SUSE-IU-2024:347-1 SUSE Image security@suse.de SUSE Security Team SUSE Image SUSE-IU-2024:347-1 Interim 1 1 2024-11-27T15:04:16Z current 2024-04-27T01:00:00Z 2024-04-27T01:00:00Z cve-database/bin/generate-cvrf-publiccloud.pl 2021-02-18T01:00:00Z Image update for SUSE-IU-2024:347-1 / google/sles-15-sp5-sap-v20240427-x86-64 This image update for google/sles-15-sp5-sap-v20240427-x86-64 contains the following changes: Package SAPHanaSR was updated: - Version bump to 0.162.3 * Fix the hexdump log for empty node states * catch monitor calls for non-cloned resources and report them as unsupported instead of 'command not found' (bsc#1218333) * fix scope of variable 'site' to be global (bsc#1219194) * susChkSrv.py - relocate function logTimestamp() * update man pages: SAPHanaSR.7 ocf_suse_SAPHana.7 SAPHanaSR_maintenance_examples.7 SAPHanaSR.py.7 SAPHanaSR-showAttr.8 Package 000release-packages:SLES_SAP-release was updated: Package aaa_base was updated: - silence the output in the case of broken symlinks (bsc#1218232) - fix git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch to actually apply - replace git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch by git-47-056fc66c699a8544c7692a03c905fca568f5390b.patch * fix the issues from bsc#1107342 and bsc#1215434 and just use the settings from update-alternatives to set JAVA_HOME Package audit-secondary was updated: - Fix plugin termination when using systemd service units (bsc#1215377) * add auditd.service-fix-plugin-termination.patch Package autofs was updated: - autofs-5.1.8-dont-use-initgroups-at-spawn.patch Don't use initgroups at spawn (bsc#1214710, bsc#1221181) Package bind was updated: - Update to release 9.16.48 Feature Changes: * The IP addresses for B.ROOT-SERVERS.NET have been updated to 170.247.170.2 and 2801:1b8:10::b. Security Fixes: * Validating DNS messages containing a lot of DNSSEC signatures could cause excessive CPU load, leading to a denial-of-service condition. This has been fixed. (CVE-2023-50387) [bsc#1219823] * Preparing an NSEC3 closest encloser proof could cause excessive CPU load, leading to a denial-of-service condition. This has been fixed. (CVE-2023-50868) [bsc#1219826] * Parsing DNS messages with many different names could cause excessive CPU load. This has been fixed. (CVE-2023-4408) [bsc#1219851] * Specific queries could cause named to crash with an assertion failure when nxdomain-redirect was enabled. This has been fixed. (CVE-2023-5517) [bsc#1219852] * A bad interaction between DNS64 and serve-stale could cause named to crash with an assertion failure, when both of these features were enabled. This has been fixed. (CVE-2023-5679) [bsc#1219853] * Query patterns that continuously triggered cache database maintenance could cause an excessive amount of memory to be allocated, exceeding max-cache-size and potentially leading to all available memory on the host running named being exhausted. This has been fixed. (CVE-2023-6516) [bsc#1219854] Removed Features: * Support for using AES as the DNS COOKIE algorithm (cookie-algorithm aes;) has been deprecated and will be removed in a future release. Please use the current default, SipHash-2-4, instead. Package ca-certificates was updated: - Update to version 2+git20240416.98ae794 (bsc#1221184): * Use flock to serialize calls (boo#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed Package cloud-netconfig was updated: - Update to version 1.14 + Use '-s' instead of '--no-progress-meter' for curl (bsc#1221757) - Add version settings to Provides/Obsoletes - Update to version 1.12 (bsc#1221202) + If token access succeeds using IPv4 do not use the IPv6 endpoint only use the IPv6 IMDS endpoint if IPv4 access fails. - Add Provides/Obsoletes for dropped cloud-netconfig-nm - Install dispatcher script into /etc/NetworkManager/dispatcher.d on older distributions - Add BuildReqires: NetworkManager to avoid owning dispatcher.d parent directory - Update to version 1.11: + Revert address metadata lookup in GCE to local lookup (bsc#1219454) + Fix hang on warning log messages + Check whether getting IPv4 addresses from metadata failed and abort if true + Only delete policy rules if they exist + Skip adding/removing IPv4 ranges if metdata lookup failed + Improve error handling and logging in Azure + Set SCRIPTDIR when installing netconfig wrapper - Update to version 1.10: + Drop cloud-netconfig-nm sub package and include NM dispatcher script in main packages (bsc#1219007) + Spec file cleanup - Update to version 1.9: + Drop package dependency on sysconfig-netconfig + Improve log level handling + Support IPv6 IMDS endpoint in EC2 (bsc#1218069) Package cloud-regionsrv-client was updated: - Update to version 10.1.7 (bsc#1220164, bsc#1220165) + Fix the failover path to a new target update server. At present a new server is not found since credential validation fails. We targeted the server detected in down condition to verify the credentials instead of the replacement server. - Update EC2 plugin to 1.0.4 (bsc#1219156, bsc#1219159) + Fix the algorithm to determine the region from the availability zone information retrieved from IMDS. - Update to version 10.1.6 + Support specifying an IPv6 address for a manually configured target update server. Package kernel-default was updated: - KVM: x86: Export RFDS_NO and RFDS_CLEAR to guests (bsc#1213456 CVE-2023-28746).- commit 7f00c86 - x86/rfds: Mitigate Register File Data Sampling (RFDS) (bsc#1213456 CVE-2023-28746). - commit ee70608 - Documentation/hw-vuln: Add documentation for RFDS (bsc#1213456 CVE-2023-28746). - commit c955133 - bpf: Fix re-attachment branch in bpf_tracing_prog_attach (bsc#1220254 CVE-2024-26591). - commit fc948d3 - selftests/bpf: Add test for alu on PTR_TO_FLOW_KEYS (bsc#1220255 CVE-2024-26589). - bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255 CVE-2024-26589). - commit 8a833ce - tls: fix race between tx work scheduling and socket close (CVE-2024-26585 bsc#1220187). - commit 1306bff - kabi: restore return type of dst_ops::gc() callback (CVE-2023-52340 bsc#1219295). - ipv6: remove max_size check inline with ipv4 (CVE-2023-52340 bsc#1219295). - commit b8eec42 - netfilter: nf_tables: fix 64-bit load issue in nft_byteorder_eval() (CVE-2024-0607 bsc#1218915). - netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() (CVE-2024-0607 bsc#1218915). - commit e095cd0 - netfilter: nft_set_pipapo: skip inactive elements during set walk (CVE-2023-6817 bsc#1218195). - commit 4032aa7 - tomoyo: fix UAF write bug in tomoyo_write_control() (bsc#1220825 CVE-2024-26622). - commit c8e5b38 - btrfs: fix double free of anonymous device after snapshot creation failure (bsc#1219126 CVE-2024-23850). - commit 257a534 - btrfs: do not ASSERT() if the newly created subvolume already got read (bsc#1219126 CVE-2024-23850). - commit a2ac581 - bpf: Minor cleanup around stack bounds (bsc#1220257 CVE-2023-52452). - bpf: Fix accesses to uninit stack slots (bsc#1220257 CVE-2023-52452). - bpf: Guard stack limits against 32bit overflow (git-fixes). - bpf: Fix verification of indirect var-off stack access (git-fixes). - bpf: Minor cleanup around stack bounds (bsc#1220257 CVE-2023-52452). - bpf: Fix accesses to uninit stack slots (bsc#1220257 CVE-2023-52452). - bpf: Add some comments to stack representation (bsc#1220257 CVE-2023-52452). - Refresh patches.kabi/kABI-fix-bpf-Tighten-ptr_to_btf_id-checks.patch - bpf: Guard stack limits against 32bit overflow (git-fixes). - bpf: Fix verification of indirect var-off stack access (git-fixes). - bpf: Minor logging improvement (bsc#1220257). - commit 7d03125 - serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350 CVE-2023-52457). - commit c82f528 - serial: imx: fix tx statemachine deadlock (bsc#1220364 CVE-2023-52456). - commit cd9f92c - powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1220250,CVE-2023-52451). - commit fdc7254 - Update patch reference for input fix (CVE-2021-46932 bsc#1220444) - commit e44e0b1 - usb: dwc3: gadget: Ignore End Transfer delay on teardown (git-fixes). - Refresh patches.suse/usb-dwc3-gadget-Add-1ms-delay-after-end-transfer-com.patch. - commit 251cd08 - tomoyo: fix UAF write bug in tomoyo_write_control() (git-fixes). - wifi: nl80211: reject iftype change with mesh ID change (git-fixes). - usb: dwc3: gadget: Don't disconnect if not started (git-fixes). - wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes). - usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes). - usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes). - spi: sh-msiof: avoid integer overflow in constants (git-fixes). - wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes). - wifi: cfg80211: fix missing interfaces when dumping (git-fixes). - usb: dwc3: gadget: Queue PM runtime idle on disconnect event (git-fixes). - usb: dwc3: gadget: Handle EP0 request dequeuing properly (git-fixes). - usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes). - tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE (git-fixes). - watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 (git-fixes). - wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update (git-fixes). - wifi: cfg80211: free beacon_ies when