o RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449).
o RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175).
o RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175).
o RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#
SLE-15175).
o regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes).
o rpm: Run external scriptlets on uninstall only when available (bsc#1196514
bsc#1196114 bsc#1196942).
o rpm: Use bash for %() expansion (jsc#SLE-18234).
o rpm/*.spec.in: remove backtick usage
o rpm/constraints.in: skip SLOW_DISK workers for kernel-source
o rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#
1198484)
o rtc: check if __rtc_read_time was successful (git-fixes).
o rtc: wm8350: Handle error for wm8350_register_irq (git-fixes).
o s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#
197378).
o scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
(git-fixes).
o scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove()
(git-fixes).
o scsi: mpt3sas: Page fault in reply q processing (git-fixes).
o scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#
1198825).
o spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and
controller (git-fixes).
o spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()
(git-fixes).
o spi: Fix erroneous sgs value with min_t() (git-fixes).
o spi: Fix invalid sgs value (git-fixes).
o spi: mxic: Fix the transmit path (git-fixes).
o spi: tegra20: Use of_device_get_match_data() (git-fixes).
o staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes).
o SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
o SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
(git-fixes).
o SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
o SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes).
o SUNRPC: Handle low memory situations in call_status() (git-fixes).
o USB: dwc3: core: Fix tx/rx threshold settings (git-fixes).
o USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
o USB: dwc3: gadget: Return proper request status (git-fixes).
o USB: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
(git-fixes).
o USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes).
o USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#
1152489)
o USB: serial: pl2303: add IBM device IDs (git-fixes).
o USB: serial: simple: add Nokia phone driver (git-fixes).
o USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes).
o USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
(git-fixes).
o vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#
1152489)
o video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes).
o video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes).
o video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
(git-fixes).
o video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes).
o video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes).
o video: fbdev: udlfb: properly check endpoint type (bsc#1152489)
o video: fbdev: w100fb: Reset global state (git-fixes).
o virtio_console: break out of buf poll on remove (git-fixes).
o virtio_console: eliminate anonymous module_init & module_exit (git-fixes).
o w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes).
o x86/pm: Save the MSR validity status at context setup (bsc#1198400).
o x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO
(git-fixes).
o x86/speculation: Restore speculation related MSRs during S3 resume (bsc#
1198400).
o xen: fix is_xen_pmu() (git-fixes).
o xen/blkfront: fix comment for need_copy (git-fixes).
o xen/x86: obtain full video frame buffer address for Dom0 also under EFI
(bsc#1193556).
o xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#
1193556).
o xhci: fix runtime PM imbalance in USB2 resume (git-fixes).
o xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
(git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1687=1
o openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1687=1
o SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1687=1
o SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1687=1
o SUSE Linux Enterprise Module for Legacy Software 15-SP3:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-1687=1
o SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1687=1
o SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1687=1
o SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1687=1
o SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1687=1
o SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-1687=1
Package List:
o openSUSE Leap 15.4 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.68.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.68.1
dlm-kmp-preempt-5.3.18-150300.59.68.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.68.1
gfs2-kmp-preempt-5.3.18-150300.59.68.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-5.3.18-150300.59.68.1
kernel-preempt-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-debugsource-5.3.18-150300.59.68.1
kernel-preempt-devel-5.3.18-150300.59.68.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-extra-5.3.18-150300.59.68.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.68.1
kernel-preempt-optional-5.3.18-150300.59.68.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.68.1
kselftests-kmp-preempt-5.3.18-150300.59.68.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.68.1
ocfs2-kmp-preempt-5.3.18-150300.59.68.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.68.1
reiserfs-kmp-preempt-5.3.18-150300.59.68.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.68.1
o openSUSE Leap 15.4 (aarch64):
dtb-al-5.3.18-150300.59.68.1
dtb-zte-5.3.18-150300.59.68.1
o openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.68.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.68.1
dlm-kmp-default-5.3.18-150300.59.68.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.68.1
gfs2-kmp-default-5.3.18-150300.59.68.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-5.3.18-150300.59.68.1
kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3
kernel-default-base-rebuild-5.3.18-150300.59.68.1.150300.18.41.3
kernel-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-debugsource-5.3.18-150300.59.68.1
kernel-default-devel-5.3.18-150300.59.68.1
kernel-default-devel-debuginfo-5.3.18-150300.59.68.1
kernel-default-extra-5.3.18-150300.59.68.1
kernel-default-extra-debuginfo-5.3.18-150300.59.68.1
kernel-default-livepatch-5.3.18-150300.59.68.1
kernel-default-livepatch-devel-5.3.18-150300.59.68.1
kernel-default-optional-5.3.18-150300.59.68.1
kernel-default-optional-debuginfo-5.3.18-150300.59.68.1
kernel-obs-build-5.3.18-150300.59.68.1
kernel-obs-build-debugsource-5.3.18-150300.59.68.1
kernel-obs-qa-5.3.18-150300.59.68.1
kernel-syms-5.3.18-150300.59.68.1
kselftests-kmp-default-5.3.18-150300.59.68.1
kselftests-kmp-default-debuginfo-5.3.18-150300.59.68.1
ocfs2-kmp-default-5.3.18-150300.59.68.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.68.1
reiserfs-kmp-default-5.3.18-150300.59.68.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.68.1
o openSUSE Leap 15.3 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.68.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.68.1
dlm-kmp-preempt-5.3.18-150300.59.68.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.68.1
gfs2-kmp-preempt-5.3.18-150300.59.68.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-5.3.18-150300.59.68.1
kernel-preempt-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-debugsource-5.3.18-150300.59.68.1
kernel-preempt-devel-5.3.18-150300.59.68.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-extra-5.3.18-150300.59.68.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.68.1
kernel-preempt-optional-5.3.18-150300.59.68.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.68.1
kselftests-kmp-preempt-5.3.18-150300.59.68.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.68.1
ocfs2-kmp-preempt-5.3.18-150300.59.68.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.68.1
reiserfs-kmp-preempt-5.3.18-150300.59.68.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.68.1
o openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-5.3.18-150300.59.68.1
kernel-debug-debuginfo-5.3.18-150300.59.68.1
kernel-debug-debugsource-5.3.18-150300.59.68.1
kernel-debug-devel-5.3.18-150300.59.68.1
kernel-debug-devel-debuginfo-5.3.18-150300.59.68.1
kernel-debug-livepatch-devel-5.3.18-150300.59.68.1
kernel-kvmsmall-5.3.18-150300.59.68.1
kernel-kvmsmall-debuginfo-5.3.18-150300.59.68.1
kernel-kvmsmall-debugsource-5.3.18-150300.59.68.1
kernel-kvmsmall-devel-5.3.18-150300.59.68.1
kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.68.1
kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.68.1
o openSUSE Leap 15.3 (aarch64):
cluster-md-kmp-64kb-5.3.18-150300.59.68.1
cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.68.1
dlm-kmp-64kb-5.3.18-150300.59.68.1
dlm-kmp-64kb-debuginfo-5.3.18-150300.59.68.1
dtb-al-5.3.18-150300.59.68.1
dtb-allwinner-5.3.18-150300.59.68.1
dtb-altera-5.3.18-150300.59.68.1
dtb-amd-5.3.18-150300.59.68.1
dtb-amlogic-5.3.18-150300.59.68.1
dtb-apm-5.3.18-150300.59.68.1
dtb-arm-5.3.18-150300.59.68.1
dtb-broadcom-5.3.18-150300.59.68.1
dtb-cavium-5.3.18-150300.59.68.1
dtb-exynos-5.3.18-150300.59.68.1
dtb-freescale-5.3.18-150300.59.68.1
dtb-hisilicon-5.3.18-150300.59.68.1
dtb-lg-5.3.18-150300.59.68.1
dtb-marvell-5.3.18-150300.59.68.1
dtb-mediatek-5.3.18-150300.59.68.1
dtb-nvidia-5.3.18-150300.59.68.1
dtb-qcom-5.3.18-150300.59.68.1
dtb-renesas-5.3.18-150300.59.68.1
dtb-rockchip-5.3.18-150300.59.68.1
dtb-socionext-5.3.18-150300.59.68.1
dtb-sprd-5.3.18-150300.59.68.1
dtb-xilinx-5.3.18-150300.59.68.1
dtb-zte-5.3.18-150300.59.68.1
gfs2-kmp-64kb-5.3.18-150300.59.68.1
gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.68.1
kernel-64kb-5.3.18-150300.59.68.1
kernel-64kb-debuginfo-5.3.18-150300.59.68.1
kernel-64kb-debugsource-5.3.18-150300.59.68.1
kernel-64kb-devel-5.3.18-150300.59.68.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.68.1
kernel-64kb-extra-5.3.18-150300.59.68.1
kernel-64kb-extra-debuginfo-5.3.18-150300.59.68.1
kernel-64kb-livepatch-devel-5.3.18-150300.59.68.1
kernel-64kb-optional-5.3.18-150300.59.68.1
kernel-64kb-optional-debuginfo-5.3.18-150300.59.68.1
kselftests-kmp-64kb-5.3.18-150300.59.68.1
kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.68.1
ocfs2-kmp-64kb-5.3.18-150300.59.68.1
ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.68.1
reiserfs-kmp-64kb-5.3.18-150300.59.68.1
reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.68.1
o openSUSE Leap 15.3 (noarch):
kernel-devel-5.3.18-150300.59.68.1
kernel-docs-5.3.18-150300.59.68.1
kernel-docs-html-5.3.18-150300.59.68.1
kernel-macros-5.3.18-150300.59.68.1
kernel-source-5.3.18-150300.59.68.1
kernel-source-vanilla-5.3.18-150300.59.68.1
o openSUSE Leap 15.3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.68.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.68.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.68.1
o SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
kernel-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-debugsource-5.3.18-150300.59.68.1
kernel-default-extra-5.3.18-150300.59.68.1
kernel-default-extra-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-debugsource-5.3.18-150300.59.68.1
kernel-preempt-extra-5.3.18-150300.59.68.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.68.1
o SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x
x86_64):
kernel-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-debugsource-5.3.18-150300.59.68.1
kernel-default-livepatch-5.3.18-150300.59.68.1
kernel-default-livepatch-devel-5.3.18-150300.59.68.1
kernel-livepatch-5_3_18-150300_59_68-default-1-150300.7.5.1
o SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le
s390x x86_64):
kernel-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-debugsource-5.3.18-150300.59.68.1
reiserfs-kmp-default-5.3.18-150300.59.68.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.68.1
o SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le
s390x x86_64):
kernel-obs-build-5.3.18-150300.59.68.1
kernel-obs-build-debugsource-5.3.18-150300.59.68.1
kernel-syms-5.3.18-150300.59.68.1
o SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
kernel-preempt-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-debugsource-5.3.18-150300.59.68.1
kernel-preempt-devel-5.3.18-150300.59.68.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.68.1
o SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
kernel-docs-5.3.18-150300.59.68.1
kernel-source-5.3.18-150300.59.68.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x
x86_64):
kernel-default-5.3.18-150300.59.68.1
kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3
kernel-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-debugsource-5.3.18-150300.59.68.1
kernel-default-devel-5.3.18-150300.59.68.1
kernel-default-devel-debuginfo-5.3.18-150300.59.68.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):
kernel-preempt-5.3.18-150300.59.68.1
kernel-preempt-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-debugsource-5.3.18-150300.59.68.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):
kernel-64kb-5.3.18-150300.59.68.1
kernel-64kb-debuginfo-5.3.18-150300.59.68.1
kernel-64kb-debugsource-5.3.18-150300.59.68.1
kernel-64kb-devel-5.3.18-150300.59.68.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.68.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
kernel-devel-5.3.18-150300.59.68.1
kernel-macros-5.3.18-150300.59.68.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.68.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.68.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.68.1
o SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.68.1
kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3
kernel-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-debugsource-5.3.18-150300.59.68.1
o SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.68.1
kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3
kernel-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-debugsource-5.3.18-150300.59.68.1
o SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x
x86_64):
cluster-md-kmp-default-5.3.18-150300.59.68.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.68.1
dlm-kmp-default-5.3.18-150300.59.68.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.68.1
gfs2-kmp-default-5.3.18-150300.59.68.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-debugsource-5.3.18-150300.59.68.1
ocfs2-kmp-default-5.3.18-150300.59.68.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.68.1
References:
o https://www.suse.com/security/cve/CVE-2020-27835.html
o https://www.suse.com/security/cve/CVE-2021-0707.html
o https://www.suse.com/security/cve/CVE-2021-20292.html
o https://www.suse.com/security/cve/CVE-2021-20321.html
o https://www.suse.com/security/cve/CVE-2021-38208.html
o https://www.suse.com/security/cve/CVE-2021-4154.html
o https://www.suse.com/security/cve/CVE-2022-0812.html
o https://www.suse.com/security/cve/CVE-2022-1158.html
o https://www.suse.com/security/cve/CVE-2022-1280.html
o https://www.suse.com/security/cve/CVE-2022-1353.html
o https://www.suse.com/security/cve/CVE-2022-1419.html
o https://www.suse.com/security/cve/CVE-2022-1516.html
o https://www.suse.com/security/cve/CVE-2022-28356.html
o https://www.suse.com/security/cve/CVE-2022-28748.html
o https://www.suse.com/security/cve/CVE-2022-28893.html
o https://www.suse.com/security/cve/CVE-2022-29156.html
o https://bugzilla.suse.com/1028340
o https://bugzilla.suse.com/1071995
o https://bugzilla.suse.com/1137728
o https://bugzilla.suse.com/1152472
o https://bugzilla.suse.com/1152489
o https://bugzilla.suse.com/1177028
o https://bugzilla.suse.com/1179878
o https://bugzilla.suse.com/1182073
o https://bugzilla.suse.com/1183723
o https://bugzilla.suse.com/1187055
o https://bugzilla.suse.com/1191647
o https://bugzilla.suse.com/1193556
o https://bugzilla.suse.com/1193842
o https://bugzilla.suse.com/1194625
o https://bugzilla.suse.com/1195651
o https://bugzilla.suse.com/1195926
o https://bugzilla.suse.com/1196018
o https://bugzilla.suse.com/1196114
o https://bugzilla.suse.com/1196367
o https://bugzilla.suse.com/1196514
o https://bugzilla.suse.com/1196639
o https://bugzilla.suse.com/1196942
o https://bugzilla.suse.com/1197157
o https://bugzilla.suse.com/1197391
o https://bugzilla.suse.com/1197656
o https://bugzilla.suse.com/1197660
o https://bugzilla.suse.com/1197677
o https://bugzilla.suse.com/1197914
o https://bugzilla.suse.com/1197926
o https://bugzilla.suse.com/1198077
o https://bugzilla.suse.com/1198217
o https://bugzilla.suse.com/1198330
o https://bugzilla.suse.com/1198400
o https://bugzilla.suse.com/1198413
o https://bugzilla.suse.com/1198437
o https://bugzilla.suse.com/1198448
o https://bugzilla.suse.com/1198484
o https://bugzilla.suse.com/1198515
o https://bugzilla.suse.com/1198516
o https://bugzilla.suse.com/1198534
o https://bugzilla.suse.com/1198742
o https://bugzilla.suse.com/1198825
o https://bugzilla.suse.com/1198989
o https://bugzilla.suse.com/1199012
o https://bugzilla.suse.com/1199024
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoL2MMkNZI30y1K9AQjQ/Q/+IwDEvpfCNhuIkoigCwEpPEHBFNaIILvu
tUKMpta+Y0VzOTJIXYtvcZrG6Qp9xWg/dq3pz3nqBevKpL8Pyzvs2GDL2U8pOxcJ
Fk1y70CCTc3zAS0zfhlSyFwWD4IbJZ0bDWWm1/p29VW9geua4CSIf2PntNCxxQmZ
GlIJtHfbPosmmWCGSOALLgxKscCmk74YbqQ+Yo0eiZTih/bNf0q0d9YLwhcBriKl
oKlhWZLkRlP16YzG5ztBXpg0odSvWq+nGLPxd6eBjDnwRGobMmFZDGmK8Ctwi6pb
AAyxJX7YcYdWO3rI8PLezqvB7DyR7A8Y1jt9IJD048fz4FRB8p+GPVQ5q5okaRtx
UorR/qiowtSFYlyRwEhuOUHy9IhjhpbWq2juO16Taim58i9Z29ntUpMONjMQnqzO
HM/VmHi7VYzYzaYFDrNFlPJVXWDXJ9d0iwNyAkUT8w+Hqnwyd8A5hDQmy76MvHd3
2OjWqs2ff0wN1Dipqv5aqE2GSwzSZT4yOtcPJID3q26jwmbZp+r+wU3FnMBaSvVi
OaROKzH0ddx01TJInaviMUJyhQ2IvUrOENun6dFUVcLvGrLNNS0Kz+t1DbG8URxN
iNtaXlSObLZ3jc5GXyBp1m1eEz4EaQpO3ztRkC46stz/P+XJ0UWVXqI6k43nMTfF
OQ0AZ73klco=
=bVSr
-----END PGP SIGNATURE-----
ESB-2022.2393 - [SUSE] Linux Kernel: CVSS (Max): 7.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2393
Security update for the Linux Kernel
17 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-28748 CVE-2022-28356 CVE-2022-1516
CVE-2022-1419 CVE-2022-1353 CVE-2022-1280
CVE-2022-1011 CVE-2021-43389 CVE-2021-38208
CVE-2021-20321 CVE-2021-20292 CVE-2019-20811
CVE-2018-7755
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221686-1
Comment: CVSS (Max): 7.0 CVE-2022-1280 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1686-1
Rating: important
References: #1028340 #1071995 #1084513 #1114648 #1121726 #1129770
#1137728 #1172456 #1183723 #1187055 #1191647 #1191958
#1194625 #1196018 #1196247 #1197075 #1197343 #1197391
#1197663 #1197888 #1197914 #1198217 #1198413 #1198516
#1198687 #1198742 #1198825 #1198989 #1199012
Cross-References: CVE-2018-7755 CVE-2019-20811 CVE-2021-20292 CVE-2021-20321
CVE-2021-38208 CVE-2021-43389 CVE-2022-1011 CVE-2022-1280
CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-28356
CVE-2022-28748
Affected Products:
SUSE Linux Enterprise Desktop 12-SP5
SUSE Linux Enterprise High Availability 12-SP5
SUSE Linux Enterprise High Performance Computing 12-SP5
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Workstation Extension 12-SP5
______________________________________________________________________________
An update that solves 13 vulnerabilities and has 16 fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices
(bsc#1196018).
o CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#
1197391).
o CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
o CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create
(bsc#1198742).
o CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register
function in net/key/af_key.c (bnc#1198516).
o CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in
drivers/gpu/drm/drm_lease.c (bnc#1197914).
o CVE-2022-1011: Fixed a use-after-free flaw inside the FUSE filesystem in
the way a user triggers write(). This flaw allowed a local user to gain
unauthorized access to data from the FUSE filesystem, resulting in
privilege escalation (bnc#1197343).
o CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the
detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
o CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and
BUG) by making a getsockname call after a certain type of failure of a bind
call (bnc#1187055).
o CVE-2021-20321: Fixed a race condition accessing file object in the
OverlayFS subsystem in the way users do rename in specific way with
OverlayFS. A local user could have used this flaw to crash the system (bnc#
1191647).
o CVE-2021-20292: Fixed object validation prior to performing operations on
the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#
1183723).
o CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and
netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count
is mishandled (bnc#1172456).
o CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in drivers/
block/floppy.c. The floppy driver will copy a kernel pointer to user memory
in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl
and use the obtained kernel pointer to discover the location of kernel code
and data and bypass kernel security protections such as KASLR (bnc#
1084513).
The following non-security bugs were fixed:
o IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() (git-fixes)
o NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
o NFSv4: recover from pre-mature loss of openstateid (bsc#1196247).
o NFSv4: Do not try to CLOSE if the stateid 'other' field has changed (bsc#
1196247).
o NFSv4: Fix a regression in nfs_set_open_stateid_locked() (bsc#1196247).
o NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1196247).
o NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1196247).
o NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
o PCI/switchtec: Read all 64 bits of part_event_bitmap (git-fixes).
o PCI: Add device even if driver attach failed (git-fixes).
o PCI: Fix overflow in command-line resource alignment requests (git-fixes).
o PCI: iproc: Fix out-of-bound array accesses (git-fixes).
o PCI: iproc: Set affinity mask on MSI interrupts (git-fixes).
o PCI: qcom: Change duplicate PCI reset to phy reset (git-fixes).
o PCI: qcom: Make sure PCIe is reset before init for rev 2.1.0 (git-fixes).
o RDMA/rxe: Missing unlock on error in get_srq_wqe() (git-fixes)
o RDMA/rxe: Restore setting tot_len in the IPv4 header (git-fixes)
o RDMA/rxe: Use the correct size of wqe when processing SRQ (git-fixes)
o SUNRPC: Handle low memory situations in call_status() (git-fixes).
o USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
(git-fixes).
o USB: core: Fix bug in resuming hub's handling of wakeup requests
(git-fixes).
o USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
o USB: serial: pl2303: add IBM device IDs (git-fixes).
o USB: serial: simple: add Nokia phone driver (git-fixes).
o USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
(git-fixes).
o arm64: cmpxchg: Use "K" instead of "L" for ll/sc immediate constraint
(git-fixes)
o arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ (git-fixes)
o arm64: drop linker script hack to hide __efistub_ symbols (git-fixes)
o arm64: fix for bad_mode() handler to always result in panic (git-fixes)
o arm64: hibernate: Clean the __hyp_text to PoC after resume (git-fixes)
o arm64: hyp-stub: Forbid kprobing of the hyp-stub (git-fixes)
o arm64: kaslr: ensure randomized quantities are clean also when kaslr
(git-fixes)
o arm64: kaslr: ensure randomized quantities are clean to the PoC (git-fixes)
o arm64: kprobe: Always blacklist the KVM world-switch code (git-fixes)
o arm64: only advance singlestep for user instruction traps (git-fixes)
o arm64: relocatable: fix inconsistencies in linker script and options
(git-fixes)
o ath10k: fix max antenna gain unit (git-fixes).
o ath6kl: fix control-message timeout (git-fixes).
o ath6kl: fix division by zero in send path (git-fixes).
o ath9k: Fix potential interrupt storm on queue reset (git-fixes).
o b43: fix a lower bounds test (git-fixes).
o b43legacy: fix a lower bounds test (git-fixes).
o backlight: pwm_bl: Improve bootloader/kernel device handover (bsc#1129770)
o bnx2x: fix napi API usage sequence (bsc#1198217).
o can: gs_usb: fix use of uninitialized variable, detach device on reception
of invalid USB data (git-fixes).
o char/mwave: Adjust io port register size (git-fixes).
o cifs: do not skip link targets when an I/O fails (bsc#1194625).
o crypto: arm64/aes-ce-cipher - move assembler code to .S file (git-fixes)
o fbmem: do not allow too huge resolutions (bsc#1129770)
o fix parallelism for rpc tasks (bsc#1197663).
o fs/nfs: Use fatal_signal_pending instead of signal_pending (git-fixes).
o fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes).
o hwrng: atmel - disable trng on failure path (git-fixes).
o hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes).
o i40e: Fix incorrect netdev's real number of RX/TX queues (git-fixes).
o i40e: add correct exception tracing for XDP (git-fixes).
o i40e: optimize for XDP_REDIRECT in xsk path (git-fixes).
o ieee802154: atusb: fix uninit value in atusb_set_extended_addr (git-fixes).
o io-64-nonatomic: add io{read|write}64{_lo_hi|_hi_lo} macros (git-fixes).
o libertas: Fix possible memory leak in probe and disconnect (git-fixes).
o libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes).
o livepatch: Do not block removal of patches that are safe to unload (bsc#
1071995).
o mac80211: mesh: fix potentially unaligned access (git-fixes).
o media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes).
o media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes).
o media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).
o media: em28xx: fix memory leak in em28xx_init_dev (git-fixes).
o media: lmedm04: Fix misuse of comma (git-fixes).
o media: rc-loopback: return number of emitters rather than error
(git-fixes).
o media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes).
o media: uvc: do not do DMA on stack (git-fixes).
o media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
o media: videobuf2-core: dequeue if start_streaming fails (git-fixes).
o mt7601u: fix rx buffer refcounting (git-fixes).
o mwifiex: Read a PCI register after writing the TX ring write pointer
(git-fixes).
o mwifiex: Send DELBA requests according to spec (git-fixes).
o mxser: fix xmit_buf leak in activate when LSR == 0xff (git-fixes).
o net/mlx5e: Reduce tc unsupported key print level (git-fixes).
o net: davinci_emac: Fix incorrect masking of tx and rx error channel
(git-fixes).
o net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops
(git-fixes).
o net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes).
o net: stmicro: handle clk_prepare() failure during init (git-fixes).
o net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
(git-fixes).
o parisc/sticon: fix reverse colors (bsc#1129770)
o powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106,
git-fixes).
o ppp: ensure minimum packet size in ppp_write() (git-fixes).
o ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#
1198413).
o random: check for signal_pending() outside of need_resched() check
(git-fixes).
o random: fix data race on crng_node_pool (git-fixes).
o rtl8187: fix control-message timeouts (git-fixes).
o scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
(git-fixes).
o scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#
1198825).
o tcp: Fix potential use-after-free due to double kfree() (bsc#1197075).
o tcp: fix race condition when creating child sockets from syncookies (bsc#
1197075).
o usb: hub: Fix usb enumeration issue due to address0 race (git-fixes).
o usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes).
o usb: ulpi: Call of_node_put correctly (git-fixes).
o usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).
o video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (bsc#1129770)
o video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (bsc#
1129770)
o video: fbdev: chipsfb: use memset_io() instead of memset() (bsc#1129770)
o video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (bsc#1129770)
o video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (bsc#
1129770)
o video: fbdev: sm712fb: Fix crash in smtcfb_read() (bsc#1129770)
o video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (bsc#1129770)
o video: fbdev: udlfb: properly check endpoint type (bsc#1129770)
o wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
o wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
o x86/pm: Save the MSR validity status at context setup (bsc#1114648).
o x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO
(git-fixes).
o x86/speculation: Restore speculation related MSRs during S3 resume (bsc#
1114648).
o xen/blkfront: fix comment for need_copy (git-fixes).
o xen: detect uninitialized xenbus in xenbus_init (git-fixes).
o xen: do not continue xenstore initialization in case of errors (git-fixes).
o xen: fix is_xen_pmu() (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2022-1686=1
o SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1686=1
o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1686=1
o SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1686=1
o SUSE Linux Enterprise High Availability 12-SP5:
zypper in -t patch SUSE-SLE-HA-12-SP5-2022-1686=1
Package List:
o SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
kernel-default-debuginfo-4.12.14-122.121.2
kernel-default-debugsource-4.12.14-122.121.2
kernel-default-extra-4.12.14-122.121.2
kernel-default-extra-debuginfo-4.12.14-122.121.2
o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
s390x x86_64):
kernel-obs-build-4.12.14-122.121.1
kernel-obs-build-debugsource-4.12.14-122.121.1
o SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):
kernel-docs-4.12.14-122.121.2
o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-122.121.2
kernel-default-base-4.12.14-122.121.2
kernel-default-base-debuginfo-4.12.14-122.121.2
kernel-default-debuginfo-4.12.14-122.121.2
kernel-default-debugsource-4.12.14-122.121.2
kernel-default-devel-4.12.14-122.121.2
kernel-syms-4.12.14-122.121.2
o SUSE Linux Enterprise Server 12-SP5 (x86_64):
kernel-default-devel-debuginfo-4.12.14-122.121.2
o SUSE Linux Enterprise Server 12-SP5 (noarch):
kernel-devel-4.12.14-122.121.2
kernel-macros-4.12.14-122.121.2
kernel-source-4.12.14-122.121.2
o SUSE Linux Enterprise Server 12-SP5 (s390x):
kernel-default-man-4.12.14-122.121.2
o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kernel-default-debuginfo-4.12.14-122.121.2
kernel-default-debugsource-4.12.14-122.121.2
kernel-default-kgraft-4.12.14-122.121.2
kernel-default-kgraft-devel-4.12.14-122.121.2
kgraft-patch-4_12_14-122_121-default-1-8.5.2
o SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-122.121.2
cluster-md-kmp-default-debuginfo-4.12.14-122.121.2
dlm-kmp-default-4.12.14-122.121.2
dlm-kmp-default-debuginfo-4.12.14-122.121.2
gfs2-kmp-default-4.12.14-122.121.2
gfs2-kmp-default-debuginfo-4.12.14-122.121.2
kernel-default-debuginfo-4.12.14-122.121.2
kernel-default-debugsource-4.12.14-122.121.2
ocfs2-kmp-default-4.12.14-122.121.2
ocfs2-kmp-default-debuginfo-4.12.14-122.121.2
References:
o https://www.suse.com/security/cve/CVE-2018-7755.html
o https://www.suse.com/security/cve/CVE-2019-20811.html
o https://www.suse.com/security/cve/CVE-2021-20292.html
o https://www.suse.com/security/cve/CVE-2021-20321.html
o https://www.suse.com/security/cve/CVE-2021-38208.html
o https://www.suse.com/security/cve/CVE-2021-43389.html
o https://www.suse.com/security/cve/CVE-2022-1011.html
o https://www.suse.com/security/cve/CVE-2022-1280.html
o https://www.suse.com/security/cve/CVE-2022-1353.html
o https://www.suse.com/security/cve/CVE-2022-1419.html
o https://www.suse.com/security/cve/CVE-2022-1516.html
o https://www.suse.com/security/cve/CVE-2022-28356.html
o https://www.suse.com/security/cve/CVE-2022-28748.html
o https://bugzilla.suse.com/1028340
o https://bugzilla.suse.com/1071995
o https://bugzilla.suse.com/1084513
o https://bugzilla.suse.com/1114648
o https://bugzilla.suse.com/1121726
o https://bugzilla.suse.com/1129770
o https://bugzilla.suse.com/1137728
o https://bugzilla.suse.com/1172456
o https://bugzilla.suse.com/1183723
o https://bugzilla.suse.com/1187055
o https://bugzilla.suse.com/1191647
o https://bugzilla.suse.com/1191958
o https://bugzilla.suse.com/1194625
o https://bugzilla.suse.com/1196018
o https://bugzilla.suse.com/1196247
o https://bugzilla.suse.com/1197075
o https://bugzilla.suse.com/1197343
o https://bugzilla.suse.com/1197391
o https://bugzilla.suse.com/1197663
o https://bugzilla.suse.com/1197888
o https://bugzilla.suse.com/1197914
o https://bugzilla.suse.com/1198217
o https://bugzilla.suse.com/1198413
o https://bugzilla.suse.com/1198516
o https://bugzilla.suse.com/1198687
o https://bugzilla.suse.com/1198742
o https://bugzilla.suse.com/1198825
o https://bugzilla.suse.com/1198989
o https://bugzilla.suse.com/1199012
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoL2IckNZI30y1K9AQhXig//TBbYTAxzPxUDfHkRA3DwkjGw/nsFrn1j
RCKRYrfByk0IrExi306Cd6Oz9G4P/0v4BBivmIyCuMbSIMPkJ8+5dmn7R7cF1TAN
VhX3Ov00uJzA+1aeRf1gOzZRtjgXAQUwzJw4Fxn7F/6f20b06yiG4bzL83A+jGZT
Z+nhdYYHlCDievRTOzvh7IrcLnmIjFEeuMSMoJ1vZv6DWfLaKGbXPZnDCliJV/Fk
dVIdd7M/6V42RgIZtxu9D5qQ2C5CwFAS+7XPRGakaerhgifkuG3MCqd9GGPQPpe5
E7BfiEfm5i1VoSUWvnREqNmExlSdNFM2Lcr2Udyq2PDjgwOeqSDx8uvIkCsfiUK8
EwHKYf71D/y8TrIvT8AWln6wqhQwA67z8YpBkPvitZi6millgXPK9Bh1pyAf0kjE
Bu86nXZBhFIJSiCVzLqBwXjF6ozWMq6cSBcLfuv7dIMvEn4kPrDSTtO9TR8gPyqf
UgQJbwpR3QYfF11ECAd7MHuG9iXftuFDpIJLmjLN49dz+cm4fgQS1H7CMtMHQRDE
NWxvhX0pIZuqT0hx1JmCRDCFTp7Y0wMYD4FGwlcDu+1PGCakztegycWVkhRTOtlk
97bQ9y0dsVl6zvpu+/SXlg22weHAPIapAT8uHu+2AidKZrOk3D5fvXocpEmKgLYw
xScSmu5Y+Dc=
=l4FT
-----END PGP SIGNATURE-----
ESB-2022.2392 - [SUSE] Linux Kernel: CVSS (Max): 8.8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2392
Security update for the Linux Kernel
17 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-29156 CVE-2022-28893 CVE-2022-28748
CVE-2022-28356 CVE-2022-1516 CVE-2022-1419
CVE-2022-1353 CVE-2022-1280 CVE-2022-1158
CVE-2022-0812 CVE-2021-38208 CVE-2021-20321
CVE-2021-20292 CVE-2021-4154 CVE-2021-0707
CVE-2020-27835
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221669-1
Comment: CVSS (Max): 8.8 CVE-2021-4154 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1669-1
Rating: important
References: #1028340 #1071995 #1137728 #1152472 #1152489 #1177028
#1179878 #1182073 #1183723 #1187055 #1191647 #1193556
#1193842 #1194625 #1195651 #1195926 #1196018 #1196114
#1196367 #1196514 #1196639 #1196942 #1197157 #1197391
#1197656 #1197660 #1197677 #1197914 #1197926 #1198077
#1198217 #1198330 #1198400 #1198413 #1198437 #1198448
#1198484 #1198515 #1198516 #1198534 #1198742 #1198825
#1198989 #1199012 #1199024
Cross-References: CVE-2020-27835 CVE-2021-0707 CVE-2021-20292 CVE-2021-20321
CVE-2021-38208 CVE-2021-4154 CVE-2022-0812 CVE-2022-1158
CVE-2022-1280 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516
CVE-2022-28356 CVE-2022-28748 CVE-2022-28893 CVE-2022-29156
Affected Products:
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Realtime 15-SP3
SUSE Linux Enterprise Real Time 15-SP3
SUSE Linux Enterprise Realtime Extension 15-SP3
______________________________________________________________________________
An update that solves 16 vulnerabilities, contains 6 features and has 29 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
o CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#
1198515).
o CVE-2022-28893: Ensuring that sockets are in the intended state inside the
SUNRPC subsystem (bnc#1198330).
o CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices
(bsc#1196018).
o CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#
1197391).
o CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
o CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create
(bsc#1198742).
o CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register
function in net/key/af_key.c (bnc#1198516).
o CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in
drivers/gpu/drm/drm_lease.c (bnc#1197914).
o CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user
address (bsc#1197660).
o CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639).
o CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in
kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could
cause a privilege escalation by exploiting the fsconfig syscall parameter
leading to a container breakout and a denial of service on the system (bnc#
1193842).
o CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and
BUG) by making a getsockname call after a certain type of failure of a bind
call (bnc#1187055).
o CVE-2021-20321: Fixed a race condition accessing file object in the
OverlayFS subsystem in the way users do rename in specific way with
OverlayFS. A local user could have used this flaw to crash the system (bnc#
1191647).
o CVE-2021-20292: Fixed object validation prior to performing operations on
the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#
1183723).
o CVE-2021-0707: Fixed possible memory corruption due to a use after free
inside dma_buf_releas e of dma-buf.c (bnc#1198437).
o CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way
user calls Ioctl after open dev file and fork. A local user could use this
flaw to crash the system (bnc#1179878).
The following non-security bugs were fixed:
o ACPI: processor idle: Check for architectural support for LPI (git-fixes).
o ACPI/APEI: Limit printable size of BERT table data (git-fixes).
o ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes).
o adm8211: fix error return code in adm8211_probe() (git-fixes).
o ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes).
o ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes).
o ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes).
o ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes).
o ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
(git-fixes).
o ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
(git-fixes).
o ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb
(git-fixes).
o ALSA: usb-audio: Increase max buffer size (git-fixes).
o ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes).
o arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1
(git-fixes)
o arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes)
o arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes)
o arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes)
o arm64: dts: ls1028a: fix memory node (git-fixes)
o arm64: dts: ls1028a: fix node name for the sysclk (git-fixes)
o arm64: dts: lx2160a: fix scl-gpios property name (git-fixes)
o arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes)
o arm64: dts: marvell: armada-37xx: Fix reg for standard variant of
(git-fixes)
o arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0
(git-fixes)
o arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes)
o arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes)
o arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes)
o arm64: head: avoid over-mapping in map_memory (git-fixes)
o arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#
1199024).
o arm64/sve: Use correct size when reinitialising SVE state (git-fixes)
o ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
(git-fixes).
o ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use
(git-fixes).
o ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes).
o ASoC: msm8916-wcd-digital: Check failure for
devm_snd_soc_register_component (git-fixes).
o ASoC: soc-compress: Change the check for codec_dai (git-fixes).
o ASoC: soc-compress: prevent the potentially use of null pointer
(git-fixes).
o ASoC: soc-core: skip zero num_dai component in searching dai name
(git-fixes).
o ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes).
o ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
(git-fixes).
o ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes).
o ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
(git-fixes).
o ath5k: fix building with LEDS=m (git-fixes).
o ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
o ath9k_htc: fix uninit value bugs (git-fixes).
o ath9k: Fix usage of driver-private space in tx_info (git-fixes).
o ath9k: Properly clear TX status area before reporting to mac80211
(git-fixes).
o backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#
1152489)
o bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172).
o bfq: Avoid merging queues with different parents (bsc#1197926).
o bfq: Drop pointless unlock-lock pair (bsc#1197926).
o bfq: Get rid of __bio_blkcg() usage (bsc#1197926).
o bfq: Make sure bfqg for which we are queueing requests is online (bsc#
1197926).
o bfq: Remove pointless bfq_init_rq() calls (bsc#1197926).
o bfq: Split shared queues on move between cgroups (bsc#1197926).
o bfq: Track whether bfq_group is still online (bsc#1197926).
o bfq: Update cgroup information before merging bio (bsc#1197926).
o block: Drop leftover references to RQF_SORTED (bsc#1182073).
o Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes).
o Bluetooth: Fix use after free in hci_send_acl (git-fixes).
o Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes).
o bnx2x: fix napi API usage sequence (bsc#1198217).
o bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT
(git-fixes bsc#1177028).
o brcmfmac: firmware: Allocate space for default boardrev in nvram
(git-fixes).
o brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes).
o brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
(git-fixes).
o brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
(git-fixes).
o carl9170: fix missing bit-wise or operator for tx_params (git-fixes).
o cfg80211: hold bss_lock while updating nontrans_list (git-fixes).
o cifs: do not skip link targets when an I/O fails (bsc#1194625).
o cifs: fix bad fids sent over wire (bsc#1197157).
o clk: Enforce that disjoints limits are invalid (git-fixes).
o clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes).
o direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656).
o direct-io: defer alignment check until after the EOF check (bsc#1197656).
o direct-io: do not force writeback for reads beyond EOF (bsc#1197656).
o dma-debug: fix return value of __setup handlers (git-fixes).
o dma: at_xdmac: fix a missing check on list iterator (git-fixes).
o dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes).
o dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes).
o dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes).
o dmaengine: mediatek:Fix PM usage reference leak of
mtk_uart_apdma_alloc_chan_resources (git-fixes).
o dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
(git-fixes).
o Documentation: add link to stable release candidate tree (git-fixes).
o drm: add a locked version of drm_is_current_master (bsc#1197914).
o drm: Add orientation quirk for GPD Win Max (git-fixes).
o drm: drm_file struct kABI compatibility workaround (bsc#1197914).
o drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
o drm: serialize drm_file.master with a new spinlock (bsc#1197914).
o drm: use the lookup lock in drm_is_current_master (bsc#1197914).
o drm/amd: Add USBC connector ID (git-fixes).
o drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes).
o drm/amd/display: do not ignore alpha property on pre-multiplied mode
(git-fixes).
o drm/amd/display: Fix a NULL pointer dereference in
amdgpu_dm_connector_add_common_modes() (git-fixes).
o drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes).
o drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472)
o drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489)
o drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes).
o drm/amdgpu: Fix recursive locking warning (git-fixes).
o drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes).
o drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes).
o drm/amdkfd: make CRAT table missing message informational only (git-fixes).
o drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe
(git-fixes).
o drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt
(git-fixes).
o drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
(git-fixes).
o drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472)
o drm/edid: check basic audio support on CEA extension block (git-fixes).
o drm/edid: Do not clear formats if using deep color (git-fixes).
o drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472)
o drm/i915: Call i915_globals_exit() if pci_register_device() fails
(git-fixes).
o drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489)
o drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489)
o drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489)
o drm/i915/gem: Flush coherency domains on first set-domain-ioctl
(git-fixes).
o drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes).
o drm/mediatek: Add AAL output size configuration (git-fixes).
o drm/mediatek: Fix aal size config (git-fixes).
o drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init()
(git-fixes).
o drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
(git-fixes).
o drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
(git-fixes).
o drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472)
o drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes).
o drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534)
o drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage
(git-fixes).
o drm/vmwgfx: Remove unused compile options (bsc#1152472)
o e1000e: Fix possible overflow in LTR decoding (git-fixes).
o fibmap: Reject negative block numbers (bsc#1198448).
o fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448).
o firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes).
o gpiolib: acpi: use correct format characters (git-fixes).
o gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes).
o HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes).
o hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes).
o i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes).
o IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208).
o Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes).
o ipmi: bail out if init_srcu_struct fails (git-fixes).
o ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
(git-fixes).
o ipmi: Move remove_work to dedicated workqueue (git-fixes).
o iwlwifi: Fix -EIO error code that is never returned (git-fixes).
o iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes).
o KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes).
o livepatch: Do not block removal of patches that are safe to unload (bsc#
1071995).
o lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes).
o media: cx88-mpeg: clear interrupt status register before streaming video
(git-fixes).
o media: hdpvr: initialize dev->worker at hdpvr_register_videodev
(git-fixes).
o memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes).
o mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes).
o mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes).
o mmc: host: Return an error when ->enable_sdio_irq() ops is missing
(git-fixes).
o mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes).
o mmc: mmci: stm32: correctly check all elements of sg list (git-fixes).
o mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is
complete (git-fixes).
o mtd: onenand: Check for error irq (git-fixes).
o mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
(git-fixes).
o mtd: rawnand: gpmi: fix controller timings setting (git-fixes).
o mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes).
o net: asix: add proper error handling of usb read errors (git-fixes).
o net: mana: Add counter for packet dropped by XDP (bsc#1195651).
o net: mana: Add counter for XDP_TX (bsc#1195651).
o net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
o net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
(bsc#1195651).
o net: mana: Reuse XDP dropped page (bsc#1195651).
o net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#
1195651).
o net: mcs7830: handle usb read errors properly (git-fixes).
o net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes).
o nfc: nci: add flush_workqueue to prevent uaf (git-fixes).
o NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
o PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge
(git-fixes).
o PCI: aardvark: Fix support for MSI interrupts (git-fixes).
o PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes).
o PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes).
o PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).
o PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes).
o power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
(git-fixes).
o power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes).
o power: supply: axp20x_battery: properly report current when discharging
(git-fixes).
o power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes).
o power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false
return (git-fixes).
o power: supply: wm8350-power: Add missing free in free_charger_irq
(git-fixes).
o power: supply: wm8350-power: Handle error for wm8350_register_irq
(git-fixes).
o powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended
regs (bsc#1198077 ltc#197299).
o powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes).
o powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106,
git-fixes).
o powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#
1198077 ltc#197299).
o ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#
1198413).
o random: check for signal_pending() outside of need_resched() check
(git-fixes).
o ray_cs: Check ioremap return value (git-fixes).
o RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449).
o RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175).
o RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175).
o RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#
SLE-15175).
o regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes).
o rpm: Run external scriptlets on uninstall only when available (bsc#1196514
bsc#1196114 bsc#1196942).
o rpm: Use bash for %() expansion (jsc#SLE-18234).
o rpm/*.spec.in: remove backtick usage
o rpm/constraints.in: skip SLOW_DISK workers for kernel-source
o rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#
1198484)
o rtc: check if __rtc_read_time was successful (git-fixes).
o rtc: wm8350: Handle error for wm8350_register_irq (git-fixes).
o s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#
197378).
o scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
(git-fixes).
o scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove()
(git-fixes).
o scsi: mpt3sas: Page fault in reply q processing (git-fixes).
o scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#
1198825).
o spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and
controller (git-fixes).
o spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()
(git-fixes).
o spi: Fix erroneous sgs value with min_t() (git-fixes).
o spi: Fix invalid sgs value (git-fixes).
o spi: mxic: Fix the transmit path (git-fixes).
o spi: tegra20: Use of_device_get_match_data() (git-fixes).
o staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes).
o SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
o SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
(git-fixes).
o SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
o SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes).
o SUNRPC: Handle low memory situations in call_status() (git-fixes).
o USB: dwc3: core: Fix tx/rx threshold settings (git-fixes).
o USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
o USB: dwc3: gadget: Return proper request status (git-fixes).
o USB: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
(git-fixes).
o USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes).
o USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#
1152489)
o USB: serial: pl2303: add IBM device IDs (git-fixes).
o USB: serial: simple: add Nokia phone driver (git-fixes).
o USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes).
o USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
(git-fixes).
o vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#
1152489)
o video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes).
o video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes).
o video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
(git-fixes).
o video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes).
o video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes).
o video: fbdev: udlfb: properly check endpoint type (bsc#1152489)
o video: fbdev: w100fb: Reset global state (git-fixes).
o virtio_console: break out of buf poll on remove (git-fixes).
o virtio_console: eliminate anonymous module_init & module_exit (git-fixes).
o w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes).
o x86/pm: Save the MSR validity status at context setup (bsc#1198400).
o x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO
(git-fixes).
o x86/speculation: Restore speculation related MSRs during S3 resume (bsc#
1198400).
o xen: fix is_xen_pmu() (git-fixes).
o xen/blkfront: fix comment for need_copy (git-fixes).
o xen/x86: obtain full video frame buffer address for Dom0 also under EFI
(bsc#1193556).
o xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#
1193556).
o xhci: fix runtime PM imbalance in USB2 resume (git-fixes).
o xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
(git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Realtime Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2022-1669=1
o SUSE Linux Enterprise Module for Realtime 15-SP3:
zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-1669=1
o SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1669=1
o SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1669=1
Package List:
o SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch):
release-notes-sle_rt-15.3.20220422-150300.3.3.2
o SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64):
cluster-md-kmp-rt-5.3.18-150300.88.2
cluster-md-kmp-rt-debuginfo-5.3.18-150300.88.2
dlm-kmp-rt-5.3.18-150300.88.2
dlm-kmp-rt-debuginfo-5.3.18-150300.88.2
gfs2-kmp-rt-5.3.18-150300.88.2
gfs2-kmp-rt-debuginfo-5.3.18-150300.88.2
kernel-rt-5.3.18-150300.88.2
kernel-rt-debuginfo-5.3.18-150300.88.2
kernel-rt-debugsource-5.3.18-150300.88.2
kernel-rt-devel-5.3.18-150300.88.2
kernel-rt-devel-debuginfo-5.3.18-150300.88.2
kernel-rt_debug-debuginfo-5.3.18-150300.88.2
kernel-rt_debug-debugsource-5.3.18-150300.88.2
kernel-rt_debug-devel-5.3.18-150300.88.2
kernel-rt_debug-devel-debuginfo-5.3.18-150300.88.2
kernel-syms-rt-5.3.18-150300.88.1
ocfs2-kmp-rt-5.3.18-150300.88.2
ocfs2-kmp-rt-debuginfo-5.3.18-150300.88.2
o SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch):
kernel-devel-rt-5.3.18-150300.88.2
kernel-source-rt-5.3.18-150300.88.2
release-notes-sle_rt-15.3.20220422-150300.3.3.2
o SUSE Linux Enterprise Micro 5.2 (x86_64):
kernel-rt-5.3.18-150300.88.2
kernel-rt-debuginfo-5.3.18-150300.88.2
kernel-rt-debugsource-5.3.18-150300.88.2
o SUSE Linux Enterprise Micro 5.1 (x86_64):
kernel-rt-5.3.18-150300.88.2
kernel-rt-debuginfo-5.3.18-150300.88.2
kernel-rt-debugsource-5.3.18-150300.88.2
References:
o https://www.suse.com/security/cve/CVE-2020-27835.html
o https://www.suse.com/security/cve/CVE-2021-0707.html
o https://www.suse.com/security/cve/CVE-2021-20292.html
o https://www.suse.com/security/cve/CVE-2021-20321.html
o https://www.suse.com/security/cve/CVE-2021-38208.html
o https://www.suse.com/security/cve/CVE-2021-4154.html
o https://www.suse.com/security/cve/CVE-2022-0812.html
o https://www.suse.com/security/cve/CVE-2022-1158.html
o https://www.suse.com/security/cve/CVE-2022-1280.html
o https://www.suse.com/security/cve/CVE-2022-1353.html
o https://www.suse.com/security/cve/CVE-2022-1419.html
o https://www.suse.com/security/cve/CVE-2022-1516.html
o https://www.suse.com/security/cve/CVE-2022-28356.html
o https://www.suse.com/security/cve/CVE-2022-28748.html
o https://www.suse.com/security/cve/CVE-2022-28893.html
o https://www.suse.com/security/cve/CVE-2022-29156.html
o https://bugzilla.suse.com/1028340
o https://bugzilla.suse.com/1071995
o https://bugzilla.suse.com/1137728
o https://bugzilla.suse.com/1152472
o https://bugzilla.suse.com/1152489
o https://bugzilla.suse.com/1177028
o https://bugzilla.suse.com/1179878
o https://bugzilla.suse.com/1182073
o https://bugzilla.suse.com/1183723
o https://bugzilla.suse.com/1187055
o https://bugzilla.suse.com/1191647
o https://bugzilla.suse.com/1193556
o https://bugzilla.suse.com/1193842
o https://bugzilla.suse.com/1194625
o https://bugzilla.suse.com/1195651
o https://bugzilla.suse.com/1195926
o https://bugzilla.suse.com/1196018
o https://bugzilla.suse.com/1196114
o https://bugzilla.suse.com/1196367
o https://bugzilla.suse.com/1196514
o https://bugzilla.suse.com/1196639
o https://bugzilla.suse.com/1196942
o https://bugzilla.suse.com/1197157
o https://bugzilla.suse.com/1197391
o https://bugzilla.suse.com/1197656
o https://bugzilla.suse.com/1197660
o https://bugzilla.suse.com/1197677
o https://bugzilla.suse.com/1197914
o https://bugzilla.suse.com/1197926
o https://bugzilla.suse.com/1198077
o https://bugzilla.suse.com/1198217
o https://bugzilla.suse.com/1198330
o https://bugzilla.suse.com/1198400
o https://bugzilla.suse.com/1198413
o https://bugzilla.suse.com/1198437
o https://bugzilla.suse.com/1198448
o https://bugzilla.suse.com/1198484
o https://bugzilla.suse.com/1198515
o https://bugzilla.suse.com/1198516
o https://bugzilla.suse.com/1198534
o https://bugzilla.suse.com/1198742
o https://bugzilla.suse.com/1198825
o https://bugzilla.suse.com/1198989
o https://bugzilla.suse.com/1199012
o https://bugzilla.suse.com/1199024
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoL2E8kNZI30y1K9AQgLfw/7BYQq8IgIWhTOfOjAwJape2Yja9pJW5r/
vqxkSIiMYbyaUtO/l8Pj/+1oJdsV3P05G5CjxlzEYEva2wNNlcREAG1yj1nAqiDf
Hlx2mCYWnQo5ns/FnY5xRMNnAAEuFImDno060kRlKgz5AJdPpPpxUQOlGACPMHJ9
gW08Mzli3ElRTkffZpcLZW5uIXqfnyeqhr0+PaJW0WH3xFQH7ElIJZXnDuuHXoE6
HXBC4ly5NkiTvzYuBOXHtDqxpjmY3rGld6aipHC/SK2WOFP33dC8GQlOlQxfbrK1
wDbAzaS7BN66IV2Brv+uugAHMFl8G5jfqtSoe9KvKDL+3ZHrGgpe1xLqgV1f/p9i
33S3mNbBCj2Nn+w58ddc5Wa8nMZMT3iXFDQHQ61iwk1quwUfp4PUh4jIptAjVgxW
BMqm+SYnPfhDIFxLuIDf+tHqty9I6J8rsp4atn89QMYZOD/bj5/x5/OyAbyXyag5
Y15To/jIq+eDqfeCMiuYoIwA1maXdIEyaaNHME1wfJhuzNeE48Ma84iVMnShjxTb
n6XUiKVirFUaPMTgOosLdBIGr+qxMc9ERFoNjMUdWajYRqvqj//d8B2VCUrzxWF8
AeFNuUXyJwP2YDy+KQVwqkoseeCu+RpbTrysLs2Tqp66jieaaA6InFnIDYgGS6Ox
ckppvW2saZk=
=Mx2P
-----END PGP SIGNATURE-----
ESB-2022.2391 - [SUSE] Linux Kernel: CVSS (Max): 7.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2391
Security update for the Linux Kernel
17 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-28748 CVE-2022-28356 CVE-2022-1516
CVE-2022-1419 CVE-2022-1353 CVE-2022-1280
CVE-2022-1011 CVE-2021-43389 CVE-2021-38208
CVE-2021-20321 CVE-2021-20292 CVE-2019-20811
CVE-2018-7755
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221668-1
Comment: CVSS (Max): 7.0 CVE-2022-1280 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1668-1
Rating: important
References: #1028340 #1071995 #1084513 #1114648 #1121726 #1129770
#1137728 #1172456 #1183723 #1187055 #1191647 #1191958
#1194625 #1195651 #1196018 #1196247 #1197075 #1197343
#1197391 #1197663 #1197888 #1197914 #1198217 #1198413
#1198516 #1198687 #1198742 #1198825 #1198989 #1199012
Cross-References: CVE-2018-7755 CVE-2019-20811 CVE-2021-20292 CVE-2021-20321
CVE-2021-38208 CVE-2021-43389 CVE-2022-1011 CVE-2022-1280
CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-28356
CVE-2022-28748
Affected Products:
SUSE Linux Enterprise Real Time Extension 12-SP5
______________________________________________________________________________
An update that solves 13 vulnerabilities and has 17 fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
o CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices
(bsc#1196018).
o CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#
1197391).
o CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
o CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create
(bsc#1198742).
o CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register
function in net/key/af_key.c (bnc#1198516).
o CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in
drivers/gpu/drm/drm_lease.c (bnc#1197914).
o CVE-2022-1011: Fixed a use-after-free flaw inside the FUSE filesystem in
the way a user triggers write(). This flaw allowed a local user to gain
unauthorized access to data from the FUSE filesystem, resulting in
privilege escalation (bnc#1197343).
o CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the
detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
o CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and
BUG) by making a getsockname call after a certain type of failure of a bind
call (bnc#1187055).
o CVE-2021-20321: Fixed a race condition accessing file object in the
OverlayFS subsystem in the way users do rename in specific way with
OverlayFS. A local user could have used this flaw to crash the system (bnc#
1191647).
o CVE-2021-20292: Fixed object validation prior to performing operations on
the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#
1183723).
o CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and
netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count
is mishandled (bnc#1172456).
o CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in drivers/
block/floppy.c. The floppy driver will copy a kernel pointer to user memory
in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl
and use the obtained kernel pointer to discover the location of kernel code
and data and bypass kernel security protections such as KASLR (bnc#
1084513).
The following non-security bugs were fixed:
o IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() (git-fixes)
o NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
o NFSv4: Do not try to CLOSE if the stateid 'other' field has changed (bsc#
1196247).
o NFSv4: Fix a regression in nfs_set_open_stateid_locked() (bsc#1196247).
o NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1196247).
o NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1196247).
o NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
o NFSv4: recover from pre-mature loss of openstateid (bsc#1196247).
o PCI/switchtec: Read all 64 bits of part_event_bitmap (git-fixes).
o PCI: Add device even if driver attach failed (git-fixes).
o PCI: Do not enable AtomicOps on VFs (bsc#1129770)
o PCI: Fix overflow in command-line resource alignment requests (git-fixes).
o PCI: iproc: Fix out-of-bound array accesses (git-fixes).
o PCI: iproc: Set affinity mask on MSI interrupts (git-fixes).
o PCI: qcom: Change duplicate PCI reset to phy reset (git-fixes).
o PCI: qcom: Make sure PCIe is reset before init for rev 2.1.0 (git-fixes).
o RDMA/rxe: Missing unlock on error in get_srq_wqe() (git-fixes)
o RDMA/rxe: Restore setting tot_len in the IPv4 header (git-fixes)
o RDMA/rxe: Use the correct size of wqe when processing SRQ (git-fixes)
o SUNRPC: Handle low memory situations in call_status() (git-fixes).
o USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
(git-fixes).
o USB: core: Fix bug in resuming hub's handling of wakeup requests
(git-fixes).
o USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
o USB: serial: pl2303: add IBM device IDs (git-fixes).
o USB: serial: simple: add Nokia phone driver (git-fixes).
o USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
(git-fixes).
o arm64/iommu: handle non-remapped addresses in ->mmap and (git-fixes)
o arm64/mm: Inhibit huge-vmap with ptdump (git-fixes).
o arm64: Clear OSDLR_EL1 on CPU boot (git-fixes)
o arm64: Fix HCR.TGE status for NMI contexts (git-fixes)
o arm64: Fix size of __early_cpu_boot_status (git-fixes)
o arm64: Relax GIC version check during early boot (git-fixes)
o arm64: Save and restore OSDLR_EL1 across suspend/resume (git-fixes)
o arm64: cmpxchg: Use "K" instead of "L" for ll/sc immediate constraint
(git-fixes)
o arm64: compat: Allow single-byte watchpoints on all addresses (git-fixes)
o arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ (git-fixes)
o arm64: compat: Reduce address limit (git-fixes)
o arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} (git-fixes)
o arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug
(git-fixes)
o arm64: debug: Ensure debug handlers check triggering exception level
(git-fixes)
o arm64: drop linker script hack to hide __efistub_ symbols (git-fixes)
o arm64: dts: marvell: Fix A37xx UART0 register size (git-fixes)
o arm64: entry: SP Alignment Fault doesn't write to FAR_EL1 (git-fixes)
o arm64: fix for bad_mode() handler to always result in panic (git-fixes)
o arm64: futex: Avoid copying out uninitialised stack in failed (git-fixes)
o arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP (git-fixes)
o arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
(git-fixes)
o arm64: hibernate: Clean the __hyp_text to PoC after resume (git-fixes)
o arm64: hyp-stub: Forbid kprobing of the hyp-stub (git-fixes)
o arm64: kaslr: ensure randomized quantities are clean also when kaslr
(git-fixes)
o arm64: kaslr: ensure randomized quantities are clean to the PoC (git-fixes)
o arm64: kprobe: Always blacklist the KVM world-switch code (git-fixes)
o arm64: kprobes: Recover pstate.D in single-step exception handler
(git-fixes)
o arm64: only advance singlestep for user instruction traps (git-fixes)
o arm64: relocatable: fix inconsistencies in linker script and options
(git-fixes)
o arm: 9110/1: oabi-compat: fix oabi epoll sparse warning (bsc#1129770)
o ath10k: fix max antenna gain unit (git-fixes).
o ath6kl: fix control-message timeout (git-fixes).
o ath6kl: fix division by zero in send path (git-fixes).
o ath9k: Fix potential interrupt storm on queue reset (git-fixes).
o b43: fix a lower bounds test (git-fixes).
o b43legacy: fix a lower bounds test (git-fixes).
o backlight: pwm_bl: Improve bootloader/kernel device handover (bsc#1129770)
o bnx2x: fix napi API usage sequence (bsc#1198217).
o bonding: pair enable_port with slave_arr_updates (git-fixes).
o can: gs_usb: fix use of uninitialized variable, detach device on reception
of invalid USB data (git-fixes).
o char/mwave: Adjust io port register size (git-fixes).
o cifs: do not skip link targets when an I/O fails (bsc#1194625).
o crypto: arm64/aes-ce-cipher - move assembler code to .S file (git-fixes)
o crypto: arm64/aes-neonbs - don't access already-freed walk.iv (git-fixes)
o drivers: net: xgene: Fix regression in CRC stripping
o drm/fb-helper: Mark screen buffers in system memory with (bsc#1129770)
o fbmem: do not allow too huge resolutions (bsc#1129770)
o fix parallelism for rpc tasks (bsc#1197663).
o fs/nfs: Use fatal_signal_pending instead of signal_pending (git-fixes).
o fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes).
o hwrng: atmel - disable trng on failure path (git-fixes).
o hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes).
o i40e: Fix incorrect netdev's real number of RX/TX queues (git-fixes).
o i40e: add correct exception tracing for XDP (git-fixes).
o i40e: optimize for XDP_REDIRECT in xsk path (git-fixes).
o ieee802154: atusb: fix uninit value in atusb_set_extended_addr (git-fixes).
o io-64-nonatomic: add io{read|write}64{_lo_hi|_hi_lo} macros (git-fixes).
o libertas: Fix possible memory leak in probe and disconnect (git-fixes).
o libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes).
o livepatch: Do not block removal of patches that are safe to unload (bsc#
1071995).
o lpfc: Revert driver update to 14.2.0.1 (bsc#1198989)
o mac80211: mesh: fix potentially unaligned access (git-fixes).
o media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes).
o media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes).
o media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).
o media: em28xx: fix memory leak in em28xx_init_dev (git-fixes).
o media: lmedm04: Fix misuse of comma (git-fixes).
o media: rc-loopback: return number of emitters rather than error
(git-fixes).
o media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes).
o media: uvc: do not do DMA on stack (git-fixes).
o media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
o media: videobuf2-core: dequeue if start_streaming fails (git-fixes).
o mt7601u: fix rx buffer refcounting (git-fixes).
o mwifiex: Read a PCI register after writing the TX ring write pointer
(git-fixes).
o mwifiex: Send DELBA requests according to spec (git-fixes).
o mxser: fix xmit_buf leak in activate when LSR == 0xff (git-fixes).
o net/mlx5e: Reduce tc unsupported key print level (git-fixes).
o net: bcmgenet: Don't claim WOL when its not available
o net: davinci_emac: Fix incorrect masking of tx and rx error channel
(git-fixes).
o net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops
(git-fixes).
o net: mana: Add counter for XDP_TX (bsc#1195651).
o net: mana: Add counter for packet dropped by XDP (bsc#1195651).
o net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
o net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
(bsc#1195651).
o net: mana: Reuse XDP dropped page (bsc#1195651).
o net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#
1195651).
o net: qlogic: check the return value of dma_alloc_coherent()
o net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes).
o net: stmicro: handle clk_prepare() failure during init (git-fixes).
o net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
(git-fixes).
o parisc/sticon: fix reverse colors (bsc#1129770)
o powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106,
git-fixes).
o ppp: ensure minimum packet size in ppp_write() (git-fixes).
o ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#
1198413).
o qed: display VF trust config (git-fixes).
o qed: return status of qed_iov_get_link (git-fixes).
o qed: validate and restrict untrusted VFs vlan promisc mode
o random: check for signal_pending() outside of need_resched() check
(git-fixes).
o random: fix data race on crng_node_pool (git-fixes).
o rtl8187: fix control-message timeouts (git-fixes).
o scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
(git-fixes).
o scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#
1198825).
o tcp: Fix potential use-after-free due to double kfree() (bsc#1197075).
o tcp: fix race condition when creating child sockets from syncookies (bsc#
1197075).
o usb: hub: Fix usb enumeration issue due to address0 race (git-fixes).
o usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes).
o usb: ulpi: Call of_node_put correctly (git-fixes).
o usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).
o veth: Ensure eth header is in skb's linear part (git-fixes).
o video: backlight: Drop maximum brightness override for brightness (bsc#
1129770)
o video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (bsc#1129770)
o video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (bsc#
1129770)
o video: fbdev: chipsfb: use memset_io() instead of memset() (bsc#1129770)
o video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (bsc#1129770)
o video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (bsc#
1129770)
o video: fbdev: sm712fb: Fix crash in smtcfb_read() (bsc#1129770)
o video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (bsc#1129770)
o video: fbdev: udlfb: properly check endpoint type (bsc#1129770)
o video: hyperv_fb: Fix validation of screen resolution (bsc#1129770)
o wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
o wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
o x86/pm: Save the MSR validity status at context setup (bsc#1114648).
o x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO
(git-fixes).
o x86/speculation: Restore speculation related MSRs during S3 resume (bsc#
1114648).
o xen/blkfront: fix comment for need_copy (git-fixes).
o xen: detect uninitialized xenbus in xenbus_init (git-fixes).
o xen: do not continue xenstore initialization in case of errors (git-fixes).
o xen: fix is_xen_pmu() (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Real Time Extension 12-SP5:
zypper in -t patch SUSE-SLE-RT-12-SP5-2022-1668=1
Package List:
o SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch):
kernel-devel-rt-4.12.14-10.89.1
kernel-source-rt-4.12.14-10.89.1
o SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64):
cluster-md-kmp-rt-4.12.14-10.89.1
cluster-md-kmp-rt-debuginfo-4.12.14-10.89.1
dlm-kmp-rt-4.12.14-10.89.1
dlm-kmp-rt-debuginfo-4.12.14-10.89.1
gfs2-kmp-rt-4.12.14-10.89.1
gfs2-kmp-rt-debuginfo-4.12.14-10.89.1
kernel-rt-4.12.14-10.89.1
kernel-rt-base-4.12.14-10.89.1
kernel-rt-base-debuginfo-4.12.14-10.89.1
kernel-rt-debuginfo-4.12.14-10.89.1
kernel-rt-debugsource-4.12.14-10.89.1
kernel-rt-devel-4.12.14-10.89.1
kernel-rt-devel-debuginfo-4.12.14-10.89.1
kernel-rt_debug-4.12.14-10.89.1
kernel-rt_debug-debuginfo-4.12.14-10.89.1
kernel-rt_debug-debugsource-4.12.14-10.89.1
kernel-rt_debug-devel-4.12.14-10.89.1
kernel-rt_debug-devel-debuginfo-4.12.14-10.89.1
kernel-syms-rt-4.12.14-10.89.1
ocfs2-kmp-rt-4.12.14-10.89.1
ocfs2-kmp-rt-debuginfo-4.12.14-10.89.1
References:
o https://www.suse.com/security/cve/CVE-2018-7755.html
o https://www.suse.com/security/cve/CVE-2019-20811.html
o https://www.suse.com/security/cve/CVE-2021-20292.html
o https://www.suse.com/security/cve/CVE-2021-20321.html
o https://www.suse.com/security/cve/CVE-2021-38208.html
o https://www.suse.com/security/cve/CVE-2021-43389.html
o https://www.suse.com/security/cve/CVE-2022-1011.html
o https://www.suse.com/security/cve/CVE-2022-1280.html
o https://www.suse.com/security/cve/CVE-2022-1353.html
o https://www.suse.com/security/cve/CVE-2022-1419.html
o https://www.suse.com/security/cve/CVE-2022-1516.html
o https://www.suse.com/security/cve/CVE-2022-28356.html
o https://www.suse.com/security/cve/CVE-2022-28748.html
o https://bugzilla.suse.com/1028340
o https://bugzilla.suse.com/1071995
o https://bugzilla.suse.com/1084513
o https://bugzilla.suse.com/1114648
o https://bugzilla.suse.com/1121726
o https://bugzilla.suse.com/1129770
o https://bugzilla.suse.com/1137728
o https://bugzilla.suse.com/1172456
o https://bugzilla.suse.com/1183723
o https://bugzilla.suse.com/1187055
o https://bugzilla.suse.com/1191647
o https://bugzilla.suse.com/1191958
o https://bugzilla.suse.com/1194625
o https://bugzilla.suse.com/1195651
o https://bugzilla.suse.com/1196018
o https://bugzilla.suse.com/1196247
o https://bugzilla.suse.com/1197075
o https://bugzilla.suse.com/1197343
o https://bugzilla.suse.com/1197391
o https://bugzilla.suse.com/1197663
o https://bugzilla.suse.com/1197888
o https://bugzilla.suse.com/1197914
o https://bugzilla.suse.com/1198217
o https://bugzilla.suse.com/1198413
o https://bugzilla.suse.com/1198516
o https://bugzilla.suse.com/1198687
o https://bugzilla.suse.com/1198742
o https://bugzilla.suse.com/1198825
o https://bugzilla.suse.com/1198989
o https://bugzilla.suse.com/1199012
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoL2A8kNZI30y1K9AQhu5xAApBYFNFPLLde8ZUvuoPMRh2Rz1Y/pLOTt
OKGbQE1GpPq3wlU1pKemjAllRc2iYtzf8lT1HB4rMEliDOH1Jyo9FKvdAI2GUdvL
wLqLqiFI+2x6RkYAmN0QlZPmMHXMZ+IfdX1oEeAkPITsKtjkSecv1JCnqOBZ7M1G
8jhf+fwNBJn99oqnH2y06kcvn/N7ywUx3MF2dMlBVm06nbSyplNKndS29x4e6HG9
u4xV9ZRbT0+PJwMULheaIaLLYNKitUP3UFhMGM/y5dA9Ln9mqzlx4D6FO/W4flrs
EJYUKpDLcLIm6La6Tuv3oG0JHf9cu2XJh89kzkU3bKMRbw0a0vnJOCV3e2wDBRVB
KqDYjkmDPmfLN3YFw0G3eYXwCXVx6wZlUQRT9+MxwI5F3J6Cr7QAutWU6nUDZ8m0
lAzkMpvpZwwEjBncHAIRTb/u+uIIwK68Nl7kSWW/SExYnesBKCo9Kc9DwykyNhA1
NWuPEWCDMiRJ7okEW1N8TiKOvp3inAB5nIdk6YOqrrvCC7CYfwHGJ0CXkdlDPmHB
BHalVqDveMCv4X+JvyX62VeUvo0OuKO6d56wdJugB6DATOQmEXfnaCDIqo9p8LFi
6OFgFBtBrF2Y/EyWusrHgeCmxMSJGXFe3B0T2Zb3ZrVnoThn1jK6pFrYlB+6seEu
FMGby6ABZz8=
=U5zR
-----END PGP SIGNATURE-----
ESB-2022.2390 - [SUSE] slurm: CVSS (Max): 9.9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2390
Security update for slurm
17 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: slurm
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-29501 CVE-2022-29500
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221666-1
Comment: CVSS (Max): 9.9 CVE-2022-29500 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for slurm
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1666-1
Rating: important
References: #1199278 #1199279
Cross-References: CVE-2022-29500 CVE-2022-29501
Affected Products:
SUSE Linux Enterprise Module for HPC 15-SP3
SUSE Linux Enterprise Module for HPC 15-SP4
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for slurm fixes the following issues:
o CVE-2022-29500: Fixed architectural flaw that could have been exploited to
allow an unprivileged user to execute arbitrary processes as root (bsc#
1199278).