overridden from hidden BSS (git-fixes). - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes). - wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices (git-fixes). - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (git-fixes). - wifi: rt2x00: restart beacon queue when hardware reset (git-fixes). - wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes). - wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() (git-fixes). - wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range (git-fixes). - usb: dwc3: gadget: Refactor EP0 forced stall/restart into a separate API (git-fixes). - usb: dwc3: gadget: Submit endxfer command if delayed during disconnect (git-fixes). - commit 8b4f9a3 - power: supply: bq27xxx-i2c: Do not free non existing IRQ (git-fixes). - mmc: sdhci-xenon: add timeout for PHY init complete (git-fixes). - mmc: sdhci-xenon: fix PHY init clock stability (git-fixes). - mmc: core: Fix eMMC initialization with 1-bit bus connection (git-fixes). - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes). - mtd: spinand: gigadevice: Fix the get ecc status issue (git-fixes). - nouveau: fix function cast warnings (git-fixes). - media: ir_toy: fix a memleak in irtoy_tx (git-fixes). - media: rc: bpf attach/detach requires write permission (git-fixes). - mmc: slot-gpio: Allow non-sleeping GPIO ro (git-fixes). - regulator: pwm-regulator: Add validity checks in continuous .get_voltage (git-fixes). - platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet (git-fixes). - spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected (git-fixes). - PCI: switchtec: Fix stdev_release() crash after surprise hot remove (git-fixes). - PCI: Fix 64GT/s effective data rate calculation (git-fixes). - PCI: Only override AMD USB controller if required (git-fixes). - PCI/AER: Decode Requester ID when no error info found (git-fixes). - media: ddbridge: fix an error code problem in ddb_probe (git-fixes). - mmc: mmc_spi: remove custom DMA mapped buffers (git-fixes). - mmc: core: Use mrq.sbc in close-ended ffu (git-fixes). - PCI: Add no PM reset quirk for NVIDIA Spectrum devices (git-fixes). - pstore/ram: Fix crash when setting number of cpus to an odd number (git-fixes). - PNP: ACPI: fix fortify warning (git-fixes). - regulator: core: Only increment use_count when enable_count changes (git-fixes). - PM: core: Remove unnecessary (void *) conversions (git-fixes). - serial: 8250: Remove serial_rs485 sanitization from em485 (git-fixes). - PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (git-fixes). - commit 9894050 - gpio: fix resource unwinding order in error path (git-fixes). - commit f4d7f82 - gpiolib: Fix the error path order in gpiochip_add_data_with_key() (git-fixes). - commit 9367441 - Update patches.suse/i2c-Fix-a-potential-use-after-free.patch (git-fixes bsc#1220409 CVE-2019-25162). Add bug and CVE references. - commit 6df4ebd - Input: iqs269a - switch to DEFINE_SIMPLE_DEV_PM_OPS() and pm_sleep_ptr() (git-fixes). - Refresh patches.suse/Input-iqs269a-do-not-poll-during-suspend-or-resume.patch. - commit 7360a05 - i2c: imx: Add timer for handling the stop condition (git-fixes). - Refresh patches.suse/i2c-imx-Make-sure-to-unregister-adapter-on-remove.patch. - commit 3a3d0f8 - gpio: 74x164: Enable output pins after registers are reset (git-fixes). - efi/capsule-loader: fix incorrect allocation size (git-fixes). - fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes). - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected (git-fixes). - i2c: imx: when being a target, mark the last read as processed (git-fixes). - i2c: i801: Fix block process call transactions (git-fixes). - iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP (git-fixes). - firewire: core: send bus reset promptly on gap count error (git-fixes). - efi: Don't add memblocks for soft-reserved memory (git-fixes). - hwmon: (coretemp) Enlarge per package core count limit (git-fixes). - Input: xpad - add Lenovo Legion Go controllers (git-fixes). - gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 (git-fixes). - fbdev: sis: Error out if pixclock equals zero (git-fixes). - fbdev: savage: Error out if pixclock equals zero (git-fixes). - libsubcmd: Fix memory leak in uniq() (git-fixes). - iio: adc: ad7091r: Set alert bit in config register (git-fixes). - i3c: master: cdns: Update maximum prescaler value for i2c clock (git-fixes). - leds: trigger: panic: Don't register panic notifier if creating the trigger failed (git-fixes). - media: rockchip: rga: fix swizzling for RGB formats (git-fixes). - media: stk1160: Fixed high volume of stk1160_dbg messages (git-fixes). - i2c: i801: Remove i801_set_block_buffer_mode (git-fixes). - HID: apple: Add 2021 magic keyboard FN key mapping (git-fixes). - HID: apple: Add support for the 2021 Magic Keyboard (git-fixes). - commit 0f0032c - dmaengine: ptdma: use consistent DMA masks (git-fixes). - dmaengine: fsl-qdma: init irq after reg initialization (git-fixes). - dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read (git-fixes). - Revert &quot;drm/amd/pm: resolve reboot exception for si oland&quot; (git-fixes). - drm/buddy: fix range bias (git-fixes). - drm/amd/display: Fix memory leak in dm_sw_fini() (git-fixes). - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set (git-fixes). - drm/ttm: Fix an invalid freeing on already freed page in error path (git-fixes). - drm/amd/display: Preserve original aspect ratio in create stream (git-fixes). - Revert &quot;drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz&quot; (git-fixes). - drm/prime: Support page array &gt;= 4GB (git-fixes). - efi: runtime: Fix potential overflow of soft-reserved region size (git-fixes). - drm/amd/display: Increase frame-larger-than for all display_mode_vba files (git-fixes). - drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes). - drm/amdgpu: skip to program GFXDEC registers for suspend abort (git-fixes). - dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA (git-fixes). - dmaengine: ti: edma: Add some null pointer checks to the edma_probe (git-fixes). - drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes). - dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes). - dmaengine: shdma: increase size of 'dev_id' (git-fixes). - commit 61b82a0 - ALSA: Drop leftover snd-rtctimer stuff from Makefile (git-fixes). - ALSA: firewire-lib: fix to check cycle continuity (git-fixes). - Bluetooth: qca: Fix wrong event type for patch config command (git-fixes). - Bluetooth: Enforce validation on max value of connection interval (git-fixes). - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST (git-fixes). - Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR (git-fixes). - Bluetooth: hci_sync: Fix accept_list when attempting to suspend (git-fixes). - Bluetooth: Avoid potential use-after-free in hci_error_reset (git-fixes). - Bluetooth: hci_sync: Check the correct flag before starting a scan (git-fixes). - ALSA: hda/realtek: fix mute/micmute LED For HP mt645 (git-fixes). - ALSA: hda/conexant: Add quirk for SWS JS201D (git-fixes). - ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 (git-fixes). - ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument (git-fixes). - bus: moxtet: Add spi device table (git-fixes). - Bluetooth: L2CAP: Fix possible multiple reject send (git-fixes). - crypto: stm32/crc32 - fix parsing list of devices (git-fixes). - crypto: octeontx2 - Fix cptvf driver cleanup (git-fixes). - crypto: api - Disallow identical driver names (git-fixes). - commit a409ffd - ALSA: usb-audio: Ignore clock selector errors for single connection (git-fixes). - ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL (git-fixes). - ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads (git-fixes). - ALSA: usb-audio: Check presence of valid altsetting control (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx (git-fixes). - ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power (git-fixes). - ahci: asm1166: correct count of reported ports (git-fixes). - ACPI: extlog: fix NULL pointer dereference check (git-fixes). - ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events (git-fixes). - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop (git-fixes). - ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1 and iMac12,2 (git-fixes). - ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad X131e (3371 AMD version) (git-fixes). - ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3 (git-fixes). - ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA (git-fixes). - ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA (git-fixes). - ACPI: resource: Add ASUS model S5402ZA to quirks (git-fixes). - commit 728134a - efivarfs: force RO when remounting if SetVariable is not supported (bsc#1220328 CVE-2023-52463). - commit 6239d33 - kABI: bpf: map_fd_put_ptr() signature kABI workaround (bsc#1220251 CVE-2023-52447). - kABI: bpf: struct bpf_map kABI workaround (bsc#1220251 CVE-2023-52447). - selftests/bpf: Test outer map update operations in syscall program (bsc#1220251 CVE-2023-52447). - selftests/bpf: Add test cases for inner map (bsc#1220251 CVE-2023-52447). - bpf: Defer the free of inner map when necessary (bsc#1220251 CVE-2023-52447). - Refresh patches.suse/kABI-padding-for-bpf.patch - bpf: Set need_defer as false when clearing fd array during map free (bsc#1220251 CVE-2023-52447). - bpf: Add map and need_defer parameters to .map_fd_put_ptr() (bsc#1220251 CVE-2023-52447). - bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers (bsc#1220251 CVE-2023-52447). - rcu-tasks: Provide rcu_trace_implies_rcu_gp() (bsc#1220251 CVE-2023-52447). - commit b7359fc - btrfs: fix double free of anonymous device after snapshot creation failure (bsc#1219126 CVE-2024-23850). - commit f8ba729 - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238 CVE-2023-52449). - commit c132b67 - fs/mount_setattr: always cleanup mount_kattr (bsc#1220457 CVE-2021-46923). - commit 89afe2f - kABI: bpf: map_fd_put_ptr() signature kABI workaround (bsc#1220251 CVE-2023-52447). - kABI: bpf: struct bpf_map kABI workaround (bsc#1220251 CVE-2023-52447). - kABI: bpf: map_fd_put_ptr() signature kABI workaround (bsc#1220251 CVE-2023-52447). - kABI: bpf: struct bpf_map kABI workaround (bsc#1220251 CVE-2023-52447). - commit bec1c61 - selftests/bpf: Test outer map update operations in syscall program (bsc#1220251 CVE-2023-52447). - selftests/bpf: Add test cases for inner map (bsc#1220251 CVE-2023-52447). - bpf: Defer the free of inner map when necessary (bsc#1220251 CVE-2023-52447). - Refresh patches.suse/kABI-padding-for-bpf.patch - bpf: Set need_defer as false when clearing fd array during map free (bsc#1220251 CVE-2023-52447). - bpf: Add map and need_defer parameters to .map_fd_put_ptr() (bsc#1220251 CVE-2023-52447). - bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers (bsc#1220251 CVE-2023-52447). - rcu-tasks: Provide rcu_trace_implies_rcu_gp() (bsc#1220251 CVE-2023-52447). - selftests/bpf: Test outer map update operations in syscall program (bsc#1220251 CVE-2023-52447). - selftests/bpf: Add test cases for inner map (bsc#1220251 CVE-2023-52447). - bpf: Defer the free of inner map when necessary (bsc#1220251 CVE-2023-52447). - Refresh patches.suse/kABI-padding-for-bpf.patch - bpf: Set need_defer as false when clearing fd array during map free (bsc#1220251 CVE-2023-52447). - bpf: Add map and need_defer parameters to .map_fd_put_ptr() (bsc#1220251 CVE-2023-52447). - bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers (bsc#1220251 CVE-2023-52447). - rcu-tasks: Provide rcu_trace_implies_rcu_gp() (bsc#1220251 CVE-2023-52447). - commit aa6db76 - Update patch reference for HID fix (CVE-2023-52478 bsc#1220796) - commit 4aec836 - Update patch reference for input fix (CVE-2023-52475 bsc#1220649) - commit 00a87c8 - topology/sysfs: Add PPIN in sysfs under cpu topology (jsc#PED-7618). - Refresh patches.suse/drivers-base-fix-userspace-break-from-using-bin_attr.patch. - commit e74360b - topology/sysfs: Add format parameter to macro defining &quot;show&quot; functions for proc (jsc#PED-7618). - Refresh patches.suse/drivers-base-fix-userspace-break-from-using-bin_attr.patch. - commit 978a12d - x86/cpu: X86_FEATURE_INTEL_PPIN finally has a CPUID bit (jsc#PED-7618). - Refresh patches.suse/x86-speculation-disable-rrsba-behavior.patch. - commit f7bed0d - KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache (bsc#1220326, CVE-2024-26598). - commit 74fd0dd - scsi: lpfc: Replace deprecated strncpy() with strscpy() (bsc#1220021). - scsi: lpfc: Copyright updates for 14.4.0.0 patches (bsc#1220021). - scsi: lpfc: Update lpfc version to 14.4.0.0 (bsc#1220021). - scsi: lpfc: Change lpfc_vport load_flag member into a bitmask (bsc#1220021). - scsi: lpfc: Change lpfc_vport fc_flag member into a bitmask (bsc#1220021). - scsi: lpfc: Protect vport fc_nodes list with an explicit spin lock (bsc#1220021). - scsi: lpfc: Change nlp state statistic counters into atomic_t (bsc#1220021). - scsi: lpfc: Remove shost_lock protection for fc_host_port shost APIs (bsc#1220021). - scsi: lpfc: Move handling of reset congestion statistics events (bsc#1220021). - scsi: lpfc: Save FPIN frequency statistics upon receipt of peer cgn notifications (bsc#1220021). - scsi: lpfc: Add condition to delete ndlp object after sending BLS_RJT to an ABTS (bsc#1220021). - scsi: lpfc: Fix failure to delete vports when discovery is in progress (bsc#1220021). - scsi: lpfc: Remove NLP_RCV_PLOGI early return during RSCN processing for ndlps (bsc#1220021). - scsi: lpfc: Allow lpfc_plogi_confirm_nport() logic to execute for Fabric nodes (bsc#1220021). - scsi: lpfc: Remove D_ID swap log message from trace event logger (bsc#1220021). - scsi: lpfc: Use sg_dma_len() API to get struct scatterlist's length (bsc#1220021). - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021). - scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() (bsc#1220021). - scsi: lpfc: Use PCI_HEADER_TYPE_MFD instead of literal (bsc#1220021). - PCI: Add PCI_HEADER_TYPE_MFD definition (bsc#1220021). - commit 41ec061 - x86/fpu: Stop relying on userspace for info to fault in xsave buffer (bsc#1220335, CVE-2024-26603). - commit 4cbbdbf - Update patch reference for NFC fix (CVE-2021-46924 bsc#1220459) - commit 8ac32a8 - RAS/AMD/ATL: Fix bit overflow in denorm_addr_df4_np2() (git-fixes). - commit 71868f2 - media: pvrusb2: fix use after free on context disconnection (CVE-2023-52445 bsc#1220241). - commit e4643a5 - RAS: Introduce a FRU memory poison manager (jsc#PED-7618). - commit 62d6d3a - RAS/AMD/ATL: Add MI300 row retirement support (jsc#PED-7618). - Delete patches.suse/EDAC-amd64-Add-MI300-row-retirement-support.patch. - commit 3cc5727 - uio: Fix use-after-free in uio_open (bsc#1220140 CVE-2023-52439). - commit fbf52b1 - apparmor: avoid crash when parsed profile name is empty (CVE-2023-52443 bsc#1220240). - commit 732bc93 - ntfs: check overflow when iterating ATTR_RECORDs (git-fixes). - commit c9fe433 - ntfs: fix use-after-free in ntfs_attr_find() (git-fixes). - commit 6df2cbb - xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes). - commit fcba050 - xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes). - commit 86da8f9 - fs: dlm: fix build with CONFIG_IPV6 disabled (git-fixes). - commit 595274a - nilfs2: replace WARN_ONs for invalid DAT metadata block requests (git-fixes). - commit 8b6113c - nilfs2: fix data corruption in dsync block recovery for small block sizes (git-fixes). - commit 3bf00f7 - jfs: fix array-index-out-of-bounds in diNewExt (git-fixes). - commit 95bef1f - jfs: fix uaf in jfs_evict_inode (git-fixes). - commit d7a8248 - jfs: fix array-index-out-of-bounds in dbAdjTree (git-fixes). - commit e676b4f - jfs: fix slab-out-of-bounds Read in dtSearch (git-fixes). - commit fc7d276 - UBSAN: array-index-out-of-bounds in dtSplitRoot (git-fixes). - commit bcf9251 - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (git-fixes). - commit 9b22efe - afs: Increase buffer size in afs_update_volume_status() (git-fixes). - commit dd84cc3 - afs: Hide silly-rename files from userspace (git-fixes). - commit 3ff836d - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-fixes). - commit c7a2b9c - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (git-fixes). - commit 4fa847b - btrfs: do not ASSERT() if the newly created subvolume already got read (bsc#1219126 CVE-2024-23850). - commit 087f1fb - Update patches.suse/sched-membarrier-reduce-the-ability-to-hammer-on-sys.patch (git-fixes, bsc1220398, CVE-2024-26602). - commit 7349e3e - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450). - commit edd994d - i2c: i801: Fix block process call transactions (bsc#1220009 CVE-2024-26593). - commit 1b64da9 - RDMA/core: Fix uninit-value access in ib_get_eth_speed() (bsc#1219934). - commit 3ebf8e4 - mlxsw: spectrum_acl_tcam: Fix stack corruption (bsc#1220243 CVE-2024-26586). - mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path (bsc#1220344 CVE-2024-26595). - commit 6e8b589 - EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330, CVE-2023-52464) - commit 369d1fd - RDMA/core: Get IB width and speed from netdev (bsc#1219934). - commit 24279f3 - KVM: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393). - commit 72fd28e - Update config files. Cleanup with run_oldconfig.sh - commit ef734e5 - KVM: s390: fix setting of fpc register (git-fixes bsc#1220392). - commit 8d2ffe7 - supported.conf: remove external flag from IBM supported modules. (bsc#1209412) - commit a25e99f - arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata (git-fixes) - commit 7e2b55c - arm64: irq: set the correct node for shadow call stack (git-fixes) - commit b343796 - arm64: irq: set the correct node for VMAP stack (git-fixes) - commit f682ae8 - blacklist.conf: (&quot;arm64: lib: Import latest version of Arm Optimized Routines' strncmp&quot;) - commit 88ead84 - Refresh sorted patches. - commit 9f45380 - powerpc/pseries: Set CPU_FTR_DBELL according to ibm,pi-features (bsc#1220348). - powerpc/pseries: Add a clear modifier to ibm,pa/pi-features parser (bsc#1220348). - commit 7e988f6 - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs (git-fixes). - usb: cdns3: fix memory double free when handle zero packet (git-fixes). - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-fixes). - usb: roles: don't get/set_role() when usb_role_switch