o CVE-2022-29501: Fixed a problem that an unprivileged user could have sent
data to arbitrary unix socket as root (bsc#1199279).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1666=1
o openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1666=1
o SUSE Linux Enterprise Module for HPC 15-SP4:
zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2022-1666=1
o SUSE Linux Enterprise Module for HPC 15-SP3:
zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2022-1666=1
Package List:
o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libnss_slurm2-20.11.9-150300.4.6.1
libnss_slurm2-debuginfo-20.11.9-150300.4.6.1
libpmi0-20.11.9-150300.4.6.1
libpmi0-debuginfo-20.11.9-150300.4.6.1
libslurm36-20.11.9-150300.4.6.1
libslurm36-debuginfo-20.11.9-150300.4.6.1
perl-slurm-20.11.9-150300.4.6.1
perl-slurm-debuginfo-20.11.9-150300.4.6.1
slurm-20.11.9-150300.4.6.1
slurm-auth-none-20.11.9-150300.4.6.1
slurm-auth-none-debuginfo-20.11.9-150300.4.6.1
slurm-config-20.11.9-150300.4.6.1
slurm-config-man-20.11.9-150300.4.6.1
slurm-cray-20.11.9-150300.4.6.1
slurm-cray-debuginfo-20.11.9-150300.4.6.1
slurm-debuginfo-20.11.9-150300.4.6.1
slurm-debugsource-20.11.9-150300.4.6.1
slurm-devel-20.11.9-150300.4.6.1
slurm-doc-20.11.9-150300.4.6.1
slurm-hdf5-20.11.9-150300.4.6.1
slurm-hdf5-debuginfo-20.11.9-150300.4.6.1
slurm-lua-20.11.9-150300.4.6.1
slurm-lua-debuginfo-20.11.9-150300.4.6.1
slurm-munge-20.11.9-150300.4.6.1
slurm-munge-debuginfo-20.11.9-150300.4.6.1
slurm-node-20.11.9-150300.4.6.1
slurm-node-debuginfo-20.11.9-150300.4.6.1
slurm-openlava-20.11.9-150300.4.6.1
slurm-pam_slurm-20.11.9-150300.4.6.1
slurm-pam_slurm-debuginfo-20.11.9-150300.4.6.1
slurm-plugins-20.11.9-150300.4.6.1
slurm-plugins-debuginfo-20.11.9-150300.4.6.1
slurm-rest-20.11.9-150300.4.6.1
slurm-rest-debuginfo-20.11.9-150300.4.6.1
slurm-seff-20.11.9-150300.4.6.1
slurm-sjstat-20.11.9-150300.4.6.1
slurm-slurmdbd-20.11.9-150300.4.6.1
slurm-slurmdbd-debuginfo-20.11.9-150300.4.6.1
slurm-sql-20.11.9-150300.4.6.1
slurm-sql-debuginfo-20.11.9-150300.4.6.1
slurm-sview-20.11.9-150300.4.6.1
slurm-sview-debuginfo-20.11.9-150300.4.6.1
slurm-torque-20.11.9-150300.4.6.1
slurm-torque-debuginfo-20.11.9-150300.4.6.1
slurm-webdoc-20.11.9-150300.4.6.1
o openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libnss_slurm2-20.11.9-150300.4.6.1
libnss_slurm2-debuginfo-20.11.9-150300.4.6.1
libpmi0-20.11.9-150300.4.6.1
libpmi0-debuginfo-20.11.9-150300.4.6.1
libslurm36-20.11.9-150300.4.6.1
libslurm36-debuginfo-20.11.9-150300.4.6.1
perl-slurm-20.11.9-150300.4.6.1
perl-slurm-debuginfo-20.11.9-150300.4.6.1
slurm-20.11.9-150300.4.6.1
slurm-auth-none-20.11.9-150300.4.6.1
slurm-auth-none-debuginfo-20.11.9-150300.4.6.1
slurm-config-20.11.9-150300.4.6.1
slurm-config-man-20.11.9-150300.4.6.1
slurm-cray-20.11.9-150300.4.6.1
slurm-cray-debuginfo-20.11.9-150300.4.6.1
slurm-debuginfo-20.11.9-150300.4.6.1
slurm-debugsource-20.11.9-150300.4.6.1
slurm-devel-20.11.9-150300.4.6.1
slurm-doc-20.11.9-150300.4.6.1
slurm-hdf5-20.11.9-150300.4.6.1
slurm-hdf5-debuginfo-20.11.9-150300.4.6.1
slurm-lua-20.11.9-150300.4.6.1
slurm-lua-debuginfo-20.11.9-150300.4.6.1
slurm-munge-20.11.9-150300.4.6.1
slurm-munge-debuginfo-20.11.9-150300.4.6.1
slurm-node-20.11.9-150300.4.6.1
slurm-node-debuginfo-20.11.9-150300.4.6.1
slurm-openlava-20.11.9-150300.4.6.1
slurm-pam_slurm-20.11.9-150300.4.6.1
slurm-pam_slurm-debuginfo-20.11.9-150300.4.6.1
slurm-plugins-20.11.9-150300.4.6.1
slurm-plugins-debuginfo-20.11.9-150300.4.6.1
slurm-rest-20.11.9-150300.4.6.1
slurm-rest-debuginfo-20.11.9-150300.4.6.1
slurm-seff-20.11.9-150300.4.6.1
slurm-sjstat-20.11.9-150300.4.6.1
slurm-slurmdbd-20.11.9-150300.4.6.1
slurm-slurmdbd-debuginfo-20.11.9-150300.4.6.1
slurm-sql-20.11.9-150300.4.6.1
slurm-sql-debuginfo-20.11.9-150300.4.6.1
slurm-sview-20.11.9-150300.4.6.1
slurm-sview-debuginfo-20.11.9-150300.4.6.1
slurm-torque-20.11.9-150300.4.6.1
slurm-torque-debuginfo-20.11.9-150300.4.6.1
slurm-webdoc-20.11.9-150300.4.6.1
o SUSE Linux Enterprise Module for HPC 15-SP4 (aarch64 x86_64):
libnss_slurm2-20.11.9-150300.4.6.1
libnss_slurm2-debuginfo-20.11.9-150300.4.6.1
libpmi0-20.11.9-150300.4.6.1
libpmi0-debuginfo-20.11.9-150300.4.6.1
libslurm36-20.11.9-150300.4.6.1
libslurm36-debuginfo-20.11.9-150300.4.6.1
perl-slurm-20.11.9-150300.4.6.1
perl-slurm-debuginfo-20.11.9-150300.4.6.1
slurm-20.11.9-150300.4.6.1
slurm-auth-none-20.11.9-150300.4.6.1
slurm-auth-none-debuginfo-20.11.9-150300.4.6.1
slurm-config-20.11.9-150300.4.6.1
slurm-config-man-20.11.9-150300.4.6.1
slurm-cray-20.11.9-150300.4.6.1
slurm-cray-debuginfo-20.11.9-150300.4.6.1
slurm-debuginfo-20.11.9-150300.4.6.1
slurm-debugsource-20.11.9-150300.4.6.1
slurm-devel-20.11.9-150300.4.6.1
slurm-doc-20.11.9-150300.4.6.1
slurm-lua-20.11.9-150300.4.6.1
slurm-lua-debuginfo-20.11.9-150300.4.6.1
slurm-munge-20.11.9-150300.4.6.1
slurm-munge-debuginfo-20.11.9-150300.4.6.1
slurm-node-20.11.9-150300.4.6.1
slurm-node-debuginfo-20.11.9-150300.4.6.1
slurm-pam_slurm-20.11.9-150300.4.6.1
slurm-pam_slurm-debuginfo-20.11.9-150300.4.6.1
slurm-plugins-20.11.9-150300.4.6.1
slurm-plugins-debuginfo-20.11.9-150300.4.6.1
slurm-rest-20.11.9-150300.4.6.1
slurm-rest-debuginfo-20.11.9-150300.4.6.1
slurm-slurmdbd-20.11.9-150300.4.6.1
slurm-slurmdbd-debuginfo-20.11.9-150300.4.6.1
slurm-sql-20.11.9-150300.4.6.1
slurm-sql-debuginfo-20.11.9-150300.4.6.1
slurm-sview-20.11.9-150300.4.6.1
slurm-sview-debuginfo-20.11.9-150300.4.6.1
slurm-torque-20.11.9-150300.4.6.1
slurm-torque-debuginfo-20.11.9-150300.4.6.1
slurm-webdoc-20.11.9-150300.4.6.1
o SUSE Linux Enterprise Module for HPC 15-SP3 (aarch64 x86_64):
libnss_slurm2-20.11.9-150300.4.6.1
libnss_slurm2-debuginfo-20.11.9-150300.4.6.1
libpmi0-20.11.9-150300.4.6.1
libpmi0-debuginfo-20.11.9-150300.4.6.1
libslurm36-20.11.9-150300.4.6.1
libslurm36-debuginfo-20.11.9-150300.4.6.1
perl-slurm-20.11.9-150300.4.6.1
perl-slurm-debuginfo-20.11.9-150300.4.6.1
slurm-20.11.9-150300.4.6.1
slurm-auth-none-20.11.9-150300.4.6.1
slurm-auth-none-debuginfo-20.11.9-150300.4.6.1
slurm-config-20.11.9-150300.4.6.1
slurm-config-man-20.11.9-150300.4.6.1
slurm-debuginfo-20.11.9-150300.4.6.1
slurm-debugsource-20.11.9-150300.4.6.1
slurm-devel-20.11.9-150300.4.6.1
slurm-doc-20.11.9-150300.4.6.1
slurm-lua-20.11.9-150300.4.6.1
slurm-lua-debuginfo-20.11.9-150300.4.6.1
slurm-munge-20.11.9-150300.4.6.1
slurm-munge-debuginfo-20.11.9-150300.4.6.1
slurm-node-20.11.9-150300.4.6.1
slurm-node-debuginfo-20.11.9-150300.4.6.1
slurm-pam_slurm-20.11.9-150300.4.6.1
slurm-pam_slurm-debuginfo-20.11.9-150300.4.6.1
slurm-plugins-20.11.9-150300.4.6.1
slurm-plugins-debuginfo-20.11.9-150300.4.6.1
slurm-rest-20.11.9-150300.4.6.1
slurm-rest-debuginfo-20.11.9-150300.4.6.1
slurm-slurmdbd-20.11.9-150300.4.6.1
slurm-slurmdbd-debuginfo-20.11.9-150300.4.6.1
slurm-sql-20.11.9-150300.4.6.1
slurm-sql-debuginfo-20.11.9-150300.4.6.1
slurm-sview-20.11.9-150300.4.6.1
slurm-sview-debuginfo-20.11.9-150300.4.6.1
slurm-torque-20.11.9-150300.4.6.1
slurm-torque-debuginfo-20.11.9-150300.4.6.1
slurm-webdoc-20.11.9-150300.4.6.1
References:
o https://www.suse.com/security/cve/CVE-2022-29500.html
o https://www.suse.com/security/cve/CVE-2022-29501.html
o https://bugzilla.suse.com/1199278
o https://bugzilla.suse.com/1199279
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoL17ckNZI30y1K9AQj0lA/+NarnmekvPIsGBoBF0+wX31uH3u6I/gom
oE4r7AMxvjGHCO3lZeJSEe+7VaO/VOYLGf9jm42Y0xQNYQNbQDeWSpgZUGJZOqci
atpSE7BL7YbRLd9QUEY0EDagq/Yx8c3dhwu4GAy7qMFJwVngIf4rO+iw1Yi5en6J
65q3hEOn5Xfk99tmy5F5/qZXv45OwBvDOUl9ZMVKeKpMUxwwS1eJ/ExEIIj9EEtw
lFzdbgGtDBlmbiGJ8M3lb19dwkZmmooVb2e+pReTxBMic/isrKjd/RAL2X6hMrVE
4JAVTfhhcJp0sKFPUdJgI/H7p4EwoJE45lvn91GT/FpBOc3O6IATIKg0N02b8uLU
wZieLcD+uSirm7FQIe9Ra9tlXnG0YiS8kYqYmjibIy/caKL3/eG4Y6EQGXTtWtch
qzxHpRbBTnPXw69Fn6d9jvmTH42C6uNkL3r3fkf+MhnCifL10pboxbs4jn/oEAXv
S3Lh+9LUay8J9jiqpzXol8BO/dcfUnopz2hHo9cDZrdVU18XzPu7A5nl7SESrK/a
b2/w3tL29VanLJl3V1f6DKlL9LOy8TiwExa8k10Sj6u08Kkl4XsCkLEvw91yjD2X
h1yqd8DmLLY9q7hNtS5N9v/RJBYvwCZT6SDc27RvCN06qP+BPOReHUB+mShMQKEZ
JfcYvHvcaFE=
=bZGh
-----END PGP SIGNATURE-----
ESB-2022.2389 - [SUSE] podofo: CVSS (Max): 5.5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2389
Security update for podofo
17 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: podofo
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2019-20093
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221690-1
Comment: CVSS (Max): 5.5 CVE-2019-20093 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for podofo
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1690-1
Rating: moderate
References: #1159921
Cross-References: CVE-2019-20093
Affected Products:
SUSE Linux Enterprise Desktop 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Workstation Extension 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for podofo fixes the following issues:
o CVE-2019-20093: Fixed an invalid memory access that could cause an
application crash (bsc#1159921).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2022-1690=1
o SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1690=1
Package List:
o SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
libpodofo0_9_2-0.9.2-3.12.1
libpodofo0_9_2-debuginfo-0.9.2-3.12.1
podofo-debuginfo-0.9.2-3.12.1
podofo-debugsource-0.9.2-3.12.1
o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
s390x x86_64):
libpodofo-devel-0.9.2-3.12.1
podofo-debuginfo-0.9.2-3.12.1
podofo-debugsource-0.9.2-3.12.1
References:
o https://www.suse.com/security/cve/CVE-2019-20093.html
o https://bugzilla.suse.com/1159921
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoL118kNZI30y1K9AQiKqhAAkYDf5iY4TB/ezqzEm9qdEYMHwjouV2Ta
9YdmrYrb9+a2tfFJOkohL4te0QWP50JM1Fc09zhch6e/KaotWaRkazxpeH3PGj9U
7/wc5CRkz8iic7c4UDxyR/kwOZ37nkbI8y5eHX522GGmKM192moYnuqzMsNOPN+S
LVSZU7peP28hUChWdYCffhzgk3C7PXws4h2gJbWSwjsuLJYsoVVSENZ64uaP7wgd
1Yj7mqpkRlJtFlcr+BVKdZRQwlsXjFVWY2TcP47tzL2a/4rifGLt6rfBRq9cFAzg
wOsGMGiEPifDP+w4Yk44cWaprfKACDjqJN9pTYzI7VYTUpwO+VcOMTOb90Ix9YO2
WjuqiWgPgEhdGGCfmCByr0s8hECiT7xq02aBSX6i39O6TqGZsh1HAqdRN1ehyvvK
14WBjbSEeDshzxP1o0nUqJKNk+gwY+YT9Y8AZUyTHlIiHH6v63NaU7VZxVDHj8fK
RlqiXLoYGiNEscdPgzhjNo/ghL+SdN7uTNCFeH5ktdXrTeB95N/BCRBM9XU0Z7ki
Mtqua7Q4cC9tjmZvUa8J9w4JocJKjHZStDv23YY2Bevs04NoAJ1Q+R+cvFaOWm+H
yYUc3zWWEdlAPBZCcvRXcToKeyy/bzmYGwVB7wDKdS20IzWSbPzbwN2sGXtWAZgJ
vx1/bQtsVx4=
=geVU
-----END PGP SIGNATURE-----
ESB-2022.2388 - [SUSE] openldap2: CVSS (Max): 9.4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2388
Security update for openldap2
17 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openldap2
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-29155
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221671-1
Comment: CVSS (Max): 9.4 CVE-2022-29155 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for openldap2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1671-1
Rating: important
References: #1198383 #1199240
Cross-References: CVE-2022-29155
Affected Products:
HPE Helion Openstack 8
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP3-LTSS
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
______________________________________________________________________________
An update that solves one vulnerability and has one errata is now available.
Description:
This update for openldap2 fixes the following issues:
o CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
o Fixed issue with SASL init that crashed slapd at startup under certain
conditions (bsc#1198383).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE OpenStack Cloud Crowbar 8:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1671=1
o SUSE OpenStack Cloud 8:
zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1671=1
o SUSE Linux Enterprise Server for SAP 12-SP3:
zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1671=1
o SUSE Linux Enterprise Server 12-SP3-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1671=1
o SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1671=1
o SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1671=1
o HPE Helion Openstack 8:
zypper in -t patch HPE-Helion-OpenStack-8-2022-1671=1
Package List:
o SUSE OpenStack Cloud Crowbar 8 (noarch):
openldap2-doc-2.4.41-18.89.1
o SUSE OpenStack Cloud Crowbar 8 (x86_64):
libldap-2_4-2-2.4.41-18.89.1
libldap-2_4-2-32bit-2.4.41-18.89.1
libldap-2_4-2-debuginfo-2.4.41-18.89.1
libldap-2_4-2-debuginfo-32bit-2.4.41-18.89.1
openldap2-2.4.41-18.89.1
openldap2-back-meta-2.4.41-18.89.1
openldap2-back-meta-debuginfo-2.4.41-18.89.1
openldap2-client-2.4.41-18.89.1
openldap2-client-debuginfo-2.4.41-18.89.1
openldap2-debuginfo-2.4.41-18.89.1
openldap2-debugsource-2.4.41-18.89.1
openldap2-ppolicy-check-password-1.2-18.89.1
openldap2-ppolicy-check-password-debuginfo-1.2-18.89.1
o SUSE OpenStack Cloud 8 (noarch):
openldap2-doc-2.4.41-18.89.1
o SUSE OpenStack Cloud 8 (x86_64):
libldap-2_4-2-2.4.41-18.89.1
libldap-2_4-2-32bit-2.4.41-18.89.1
libldap-2_4-2-debuginfo-2.4.41-18.89.1
libldap-2_4-2-debuginfo-32bit-2.4.41-18.89.1
openldap2-2.4.41-18.89.1
openldap2-back-meta-2.4.41-18.89.1
openldap2-back-meta-debuginfo-2.4.41-18.89.1
openldap2-client-2.4.41-18.89.1
openldap2-client-debuginfo-2.4.41-18.89.1
openldap2-debuginfo-2.4.41-18.89.1
openldap2-debugsource-2.4.41-18.89.1
openldap2-ppolicy-check-password-1.2-18.89.1
openldap2-ppolicy-check-password-debuginfo-1.2-18.89.1
o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
libldap-2_4-2-2.4.41-18.89.1
libldap-2_4-2-debuginfo-2.4.41-18.89.1
openldap2-2.4.41-18.89.1
openldap2-back-meta-2.4.41-18.89.1
openldap2-back-meta-debuginfo-2.4.41-18.89.1
openldap2-client-2.4.41-18.89.1
openldap2-client-debuginfo-2.4.41-18.89.1
openldap2-debuginfo-2.4.41-18.89.1
openldap2-debugsource-2.4.41-18.89.1
openldap2-ppolicy-check-password-1.2-18.89.1
openldap2-ppolicy-check-password-debuginfo-1.2-18.89.1
o SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64):
libldap-2_4-2-32bit-2.4.41-18.89.1
libldap-2_4-2-debuginfo-32bit-2.4.41-18.89.1
o SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):
openldap2-doc-2.4.41-18.89.1
o SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
libldap-2_4-2-2.4.41-18.89.1
libldap-2_4-2-debuginfo-2.4.41-18.89.1
openldap2-2.4.41-18.89.1
openldap2-back-meta-2.4.41-18.89.1
openldap2-back-meta-debuginfo-2.4.41-18.89.1
openldap2-client-2.4.41-18.89.1
openldap2-client-debuginfo-2.4.41-18.89.1
openldap2-debuginfo-2.4.41-18.89.1
openldap2-debugsource-2.4.41-18.89.1
openldap2-ppolicy-check-password-1.2-18.89.1
openldap2-ppolicy-check-password-debuginfo-1.2-18.89.1
o SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64):
libldap-2_4-2-32bit-2.4.41-18.89.1
libldap-2_4-2-debuginfo-32bit-2.4.41-18.89.1
o SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):
openldap2-doc-2.4.41-18.89.1
o SUSE Linux Enterprise Server 12-SP3-BCL (noarch):
openldap2-doc-2.4.41-18.89.1
o SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
libldap-2_4-2-2.4.41-18.89.1
libldap-2_4-2-32bit-2.4.41-18.89.1
libldap-2_4-2-debuginfo-2.4.41-18.89.1
libldap-2_4-2-debuginfo-32bit-2.4.41-18.89.1
openldap2-2.4.41-18.89.1
openldap2-back-meta-2.4.41-18.89.1
openldap2-back-meta-debuginfo-2.4.41-18.89.1
openldap2-client-2.4.41-18.89.1
openldap2-client-debuginfo-2.4.41-18.89.1
openldap2-debuginfo-2.4.41-18.89.1
openldap2-debugsource-2.4.41-18.89.1
openldap2-ppolicy-check-password-1.2-18.89.1
openldap2-ppolicy-check-password-debuginfo-1.2-18.89.1
o SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
libldap-2_4-2-2.4.41-18.89.1
libldap-2_4-2-32bit-2.4.41-18.89.1
libldap-2_4-2-debuginfo-2.4.41-18.89.1
libldap-2_4-2-debuginfo-32bit-2.4.41-18.89.1
openldap2-2.4.41-18.89.1
openldap2-back-meta-2.4.41-18.89.1
openldap2-back-meta-debuginfo-2.4.41-18.89.1
openldap2-client-2.4.41-18.89.1
openldap2-client-debuginfo-2.4.41-18.89.1
openldap2-debuginfo-2.4.41-18.89.1
openldap2-debugsource-2.4.41-18.89.1
o SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
openldap2-doc-2.4.41-18.89.1
o HPE Helion Openstack 8 (x86_64):
libldap-2_4-2-2.4.41-18.89.1
libldap-2_4-2-32bit-2.4.41-18.89.1
libldap-2_4-2-debuginfo-2.4.41-18.89.1
libldap-2_4-2-debuginfo-32bit-2.4.41-18.89.1
openldap2-2.4.41-18.89.1
openldap2-back-meta-2.4.41-18.89.1
openldap2-back-meta-debuginfo-2.4.41-18.89.1
openldap2-client-2.4.41-18.89.1
openldap2-client-debuginfo-2.4.41-18.89.1
openldap2-debuginfo-2.4.41-18.89.1
openldap2-debugsource-2.4.41-18.89.1
openldap2-ppolicy-check-password-1.2-18.89.1
openldap2-ppolicy-check-password-debuginfo-1.2-18.89.1
o HPE Helion Openstack 8 (noarch):
openldap2-doc-2.4.41-18.89.1
References:
o https://www.suse.com/security/cve/CVE-2022-29155.html
o https://bugzilla.suse.com/1198383
o https://bugzilla.suse.com/1199240
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoL1yMkNZI30y1K9AQgddw/7BaBqwThNEVVsSsrY68kgEsuVHzrcYySM
Sy3scCPX66/Tri6sqiFLs8NcMIxYVzCtPLpTNCxPklKWQq3DAXCfvW7zKjVe92VP
ncHWwmijBufhadBaWmQgeYDob8s6h1QCeMmRvjZSPP5k8qI55koj90BJX9RyEmwm
g9iZIxHdCKO7VWU4Bhz/IDiaxdCgZJyGQgN30zQfdhToeB690oWsMDBOQQR54Um9
a9eeNbx7TX+IX4Wdt9GBKWUSO2c4om53fleajRfF+xOgJiKRIcjC9tl1RvwAvVNH
O5nqojp8lNTJeyxM9XH5qPpzuIkVhGnWbj5UMcMcW+9kioaKaRoY1KdgUzl6GKwD
xm8Dt3jNwb0b5Alx2Mhyg7NoMwryj5bW0u7pg1OZ0a41JSo6t8dcvCU+28E3ZYlg
QFD6kzaKGosceYI0yGwBoR4HAVq6jQJ5S1OMZPVs3lv8QRSP+DBlkQXsGA+3rWOe
k8lVJUwCNSWy9lLiSCYMHopGxsEKkslglnvbzjf6Ekov5CHuwl7m84jlCeYxoVBZ
RIoOt05WLgf+j9YTLJ9/ExsqITWIyFHI3tNfVARRY/DIAPxpV0fDSSpmbhD8c1ag
w3ElcMQmh/WZewsvcMwsslsHQ1gHWnM0CvdYC1AUUE3v8KYHe9dBi9qdZX8ETQhb
AmOxhTuqpv0=
=YAG/
-----END PGP SIGNATURE-----
ESB-2022.2387 - [SUSE] openldap2: CVSS (Max): 9.4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2387
Security update for openldap2
17 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openldap2
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-29155
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221685-1
Comment: CVSS (Max): 9.4 CVE-2022-29155 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for openldap2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1685-1
Rating: important
References: #1199240
Cross-References: CVE-2022-29155
Affected Products:
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise Module for Legacy Software 12
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP5
SUSE Linux Enterprise Server for SAP Applications
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for openldap2 fixes the following issues:
o CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Server for SAP 12-SP5:
zypper in -t patch SUSE-SLE-SAP-12-SP5-2022-1685=1
o SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1685=1
o SUSE Linux Enterprise Server for SAP 12-SP3:
zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1685=1
o SUSE Linux Enterprise Module for Legacy Software 12:
zypper in -t patch SUSE-SLE-Module-Legacy-12-2022-1685=1
Package List:
o SUSE Linux Enterprise Server for SAP 12-SP5 (ppc64le x86_64):
compat-libldap-2_3-0-2.3.37-42.1
compat-libldap-2_3-0-debuginfo-2.3.37-42.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
compat-libldap-2_3-0-2.3.37-42.1
compat-libldap-2_3-0-debuginfo-2.3.37-42.1
o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
compat-libldap-2_3-0-2.3.37-42.1
compat-libldap-2_3-0-debuginfo-2.3.37-42.1
o SUSE Linux Enterprise Module for Legacy Software 12 (aarch64 ppc64le s390x
x86_64):
compat-libldap-2_3-0-2.3.37-42.1
compat-libldap-2_3-0-debuginfo-2.3.37-42.1
References:
o https://www.suse.com/security/cve/CVE-2022-29155.html
o https://bugzilla.suse.com/1199240
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoL1uMkNZI30y1K9AQjvlw/9ET4V6gn8b7G18WP/u281pcseO6W1BVMQ
4wukPBZ59Ijkg3Vsp6Go0Y/9JuepDnveqWZ6ZI5eKiDs8YgjBvTAS8D235QhD1Kt
aZX1AaOAvxn0VwtDeAT1D12PNLBhHxzqgYT9LPlE7F8MngiOB+4JJuBRh+t8EHLN
wTZpngkzUvwEL8buCcWg2H3dWs75Q3uu0DWRZNanNQaEOhBi5Vy16/JbuwJjF96U
AXE/kB7T3cim5r/c26wmYL9cAvSjVcJRh5v03XjQkbytNddPveMsFcWENeSGuQma
Y0NJVcowM5ebpPvrVX4XExCw84YPmgBHk1WV8BaJBQ2A2BczOXzeYUoyaPgXDRDE
LA2k5GF4x5/R4wmPqEPZ0+/rwNtlNgzs5FKkViRoNuGAvpjZOPbJ2WUUEEK+J2+Z
v+h1S3+AoEIuToG5xPcgTm/zCJ3bdOI+Ym/wPYRcveInCFuA9lW0vl/SBVeLfZXk
OmPTn55FtL4EV1MpF1J/hThL6Ins6jMTEGym8v04H90AaEi7QdSPxNtnZJdNr91C
LawaHgSEQ2kkOl7i62gL9SzPXj75Fpxv+PWdC4KD7kEF/yDKNOmTJvuDf/4ZmdYI
yD0YaiZmK6KpOXNLgDQDYiyWMhuhN2TIfDw6QDaii9PUCxYtA0qpTnEyAOyENrnR
XUuQilQU2J4=
=11gl
-----END PGP SIGNATURE-----
ESB-2022.2386 - [SUSE] openldap2: CVSS (Max): 9.4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2386
Security update for openldap2
17 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openldap2
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-29155
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221670-1
Comment: CVSS (Max): 9.4 CVE-2022-29155 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for openldap2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1670-1
Rating: important
References: #1199240
Cross-References: CVE-2022-29155
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for openldap2 fixes the following issues:
o CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1670=1
o openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1670=1
o SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1670=1
o SUSE Manager Retail Branch Server 4.1:
zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1670=1
o SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1670=1
o SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1670=1
o SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1670=1
o SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1670=1
o SUSE Linux Enterprise Module for Legacy Software 15-SP3:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-1670=1
o SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1670=1
o SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1670=1
o SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1670=1
o SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1670=1
o SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1670=1
o SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1670=1
o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1670=1
o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1670=1
o SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-1670=1
Package List:
o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libldap-2_4-2-2.4.46-150200.14.8.1
libldap-2_4-2-debuginfo-2.4.46-150200.14.8.1
openldap2-2.4.46-150200.14.8.1
openldap2-back-meta-2.4.46-150200.14.8.1
openldap2-back-meta-debuginfo-2.4.46-150200.14.8.1
openldap2-back-perl-2.4.46-150200.14.8.1
openldap2-back-perl-debuginfo-2.4.46-150200.14.8.1
openldap2-back-sock-2.4.46-150200.14.8.1
openldap2-back-sock-debuginfo-2.4.46-150200.14.8.1
openldap2-back-sql-2.4.46-150200.14.8.1
openldap2-back-sql-debuginfo-2.4.46-150200.14.8.1
openldap2-client-2.4.46-150200.14.8.1
openldap2-client-debuginfo-2.4.46-150200.14.8.1
openldap2-contrib-2.4.46-150200.14.8.1
openldap2-contrib-debuginfo-2.4.46-150200.14.8.1
openldap2-debuginfo-2.4.46-150200.14.8.1
openldap2-debugsource-2.4.46-150200.14.8.1
openldap2-devel-2.4.46-150200.14.8.1
openldap2-devel-static-2.4.46-150200.14.8.1
openldap2-ppolicy-check-password-1.2-150200.14.8.1
openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.8.1
o openSUSE Leap 15.4 (x86_64):
libldap-2_4-2-32bit-2.4.46-150200.14.8.1
libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.8.1
openldap2-devel-32bit-2.4.46-150200.14.8.1
o openSUSE Leap 15.4 (noarch):
libldap-data-2.4.46-150200.14.8.1
openldap2-doc-2.4.46-150200.14.8.1
o openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libldap-2_4-2-2.4.46-150200.14.8.1
libldap-2_4-2-debuginfo-2.4.46-150200.14.8.1
openldap2-2.4.46-150200.14.8.1
openldap2-back-meta-2.4.46-150200.14.8.1
openldap2-back-meta-debuginfo-2.4.46-150200.14.8.1
openldap2-back-perl-2.4.46-150200.14.8.1
openldap2-back-perl-debuginfo-2.4.46-150200.14.8.1
openldap2-back-sock-2.4.46-150200.14.8.1
openldap2-back-sock-debuginfo-2.4.46-150200.14.8.1
openldap2-back-sql-2.4.46-150200.14.8.1
openldap2-back-sql-debuginfo-2.4.46-150200.14.8.1
openldap2-client-2.4.46-150200.14.8.1
openldap2-client-debuginfo-2.4.46-150200.14.8.1
openldap2-contrib-2.4.46-150200.14.8.1
openldap2-contrib-debuginfo-2.4.46-150200.14.8.1
openldap2-debuginfo-2.4.46-150200.14.8.1
openldap2-debugsource-2.4.46-150200.14.8.1
openldap2-devel-2.4.46-150200.14.8.1
openldap2-devel-static-2.4.46-150200.14.8.1
openldap2-ppolicy-check-password-1.2-150200.14.8.1
openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.8.1
o openSUSE Leap 15.3 (noarch):
libldap-data-2.4.46-150200.14.8.1
openldap2-doc-2.4.46-150200.14.8.1
o openSUSE Leap 15.3 (x86_64):
libldap-2_4-2-32bit-2.4.46-150200.14.8.1
libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.8.1
openldap2-devel-32bit-2.4.46-150200.14.8.1
o SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libldap-2_4-2-2.4.46-150200.14.8.1
libldap-2_4-2-debuginfo-2.4.46-150200.14.8.1
openldap2-2.4.46-150200.14.8.1
openldap2-back-meta-2.4.46-150200.14.8.1
openldap2-back-meta-debuginfo-2.4.46-150200.14.8.1
openldap2-back-perl-2.4.46-150200.14.8.1
openldap2-back-perl-debuginfo-2.4.46-150200.14.8.1
openldap2-client-2.4.46-150200.14.8.1
openldap2-client-debuginfo-2.4.46-150200.14.8.1
openldap2-contrib-2.4.46-150200.14.8.1
openldap2-contrib-debuginfo-2.4.46-150200.14.8.1
openldap2-debuginfo-2.4.46-150200.14.8.1
openldap2-debugsource-2.4.46-150200.14.8.1
openldap2-devel-2.4.46-150200.14.8.1
openldap2-devel-static-2.4.46-150200.14.8.1
openldap2-ppolicy-check-password-1.2-150200.14.8.1
openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.8.1
o SUSE Manager Server 4.1 (noarch):
libldap-data-2.4.46-150200.14.8.1
o SUSE Manager Server 4.1 (x86_64):
libldap-2_4-2-32bit-2.4.46-150200.14.8.1
libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.8.1
openldap2-devel-32bit-2.4.46-150200.14.8.1
o SUSE Manager Retail Branch Server 4.1 (x86_64):
libldap-2_4-2-2.4.46-150200.14.8.1
libldap-2_4-2-32bit-2.4.46-150200.14.8.1
libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.8.1
libldap-2_4-2-debuginfo-2.4.46-150200.14.8.1
openldap2-2.4.46-150200.14.8.1
openldap2-back-meta-2.4.46-150200.14.8.1
openldap2-back-meta-debuginfo-2.4.46-150200.14.8.1
openldap2-back-perl-2.4.46-150200.14.8.1
openldap2-back-perl-debuginfo-2.4.46-150200.14.8.1
openldap2-client-2.4.46-150200.14.8.1
openldap2-client-debuginfo-2.4.46-150200.14.8.1
openldap2-contrib-2.4.46-150200.14.8.1
openldap2-contrib-debuginfo-2.4.46-150200.14.8.1
openldap2-debuginfo-2.4.46-150200.14.8.1
openldap2-debugsource-2.4.46-150200.14.8.1
openldap2-devel-2.4.46-150200.14.8.1
openldap2-devel-32bit-2.4.46-150200.14.8.1
openldap2-devel-static-2.4.46-150200.14.8.1
openldap2-ppolicy-check-password-1.2-150200.14.8.1
openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.8.1
o SUSE Manager Retail Branch Server 4.1 (noarch):
libldap-data-2.4.46-150200.14.8.1
o SUSE Manager Proxy 4.1 (noarch):
libldap-data-2.4.46-150200.14.8.1
o SUSE Manager Proxy 4.1 (x86_64):
libldap-2_4-2-2.4.46-150200.14.8.1
libldap-2_4-2-32bit-2.4.46-150200.14.8.1
libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.8.1
libldap-2_4-2-debuginfo-2.4.46-150200.14.8.1
openldap2-2.4.46-150200.14.8.1
openldap2-back-meta-2.4.46-150200.14.8.1
openldap2-back-meta-debuginfo-2.4.46-150200.14.8.1
openldap2-back-perl-2.4.46-150200.14.8.1
openldap2-back-perl-debuginfo-2.4.46-150200.14.8.1
openldap2-client-2.4.46-150200.14.8.1
openldap2-client-debuginfo-2.4.46-150200.14.8.1
openldap2-contrib-2.4.46-150200.14.8.1
openldap2-contrib-debuginfo-2.4.46-150200.14.8.1
openldap2-debuginfo-2.4.46-150200.14.8.1
openldap2-debugsource-2.4.46-150200.14.8.1
openldap2-devel-2.4.46-150200.14.8.1
openldap2-devel-32bit-2.4.46-150200.14.8.1
openldap2-devel-static-2.4.46-150200.14.8.1
openldap2-ppolicy-check-password-1.2-150200.14.8.1
openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.8.1
o SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libldap-2_4-2-2.4.46-150200.14.8.1
libldap-2_4-2-debuginfo-2.4.46-150200.14.8.1
openldap2-2.4.46-150200.14.8.1
openldap2-back-meta-2.4.46-150200.14.8.1
openldap2-back-meta-debuginfo-2.4.46-150200.14.8.1
openldap2-back-perl-2.4.46-150200.14.8.1
openldap2-back-perl-debuginfo-2.4.46-150200.14.8.1
openldap2-client-2.4.46-150200.14.8.1
openldap2-client-debuginfo-2.4.46-150200.14.8.1
openldap2-contrib-2.4.46-150200.14.8.1
openldap2-contrib-debuginfo-2.4.46-150200.14.8.1
openldap2-debuginfo-2.4.46-150200.14.8.1
openldap2-debugsource-2.4.46-150200.14.8.1
openldap2-devel-2.4.46-150200.14.8.1
openldap2-devel-static-2.4.46-150200.14.8.1
openldap2-ppolicy-check-password-1.2-150200.14.8.1
openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.8.1
o SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
libldap-data-2.4.46-150200.14.8.1
o SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
libldap-2_4-2-32bit-2.4.46-150200.14.8.1
libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.8.1
openldap2-devel-32bit-2.4.46-150200.14.8.1
o SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libldap-2_4-2-2.4.46-150200.14.8.1
libldap-2_4-2-debuginfo-2.4.46-150200.14.8.1
openldap2-2.4.46-150200.14.8.1
openldap2-back-meta-2.4.46-150200.14.8.1
openldap2-back-meta-debuginfo-2.4.46-150200.14.8.1
openldap2-back-perl-2.4.46-150200.14.8.1
openldap2-back-perl-debuginfo-2.4.46-150200.14.8.1
openldap2-client-2.4.46-150200.14.8.1
openldap2-client-debuginfo-2.4.46-150200.14.8.1
openldap2-contrib-2.4.46-150200.14.8.1
openldap2-contrib-debuginfo-2.4.46-150200.14.8.1
openldap2-debuginfo-2.4.46-150200.14.8.1
openldap2-debugsource-2.4.46-150200.14.8.1
openldap2-devel-2.4.46-150200.14.8.1
openldap2-devel-static-2.4.46-150200.14.8.1
openldap2-ppolicy-check-password-1.2-150200.14.8.1
openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.8.1
o SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
libldap-data-2.4.46-150200.14.8.1
o SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
libldap-2_4-2-32bit-2.4.46-150200.14.8.1
libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.8.1
openldap2-devel-32bit-2.4.46-150200.14.8.1
o SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
libldap-data-2.4.46-150200.14.8.1
o SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libldap-2_4-2-2.4.46-150200.14.8.1
libldap-2_4-2-32bit-2.4.46-150200.14.8.1
libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.8.1
libldap-2_4-2-debuginfo-2.4.46-150200.14.8.1
openldap2-client-2.4.46-150200.14.8.1
openldap2-client-debuginfo-2.4.46-150200.14.8.1
openldap2-debugsource-2.4.46-150200.14.8.1
openldap2-devel-2.4.46-150200.14.8.1
openldap2-devel-32bit-2.4.46-150200.14.8.1
openldap2-devel-static-2.4.46-150200.14.8.1
o SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le
s390x x86_64):
openldap2-2.4.46-150200.14.8.1
openldap2-back-meta-2.4.46-150200.14.8.1
openldap2-back-meta-debuginfo-2.4.46-150200.14.8.1
openldap2-back-perl-2.4.46-150200.14.8.1
openldap2-back-perl-debuginfo-2.4.46-150200.14.8.1
openldap2-contrib-2.4.46-150200.14.8.1
openldap2-contrib-debuginfo-2.4.46-150200.14.8.1
openldap2-debuginfo-2.4.46-150200.14.8.1
openldap2-debugsource-2.4.46-150200.14.8.1
openldap2-ppolicy-check-password-1.2-150200.14.8.1
openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.8.1
o SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64):
openldap2-debugsource-2.4.46-150200.14.8.1
openldap2-devel-32bit-2.4.46-150200.14.8.1
o SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64):
openldap2-debugsource-2.4.46-150200.14.8.1
openldap2-devel-32bit-2.4.46-150200.14.8.1
o SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x
x86_64):
libldap-2_4-2-2.4.46-150200.14.8.1
libldap-2_4-2-debuginfo-2.4.46-150200.14.8.1
openldap2-client-2.4.46-150200.14.8.1
openldap2-client-debuginfo-2.4.46-150200.14.8.1
openldap2-debuginfo-2.4.46-150200.14.8.1
openldap2-debugsource-2.4.46-150200.14.8.1
openldap2-devel-2.4.46-150200.14.8.1
openldap2-devel-static-2.4.46-150200.14.8.1
o SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
libldap-data-2.4.46-150200.14.8.1
o SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
libldap-2_4-2-32bit-2.4.46-150200.14.8.1
libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.8.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x
x86_64):
libldap-2_4-2-2.4.46-150200.14.8.1
libldap-2_4-2-debuginfo-2.4.46-150200.14.8.1
openldap2-client-2.4.46-150200.14.8.1
openldap2-client-debuginfo-2.4.46-150200.14.8.1
openldap2-debuginfo-2.4.46-150200.14.8.1
openldap2-debugsource-2.4.46-150200.14.8.1
openldap2-devel-2.4.46-150200.14.8.1
openldap2-devel-static-2.4.46-150200.14.8.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
libldap-data-2.4.46-150200.14.8.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
libldap-2_4-2-32bit-2.4.46-150200.14.8.1
libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.8.1
o SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libldap-2_4-2-2.4.46-150200.14.8.1
libldap-2_4-2-debuginfo-2.4.46-150200.14.8.1
openldap2-debuginfo-2.4.46-150200.14.8.1
openldap2-debugsource-2.4.46-150200.14.8.1
o SUSE Linux Enterprise Micro 5.2 (noarch):
libldap-data-2.4.46-150200.14.8.1
o SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
libldap-2_4-2-2.4.46-150200.14.8.1
libldap-2_4-2-debuginfo-2.4.46-150200.14.8.1
openldap2-debuginfo-2.4.46-150200.14.8.1
openldap2-debugsource-2.4.46-150200.14.8.1
o SUSE Linux Enterprise Micro 5.1 (noarch):
libldap-data-2.4.46-150200.14.8.1
o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64
x86_64):
libldap-2_4-2-2.4.46-150200.14.8.1
libldap-2_4-2-debuginfo-2.4.46-150200.14.8.1
openldap2-client-2.4.46-150200.14.8.1
openldap2-client-debuginfo-2.4.46-150200.14.8.1
openldap2-debugsource-2.4.46-150200.14.8.1
openldap2-devel-2.4.46-150200.14.8.1
openldap2-devel-static-2.4.46-150200.14.8.1
o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
libldap-data-2.4.46-150200.14.8.1
o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
libldap-2_4-2-32bit-2.4.46-150200.14.8.1
libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.8.1
openldap2-devel-32bit-2.4.46-150200.14.8.1
o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64
x86_64):
libldap-2_4-2-2.4.46-150200.14.8.1
libldap-2_4-2-debuginfo-2.4.46-150200.14.8.1
openldap2-client-2.4.46-150200.14.8.1
openldap2-client-debuginfo-2.4.46-150200.14.8.1
openldap2-debugsource-2.4.46-150200.14.8.1
openldap2-devel-2.4.46-150200.14.8.1
openldap2-devel-static-2.4.46-150200.14.8.1
o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
libldap-2_4-2-32bit-2.4.46-150200.14.8.1
libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.8.1
openldap2-devel-32bit-2.4.46-150200.14.8.1
o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
libldap-data-2.4.46-150200.14.8.1
o SUSE Enterprise Storage 7 (aarch64 x86_64):
libldap-2_4-2-2.4.46-150200.14.8.1
libldap-2_4-2-debuginfo-2.4.46-150200.14.8.1
openldap2-2.4.46-150200.14.8.1
openldap2-back-meta-2.4.46-150200.14.8.1
openldap2-back-meta-debuginfo-2.4.46-150200.14.8.1
openldap2-back-perl-2.4.46-150200.14.8.1
openldap2-back-perl-debuginfo-2.4.46-150200.14.8.1
openldap2-client-2.4.46-150200.14.8.1
openldap2-client-debuginfo-2.4.46-150200.14.8.1
openldap2-contrib-2.4.46-150200.14.8.1
openldap2-contrib-debuginfo-2.4.46-150200.14.8.1
openldap2-debuginfo-2.4.46-150200.14.8.1
openldap2-debugsource-2.4.46-150200.14.8.1
openldap2-devel-2.4.46-150200.14.8.1
openldap2-devel-static-2.4.46-150200.14.8.1
openldap2-ppolicy-check-password-1.2-150200.14.8.1
openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.8.1
o SUSE Enterprise Storage 7 (x86_64):
libldap-2_4-2-32bit-2.4.46-150200.14.8.1
libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.8.1
openldap2-devel-32bit-2.4.46-150200.14.8.1
o SUSE Enterprise Storage 7 (noarch):
libldap-data-2.4.46-150200.14.8.1
References:
o https://www.suse.com/security/cve/CVE-2022-29155.html
o https://bugzilla.suse.com/1199240
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoL1oskNZI30y1K9AQivqQ//WfftGffDsDPOIc6ir/ne4QtuR3PQGl76
sSrlmdJnjac2LdRSRuk96vV6MmoPbSELfF/+qqAzUTLVcZg5l9tx84juKQWDzXcH
n5pp4OeOIsGr8VfsjO++4tMvwu68S3XFSxEq3/HA2yCFCQP9Ws5uGWYduozRFbLQ
mGG7ODUtPfrH5HcI12H7pNsfjigypJsd1ZJauTZILuy8uV/IRJYszD9OeQ+kMouo
CWl/zLwZKOqpYUaj2jJOKKD6aGrN4RQC5ik8dyIe5R8W6cwTkcptVnIx9bL6k0G9
LPhndVdv3gKDpBfZz3vA6gb/pNnVv4TS1v1PN4I3qEZIL/BkxRj7whInbS6NWg23
MgSg/7/lARjEM3bmslhB67xX5weE/YnZ9UkiuSu/L+jr91TAIT/l3j+iw5ntejKd
XiEdnVkVZY8ISzxzouuDOKfTrQt55C9vUPVucYp9vXgYAU+1/+i0sweRl3/jbMRR
lw6FS/MvYqhlKmMjbT9XXMhfOPjG5ckRnWUcCsotZ1bDEWpxIUHeuCYyYNftjeUa
Kt4uZ5u+Fsk/AGzImPKeSMswxkK6Kyf3BEfNxvaAKvq3j/984Px5mTzHP+JXkJaN
KglDLSwn+kOP5we91yE0obZzULJJ8mutPTnQV7K2w3h/FJXHcxlX6q2p/GaJZmpI
6ExlJmq4TAA=
=VYcS
-----END PGP SIGNATURE-----
ESB-2022.2385 - [SUSE] jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core: CVSS (Max): 7.5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2385
Security update for jackson-databind,
jackson-dataformats-binary, jackson-annotations,
jackson-bom, jackson-core
17 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2020-36518 CVE-2020-28491 CVE-2020-25649
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221678-1
Comment: CVSS (Max): 7.5 CVE-2020-36518 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for jackson-databind,
jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1678-1
Rating: important
References: #1177616 #1182481 #1197132
Cross-References: CVE-2020-25649 CVE-2020-28491 CVE-2020-36518
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Module for SUSE Manager Server 4.3
SUSE Linux Enterprise Realtime Extension 15-SP2
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for jackson-databind, jackson-dataformats-binary,
jackson-annotations, jackson-bom, jackson-core fixes the following issues:
Security issues fixed:
o CVE-2020-36518: Fixed a Java stack overflow exception and denial of service
via a large depth of nested objects in jackson-databind. (bsc#1197132)
o CVE-2020-25649: Fixed an insecure entity expansion in jackson-databind
which was vulnerable to XML external entity (XXE). (bsc#1177616)
o CVE-2020-28491: Fixed a bug which could cause `java.lang.OutOfMemoryError`
exception in jackson-dataformats-binary. (bsc#1182481)
Non security fixes:
jackson-annotations - update from version 2.10.2 to version 2.13.0:
+ Build with source/target levels 8 + Add 'mvnw' wrapper + 'JsonSubType.Type'
should accept array of names + Jackson version alignment with Gradle 6 + Add
'@JsonIncludeProperties' + Add '@JsonTypeInfo(use=DEDUCTION)' + Ability to use
'@JsonAnyGetter' on fields + Add '@JsonKey' annotation + Allow repeated calls
to 'SimpleObjectIdResolver.bindItem()' for same mapping + Add 'namespace'
property for '@JsonProperty' (for XML module) + Add target
'ElementType.ANNOTATION_TYPE' for '@JsonEnumDefaultValue' +
'JsonPattern.Value.pattern' retained as "", never (accidentally) exposed as
'null' + Rewrite to use `ant` for building in order to be able to use it in
packages that have to be built before maven
jackson-bom - update from version 2.10.2 to version 2.13.0:
+ Configure moditect plugin with ' 11 ' + jackson-bom manages the version of
'junit:junit' + Drop 'jackson-datatype-hibernate3' (support for Hibernate 3.x
datatypes) + Removed "jakarta" classifier variants of JAXB/JSON-P/JAX-RS
modules due to the addition of new Jakarta artifacts (Jakarta-JSONP,
Jakarta-xmlbind-annotations, Jakarta-rs-providers) + Add version for
'jackson-datatype-jakarta-jsonp' module (introduced after 2.12.2) + Add (beta)
version for 'jackson-dataformat-toml' + Jakarta 9 artifact versions are missing
from jackson-bom + Add default settings for
'gradle-module-metadata-maven-plugin' (gradle metadata) + Add default settings
for 'build-helper-maven-plugin' + Drop 'jackson-module-scala_2.10' entry (not
released for Jackson 2.12 or later) + Add override for 'version.plugin.bundle'
(for 5.1.1) to help build on JDK 15+ + Add missing version for
jackson-datatype-eclipse-collections
jackson-core - update from version 2.10.2 to version 2.13.0:
+ Build with source and target levels 8 + Misleading exception for input source
when processing byte buffer with start offset + Escape contents of source
document snippet for 'JsonLocation._appendSourceDesc()' + Add
'StreamWriteException' type to eventually replace 'JsonGenerationException' +
Replace 'getCurrentLocation()'/'getTokenLocation()' with 'currentLocation()'/
'currentTokenLocation()' in 'JsonParser' + Replace 'JsonGenerator.writeObject()
' (and related) with 'writePOJO()' + Replace 'getCurrentValue()'/
'setCurrentValue()' with 'currentValue()'/'assignCurrentValue()' in
'JsonParser'/'JsonGenerator + Introduce O(n^1.5) BigDecimal parser
implementation + ByteQuadsCanonicalizer.addName(String, int, int) has incorrect
handling for case of q2 == null + UTF32Reader ArrayIndexOutOfBoundsException +
Improve exception/JsonLocation handling for binary content: don't show content,
include byte offset + Fix an issue with the TokenFilter unable to ignore
properties when deserializing. + Optimize array allocation by
'JsonStringEncoder' + Add 'mvnw' wrapper + (partial) Optimize array allocation
by 'JsonStringEncoder' + Add back accidentally removed 'JsonStringEncoder'
related methods in 'BufferRecyclers' (like 'getJsonStringEncoder()') +
'ArrayOutOfBoundException' at 'WriterBasedJsonGenerator.writeString(Reader,
int)' + Allow "optional-padding" for 'Base64Variant' + More customizable
TokenFilter inclusion (using 'Tokenfilter.Inclusion') + Publish Gradle Module
Metadata + Add 'StreamReadCapability' for further format-based/format-agnostic
handling improvements + Add 'JsonParser.isExpectedNumberIntToken()' convenience
method + Add 'StreamWriteCapability' for further format-based/format-agnostic
handling improvements + Add 'JsonParser.getNumberValueExact()' to allow
precision-retaining buffering + Limit initial allocated block size by
'ByteArrayBuilder' to max block size + Add 'JacksonException' as parent class
of 'JsonProcessingException' + Make 'JsonWriteContext.reset()' and
'JsonReadContext.reset()' methods public + Deprecate
'JsonParser.getCurrentTokenId()' (use '#currentTokenId()' instead) + Full
"LICENSE" included in jar for easier access by compliancy tools + Fix NPE in
'writeNumber(String)' method of 'UTF8JsonGenerator', 'WriterBasedJsonGenerator'
+ Add a String Array write method in the Streaming API + Synchronize variants
of 'JsonGenerator#writeNumberField' with 'JsonGenerator#writeNumber' + Add
JsonGenerator#writeNumber(char[], int, int) method + Do not clear aggregated
contents of 'TextBuffer' when 'releaseBuffers()' called +
'FilteringGeneratorDelegate' does not handle 'writeString(Reader, int)' +
Optionally allow leading decimal in float tokens + Rewrite to use ant for
building in order to be able to use it in packages that have to be built before
maven + Parsing JSON with 'ALLOW_MISSING_VALUE' enabled results in endless
stream of 'VALUE_NULL' tokens + Handle case when system property access is
restricted + 'FilteringGeneratorDelegate' does not handle 'writeString(Reader,
int)' + DataFormatMatcher#getMatchedFormatName throws NPE when no match exists
+ 'JsonParser.getCurrentLocation()' byte/char offset update incorrectly for big
payloads
jackson-databind - update from version 2.10.5.1 to version 2.13.0:
+ '@JsonValue' with integer for enum does not deserialize correctly +
'AnnotatedMethod.getValue()/setValue()' doesn't have useful exception message +
Add 'DatabindException' as intermediate subtype of 'JsonMappingException' +
Jackson does not support deserializing new Java 9 unmodifiable collections +
Allocate TokenBuffer instance via context objects (to allow format-specific
buffer types) + Add mechanism for setting default 'ContextAttributes' for
'ObjectMapper' + Add 'DeserializationContext.readTreeAsValue()' methods for
more convenient conversions for deserializers to use + Clean up support of
typed "unmodifiable", "singleton" Maps/Sets/Collections + Extend internal
bitfield of 'MapperFeature' to be 'long' + Add 'removeMixIn()' method in
'MapperBuilder' + Backport 'MapperBuilder' lambda-taking methods:
'withConfigOverride()', 'withCoercionConfig()', 'withCoercionConfigDefaults()'
+ configOverrides(boolean.class) silently ignored, whereas .configOverride
(Boolean.class) works for both primitives and boxed boolean values + Dont track
unknown props in buffer if 'ignoreAllUnknown' is true + Should allow
deserialization of java.time types via opaque 'JsonToken.VALUE_EMBEDDED_OBJECT'
+ Optimize "AnnotatedConstructor.call()" case by passing explicit null + Add
AnnotationIntrospector.XmlExtensions interface for decoupling javax
dependencies + Custom SimpleModule not included in list returned by
ObjectMapper.getRegisteredModuleIds() after registration + Use more limiting
default visibility settings for JDK types (java.*, javax.*) + Deep merge for
'JsonNode' using 'ObjectReader.readTree()' + IllegalArgumentException:
Conflicting setter definitions for property with more than 2 setters +
Serializing java.lang.Thread fails on JDK 11 and above + String-based 'Map' key
deserializer is not deterministic when there is no single arg constructor + Add
ArrayNode#set(int index, primitive_type value) + JsonStreamContext
"currentValue" wrongly references to '@JsonTypeInfo' annotated object + DOM
'Node' serialization omits the default namespace declaration + Support
'suppressed' property when deserializing 'Throwable' + 'AnnotatedMember.equals
()' does not work reliably + Add 'MapperFeature.APPLY_DEFAULT_VALUES',
initially for Scala module + For an absent property Jackson injects 'NullNode'
instead of 'null' to a JsonNode-typed constructor argument of a
'@ConstructorProperties'-annotated constructor + 'XMLGregorianCalendar' doesn't
work with default typing + Content 'null' handling not working for root values
+ StdDeserializer rejects blank (all-whitespace) strings for ints +
'USE_BASE_TYPE_AS_DEFAULT_IMPL' not working with 'DefaultTypeResolverBuilder' +
Add PropertyNamingStrategies.UpperSnakeCaseStrategy (and UPPER_SNAKE_CASE
constant) + StackOverflowError when serializing JsonProcessingException +
Support for BCP 47 'java.util.Locale' serialization/deserialization + String
property deserializes null as "null" for JsonTypeInfo.As.EXISTING_PROPERTY +
Can not deserialize json to enum value with Object-/Array-valued input,
'@JsonCreator' + Fix to avoid problem with 'BigDecimalNode', scale of
'Integer.MIN_VALUE' + Extend handling of 'FAIL_ON_NULL_FOR_PRIMITIVES' to cover
coercion from (Empty) String via 'AsNull' + Add 'mvnw' wrapper + (regression)
Factory method generic type resolution does not use Class-bound type parameter
+ Deserialization of "empty" subtype with DEDUCTION failed + Merge
findInjectableValues() results in AnnotationIntrospectorPair +
READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE doesn't work with empty strings +
'TypeFactory' cannot convert 'Collection' sub-type without type parameters to
canonical form and back + Fix for [modules-java8#207]: prevent fail on
secondary Java 8 date/time types + EXTERNAL_PROPERTY does not work well with
'@JsonCreator' and 'FAIL_ON_UNKNOWN_PROPERTIES' + String property deserializes
null as "null" for 'JsonTypeInfo.As.EXTERNAL_PROPERTY' + Property ignorals
cause 'BeanDeserializer 'to forget how to read from arrays (not copying
'_arrayDelegateDeserializer') + UntypedObjectDeserializer' mixes multiple
unwrapped collections (related to #2733) + Two cases of incorrect error
reporting about DeserializationFeature + Bug in polymorphic deserialization
with '@JsonCreator', '@JsonAnySetter', 'JsonTypeInfo.As.EXTERNAL_PROPERTY' +
Polymorphic subtype deduction ignores 'defaultImpl' attribute +
MismatchedInputException: Cannot deserialize instance of
'com.fasterxml.jackson.databind.node.ObjectNode' out of VALUE_NULL token +
Missing override for 'hasAsKey()' in 'AnnotationIntrospectorPair' + Creator
lookup fails with 'InvalidDefinitionException' for conflict between
single-double/single-Double arg constructor + 'MapDeserializer' forcing
'JsonMappingException' wrapping even if WRAP_EXCEPTIONS set to false +
Auto-detection of constructor-based creator method skipped if there is an
annotated factory-based creator method (regression from 2.11) +
'ObjectMapper.treeToValue()' no longer invokes 'JsonDeserializer.getNullValue()
' + DeserializationProblemHandler is not invoked when trying to deserialize
String + Fix failing 'double' JsonCreators in jackson 2.12.0 + Conflicting in
POJOPropertiesCollector when having namingStrategy + Breaking API change in
'BasicClassIntrospector' (2.12.0) + 'JsonNode.requiredAt()' does NOT fail on
some path expressions + Exception thrown when 'Collections.synchronizedList()'
is serialized with type info, deserialized + Add option to resolve type from
multiple existing properties, '@JsonTypeInfo(use=DEDUCTION)' +
'@JsonIgnoreProperties' does not prevent Exception Conflicting getter/setter
definitions for property + Deserialization Not Working Right with Generic Types
and Builders + Add '@JsonIncludeProperties(propertyNames)' (reverse of
'@JsonIgnoreProperties') + '@JsonAnyGetter' should be allowed on a field +
Allow handling of single-arg constructor as property based by default + Allow
case insensitive deserialization of String value into 'boolean'/'Boolean' (esp
for Excel) + Allow use of '@JsonFormat(with=JsonFormat.Feature
.ACCEPT_CASE_INSENSITIVE_PROPERTIES)' on Class + Abstract class included as
part of known type ids for error message when using JsonSubTypes + Distinguish
null from empty string for UUID deserialization + 'ReferenceType' does not
expose valid containedType + Add 'CoercionConfig[s]' mechanism for configuring
allowed coercions + 'JsonProperty.Access.READ_ONLY' does not work with
"getter-as-setter" 'Collection's + Support 'BigInteger' and 'BigDecimal'
creators in 'StdValueInstantiator' + 'JsonProperty.Access.READ_ONLY' fails with
collections when a property name is specified + 'BigDecimal' precision not
retained for polymorphic deserialization + Support use of 'Void' valued
properties ('MapperFeature.ALLOW_VOID_VALUED_PROPERTIES') + Explicitly fail
(de)serialization of 'java.time.*' types in absence of registered custom (de)
serializers + Improve description included in by
'DeserializationContext.handleUnexpectedToken()' + Support for JDK 14 record
types ('java.lang.Record') + 'PropertyNamingStrategy' class initialization
depends on its subclass, this can lead to class loading deadlock +
'FAIL_ON_IGNORED_PROPERTIES' does not throw on 'READONLY' properties with an
explicit name + Add Gradle Module Metadata for version alignment with Gradle 6
+ Allow 'JsonNode' auto-convert into 'ArrayNode' if duplicates found (for XML)
+ Allow values of "untyped" auto-convert into 'List' if duplicates found (for
XML) + Add 'ValueInstantiator.createContextual(...) + Support multiple names in
'JsonSubType.Type' + Disabling 'FAIL_ON_INVALID_SUBTYPE' breaks polymorphic
deserialization of Enums + Explicitly fail (de)serialization of
'org.joda.time.*' types in absence of registered custom (de)serializers +
Trailing zeros are stripped when deserializing BigDecimal values inside a
@JsonUnwrapped property + Extract getter/setter/field name mangling from
'BeanUtil' into pluggable 'AccessorNamingStrategy' + Throw
'InvalidFormatException' instead of 'MismatchedInputException' for
ACCEPT_FLOAT_AS_INT coercion failures + Add '@JsonKey' annotation (similar to
'@JsonValue') for customizable serialization of Map keys +
'MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS' should work for enum as keys +
Add support for disabling special handling of "Creator properties" wrt
alphabetic property ordering + Add 'JsonNode.canConvertToExactIntegral()' to
indicate whether floating-point/BigDecimal values could be converted to
integers losslessly + Improve static factory method generic type resolution
logic + Allow preventing "Enum from integer" coercion using new
'CoercionConfig' system + '@JsonValue' not considered when evaluating inclusion
+ Make some java platform modules optional + Add support for serializing
'java.sql.Blob' + 'AnnotatedCreatorCollector' should avoid processing synthetic
static (factory) methods + Add errorprone static analysis profile to detect
bugs at build time + Problem with implicit creator name detection for
constructor detection + Add 'BeanDeserializerBase.isCaseInsensitive()' +
Refactoring of 'CollectionDeserializer' to solve CSV array handling issues +
Full "LICENSE" included in jar for easier access by compliancy tools + Fix type
resolution for static methods (regression in 2.11.3) + '@JsonCreator' on
constructor not compatible with '@JsonIdentityInfo', 'PropertyGenerator' + Add
debug improvements about 'ClassUtil.getClassMethods()' + Cannot detect creator
arguments of mixins for JDK types + Add 'JsonFormat.Shape' awareness for UUID
serialization ('UUIDSerializer') + Json serialization fails or a specific case
that contains generics and static methods with generic parameters (2.11.1 ->
2.11.2 regression) + 'ObjectMapper.activateDefaultTypingAsProperty()' is not
using parameter 'PolymorphicTypeValidator' + Problem deserialization "raw
generic" fields (like 'Map') in 2.11.2 + Fix issues with
'MapLikeType.isTrueMapType()', 'CollectionLikeType.isTrueCollectionType()' +
Parser/Generator features not set when using 'ObjectMapper.createParser()',
'createGenerator()' + Polymorphic subtypes not registering on copied
ObjectMapper (2.11.1) + Failure to read AnnotatedField value in Jackson 2.11 +
'TypeFactory.constructType()' does not take 'TypeBindings' correctly + Builder
Deserialization with JsonCreator Value vs Array + JsonCreator on static method
in Enum and Enum used as key in map fails randomly + 'StdSubtypeResolver' is
not thread safe (possibly due to copy not being made with 'ObjectMapper.copy()
') + "Conflicting setter definitions for property" exception for 'Map' subtype
during deserialization + Fail to deserialize local Records + Rearranging of
props when property-based generator is in use leads to incorrect output +
Jackson doesn't respect 'CAN_OVERRIDE_ACCESS_MODIFIERS=false' for deserializer
properties + 'DeserializationFeature.UNWRAP_SINGLE_VALUE_ARRAYS' don't support
'Map' type field + JsonParser from MismatchedInputException cannot getText()
for floating-point value + i-I case conversion problem in Turkish locale with
case-insensitive deserialization + '@JsonInject' fails on trying to find
deserializer even if inject-only + Polymorphic deserialization should handle
case-insensitive Type Id property name if
'MapperFeature.ACCEPT_CASE_INSENSITIVE_PROPERTIES' is enabled +
TreeTraversingParser and UTF8StreamJsonParser create contexts differently +
Support use of '@JsonAlias' for enum values + 'declaringClass' of
"enum-as-POJO" not removed for 'ObjectMapper' with a naming strategy + Fix
'JavaType.isEnumType()' to support sub-classes + BeanDeserializerBuilder
Protected Factory Method for Extension + Support '@JsonSerialize(keyUsing)' and
'@JsonDeserialize(keyUsing)' on Key class + Add
'SerializationFeature.WRITE_SELF_REFERENCES_AS_NULL' +
'ObjectMapper.registerSubtypes(NamedType...)' doesn't allow registering same
POJO for two different type ids +
'DeserializationContext.handleMissingInstantiator()' throws
'MismatchedInputException' for non-static inner classes + Incorrect
'JsonStreamContext' for 'TokenBuffer' and 'TreeTraversingParser' + Add
'AnnotationIntrospector.findRenameByField()' to support Kotlin's "is-getter"
naming convention + Use '@JsonProperty(index)' for sorting properties on
serialization + Java 8 'Optional' not working with '@JsonUnwrapped' on
unwrappable type + Add 'MapperFeature.BLOCK_UNSAFE_POLYMORPHIC_BASE_TYPES' to
allow blocking use of unsafe base type for polymorphic deserialization +
'ObjectMapper.setSerializationInclusion()' is ignored for 'JsonAnyGetter' +
'ValueInstantiationException' when deserializing using a builder and
'UNWRAP_SINGLE_VALUE_ARRAYS' + JsonIgnoreProperties(ignoreUnknown = true) does
not work on field and method level + Failure to resolve generic type parameters
on serialization + JsonParser cannot getText() for input stream on
MismatchedInputException + ObjectReader readValue lacks Class argument + Change
default textual serialization of 'java.util.Date'/'Calendar' to include colon
in timezone offset + Add 'ObjectMapper.createParser()' and 'createGenerator()'
methods + Allow serialization of 'Properties' with non-String values + Add new
factory method for creating custom 'EnumValues' to pass to 'EnumDeserializer +
'IllegalArgumentException' thrown for mismatched subclass deserialization + Add
convenience methods for creating 'List', 'Map' valued 'ObjectReader's
(ObjectMapper.readerForListOf()) +
'SerializerProvider.findContentValueSerializer()' methods
jackson-dataformats-binary - update from version 2.10.1 to version 2.13.0:
+ (cbor) Should validate UTF-8 multi-byte validity for short decode path too +
(ion) Deprecate 'CloseSafeUTF8Writer', remove use + (smile) Make 'SmileFactory'
support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES' + (cbor) Make
'CBORFactory' support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES' + (cbor)
Handle case of BigDecimal with Integer.MIN_VALUE for scale gracefully + (cbor)
Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer) + (cbor)
Another uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer) +
(smile) Add 'SmileGenerator.Feature.LENIENT_UTF_ENCODING' for lenient handling
of broken Unicode surrogate pairs on writing + (avro) Add 'logicalType' support
for some 'java.time' types; add 'AvroJavaTimeModule' for native ser/deser +
Support base64 strings in 'getBinaryValue()' for CBOR and Smile + (cbor)
'ArrayIndexOutOfBounds' for truncated UTF-8 name + (avro) Generate logicalType
switch + (smile) 'ArrayIndexOutOfBounds' for truncated UTF-8 name + (ion)
'jackson-dataformat-ion' does not handle null.struct deserialization correctly
+ 'Ion-java' dep 1.4.0 -> 1.8.0 + Minor change to Ion module registration names
(fully-qualified) + (cbor) Uncaught exception in CBORParser._nextChunkedByte2
(by ossfuzzer) + (cbor) Uncaught exception in
CBORParser._findDecodedFromSymbols() (by ossfuzzer) + (smile) Uncaught
validation problem wrt Smile "BigDecimal" type + (smile)
ArrayIndexOutOfBoundsException for malformed Smile header + (cbor) Failed to
handle case of alleged String with length of Integer.MAX_VALUE + (smile)
Allocate byte[] lazily for longer Smile binary data payloads + (cbor)
CBORParser need to validate zero-length byte[] for BigInteger + (smile) Handle
invalid chunked-binary-format length gracefully + (smile) Allocate byte[]
lazily for longer Smile binary data payloads (7-bit encoded) + (smile)
ArrayIndexOutOfBoundsException in SmileParser._decodeShortUnicodeValue() +
(smile) Handle sequence of Smile header markers without recursion + (cbor) CBOR
loses 'Map' entries with specific 'long' Map key values (32-bit boundary) +
(ion) Ion Polymorphic deserialization in 2.12 breaks wrt use of Native Type Ids
when upgrading from 2.8 + (cbor) 'ArrayIndexOutOfBoundsException' in
'CBORParser' for invalid UTF-8 String + (cbor) Handle invalid CBOR content like
'[0x84]' (incomplete array) + (ion) Respect 'WRITE_ENUMS_USING_TO_STRING' in
'EnumAsIonSymbolSerializer' + (ion) Add support for generating IonSexps + (ion)
Add support for deserializing IonTimestamps and IonBlobs + (ion) Add
'IonObjectMapper.builderForBinaryWriters()' / '.builderforTextualWriters()'
convenience methods + (ion) Enabling pretty-printing fails Ion serialization +
(ion) Allow disabling native type ids in IonMapper + (smile) Small bug in
byte-alignment for long field names in Smile, symbol table reuse + (ion) Add
'IonFactory.getIonSystem()' accessor + (ion) Optimize 'IonParser.getNumberType
()' using 'IonReader.getIntegerSize()' + (cbor) Add