is unregistered (git-fixes). - usb: roles: fix NULL pointer issue when put module's reference (git-fixes). - usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers (git-fixes). - usb: cdnsp: blocked some cdns3 specific code (git-fixes). - USB: serial: option: add Fibocom FM101-GL variant (git-fixes). - USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e (git-fixes). - USB: serial: cp210x: add ID for IMST iM871A-USB (git-fixes). - commit 6aacbee - s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317). - commit 3d0908e - md: bypass block throttle for superblock update (bsc#1220154, CVE-2023-52437). - commit 3b94bb4 - cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267). - commit 9bb720c - gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253 CVE-2023-52448). - commit 12cdab5 - platform/x86: thinkpad_acpi: Only update profile if successfully converted (git-fixes). - platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names (git-fixes). - commit d153a3a - USB: gadget: core: adjust uevent timing on gadget unbind (git-fixes). - commit e3b30d8 - blacklist.conf: entry for usb/gadget/udc/core that has been reverted - commit 50292b0 - mm,page_owner: Update Documentation regarding page_owner_stacks (jsc-PED#7423). - commit 96f4587 - mm,page_owner: Filter out stacks by a threshold (jsc-PED#7423). - commit e683246 - mm,page_owner: Display all stacks and their count (jsc-PED#7423). - commit cfad590 - mm,page_owner: Implement the tracking of the stacks count (jsc-PED#7423). - commit 4c2de65 - mm,page_owner: Maintain own list of stack_records structs (jsc-PED#7423). - commit 91e49cb - scsi: ibmvfc: Open-code reset loop for target reset (bsc#1220106). - commit 8ab46b6 - scsi: ibmvfc: Limit max hw queues by num_online_cpus() (bsc#1220106). - commit 648a1af - lib/stackdepot: Move stack_record struct definition into the header (jsc-PED#7423). - commit 6077ffb - lib/stackdepot: Fix first entry having a 0-handle (jsc-PED#7423). - commit 992fd7d - lib/stackdepot: add refcount for records (jsc-PED#7423). - commit 714c529 - sched/membarrier: reduce the ability to hammer on sys_membarrier (git-fixes). - commit 050cced - lib/stackdepot: add depot_fetch_stack helper (jsc-PED#7423). - commit 2786362 - RDMA/srpt: fix function pointer cast warnings (git-fixes) - commit dac438c - RDMA/qedr: Fix qedr_create_user_qp error flow (git-fixes) - commit b146859 - RDMA/srpt: Support specifying the srpt_service_guid parameter (git-fixes) - commit 8d48d24 - IB/hfi1: Fix sdma.h tx-&gt;num_descs off-by-one error (git-fixes) - commit da3f72a - RDMA/irdma: Add AE for too many RNRS (git-fixes) - commit f63a394 - RDMA/irdma: Set the CQ read threshold for GEN 1 (git-fixes) - commit 3b512eb - RDMA/irdma: Validate max_send_wr and max_recv_wr (git-fixes) - commit 98f2343 - RDMA/irdma: Fix KASAN issue with tasklet (git-fixes) - commit 83211d5 - RDMA/bnxt_re: Add a missing check in bnxt_qplib_query_srq (git-fixes) - commit 675dc2d - RDMA/bnxt_re: Return error for SRQ resize (git-fixes) - commit c51f388 - IB/hfi1: Fix a memleak in init_credit_return (git-fixes) - commit 2afc750 - x86/mm: Fix memory encryption features advertisement (bsc#1206453). - commit 143c33b - rpm/check-for-config-changes: add GCC_ASM_GOTO_OUTPUT_WORKAROUND to IGNORED_CONFIGS_RE Introduced by commit 68fb3ca0e408 (&quot;update workarounds for gcc &quot;asm goto&quot; issue&quot;). - commit be1bdab - net: openvswitch: limit the number of recursions from action sets (bsc#1219835 CVE-2024-1151). - commit ed2fd55 - scsi: core: Move scsi_host_busy() out of host lock if it is for per-command (git-fixes). - commit 65a3d05 - mfd: syscon: Fix null pointer dereference in of_syscon_register() (git-fixes). - commit ac6a500 - powerpc/64: Set task pt_regs-&gt;link to the LR value on scv entry (bsc#1194869). - powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869). - powerpc/watchpoints: Annotate atomic context in more places (bsc#1194869). - powerpc/watchpoint: Disable pagefaults when getting user instruction (bsc#1194869). - powerpc/watchpoints: Disable preemption in thread_change_pc() (bsc#1194869). - powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT (bsc#1194869). - powerpc: Don't include lppaca.h in paca.h (bsc#1194869). - powerpc/powernv: Fix fortify source warnings in opal-prd.c (bsc#1194869). - commit 148ec5a - modpost: trim leading spaces when processing source files list (git-fixes). - kbuild: Fix changing ELF file type for output of gen_btf for big endian (git-fixes). - irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update (git-fixes). - irqchip/irq-brcmstb-l2: Add write memory barrier before exit (git-fixes). - driver core: Fix device_link_flag_is_sync_state_only() (git-fixes). - iio: accel: bma400: Fix a compilation problem (git-fixes). - staging: iio: ad5933: fix type mismatch regression (git-fixes). - iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC (git-fixes). - iio: core: fix memleak in iio_device_register_sysfs (git-fixes). - commit 55c0c3a - compute-PATCHVERSION: Do not produce output when awk fails compute-PATCHVERSION uses awk to produce a shell script that is subsequently executed to update shell variables which are then printed as the patchversion. Some versions of awk, most notably bysybox-gawk do not understand the awk program and fail to run. This results in no script generated as output, and printing the initial values of the shell variables as the patchversion. When the awk program fails to run produce 'exit 1' as the shell script to run instead. That prevents printing the stale values, generates no output, and generates invalid rpm spec file down the line. Then the problem is flagged early and should be easier to diagnose. - commit 8ef8383 - Drop bcm5974 input patch causing a regression (bsc#1220030) - commit cdfe144 - nvme-fabrics: fix I/O connect error handling (git-fixes). - commit 1cf32dd - scsi: fnic: Move fnic_fnic_flush_tx() to a work queue (git-fixes bsc#1219141). - scsi: Revert &quot;scsi: fcoe: Fix potential deadlock on &amp;fip-&gt;ctlr_lock&quot; (git-fixes bsc#1219141). - scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler (git-fixes). - scsi: isci: Fix an error code problem in isci_io_request_build() (git-fixes). - scsi: mpi3mr: Refresh sdev queue depth after controller reset (git-fixes). - commit bb93e52 - scsi: hisi_sas: Prevent parallel FLR and controller reset (git-fixes). - Refresh patches.suse/scsi-hisi_sas-Replace-with-standard-error-code-return-value.patch. - commit 90473ca - drm/amdgpu/display: Initialize gamma correction mode variable in dcn30_get_gamcor_current() (git-fixes). - drm/amd/display: Fix possible NULL dereference on device remove/driver unload (git-fixes). - Revert &quot;drm/amd: flush any delayed gfxoff on suspend entry&quot; (git-fixes). - drm/amd/display: Fix possible buffer overflow in 'find_dcfclk_for_voltage()' (git-fixes). - drm/crtc: fix uninitialized variable use even harder (git-fixes). - nouveau/svm: fix kvcalloc() argument order (git-fixes). - can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) (git-fixes). - wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-fixes). - wifi: iwlwifi: Fix some error codes (git-fixes). - spi-mxs: Fix chipselect glitch (git-fixes). - spi: ppc4xx: Drop write-only variable (git-fixes). - HID: wacom: generic: Avoid reporting a serial of '0' to userspace (git-fixes). - HID: wacom: Do not register input devices until after hid_hw_start (git-fixes). - hwmon: (coretemp) Fix bogus core_id to attr name mapping (git-fixes). - hwmon: (coretemp) Fix out-of-bounds memory access (git-fixes). - hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes). - drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-fixes). - drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case (git-fixes). - drm/msms/dp: fixed link clock divider bits be over written in BPC unknown case (git-fixes). - drm/i915/gvt: Fix uninitialized variable in handle_mmio() (git-fixes). - atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes). - crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked (git-fixes). - commit 8c41a3a - ALSA: usb-audio: More relaxed check of MIDI jack names (git-fixes). - ASoC: SOF: IPC3: fix message bounds on ipc ops (git-fixes). - ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() (git-fixes). - ALSA: hda/realtek: cs35l41: Fix order and duplicates in quirks table (git-fixes). - ALSA: hda/realtek: cs35l41: Fix device ID / model name (git-fixes). - ALSA: usb-audio: Sort quirk table entries (git-fixes). - ALSA: usb-audio: add quirk for RODE NT-USB+ (git-fixes). - ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision (git-fixes). - ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter (git-fixes). - commit 4ee9775 - x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes). - commit 515312a - KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes). - KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes). - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). Also add mds_user_clear to kABI severities since it's strictly mitigation related so should be low risk. - x86/entry_32: Add VERW just before userspace