'CBORGenerator.Feature.LENIENT_UTF_ENCODING' for lenient handling of Unicode
surrogate pairs on writing + (cbor) Add support for decoding unassigned "simple
values" (type 7) + Add Gradle Module Metadata (https://blog.gradle.org/
alignment-with-gradle-module-metadata) + (avro) Cache record names to avoid
hitting class loader + (avro) Avro null deserialization + (ion) Add
'IonFactory.getIonSystem()' accessor + (avro) Add
'AvroGenerator.canWriteBinaryNatively()' to support binary writes, fix
'java.util.UUID' representation + (ion) Allow 'IonObjectMapper' with class name
annotation introspector to deserialize generic subtypes + Remove dependencies
upon Jackson 1.X and Avro's JacksonUtils + 'jackson-databind' should not be
full dependency for (cbor, protobuf, smile) modules +
'CBORGenerator.Feature.WRITE_MINIMAL_INTS' does not write most compact form for
all integers + 'AvroGenerator' overrides 'getOutputContext()' properly + (ion)
Add 'IonFactory.getIonSystem()' accessor + (avro) Fix schema evolution
involving maps of non-scalar + (protobuf) Parsing a protobuf message doesn't
properly skip unknown fields + (ion) IonObjectMapper close()s the provided
IonWriter unnecessarily + ion-java dependency 1.4.0 -> 1.5.1
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1678=1
o openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1678=1
o SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1678=1
o SUSE Manager Retail Branch Server 4.1:
zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1678=1
o SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1678=1
o SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1678=1
o SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1678=1
o SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1678=1
o SUSE Linux Enterprise Realtime Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1678=1
o SUSE Linux Enterprise Module for SUSE Manager Server 4.3:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-1678=1
o SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1678=1
o SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1678=1
o SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1678=1
o SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1678=1
o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1678=1
o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1678=1
o SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-1678=1
Package List:
o openSUSE Leap 15.4 (noarch):
jackson-annotations-2.13.0-150200.3.6.1
jackson-annotations-javadoc-2.13.0-150200.3.6.1
jackson-bom-2.13.0-150200.3.3.1
jackson-core-2.13.0-150200.3.6.1
jackson-core-javadoc-2.13.0-150200.3.6.1
jackson-databind-2.13.0-150200.3.9.1
jackson-databind-javadoc-2.13.0-150200.3.9.1
jackson-dataformat-cbor-2.13.0-150200.3.3.3
jackson-dataformat-smile-2.13.0-150200.3.3.3
jackson-dataformats-binary-2.13.0-150200.3.3.3
jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3
o openSUSE Leap 15.3 (noarch):
jackson-annotations-2.13.0-150200.3.6.1
jackson-annotations-javadoc-2.13.0-150200.3.6.1
jackson-bom-2.13.0-150200.3.3.1
jackson-core-2.13.0-150200.3.6.1
jackson-core-javadoc-2.13.0-150200.3.6.1
jackson-databind-2.13.0-150200.3.9.1
jackson-databind-javadoc-2.13.0-150200.3.9.1
jackson-dataformat-cbor-2.13.0-150200.3.3.3
jackson-dataformat-smile-2.13.0-150200.3.3.3
jackson-dataformats-binary-2.13.0-150200.3.3.3
jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3
o SUSE Manager Server 4.1 (noarch):
jackson-annotations-2.13.0-150200.3.6.1
jackson-core-2.13.0-150200.3.6.1
jackson-databind-2.13.0-150200.3.9.1
jackson-dataformat-cbor-2.13.0-150200.3.3.3
o SUSE Manager Retail Branch Server 4.1 (noarch):
jackson-annotations-2.13.0-150200.3.6.1
jackson-core-2.13.0-150200.3.6.1
jackson-databind-2.13.0-150200.3.9.1
jackson-dataformat-cbor-2.13.0-150200.3.3.3
o SUSE Manager Proxy 4.1 (noarch):
jackson-annotations-2.13.0-150200.3.6.1
jackson-core-2.13.0-150200.3.6.1
jackson-databind-2.13.0-150200.3.9.1
jackson-dataformat-cbor-2.13.0-150200.3.3.3
o SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
jackson-annotations-2.13.0-150200.3.6.1
jackson-core-2.13.0-150200.3.6.1
jackson-databind-2.13.0-150200.3.9.1
jackson-dataformat-cbor-2.13.0-150200.3.3.3
o SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
jackson-annotations-2.13.0-150200.3.6.1
jackson-core-2.13.0-150200.3.6.1
jackson-databind-2.13.0-150200.3.9.1
jackson-dataformat-cbor-2.13.0-150200.3.3.3
o SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
jackson-annotations-2.13.0-150200.3.6.1
jackson-core-2.13.0-150200.3.6.1
jackson-databind-2.13.0-150200.3.9.1
jackson-dataformat-cbor-2.13.0-150200.3.3.3
o SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch):
jackson-annotations-2.13.0-150200.3.6.1
jackson-core-2.13.0-150200.3.6.1
jackson-databind-2.13.0-150200.3.9.1
jackson-dataformat-cbor-2.13.0-150200.3.3.3
o SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch):
jackson-annotations-2.13.0-150200.3.6.1
jackson-core-2.13.0-150200.3.6.1
jackson-databind-2.13.0-150200.3.9.1
o SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch):
jackson-dataformat-cbor-2.13.0-150200.3.3.3
o SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
jackson-annotations-2.13.0-150200.3.6.1
jackson-core-2.13.0-150200.3.6.1
jackson-databind-2.13.0-150200.3.9.1
jackson-dataformat-cbor-2.13.0-150200.3.3.3
o SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
jackson-annotations-2.13.0-150200.3.6.1
jackson-core-2.13.0-150200.3.6.1
jackson-databind-2.13.0-150200.3.9.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
jackson-annotations-2.13.0-150200.3.6.1
jackson-annotations-javadoc-2.13.0-150200.3.6.1
jackson-core-2.13.0-150200.3.6.1
jackson-core-javadoc-2.13.0-150200.3.6.1
jackson-databind-2.13.0-150200.3.9.1
jackson-databind-javadoc-2.13.0-150200.3.9.1
o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
jackson-annotations-2.13.0-150200.3.6.1
jackson-core-2.13.0-150200.3.6.1
jackson-databind-2.13.0-150200.3.9.1
jackson-dataformat-cbor-2.13.0-150200.3.3.3
o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
jackson-annotations-2.13.0-150200.3.6.1
jackson-core-2.13.0-150200.3.6.1
jackson-databind-2.13.0-150200.3.9.1
jackson-dataformat-cbor-2.13.0-150200.3.3.3
o SUSE Enterprise Storage 7 (noarch):
jackson-annotations-2.13.0-150200.3.6.1
jackson-core-2.13.0-150200.3.6.1
jackson-databind-2.13.0-150200.3.9.1
jackson-dataformat-cbor-2.13.0-150200.3.3.3
References:
o https://www.suse.com/security/cve/CVE-2020-25649.html
o https://www.suse.com/security/cve/CVE-2020-28491.html
o https://www.suse.com/security/cve/CVE-2020-36518.html
o https://bugzilla.suse.com/1177616
o https://bugzilla.suse.com/1182481
o https://bugzilla.suse.com/1197132
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoL1jckNZI30y1K9AQiQLxAAmcOjBkZk7HtZxy+J9oD3oRVwQ4ZriEFd
MrUXZAq5ObJixfGxFpa7apHMtv7T1FQrLfYU9PL1kdIy/qamC0z9HKU5OhDDcncQ
6yUPpyK6tiuRCtpvY4iU0wKeSnXdjRMLPkuq/TirPvmXGoWKuAJdlI/ioI6D5HzP
A2p6qEDXdorSero1BC+oNx91brDSl9WdskuUwQqJ5qGFqULPeNkMZiLmYQZvl0Fz
acY684yffNOjxMXMXIArGTgecAgVIxijet47IM2OImbIBRAhQRWhLe0t7b8Of54N
dEVQUViwVi9YY2n1vO3usjAbus9LEjLW+mrVDIIqxnYK1rjLPckhE4JxlDkS2jRI
A3jb1moRTRhyqKMgK3dS8eM9c8ZYnkXPTLFndrzyeyif0yOA88zZ5mI/hgq5ACzI
REiW51ST1bID69xr4Dao0ALllLWKiWrRkDvDLT8MV5mciUaR55K23LUDJVxko+o7
0L9EemPdXOCLYlixhmAW19hAbj46yarp9W4bwEVL9AFE6cJJn9sISijHp9lHbbA2
rZepGNq72nA42+BzzMlA62bIE7Q9ukhSDRG0Tjm4eElnAn3pNQy8qzVY2ENQZPh2
/pU277ZZrK3X+jj2dsH53Q27eiZe1Ca4xNR4+QCFs9fZphlXBL9ptfHsbahGbtLU
eTOyfH2+O50=
=lTt9
-----END PGP SIGNATURE-----
ESB-2022.2384 - [SUSE] gzip: CVSS (Max): 8.4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2384
Security update for gzip
17 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: gzip
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-1271
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221673-1
Comment: CVSS (Max): 8.4 CVE-2022-1271 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for gzip
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1673-1
Rating: important
References:
Affected Products:
HPE Helion Openstack 8
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP3-LTSS
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for gzip fixes the following issues:
o CVE-2022-1271: Add hardening for zgrep. (bsc#1198062)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1673=1
o SUSE OpenStack Cloud Crowbar 8:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1673=1
o SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1673=1
o SUSE OpenStack Cloud 8:
zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1673=1
o SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1673=1
o SUSE Linux Enterprise Server for SAP 12-SP3:
zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1673=1
o SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1673=1
o SUSE Linux Enterprise Server 12-SP3-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1673=1
o SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1673=1
o SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1673=1
o HPE Helion Openstack 8:
zypper in -t patch HPE-Helion-OpenStack-8-2022-1673=1
Package List:
o SUSE OpenStack Cloud Crowbar 9 (x86_64):
gzip-1.6-9.9.1
gzip-debuginfo-1.6-9.9.1
gzip-debugsource-1.6-9.9.1
o SUSE OpenStack Cloud Crowbar 8 (x86_64):
gzip-1.6-9.9.1
gzip-debuginfo-1.6-9.9.1
gzip-debugsource-1.6-9.9.1
o SUSE OpenStack Cloud 9 (x86_64):
gzip-1.6-9.9.1
gzip-debuginfo-1.6-9.9.1
gzip-debugsource-1.6-9.9.1
o SUSE OpenStack Cloud 8 (x86_64):
gzip-1.6-9.9.1
gzip-debuginfo-1.6-9.9.1
gzip-debugsource-1.6-9.9.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
gzip-1.6-9.9.1
gzip-debuginfo-1.6-9.9.1
gzip-debugsource-1.6-9.9.1
o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
gzip-1.6-9.9.1
gzip-debuginfo-1.6-9.9.1
gzip-debugsource-1.6-9.9.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
gzip-1.6-9.9.1
gzip-debuginfo-1.6-9.9.1
gzip-debugsource-1.6-9.9.1
o SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
gzip-1.6-9.9.1
gzip-debuginfo-1.6-9.9.1
gzip-debugsource-1.6-9.9.1
o SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
gzip-1.6-9.9.1
gzip-debuginfo-1.6-9.9.1
gzip-debugsource-1.6-9.9.1
o SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
gzip-1.6-9.9.1
gzip-debuginfo-1.6-9.9.1
gzip-debugsource-1.6-9.9.1
o HPE Helion Openstack 8 (x86_64):
gzip-1.6-9.9.1
gzip-debuginfo-1.6-9.9.1
gzip-debugsource-1.6-9.9.1
References:
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoL1fMkNZI30y1K9AQjOdRAAivlcQ93Hop1aUi5yasWuoc3rzSov7I6Q
aV4m38OJX1cqA+25JzRQhG5JjN5qZXYxVXx1njIFwfkqiOPtwmW/YswkYxS5/win
jN4IUlWbBcmnnKi7SxNw90qEqqo2AkksPlFyUchdCj8eIlQf9QFmH5zfWMHn/WnA
D1JgWzblm4F4HFDyBWQYmQEfVSJ3of4WRM1XEQVzq5fPLsvhYMQsxXrlMJSqUYqg
nHxCtLypZYKX3OSDzKiLsMUdb34ueEXR9wKAeNCB0fxMhwVSQ6QGbIc1G7sx3z9R
IDhlapwYswzB3tOmDB2QgtKdDMomDqzqPCjwWOt6yRMmghNt4VTl8EHsaeq0CiK3
Nol7EztPMr4JoUeSDf8vtMtjjhYQ/ZqR0k50FrZJrSvsM2Za4JyRN7nkOibrK2nr
RBzXigS7WIy3ny8qyG2Nrudypjio2yEkSA2RDS4tt0Xwis8/wBwHui9SKVjIKmBy
BzivnNDK/j4rKlDgE2cc/7BkNBdWPqKebihamIG587rOBf7jpRaZCYvmd6zyxBHL
uxACBeqR+2qk5KI4zdNkLhhC3o846J5WPboslxjugBqlAEEA8Lh5rXdyfu4chE5M
ne0ex5+OJjhP8MW1Lo68OPFOcm+xd6DggZSJ03x0v2Oj8q1Uv9g+cGDnMz3q8hyG
qa61Uzlzxck=
=e7tF
-----END PGP SIGNATURE-----
ESB-2022.2383 - [SUSE] gzip: CVSS (Max): 8.4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2383
Security update for gzip
17 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: gzip
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-1271
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221674-1
Comment: CVSS (Max): 8.4 CVE-2022-1271 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for gzip
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1674-1
Rating: important
References:
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for gzip fixes the following issues:
o CVE-2022-1271: Add hardening for zgrep. (bsc#1198062)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1674=1
o SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1674=1
o SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1674=1
o SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1674=1
o SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1674=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1674=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1674=1
o SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1674=1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1674=1
o SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-1674=1
o SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. I will
inform you if it detects new updates and let you then trigger updating of
the complete cluster in a controlled way.
Package List:
o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
gzip-1.10-150000.4.15.1
gzip-debuginfo-1.10-150000.4.15.1
gzip-debugsource-1.10-150000.4.15.1
o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
gzip-1.10-150000.4.15.1
gzip-debuginfo-1.10-150000.4.15.1
gzip-debugsource-1.10-150000.4.15.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
gzip-1.10-150000.4.15.1
gzip-debuginfo-1.10-150000.4.15.1
gzip-debugsource-1.10-150000.4.15.1
o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
gzip-1.10-150000.4.15.1
gzip-debuginfo-1.10-150000.4.15.1
gzip-debugsource-1.10-150000.4.15.1
o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
gzip-1.10-150000.4.15.1
gzip-debuginfo-1.10-150000.4.15.1
gzip-debugsource-1.10-150000.4.15.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64
x86_64):
gzip-1.10-150000.4.15.1
gzip-debuginfo-1.10-150000.4.15.1
gzip-debugsource-1.10-150000.4.15.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64
x86_64):
gzip-1.10-150000.4.15.1
gzip-debuginfo-1.10-150000.4.15.1
gzip-debugsource-1.10-150000.4.15.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
gzip-1.10-150000.4.15.1
gzip-debuginfo-1.10-150000.4.15.1
gzip-debugsource-1.10-150000.4.15.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
gzip-1.10-150000.4.15.1
gzip-debuginfo-1.10-150000.4.15.1
gzip-debugsource-1.10-150000.4.15.1
o SUSE Enterprise Storage 6 (aarch64 x86_64):
gzip-1.10-150000.4.15.1
gzip-debuginfo-1.10-150000.4.15.1
gzip-debugsource-1.10-150000.4.15.1
o SUSE CaaS Platform 4.0 (x86_64):
gzip-1.10-150000.4.15.1
gzip-debuginfo-1.10-150000.4.15.1
gzip-debugsource-1.10-150000.4.15.1
References:
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoL1Q8kNZI30y1K9AQjt5xAApJrVFzcy/oazq1nujUcdUzHetqpKzMBf
YYIQ6qEjV6QaQtusneLGqQ1jvMSXki3arbcIl8QGV5+84Pr/4qLvJUSLL4jQ1GIb
K/XuQ6uigHSiXKV+5BLBlxst7zdjrVM+bq2CsxksPpt962oyaBdWkYOgRymDLg8n
DTjzdlBFrHCeNXcMnGzdG7x4Mui0rGz/siRDmnN9OtPjprEG1OwMjOXaNcusUUEA
Z/5s9tGdGp6DNVGYPNV/X/x0TAC1y3l3BtE34EUY8nCMruueKPaI++5AVK7iqe5K
V4poMXg2lwmO/vzka5AH872DXgqzfxomAMdex/As6gBg3jNUSPI9vJ6OBw7bzpB9
YthRikFnTiJRcvGEj+jPe+QBkp1M/UfUPB/DMufFGWSMOjXVtCigtuQCB+SNVKhI
Ur2q29rXF+CaQWTe6QMNn7I/6v1g4L9VjT5QC/XriirWHnL9XDAB+Yn5g3DuG+jz
sXAf5VFl12IUZGeRLpVPNTiM9oRaV+ATARKNOs/hoNQmZM4R3kCYaoJKh54HmBn0
Bbe1mldlFSRYeL48NuKAcTNWCKyW7Cca65A3MZ4p3bipI+vk46CKZwrQPsTACNPy
sQbIMUTlgiqxfAystHbCSxWJXUqI1j8jCvytO7H/xi08PkzkQbeVAOUIf0ncrO7G
Y27uFCwdzxU=
=hbjG
-----END PGP SIGNATURE-----
ESB-2022.2382 - [SUSE] e2fsprogs: CVSS (Max): 7.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2382
Security update for e2fsprogs
17 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: e2fsprogs
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-1304
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221688-1
Comment: CVSS (Max): 7.0 CVE-2022-1304 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for e2fsprogs
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1688-1
Rating: important
References: #1198446
Cross-References: CVE-2022-1304
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.0
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Realtime Extension 15-SP2
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for e2fsprogs fixes the following issues:
o CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1688=1
o SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1688=1
o SUSE Manager Retail Branch Server 4.1:
zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1688=1
o SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1688=1
o SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1688=1
o SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1688=1
o SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1688=1
o SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1688=1
o SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1688=1
o SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1688=1
o SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1688=1
o SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1688=1
o SUSE Linux Enterprise Realtime Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1688=1
o SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1688=1
o SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1688=1
o SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1688=1
o SUSE Linux Enterprise Micro 5.0:
zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1688=1
o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1688=1
o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1688=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1688=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1688=1
o SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1688=1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1688=1
o SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-1688=1
o SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-1688=1
o SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. I will
inform you if it detects new updates and let you then trigger updating of
the complete cluster in a controlled way.
Package List:
o openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o openSUSE Leap 15.3 (x86_64):
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err-devel-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-32bit-1.43.8-150000.4.33.1
libext2fs2-32bit-1.43.8-150000.4.33.1
libext2fs2-32bit-debuginfo-1.43.8-150000.4.33.1
o SUSE Manager Server 4.1 (ppc64le s390x x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Manager Server 4.1 (x86_64):
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
o SUSE Manager Retail Branch Server 4.1 (x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Manager Proxy 4.1 (x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise Server for SAP 15 (x86_64):
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x
x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64
x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64
x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64
x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64
x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
o SUSE Enterprise Storage 7 (aarch64 x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Enterprise Storage 7 (x86_64):
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
o SUSE Enterprise Storage 6 (aarch64 x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
o SUSE Enterprise Storage 6 (x86_64):
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
o SUSE CaaS Platform 4.0 (x86_64):
e2fsprogs-1.43.8-150000.4.33.1
e2fsprogs-32bit-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debuginfo-1.43.8-150000.4.33.1
e2fsprogs-debugsource-1.43.8-150000.4.33.1
e2fsprogs-devel-1.43.8-150000.4.33.1
libcom_err-devel-1.43.8-150000.4.33.1
libcom_err-devel-static-1.43.8-150000.4.33.1
libcom_err2-1.43.8-150000.4.33.1
libcom_err2-32bit-1.43.8-150000.4.33.1
libcom_err2-32bit-debuginfo-1.43.8-150000.4.33.1
libcom_err2-debuginfo-1.43.8-150000.4.33.1
libext2fs-devel-1.43.8-150000.4.33.1
libext2fs-devel-static-1.43.8-150000.4.33.1
libext2fs2-1.43.8-150000.4.33.1
libext2fs2-debuginfo-1.43.8-150000.4.33.1
References:
o https://www.suse.com/security/cve/CVE-2022-1304.html
o https://bugzilla.suse.com/1198446
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoL1MskNZI30y1K9AQi2TQ/9HaxxYDh3BFUD34Peu2+lEUVXPYFplIAS
GwnIxT1oQdp5dDODjFwPaic1iI7iezvS65xE22vJb417gwF2XElx3QIklfR/DvIb
K8UXG2CL0Nb2rKj32bqD16is5guZ1svrvnoDbMiD8iUvzsfRUiVL4oDqFqaLJe8N
VI2Yq/2KZk1O1zgozHkZkCw1r3DWTcG53rP/g7rNZYZeJQLA251kF6SatR6tWK79
hai5cbxdEBPh7AtpwfCdsFdr4vsEFrKamiJB64SjMaVyJ8/uhmr1t6+1hSiraycz
KnZ33MCbyuljUhNyVxaMTYpaXmUvxe82XMuWbeQNRu19siwr3szidpSm2jk32Dv8
WGE/4gaVUYvgUmXw+dw1gSUZ8HQR3Sr/2QEE8yO0lqNokBivDY13wGkq+ZVKJVhm
CQ6WCgGjNhCAki+Lb7kPpYSWetCvfaajhvCQ3wgRtvQznXd+6bfFFg7Kv3gA3k1u
ZmN64eY0sRUnzRdpWfsi7zo2kmnHRO7c9XPymyrCNdEP05BeFOeYF2ns34K4G9J2
MVp6fNoDxhiUO8fAvEcjRtcMN7mX+zE3mcQN299PoiwY+DVOSDwkDG/vZevf2Mgh
F0g9u9ndB9PyWo5ZTL3DAg/9oi4haJf/0h+4Gf+pq9XPHDZ19x+W20q3vXfrXH5h
lgYNvG/0JoY=
=rYrw
-----END PGP SIGNATURE-----
ESB-2022.2381 - [SUSE] curl: CVSS (Max): 5.3
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2381
Security update for curl
17 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: curl
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-27776 CVE-2022-22576
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221680-1
Comment: CVSS (Max): 5.3 CVE-2022-27776 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for curl
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1680-1
Rating: moderate
References: #1198614 #1198766
Cross-References: CVE-2022-22576 CVE-2022-27776
Affected Products:
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for curl fixes the following issues:
o CVE-2022-27776: Fixed Auth/cookie leak on redirect (bsc#1198766)
o CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#
1198614)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1680=1
o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1680=1
Package List:
o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
s390x x86_64):
curl-debuginfo-7.60.0-11.37.1
curl-debugsource-7.60.0-11.37.1
libcurl-devel-7.60.0-11.37.1
o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
curl-7.60.0-11.37.1
curl-debuginfo-7.60.0-11.37.1
curl-debugsource-7.60.0-11.37.1
libcurl4-7.60.0-11.37.1
libcurl4-debuginfo-7.60.0-11.37.1
o SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
libcurl4-32bit-7.60.0-11.37.1
libcurl4-debuginfo-32bit-7.60.0-11.37.1
References:
o https://www.suse.com/security/cve/CVE-2022-22576.html
o https://www.suse.com/security/cve/CVE-2022-27776.html
o https://bugzilla.suse.com/1198614
o https://bugzilla.suse.com/1198766
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoL1IckNZI30y1K9AQi9mg//bduRmtMoPUDQAG5WHJlJvV2GyuEFsx75
hmEbK48uVKuLE6YEwaTpYHGpLK7YKNvdNhla6Hv3Xb+Yi6RgnzJ4zPeSs8nRmlk+
daJ0Z+9bPCVgjpVrlNsHeRTzYtRSKvNck9Jl+ro68th+HA0oUHuM1nzRQyxiMvLu
KvRcz9747bVzhQn7OaqETeQc0iszm7+S7O2cAQkIU0a8altvqXjl3iNio9uBkiV6
xq4jvaIDAflhDpRuBw8dc4jdkQGWTjzU+Yj/lFxtWXAOi6yfkF0qHyO3fzDKilPU
mGQ/m847F2A47hXKZCNIgryUW31SZLOPgH7gg0Hq8L7tHY8LvxKBI5O7IWdflHAA
hFeBNlhpt21MsVEZoiGyhWVG//zlvfMj3PQPuSQ9+EO41lG+sg6eWgnUQyAC5JRX
5BC0u6p1Joys4H34cZJ9GW/YzDbm9hoDyvkx+8BX2qdzm1tSRe1mgpui6rZeAWWp
uykyebDFuYdEvHQT4wYphK6uL2kLF7l4RzjNhpbkVJ3PFtLFN2b0DF5Eus7IUavk
fAvdr9hkewgnAq7p3a26gn4++tNeE99qnUNyzBE+SMhs5uLoJDdnqcpjPcOgVk5B
yjGEHsbBeY5xzLPAfsnhkiTPlwS9/RPWIiNYV1jGFwx0YcRZ3rbayf+uZANQ+ztZ
njN9bmgZDro=
=aNho
-----END PGP SIGNATURE-----
ESB-2022.2380 - [SUSE] containerd, docker: CVSS (Max): 7.5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2380
Security update for containerd, docker
17 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: containerd, docker
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-27191 CVE-2022-24769 CVE-2022-23648
CVE-2021-43565
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221689-1
Comment: CVSS (Max): 7.5 CVE-2022-27191 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for containerd, docker
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1689-1
Rating: important
References: #1193930 #1196441 #1197284 #1197517
Cross-References: CVE-2021-43565 CVE-2022-23648 CVE-2022-24769 CVE-2022-27191
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.0
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Containers 15-SP3
SUSE Linux Enterprise Module for Containers 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for containerd, docker fixes the following issues:
o CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#
1197517).
o CVE-2022-23648: Fixed directory traversal issue (bsc#1196441).
o CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#
1197284).
o CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext
packet (bsc#1193930).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1689=1
o openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1689=1
o SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1689=1
o SUSE Manager Retail Branch Server 4.1:
zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1689=1
o SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1689=1
o SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1689=1
o SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1689=1
o SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1689=1
o SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1689=1
o SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1689=1
o SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1689=1
o SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1689=1
o SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1689=1
o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1689=
1
o SUSE Linux Enterprise Module for Containers 15-SP4:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-1689=1
o SUSE Linux Enterprise Module for Containers 15-SP3:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-1689=1
o SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1689=1
o SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1689=1
o SUSE Linux Enterprise Micro 5.0:
zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1689=1
o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1689=1
o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1689=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1689=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1689=1
o SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1689=1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1689=1
o SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-1689=1
o SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-1689=1
o SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. I will
inform you if it detects new updates and let you then trigger updating of
the complete cluster in a controlled way.
Package List:
o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
docker-kubic-20.10.14_ce-150000.163.1
docker-kubic-debuginfo-20.10.14_ce-150000.163.1
docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1
o openSUSE Leap 15.4 (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
docker-fish-completion-20.10.14_ce-150000.163.1
docker-kubic-bash-completion-20.10.14_ce-150000.163.1
docker-kubic-fish-completion-20.10.14_ce-150000.163.1
docker-kubic-zsh-completion-20.10.14_ce-150000.163.1
docker-zsh-completion-20.10.14_ce-150000.163.1
o openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
docker-kubic-20.10.14_ce-150000.163.1
docker-kubic-debuginfo-20.10.14_ce-150000.163.1
docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1
o openSUSE Leap 15.3 (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
docker-fish-completion-20.10.14_ce-150000.163.1
docker-kubic-bash-completion-20.10.14_ce-150000.163.1
docker-kubic-fish-completion-20.10.14_ce-150000.163.1
docker-kubic-zsh-completion-20.10.14_ce-150000.163.1
docker-zsh-completion-20.10.14_ce-150000.163.1
o SUSE Manager Server 4.1 (ppc64le s390x x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Manager Server 4.1 (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE Manager Retail Branch Server 4.1 (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE Manager Retail Branch Server 4.1 (x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Manager Proxy 4.1 (x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Manager Proxy 4.1 (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Server for SAP 15 (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Server 15-LTSS (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Server 15-LTSS (s390x):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64
ppc64le s390x x86_64):
containerd-ctr-1.5.11-150000.68.1
o SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x
x86_64):
containerd-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Module for Containers 15-SP4 (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x
x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Module for Containers 15-SP3 (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
docker-fish-completion-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
containerd-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
containerd-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64):
containerd-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64
x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64
x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64
x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64
x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Enterprise Storage 7 (aarch64 x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Enterprise Storage 7 (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE Enterprise Storage 6 (aarch64 x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE Enterprise Storage 6 (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
o SUSE CaaS Platform 4.0 (x86_64):
containerd-1.5.11-150000.68.1
containerd-ctr-1.5.11-150000.68.1
docker-20.10.14_ce-150000.163.1
docker-debuginfo-20.10.14_ce-150000.163.1
o SUSE CaaS Platform 4.0 (noarch):
docker-bash-completion-20.10.14_ce-150000.163.1
References:
o https://www.suse.com/security/cve/CVE-2021-43565.html
o https://www.suse.com/security/cve/CVE-2022-23648.html
o https://www.suse.com/security/cve/CVE-2022-24769.html
o https://www.suse.com/security/cve/CVE-2022-27191.html
o https://bugzilla.suse.com/1193930
o https://bugzilla.suse.com/1196441
o https://bugzilla.suse.com/1197284
o https://bugzilla.suse.com/1197517
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoL1DskNZI30y1K9AQhfWw/+OmkPfe3Hak6lzLrN9l5/jk2MbhQcJnut
XiiFCuYGoO6mc9MAQ19ZtLbeYwt2rXp8fz4FqoWAIhp6VV/I7xNzAUkMJI/CpjcX
H3QxB3Q7TyATZTpmZaA9RuDLF6O7IO+a6BVGN8uFOkP1O2++E0J5vYlKQ6Nk8CQV
jqDsufyFytyFayyTUrGHn3GQmCLONCLOaOQ1c4jFqAmyPYRogh+CseaYqvKdpfvX
QuvxvRbje1OjBYA2NuM1SA37zP9X9AlmGd6JY1zKzlct+ZjtSaI0G3NW9vtruYYk
UEo5P+cZCIomtMpSqxO6UZ6cJsd2gzftlseQeZ2G0MvqVEfM21gB1ihqFLOnkJdm
cHjMJaJzU/XGwXdpsRCHJ0pSoScF49Q3CT0pw1Kcsnl04MrdVyzaSgXEg1GGRW8t
FRZH/RO1AdDEcuIC+6zXsLcRDzDblXb7zWTppkIQSx8+wKRXycAl/IUo9G0j+7tI
SPHadMPIBFdXu7PKKxQnPDbSRAJ+xkgRMrQF9KnJpqtV5BvDMCFSIJuGF5+Vwr+e
D2MOEWnf6edB4wMQ3gUSUk4r52m6mL6cpK9AqkS6yQa8tzdeSgzb40cafZZLw6oH
sxYgWd7zbQipG7vCkxzkEJnmVtqEUbW7iVpkIj7k/axGMVBX/769WiLnu75VPxwi
JEp67JMtvYM=
=dmlr
-----END PGP SIGNATURE-----
ESB-2022.2379 - [Win][UNIX/Linux] Apache Tomcat: CVSS (Max): 8.6
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2379
CVE-2022-25762 Apache Tomcat - Request Mix-up
16 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Apache Tomcat
Publisher: Apache Software Foundation
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Resolution: Patch/Upgrade
CVE Names: CVE-2022-25762
Original Bulletin:
https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c
Comment: CVSS (Max): 8.6 CVE-2022-25762 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)
CVSS Source: Red Hat
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
- --------------------------BEGIN INCLUDED TEXT--------------------
CVE-2022-25762 Apache Tomcat - Request Mix-up
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.20
Apache Tomcat 8.5.0 to 8.5.75
Description:
If a web application sends a WebSocket message concurrently with the
WebSocket connection closing, it is possible that the application will
continue to use the socket after it has been closed. The error handling
triggered in this case could cause the a pooled object to be placed in
the pool twice. This could result in subsequent connections using the
same object concurrently which could result in data being returned to
the wrong use and/or other errors.
Mitigation:
Users of the affected versions should apply one of the following
mitigations:
- - Upgrade to Apache Tomcat 9.0.21 or later
- - Upgrade to Apache Tomcat 8.5.76 or later
History:
2022-05-12 Original advisory
Credit:
This issue was identified by the Apache Tomcat security team.
References:
[1] https://tomcat.apache.org/security-9.html
[2] https://tomcat.apache.org/security-8.html
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoHiK8kNZI30y1K9AQhKnQ/8D1jwSZrjurUfBJhe1Zx/k5/FOgwQep+Y
kl8TbII37PZMRWRuNJFctlBgNWuylyRMgOYHgKciDwOeCc+UPCkVFLqpnEGojcne
KpooctAstXLlhcLrzBOiO8uZeuO5F43/jONK3Y+Th99nD4eyFj2as1q+w85fg8xL
XgAHQw+ilGSbyz2FRUe88REdgFcZUegyZHlHQJlkjbyvWRt4w28DkjCwea8PWjZA
PdnONKrCo2DKWjF3p1K3Nm7Ji3UxlA9uYuQMiAevK/hZfpProRDF8vae0j9I6vta
SLvv7uPKbF8ohim53qSD4ui77UoHJGUXfzljpFCSOQVkaTYDpOFNVenb48ifQH4/
W7RbhmuTRc68Zaymubx7nulymY2+G7D2YFFG3H3iU3oIgmx6thpWoF911M09HxKK
7m/uCfpwiUmKsp5wJUksQtU7XjbwIOPJpGnC483m54ZrAoDBbVnHyIxSTGM3CPXs
TOjUwe5CTHe0nBCmrRDNW9EEWx3arKHg3n2YSyvjrJMQbL/R/GtXrmK4qmduLuhQ
+JobbKBVktoXwwYeSil2nptr2bj2nPme5ThoLJDqQ64LQs8yjmUq+3iRCorcQHft
wogyMZ2OTj4Ds1JpxjXNFZBDpR7139SdsWTmHjw5qULqLL5AXzPxT6j5QlOrBOhX
8IjXlxYfEjM=
=KEis
-----END PGP SIGNATURE-----
ESB-2022.2378 - [Win][Linux][IBM i][HP-UX][Solaris][AIX][Mac] WebSphere Application Server: CVSS (Max): 3.1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2378
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable
to an Information Disclosure (CVE-2022-22393)
16 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: WebSphere Application Server
Publisher: IBM
Operating System: Windows
Linux variants
HP-UX
AIX
IBM i
Solaris
macOS
z/OS
Resolution: Patch/Upgrade
CVE Names: CVE-2022-22393
Original Bulletin:
https://www.ibm.com/support/pages/node/6585704
Comment: CVSS (Max): 3.1 CVE-2022-22393 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVSS Source: IBM
Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
- --------------------------BEGIN INCLUDED TEXT--------------------
IBM WebSphere Application Server Liberty is vulnerable to an Information
Disclosure (CVE-2022-22393)
Document Information
Document number : 6585704
Modified date : 12 May 2022
Product : WebSphere Application Server
Component : Liberty
Software version : Liberty
Operating system(s): AIX
HP-UX
IBM i
Linux
Solaris
Windows
z/OS
Mac OS
Edition : Liberty
Summary
IBM WebSphere Application Server Liberty is vulnerable to an information
disclosure with the adminCenter-1.0 feature enabled. This has been addressed.
Vulnerability Details
CVEID: CVE-2022-22393
DESCRIPTION: IBM WebSphere Application Server Liberty, with the adminCenter-1.0
feature configured, could allow an authenticated user to issue a request to
obtain the status of HTTP/HTTPS ports which are accessible by the application
server.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
222078 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
+----------------------------------------+-----------------+
|Affected Product(s) |Version(s) |
+----------------------------------------+-----------------+
|IBM WebSphere Application Server Liberty|17.0.0.3-22.0.0.5|
+----------------------------------------+-----------------+
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by applying a
currently available interim fix or fix pack that contains the APAR PH45086 . To
determine if a feature is enabled for IBM WebSphere Application Server Liberty,
refer to How to determine if Liberty is using a specific feature .
For IBM WebSphere Application Server Liberty 17.0.0.3 - 22.0.0.5 using the
adminCenter-1.0 feature:
. Upgrade to minimal fix pack levels as required by interim fix and then apply
Interim Fix PH45086
- --OR--
. Apply Liberty Fix Pack 22.0.0.6 or later (targeted availability 2Q2022).
Additional interim fixes may be available and linked off the interim fix
download page.
Workarounds and Mitigations
None
To determine if a feature is enabled for IBM WebSphere Application Server
Liberty, refer to How to determine if Liberty is using a specific feature .
Change History
12 May 2022: Initial Publication
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoHKfckNZI30y1K9AQhgEg/9G0okGjpyHC7udOSyTXm6uN0JlrRJiX0/
JTSKibcU7tsf+RGrY5v7ja9Vv9YFMh/x4vTHJrPxepRCzny120M1G7LPMZ6UpKT/
lo0Iote8rCf5zu5wISC6hJ8JrZKSg1dSBwCKgCBXKJgBGFoQGzqiaHttwQ4O24ht
jm44EmdIeVYpUNIZrxfTufkMLXe3rAeNtfgJryTSyzUi1BL6Lno6HdThKbszl2fu
Iert65mJOCJWP1J8BBQdvXgOdQKB9FVl/EHA91SheAbD50xmLqEynW7ozwTfXlua
l9zIOLgAdadIbYZZ3v5b9n0yNzPS5/IyErF3NUf8xOiuNX3UlhSY2vzpu+Yx1fXY
Ol2v6M+ZHXyC0Y+PL4cGCZPikly2LcVJI5C3ik3Bpcre9TOxPbXq5qqrgR/85pw+
ZMS8zAb7vLxPjR7CP3OGAi9MrzGezB+U3a60Hm6fHtvQeCTSMNkife3UHkEvNzaz
KmSBydln0UtK3Qlb+W3wQmpY1IKPw9AHgzXEWFUA6frH21n6h5BUa4Tb7NqUy/+m
7LadheLECLk1GIUb6YkThoM1o5q8Pz+TpYmYfZxUaRRylrUXR1bTVVtjoHRTuEuY
jZvn7LWTROtPG3ApnTUzs69PUPnDG/TOHwRjwD2ED4gpGZNx6LFrb3hkZzi0qqty
sr0yMBrTWiA=
=Sup+
-----END PGP SIGNATURE-----
ESB-2022.2377 - [RedHat] subversion:1.10: CVSS (Max): 7.5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2377
subversion:1.10 security update
16 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: subversion:1.10
Publisher: Red Hat
Operating System: Red Hat
Resolution: Patch/Upgrade
CVE Names: CVE-2022-24070
Original Bulletin:
https://access.redhat.com/errata/RHSA-2022:2236
Comment: CVSS (Max): 7.5 CVE-2022-24070 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS Source: Red Hat
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: subversion:1.10 security update
Advisory ID: RHSA-2022:2236-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:2236
Issue date: 2022-05-12
CVE Names: CVE-2022-24070
=====================================================================
1. Summary:
An update for the subversion:1.10 module is now available for Red Hat
Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
Subversion (SVN) is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a hierarchy of
files and directories while keeping a history of all changes.
Security Fix(es):
* subversion: Subversion's mod_dav_svn is vulnerable to memory corruption
(CVE-2022-24070)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, for the update to take effect, you
must restart the httpd daemon, if you are using mod_dav_svn, and the
svnserve daemon, if you are serving Subversion repositories via the svn://
protocol.
5. Bugs fixed (https://bugzilla.redhat.com/):
2074772 - CVE-2022-24070 subversion: Subversion's mod_dav_svn is vulnerable to memory corruption
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.2):
Source:
libserf-1.3.9-9.module+el8.2.0+9887+08558108.src.rpm
subversion-1.10.2-3.module+el8.2.0+15168+f36597c9.src.rpm
utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.src.rpm
aarch64:
libserf-1.3.9-9.module+el8.2.0+9887+08558108.aarch64.rpm
libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.aarch64.rpm
libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.aarch64.rpm
mod_dav_svn-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm
mod_dav_svn-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm
subversion-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm
subversion-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm
subversion-debugsource-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm
subversion-devel-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm
subversion-devel-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm
subversion-gnome-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm
subversion-gnome-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm
subversion-libs-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm
subversion-libs-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm
subversion-perl-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm
subversion-perl-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm
subversion-tools-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm
subversion-tools-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm
utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.aarch64.rpm
utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.aarch64.rpm
utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.aarch64.rpm
noarch:
subversion-javahl-1.10.2-3.module+el8.2.0+15168+f36597c9.noarch.rpm
ppc64le:
libserf-1.3.9-9.module+el8.2.0+9887+08558108.ppc64le.rpm
libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.ppc64le.rpm
libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.ppc64le.rpm
mod_dav_svn-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm
mod_dav_svn-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm
subversion-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm
subversion-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm
subversion-debugsource-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm
subversion-devel-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm
subversion-devel-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm
subversion-gnome-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm
subversion-gnome-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm
subversion-libs-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm
subversion-libs-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm
subversion-perl-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm
subversion-perl-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm
subversion-tools-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm
subversion-tools-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm
utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.ppc64le.rpm
utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.ppc64le.rpm
utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.ppc64le.rpm
s390x:
libserf-1.3.9-9.module+el8.2.0+9887+08558108.s390x.rpm
libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.s390x.rpm
libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.s390x.rpm
mod_dav_svn-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm
mod_dav_svn-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm
subversion-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm
subversion-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm
subversion-debugsource-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm
subversion-devel-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm
subversion-devel-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm
subversion-gnome-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm
subversion-gnome-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm
subversion-libs-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm
subversion-libs-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm
subversion-perl-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm
subversion-perl-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm
subversion-tools-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm
subversion-tools-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm
utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.s390x.rpm
utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.s390x.rpm
utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.s390x.rpm
x86_64:
libserf-1.3.9-9.module+el8.2.0+9887+08558108.x86_64.rpm
libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.x86_64.rpm
libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.x86_64.rpm
mod_dav_svn-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm
mod_dav_svn-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm
subversion-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm
subversion-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm
subversion-debugsource-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm
subversion-devel-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm
subversion-devel-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm
subversion-gnome-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm
subversion-gnome-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm
subversion-libs-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm
subversion-libs-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm
subversion-perl-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm
subversion-perl-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm
subversion-tools-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm
subversion-tools-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm
utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.x86_64.rpm
utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.x86_64.rpm
utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-24070
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYn3iatzjgjWX9erEAQhybhAAnCLwKUV8Qd0P8bMoriwLdUGnpK41vAmm
fOGrmwAd09DNs/HW/8eum8jjjuEVUx/n+Vp0A8BMa2hDqJ+Zm+dSq++A0pGSgr2/
CGBn3BsyM+uyGapkKLYrHCqnD6arvck2CaEtDNyl0/FmI6ZyOLB0g9gkADTit4me
qMKrZs303c2udoP5JriRdQ1yFJKVLkt32ssmljsJBUzbIMmt3zZAH0r640wMq5vZ
AVdRxrIgmKkToAUD5frD7WzF60hvQ5bBGkXXdjWBDnDTOscWXksiTuucTxTzEfh5
qNlb5I09oPgIZsp563Ry+BYzd8VqVCFXOu90L7UyBVJZbn6/Y/WO9jZ8SmXza+0Z
tPeR2mUPeNKQ8NOFxFuzCnN+reOfyKzCeRfUR/7FvQ5FxcrymgWpeOUkUIfjUaCR
fymyByBdfxfn3YalL/WD2V0i6VEHlbfKdrn6/Wk1gP0jtsf11Avz94ydkZxo0Cv6
IAZfQmkcAKdYjQ/93dDEFalqqADOD+bOjaBizWfRcLHo+h+SL1MjxSo9l8cL2Y0i
ly1o4XnyxMk+SyZbe4v2coVLKuDGpUUxT0YwSplyvedX1ULVYRWvi/Q86Mh9rPmf
39fsdM62D/mLOTiNy3JIn2gS0ir3yRDr1Y1GkZE6SLMJxFOY9+RSVvYhTLCLSLv3
Q5krjcKXb3o=
=C+KB
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoHKdckNZI30y1K9AQgFYQ//Vez98AdiU3NQR4sImzVk0JoQsPCFquq5
98fc7c85DVlNq5U7nGsxDOnsiZ3JVDfsQICXRPGEvkUpRe/yV2FID0QrBjV5SpST
T8v/rvgyf/CyI1LBiT2KtAuSy5hYEECeyrOWTZBG9BehOoCM1tBnOpAEwmij6XR+
av64bW+y1yqFXjmEgtsfNniEuv4vk6g59PRbyabmRhb5hMr5hItOUcwmgjKxofw6
8Gi5HP1egvKuPCod++09aLXlGJJA+S3aa2huwwpZzAXADR0arXtLbBMjISkuXIQQ
mRdS8z90kmez8eUWPjkyITKpJqYQGB1QXXDLtz1LZMgEUfQK2N4xsh47uzlt0qPL
Na0/vB3a6Wx84vrKdlaQvLBcAq1FpaF4rqd884OjpdOGMSE/PL1jS8Z8Tgc5zT42
rA7MtpUjG24nnLiwYr4mOFC9klPHQsLs6xq08z+2K/DL4KW5pu8gHHfpM+T77TtB
SmmK8U/zJW5Afe7WtPBfJqGlDboOTMLeg6qaxVVFaah0wRur/PJAmD4RDn52218w
NYo9CxlOa+9DzccNEidUoWnoBwYu3x2jYz7BTYuJXBqwMAxnvV33qN4B6BkoCap5
KdDQpab57oqR6frAJgE1D6fO9TThbTt2XIPmASn+wrUDC/+VahA7MFaa8ItZ/KS4
Mm1ClX7NppQ=
=Z5hQ
-----END PGP SIGNATURE-----