transition (git-fixes). - x86/entry_64: Add VERW just before userspace transition (git-fixes). - x86/bugs: Add asm helpers for executing VERW (git-fixes). - commit f298aab - netfs, fscache: Prevent Oops in fscache_put_cache() (bsc#1220003). - commit 70831f5 - mm: memory-failure: fix potential unexpected return value from unpoison_memory() (git-fixes). - commit 4c346fc - netfilter: nf_tables: disallow rule removal from chain binding (bsc#1218216 CVE-2023-5197). - commit dcfc62f - netfilter: nf_tables: skip bound chain in netns release path (bsc#1218216 CVE-2023-5197). - commit 29d741f - netfilter: nf_tables: disallow rule removal from chain binding (bsc#1218216 CVE-2023-5197). - commit d7a1a4d - netfilter: nf_tables: skip bound chain in netns release path (bsc#1218216 CVE-2023-5197). - commit af879c8 - mm/hwpoison: fix unpoison_memory() (bsc#1218663). - commit e5b6bde - mm/hwpoison: remove MF_MSG_BUDDY_2ND and MF_MSG_POISONED_HUGE (bsc#1218663). - commit d6fa958 - mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663). - commit 177fcfa - net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127 CVE-2024-23849). - commit 43577c1 - Refresh patches.suse/scsi-lpfc-use-unsigned-type-for-num_sge.patch. - commit 6b5c8aa - USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT (bsc#1218527). - Delete patches.suse/usb-otg-numberpad-exception.patch. Removal of temporary work around - commit 51410f7 - blacklist.conf: irrelevant in our configs - commit 011570e - dm: limit the number of targets and parameter size area (bsc#1219827, bsc#1219146, CVE-2023-52429, CVE-2024-23851). - commit 26dc83e - usb: cdns3: Modify the return value of cdns_set_active () to void when CONFIG_PM_SLEEP is disabled (git-fixes). - Refresh patches.kabi/usb-cdns-readd-old-API.patch. - commit f63fe1f - usb: cdns: readd old API (git-fixes). - commit e63cfaf - usb: gadget: f_hid: fix report descriptor allocation (git-fixes). - commit b1aee6d - Refresh patches.suse/USB-dwc2-write-HCINT-with-INTMASK-applied.patch. moved into sorted section - commit 19ade31 - usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes). - commit e5f0b82 - usb: cdns3: Put the cdns set active part outside the spin lock (git-fixes). - commit 86f2eb0 - USB: Gadget: core: Help prevent panic during UVC unconfigure (git-fixes). - commit 00fdbf2 - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - commit 4803ff6 - usb: gadget: udc: Handle gadget_connect failure during bind operation (git-fixes). - commit 70218de - USB: gadget: core: Add missing kerneldoc for vbus_work (git-fixes). - commit 25e9543 - usb: gadget: udc: core: Prevent soft_connect_store() race (git-fixes). - commit eb5f8ac - usb: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes). - commit 7a7bf5a - blacklist.conf: changed reason The old reason applied only to SP4. However this patch by coincidence still needs to be blacklisted in SP5 for a completely different reason - commit 5f8bebe - USB: gadget: Fix obscure lockdep violation for udc_mutex (git-fixes). - Refresh patches.suse/USB-gadget-Fix-use-after-free-during-usb-config-swit.patch. - commit a8658e1 - USB: gadget: Fix use-after-free Read in usb_udc_uevent() (git-fixes). - commit 6205e50 - s390/qeth: Fix potential loss of L3-IP@ in case of network issues (git-fixes bsc#1219840). - commit 4987d16 - KVM: s390: fix cc for successful PQAP (git-fixes bsc#1219839). - commit 47fbb44 - Add reference to recently released CVE - Update patches.suse/x86-entry-convert-int-0x80-emulation-to-idtentry.patch (bsc#1217927 CVE-2024-25744). - Update patches.suse/x86-entry-do-not-allow-external-0x80-interrupts.patch (bsc#1217927 CVE-2024-25744). - commit 1dc32d2 - nvme-host: fix the updating of the firmware version (git-fixes). - commit 27cca59 - arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD (bsc#1219443) - commit 8b0cea9 - arm64: entry: Simplify tramp_alias macro and tramp_exit routine (bsc#1219443) - commit 713244d - arm64: entry: Preserve/restore X29 even for compat tasks (bsc#1219443) - commit 2aa2cc1 - Refresh patches.suse/EDAC-amd64-Use-new-AMD-Address-Translation-Library.patch. Fix following error when building kvmsmall config by removing left over declaration: [ 216s] In file included from ../arch/x86/kernel/cpu/mce/core.c:52:0: [ 216s] ../arch/x86/include/asm/mce.h:366:1: error: duplicate 'static' [ 216s] static inline void mce_hygon_feature_init(struct cpuinfo_x86 *c) { return mce_amd_feature_init(c); } [ 216s] ^~~~~~ [ 216s] ../arch/x86/include/asm/mce.h:366:15: error: two or more data types in declaration specifiers [ 216s] static inline void mce_hygon_feature_init(struct cpuinfo_x86 *c) { return mce_amd_feature_init(c); } [ 216s] ^~~~ [ 216s] ../arch/x86/include/asm/mce.h: In function 'mce_hygon_feature_init': [ 216s] ../arch/x86/include/asm/mce.h:366:75: error: void value not ignored as it ought to be [ 216s] static inline void mce_hygon_feature_init(struct cpuinfo_x86 *c) { return mce_amd_feature_init(c); } [ 216s] ^~~~~~~~~~~~~~~~~~~~~~~ [ 216s] ../arch/x86/include/asm/mce.h:366:50: error: control reaches end of non-void function [-Werror=return-type] [ 216s] static inline void mce_hygon_feature_init(struct cpuinfo_x86 *c) { return mce_amd_feature_init(c); } - commit 7015e17 - arm64: errata: Add Cortex-A510 speculative unprivileged load (bsc#1219443) Enable workaround. - commit 72bb690 - arm64: Rename ARM64_WORKAROUND_2966298 (bsc#1219443) - Update config files. - Refresh caps file - commit 12d16a6 - arm64: errata: Add Cortex-A520 speculative unprivileged load (bsc#1219443) Enable workaround without kABI break. - Update config files. - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 2067234 - arm64: errata: Mitigate Ampere1 erratum AC03_CPU_38 at stage-2 (git-fixes) Enable AMPERE_ERRATUM_AC03_CPU_38 workaround without kABI break - Update config files - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 4d24e79 - Refresh patches.suse/EDAC-amd64-Use-new-AMD-Address-Translation-Library.patch. Fix build due to incomplete line removal - commit 720d084 - vhost: use kzalloc() instead of kmalloc() followed by memset() (CVE-2024-0340, bsc#1218689). - commit 4c5a740 - README.BRANCH: Update cve/linux-5.14 maintainers Add myself to match SLE15-SP5 consumer + fix typo in branch name. - commit da26653 - Refresh patches.suse/nfsd-fix-RELEASE_LOCKOWNER.patch. Accidentally removed nfs4_get_stateowner - commit ad106c0 - Bluetooth: Fix atomicity violation in {min,max}_key_size_set (git-fixes bsc#1219608 CVE-2024-24860). - commit a1186fd - Update patches.suse/Bluetooth-Fix-atomicity-violation-in-min-max-_key_si.patch (git-fixes bsc#1219608 CVE-2024-24860). - commit dedfe8a - README.BRANCH: update branch name to cve/linux-5.14, update maintainers as requested - commit 8e34879 - rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) They are put into -devel subpackage. And a proper link to /usr/share/gdb/auto-load/ is created. - commit 1dccf2a - EDAC/amd64: Add MI300 row retirement support (jsc#PED-7618). - commit fb688f3 - RAS/AMD/ATL: Add MI300 DRAM to normalized address translation support (jsc#PED-7618). - commit a26a502 - RAS/AMD/ATL: Fix array overflow in get_logical_coh_st_fabric_id_mi300() (jsc#PED-7618). - commit 83df5af - RAS/AMD/ATL: Add MI300 support (jsc#PED-7618). - commit 761e3c8 - Documentation: RAS: Add index and address translation section (jsc#PED-7618). - commit d6e1334 - EDAC/amd64: Use new AMD Address Translation Library (jsc#PED-7618). - commit f1baba4 - RAS: Introduce AMD Address Translation Library (jsc#PED-7618). - commit d6ad6ba - netfilter: nf_tables: check if catch-all set element is active in next generation (CVE-2024-1085 bsc#1219429). - commit 7b3f4c4 - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (CVE-2024-1086 bsc#1219434). - commit 5f917ff - fs: indicate request originates from old mount API (git-fixes). - commit 8ccbbb1 - tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes). - commit 36d0f04 - fs: Fix error checking for d_hash_and_lookup() (git-fixes). - commit b1a5e63 - attr: block mode changes of symlinks (git-fixes). - commit c0d7be1 - eventfd: prevent underflow for eventfd semaphores (git-fixes). - commit 3a099ca - kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR (git-fixes). - commit 5156b80 - shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs (git-fixes). - commit a75bdfb - fs: drop peer group ids under namespace lock (git-fixes). - commit b6028f3 - nsfs: add compat ioctl handler (git-fixes). - commit 38694b2 - aio: fix mremap after fork null-deref (git-fixes). - commit 22e33d9 - fs: don't audit the capability check in simple_xattr_list() (git-fixes). - commit 5b6e2cc - mm: fs: initialize fsdata passed to write_begin/write_end interface (git-fixes). - commit af45b4c - fs: sendfile handles O_NONBLOCK of out_fd (git-fixes). - commit 088d52b - vfs: make freeze_super abort when sync_filesystem returns error (git-fixes). - commit 6a3b59b - fs/mount_setattr: always cleanup mount_kattr (git-fixes). - commit 113e698 - Update patches.suse/drm-amdgpu-Fix-potential-fence-use-after-free-v2.patch (bsc#1219128 CVE-2023-51042 git-fixes). - commit 4b937fc - drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()' (git-fixes). - drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' (git-fixes). - drm/amdgpu: Release 'adev-&gt;pm.fw' before return in 'amdgpu_device_need_post()' (git-fixes). - drm/amdgpu: Fix with right return code '-EIO' in 'amdgpu_gmc_vram_checking()' (git-fixes). - drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' (git-fixes). - drm/amdkfd: Fix lock dependency warning with srcu (git-fixes). - drm/amdkfd: Fix lock dependency warning (git-fixes). - ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 (git-fixes). - ALSA: hda: Refer to correct stream index at loops (git-fixes). - drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' (git-fixes). - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (git-fixes). - drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()' (git-fixes). - drm/amdgpu: Let KFD sync with VM fences (git-fixes). - drm/amdgpu: Fix ecc irq enable/disable unpaired (git-fixes). - drm/amd/display: make flip_timestamp_in_us a 64-bit variable (git-fixes). - drm: using mul_u32_u32() requires linux/math64.h (git-fixes). - drm/msm/dpu: fix writeback programming for YUV cases (git-fixes). - drm/msm/dpu: Ratelimit framedone timeout msgs (git-fixes). - drm/msm/dsi: Enable runtime PM (git-fixes). - drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap (git-fixes). - drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (git-fixes). - drm/framebuffer: Fix use of uninitialized variable (git-fixes). - drm/panel-edp: Add override_edid_mode quirk for generic edp (git-fixes). - drm/amd/display: Fix tiled display misalignment (git-fixes). - commit 3c1f8a7 - rpm/mkspec: sort entries in _multibuild Otherwise it creates unnecessary diffs when tar-up-ing. It's of course due to readdir() using &quot;random&quot; order as served by the underlying filesystem. See for example: https://build.opensuse.org/request/show/1144457/changes - commit d1155de - Revert &quot;tracing: Increase trace array ref count on enable and filter files&quot; (bsc#1219490). Deleted: patches.suse/tracing-Increase-trace-array-ref-count-on-enable-and-filter-files.patch patches.suse/tracing-Fix-uaf-issue-when-open-the-hist-or-hist_debug-file.patch patches.suse/tracing-Have-event-inject-files-inc-the-trace-array-ref-count.patch Backported commit f5ca233e2e66 (&quot;tracing: Increase trace array ref count on enable and filter files&quot;) causes a kernel panic and its upstream fix-up bb32500fb9b7 (&quot;tracing: Have trace_event_file have ref counters&quot;) cannot be easily backported because it affects kABI. Revert the commit and its two related + dependent patches, at least for now. - commit b75b68d - fs: Move notify_change permission checks into may_setattr (git-fixes). - commit 9c54f53 - blacklist.conf: add 'nvme: fix error-handling for io_uring nvme-passthrough' - commit 580a5ab - nvme-rdma: Fix transfer length when write_generate/read_verify are 0 (git-fixes). - commit b0bd240 - nvme: trace: avoid memcpy overflow warning (git-fixes). - nvmet: re-fix tracing strncpy() warning (git-fixes). - nvme: fix max_discard_sectors calculation (git-fixes). - nvme-pci: fix sleeping function called from interrupt context (git-fixes). - nvme: introduce helper function to get ctrl state (git-fixes). - nvme-pci: add BOGUS_NID for Intel 0a54 device (git-fixes). - commit 45d7afe - scsi: lpfc: Update lpfc version to 14.2.0.17 (bsc#1219582). - scsi: lpfc: Move determination of vmid_flag after VMID reinitialization completes (bsc#1219582). - scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC (bsc#1219582). - scsi: lpfc: Change VMID driver load time parameters to read only (bsc#1219582). - commit bb7c841 - ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION (bsc#1219568). - commit 5e28675 - misc: fastrpc: Mark all sessions as invalid in cb_remove (git-fixes). - serial: max310x: fail probe if clock crystal is unstable (git-fixes). - serial: max310x: improve crystal stable clock detection (git-fixes). - serial: max310x: set default value when reading clock ready bit (git-fixes). - serial: core: Fix atomicity violation in uart_tiocmget (git-fixes). - usb: ucsi_acpi: Fix command completion handling (git-fixes). - usb: ucsi: Add missing ppm_lock (git-fixes). - usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes). - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (git-fixes). - dmaengine: ti: k3-udma: Report short packet errors (git-fixes). - dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (git-fixes). - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (git-fixes). - phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (git-fixes). - dmaengine: idxd: Protect int_handle field in hw descriptor (git-fixes). - commit 4d4442b - Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (git-fixes). - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (git-fixes). - Input: bcm5974 - check endpoint type before starting traffic (git-fixes). - ASoC: sun4i-spdif: Fix requirements for H6 (git-fixes). - ASoC: codecs: lpass-wsa-macro: fix compander volume hack (git-fixes). - ASoC: codecs: wcd938x: handle deferred probe (git-fixes). - ASoC: codecs: wcd938x: fix headphones volume controls (git-fixes). - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models (git-fixes). - nfc: nci: free rx_data_reassembly skb on NCI device cleanup (git-fixes). - HID: i2c-hid-of: fix NULL-deref on failed power up (git-fixes). - firewire: core: correct documentation of fw_csr_string() kernel API (git-fixes). - commit 2100750 - md: fix bi_status reporting in md_end_clone_io (bsc#1210443). - commit a1a4e04 - perf/x86/uncore: Use u64 to replace unsigned for the uncore offsets array (bsc#1219512). - commit 1425233 - atm: Fix Use-After-Free in do_vcc_ioctl (CVE-2023-51780 bsc#1218730). - commit 658d424 - fbdev: Only disable sysfb on the primary device (bsc#1216441) Update an existing patch to fix bsc#1216441. - commit 1c5c5fe - xen-netback: don't produce zero-size SKB frags (CVE-2023-46838, XSA-448, bsc#1218836). - commit 9a897ff - drm/amdgpu/pm: Fix the power source flag error (git-fixes). - commit fe7e152 - nouveau/vmm: don't set addr on the fail path to avoid warning (git-fixes). - drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A (git-fixes). - drm: Don't unref the same fb many times by mistake due to deadlock handling (git-fixes). - drm/amd/display: pbn_div need be updated for hotplug event (git-fixes). - commit 962c8b3 - Update patches.suse/ext4-fix-kernel-BUG-in-ext4_write_inline_data_end.patch (CVE-2021-33631 bsc#1219412 bsc#1206894). - commit 2260246 - kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). - commit 8cb5798 - sched/isolation: add cpu_is_isolated() API (bsc#1217895). - trace,smp: Add tracepoints around remotelly called functions (bsc#1217895). - vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). - Refresh patches.suse/0002-kernel-smp-make-csdlock-timeout-depend-on-boot-param.patch. - commit 668c0e0 - kernel-source: Fix description typo - commit 8abff35 - nvmet-tcp: Fix the H2C expected PDU len calculation (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536 CVE-2023-6356). - nvmet-tcp: remove boilerplate code (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536 CVE-2023-6356). - nvmet-tcp: fix a crash in nvmet_req_complete() (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536 CVE-2023-6356). - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536 CVE-2023-6356). - commit d968940 - clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885). - commit b33ffd8 - nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349). - commit e7c782d - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach (CVE-2023-47233 bsc#1216702). - commit 433859d - rpm/constraints.in: set jobs for riscv to 8 The same workers are used for x86 and riscv and the riscv builds take ages. So align the riscv jobs count to x86. - commit b2c82b9 - blacklist.conf: add a not-relevant module commit - commit d1799c4 - tracing/trigger: Fix to return error if failed to alloc snapshot (git-fixes). - commit 6a3a4f2 - blacklist.conf: Add bunch of uclamp fixups 244226035a1f sched/uclamp: Fix fits_capacity() check in feec() b759caa1d9f6 sched/uclamp: Make select_idle_capacity() use util_fits_cpu() c56ab1b3506b sched/uclamp: Make cpu_overutilized() use util_fits_cpu() d81304bc6193 sched/uclamp: Cater for uclamp in find_energy_efficient_cpu()'s early exit condition 6b00a4014765 sched/uclamp: Set max_spare_cap_cpu even if max_spare_cap is 0 - commit 6be119f - platform/x86: ISST: Reduce noise for missing numa information in logs (bsc#1219285). - commit 017b316 - tracing: Ensure visibility when inserting an element into tracing_map (git-fixes). - commit 95dfb0f - bpf: Limit the number of kprobes when attaching program to multiple kprobes (git-fixes). - commit ecd4878 - ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI (git-fixes). - commit 2ced0ce - tracing: Fix uaf issue when open the hist or hist_debug file (git-fixes). - commit 8c95da9 - tracing: Add size check when printing trace_marker output (git-fixes). - commit ea9dc7e - tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing (git-fixes). - commit 57bb6f3 - asix: Add check for usbnet_get_endpoints (git-fixes). - commit ce1c3e3 - r8152: add vendor/device ID pair for ASUS USB-C2500 (git-fixes). - r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes). - commit a726891 - drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case (git-fixes). - commit b1d3207 - clocksource: Skip watchdog check for large watchdog intervals (git-fixes). - drm/bridge: anx7625: Ensure bridge is suspended in disable() (git-fixes). - drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable() (git-fixes). - drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (git-fixes). - drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer (git-fixes). - drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (git-fixes). - drm/exynos: fix accidental on-stack copy of exynos_drm_plane (git-fixes). - gpio: eic-sprd: Clear interrupt after set the interrupt type (git-fixes). - commit 0576231 - net: sched: sch_qfq: Use non-work-conserving warning handler (CVE-2023-4921 bsc#1215275). - commit b50ba0e - mkspec: Use variant in constraints template Constraints are not applied consistently with kernel package variants. Add variant to the constraints template as appropriate, and expand it in mkspec. - commit cc68ab9 - kabi/severities: ignore _rtl92c_phy_calculate_bit_shift symbol It's an internal function that shouldn't have been exported - commit eb24ddf - net: phy: micrel: populate .soft_reset for KSZ9131 (git-fixes). - uio: Fix use-after-free in uio_open (git-fixes). - parport: parport_serial: Add Brainboxes device IDs and geometry (git-fixes). - parport: parport_serial: Add Brainboxes BAR details (git-fixes). - pwm: stm32: Fix enable count for clk in .probe() (git-fixes). - pwm: stm32: Use hweight32 in stm32_pwm_detect_channels (git-fixes). - media: rkisp1: Fix media device memory leak (git-fixes). - wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: add calculate_bit_shift() (git-fixes). - pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-fixes). - wifi: iwlwifi: pcie: avoid a NULL pointer dereference (git-fixes). - reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (git-fixes). - wifi: cfg80211: lock wiphy mutex for rfkill poll (git-fixes). - pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable (git-fixes). - media: rkisp1: Read the ID register at probe time instead of streamon (git-fixes). - commit d4f3c53 - fjes: fix memleaks in fjes_hw_setup (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on HP ZBook (git-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx (git-fixes). - drm/amdkfd: fixes for HMM mem allocation (git-fixes). - Input: atkbd - use ab83 as id when skipping the getid command (git-fixes). - drivers: clk: zynqmp: update divider round rate logic (git-fixes). - drm/tidss: Fix dss reset (git-fixes). - drm/tidss: Check for K2G in in dispc_softreset() (git-fixes). - drm/tidss: Return error value from from softreset (git-fixes). - drm/tidss: Move reset to the end of dispc_init() (git-fixes). - ACPI: resource: Add another DMI match for the TongFang GMxXGxx (git-fixes). - Input: xpad - add Razer Wolverine V2 support (git-fixes). - Input: i8042 - add nomux quirk for Acer P459-G2-M (git-fixes). - Input: atkbd - skip ATKBD_CMD_GETID in translated mode (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 (git-fixes). - i2c: rk3x: fix potential spinlock recursion on poll (git-fixes). - clk: rockchip: rk3128: Fix HCLK_OTG gate register (git-fixes). - hwmon: (corsair-psu) Fix probe when built-in (git-fixes). - ASoC: ops: add correct range check for limiting volume (git-fixes). - ASoC: da7219: Support low DC impedance headset (git-fixes). - ASoC: rt5650: add mutex to avoid the jack detection failure (git-fixes). - ASoC: cs43130: Fix incorrect frame delay configuration (git-fixes). - ASoC: cs43130: Fix the position of const qualifier (git-fixes). - ASoC: Intel: Skylake: mem leak in skl register function (git-fixes). - ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 (git-fixes). - ASoC: Intel: Skylake: Fix mem leak in few functions (git-fixes). - ASoC: wm8974: Correct boost mixer inputs (git-fixes). - drm/amdkfd: Use resource_size() helper function (git-fixes). - clk: zynqmp: Add a check for NULL pointer (git-fixes). - clk: zynqmp: make bestdiv unsigned (git-fixes). - media: rkisp1: Disable runtime PM in probe error path (git-fixes). - commit f91e3c6 - Drop clk imx patch that was reverted in the stable tree - commit ab74263 - Drop ASoC atmel patch that was reverted on stable tree - commit 7e99407 - rpm/constraints.in: add static multibuild packages Commit 841012b049a5 (rpm/mkspec: use kernel-source: prefix for constraints on multibuild) added &quot;kernel-source:&quot; prefix to the dynamically generated kernels. But there are also static ones like kernel-docs. Those fail to build as the constraints are still not applied. So add the prefix also to the static ones. Note kernel-docs-rt is given kernel-source-rt prefix. I am not sure it will ever be multibuilt... - commit c2e0681 - Update patches.suse/drm-atomic-Fix-potential-use-after-free-in-nonblocki.patch (bsc#1219120 CVE-2023-51043 git-fixes). - commit d004027 - Revert &quot;Limit kernel-source build to architectures for which the kernel binary&quot; This reverts commit 08a9e44c00758b5f3f3b641830ab6affff041132. The fix for bsc#1108281 directly causes bsc#1218768, revert. - commit 2943b8a - mkspec: Include constraints for both multibuild and plain package always There is no need to check for multibuild flag, the constraints can be always generated for both cases. - commit 308ea09 - rpm/mkspec: use kernel-source: prefix for constraints on multibuild Otherwise the constraints are not applied with multibuild enabled. - commit 841012b - scsi: hisi_sas: Correct the number of global debugfs registers (git-fixes). - scsi: hisi_sas: Rollback some operations if FLR failed (git-fixes). - commit 2336743 - scsi: hisi_sas: Rename HISI_SAS_{RESET -&gt; RESETTING}_BIT (git-fixes). - Refresh patches.suse/scsi-hisi_sas-Add-more-logs-for-runtime-suspend-resume.patch. - Refresh patches.suse/scsi-hisi_sas-Fix-rescan-after-deleting-a-disk. - Refresh patches.suse/scsi-hisi_sas-Replace-with-standard-error-code-return-value.patch. - Refresh patches.suse/scsi-hisi_sas-Use-libsas-internal-abort-support.patch. - Refresh patches.suse/scsi-libsas-Don-t-always-drain-event-workqueue-for-HA-resume.patch. - commit 6d49430 - kabi/severities: ignore ASoC AMD acp driver symbols (bsc#1219136) - commit afe2033 - rpm/kernel-source.rpmlintrc: add action-ebpf Upstream commit a79d8ba734bd (selftests: tc-testing: remove buildebpf plugin) added this precompiled binary blob. Adapt rpmlintrc for kernel-source. - commit b5ccb33 - Update config files: enable ASoC AMD PS drivers (bsc#1219136) - commit ef8225f - ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA (bsc#1219136). - ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13 (bsc#1219136). - ASoC: amd: yc: Add HP 255 G10 into quirk table (bsc#1219136). - ASoC: amd: acp: Add kcontrols and widgets per-codec in common code (bsc#1219136). - commit 4161e83 - Add DMI ID for MSI Bravo 15 B7ED (bsc#1219136). - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming Laptop 15-fb0xxx (8A3E) (bsc#1219136). - ASoC: amd: acp3x-rt5682-max9836: Configure jack as not detecting Line Out (bsc#1219136). - ASoC: amd: acp3x-rt5682-max9836: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp-rt5645: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp-da7219-max98357a: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp: fix SND_SOC_AMD_ACP_PCI depdenencies (bsc#1219136). - ASoC: amd: acp: delete unnecessary NULL check (bsc#1219136). - ASoC: amd: acp: clean up some inconsistent indentings (bsc#1219136). - ASoC: amd: acp: add pm ops support for rembrandt platform (bsc#1219136). - ASoC: amd: acp: move pdm macros to common header file (bsc#1219136). - ASoC: amd: acp: store the pdm stream channel mask (bsc#1219136). - ASoC: amd: acp: export config_acp_dma() and config_pte_for_stream() symbols (bsc#1219136). - ASoC: amd: acp: store xfer_resolution of the stream (bsc#1219136). - ASoC: amd: acp: add pm ops support for acp pci driver (bsc#1219136). - ASoC: amd: acp: store platform device reference created in pci probe call (bsc#1219136). - ASoC: amd: acp: remove the redundant acp enable/disable interrupts functions (bsc#1219136). - ASoC: amd: acp: add acp i2s master clock generation for rembrandt platform (bsc#1219136). - ASoC: amd: acp: refactor the acp init and de-init sequence (bsc#1219136). - ASoC: amd: Add new dmi entries to config entry (bsc#1219136). - commit 120d62d - ASoC: amd: yc: Add MECHREVO Jiaolong Series MRID6 into DMI table (bsc#1219136). - commit 150a883 - ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12 (bsc#1219136). - commit c977ecd - ASoC: amd: vangogh: Make use of DRV_NAME (bsc#1219136). - ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x (bsc#1219136). - ASoC: amd: update pm_runtime enable sequence (bsc#1219136). - ASoC: amd: acp: remove acp poweroff function (bsc#1219136). - ASoC: amd: acp: clear pdm dma interrupt mask (bsc#1219136). - ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG (bsc#1219136). - ASoC: amd: vangogh: Add check for acp config flags in vangogh platform (bsc#1219136). - ASoC: amd: ps: refactor acp power on and reset functions (bsc#1219136). - ASoC: amd: ps: remove the register read and write wrappers (bsc#1219136). - ASoC: amd: ps: Update copyright notice (bsc#1219136). - ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x (bsc#1219136). - ASoC: amd: ps: fix for acp_lock access in pdm driver (bsc#1219136). - ASoC: amd: yc: Add Asus VivoBook Pro 14 OLED M6400RC to the quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add ASUS M3402RA into DMI table (bsc#1219136). - ASoC: amd: Add check for acp config flags (bsc#1219136). - ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x (bsc#1219136). - ASoC: amd: Add Dell G15 5525 to quirks list (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A42) (bsc#1219136). - ASoC: amd: ps: update the acp clock source (bsc#1219136). - ASoC: amd: acp: rembrandt: Drop if blocks with always false condition (bsc#1219136). - ASoC: amd: vangogh: Remove unnecessary init function (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx (8A22) (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43) (bsc#1219136). - ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks (bsc#1219136). - ASoC: amd: ps: Add a module parameter to influence pdm_gain (bsc#1219136). - ASoC: amd: ps: Adjust the gain for PDM DMIC (bsc#1219136). - ASoC: amd: renoir: Add a module parameter to influence pdm_gain (bsc#1219136). - ASoC: amd: renoir: Adjust the gain for PDM DMIC (bsc#1219136). - ASoC: amd: yc: Add a module parameter to influence pdm_gain (bsc#1219136). - ASoC: amd: yc: Adjust the gain for PDM DMIC (bsc#1219136). - ASoC: amd: acp: Refactor bit width calculation (bsc#1219136). - ASoC: amd: acp: Enable i2s tdm support for skyrim platforms (bsc#1219136). - ASoC: amd: acp: Add i2s tdm support in machine driver (bsc#1219136). - ASoC: amd: acp: Refactor i2s clocks programming sequence (bsc#1219136). - ASoC: amd: acp: Refactor dai format implementation (bsc#1219136). - ASoC: amd: acp: Add new cpu dai's in machine driver (bsc#1219136). - ASoC: amd: ps: Fix uninitialized ret in create_acp64_platform_devs() (bsc#1219136). - ASoC: amd: ps: use static function (bsc#1219136). - ASoC: amd: ps: remove unused variable (bsc#1219136). - ASoC: amd: ps: use acp_lock to protect common registers in pdm driver (bsc#1219136). - ASoC: amd: ps: add mutex lock for accessing common registers (bsc#1219136). - ASoC: amd: Drop empty platform remove function (bsc#1219136). - ASoC: amd: ps: move irq handler registration (bsc#1219136). - ASoC: amd: ps: update dev index value in irq handler (bsc#1219136). - ASoC: amd: ps: refactor platform device creation logic (bsc#1219136). - ASoC: amd: ps: implement api to retrieve acp device config (bsc#1219136). - ASoC: amd: yc: Add Xiaomi Redmi Book Pro 15 2022 into DMI table (bsc#1219136). - ASoC: amd: yc: Add DMI support for new acer/emdoor platforms (bsc#1219136). - ASoC: amd: yc: Add ASUS M5402RA into DMI table (bsc#1219136). - ASoC: amd: yc: Add Razer Blade 14 2022 into DMI table (bsc#1219136). - ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table (bsc#1219136). - ASoC: amd: acp: Fix possible UAF in acp_dma_open (bsc#1219136). - ASoC: amd: ps: Move acp63_dev_data strcture from PCI driver (bsc#1219136). - ASoC: amd: ps: update macros with ps platform naming convention (bsc#1219136). - ASoC: amd: Drop da7219_aad_jack_det() usage (bsc#1219136). - ASoC: amd: fix ACP version typo mistake (bsc#1219136). - ASoC: amd: acp: Add setbias level for rt5682s codec in machine driver (bsc#1219136). - ASoC: amd: acp: Add TDM slots setting support for ACP I2S controller (bsc#1219136). - ASoC: amd: Update Pink Sardine platform ACP register header (bsc#1219136). - ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table (bsc#1219136). - ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table (bsc#1219136). - ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List (bsc#1219136). - ASoC: amd: acp: use function devm_kcalloc() instead of devm_kzalloc() (bsc#1219136). - ASoC: amd: acp: use devm_kcalloc() instead of devm_kzalloc() (bsc#1219136). - ASoC: amd: fix spelling mistake: &quot;i.e&quot; -&gt; &quot;i.e.&quot; (bsc#1219136). - ASoC: amd: enable Pink sardine platform machine driver build (bsc#1219136). - ASoC: amd: add Pink Sardine machine driver using dmic (bsc#1219136). - ASoC: amd: create platform device for acp6.2 machine driver (bsc#1219136). - ASoC: amd: enable Pink Sardine acp6.2 drivers build (bsc#1219136). - ASoC: amd: add acp6.2 pdm driver pm ops (bsc#1219136). - ASoC: amd: add acp6.2 pci driver pm ops (bsc#1219136). - ASoC: amd: add acp6.2 pdm driver dma ops (bsc#1219136). - ASoC: amd: add acp6.2 irq handler (bsc#1219136). - ASoC: amd: add acp6.2 pdm platform driver (bsc#1219136). - ASoC: amd: add platform devices for acp6.2 pdm driver and dmic driver (bsc#1219136). - ASoC: amd: add acp6.2 init/de-init functions (bsc#1219136). - ASoC: amd: add Pink Sardine ACP PCI driver (bsc#1219136). - ASoC: amd: add Pink Sardine platform ACP IP register header (bsc#1219136). - ASoC: amd: acp: Modify dai_id macros to be more generic (bsc#1219136). - ASoC: amd: acp: remove unnecessary NULL checks (bsc#1219136). - ASoC: amd: acp: add a label to make error path more clean (bsc#1219136). - ASoC: amd: acp: switch to use dev_err_probe() (bsc#1219136). - ASoC: amd: acp: Add TDM support for acp i2s stream (bsc#1219136). - ASoC: amd: acp: Initialize list to store acp_stream during pcm_open (bsc#1219136). - commit 14632ae - arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (git-fixes) - commit 3eba4f6 - arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (git-fixes) - commit ee809a9 - xhci: track port suspend state correctly in unsuccessful resume cases (git-fixes). - commit 5f8b948 - arm64: dts: armada-3720-turris-mox: set irq type for RTC (git-fixes) - commit a7b727f - arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (git-fixes) - commit f3c4bfe - arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (git-fixes) - commit 7e17ca6 - arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (git-fixes) - commit ed0fb4a - blacklist.conf: (&quot;arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer&quot;) - commit 76fd77c - scsi: mpt3sas: Fix loop logic (bsc#1219067). - commit 872bee1 - scsi: hisi_sas: Replace with standard error code return value (git-fixes). - scsi: fnic: Return error if vmalloc() failed (git-fixes). - scsi: mpt3sas: Fix an outdated comment (git-fixes). - scsi: core: Always send batch on reset or error handling command (git-fixes). - scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes). - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (git-fixes). - commit 3a87f07 - blacklist.conf: add commit that breaks kabi - commit 4ab1644 - scsi: qla2xxx: Fix system crash due to bad pointer access (git-fixes). - scsi: mpt3sas: Fix loop logic (git-fixes). - scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (git-fixes). - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (git-fixes). - scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code (git-fixes). - scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs (git-fixes). - scsi: mpt3sas: Fix in error path (git-fixes). - scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command (git-fixes). - scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command (git-fixes). - scsi: megaraid_sas: Fix deadlock on firmware crashdump (git-fixes). - scsi: hisi_sas: Fix normally completed I/O analysed as failed (git-fixes). - scsi: hisi_sas: Fix warnings detected by sparse (git-fixes). - scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param() (git-fixes). - scsi: hisi_sas: Modify v3 HW SATA completion error processing (git-fixes). - commit d038b1c - xhci: pass port pointer as parameter to xhci_set_port_power() (git-fixes). - xhci: cleanup xhci_hub_control port references (git-fixes). - commit b297848 - USB: xhci: workaround for grace period (git-fixes). - commit 66e1fb8 - xhci: Add grace period after xHC start to prevent premature runtime suspend (git-fixes). - blacklist.conf: I wanted to avoid the kABI workaround for this, but it is needed; reinstate it. - Refresh patches.suse/xhci-remove-unused-command-member-from-struct-xhci_h.patch. - commit e6ea339 - scripts/tar-up.sh: don't add spurious entry from kernel-sources.changes.old The previous change added the manual entry from kernel-sources.change.old to old_changelog.txt unnecessarily. Let's fix it. - commit fb033e8 - Update patches.suse/ext4-improve-error-recovery-code-paths-in-__ext4_rem.patch (bsc#1213017 bsc#1219053 CVE-2024-0775). - commit 97ea702 - RDMA/irdma: Avoid free the non-cqp_request scratch (git-fixes) - commit e0e972e - blacklist.conf: add 4fbc3a52cd4d (&quot;RDMA/core: Fix umem iterator when PAGE_SIZE is greater then HCA pgsz&quot;) - commit 294e9b8 - RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info() (git-fixes) - commit 345f1ff - RDMA/irdma: Refactor error handling in create CQP (git-fixes) - commit 4a6aa38 - RDMA/rtrs-clt: Remove the warnings for req in_use check (git-fixes) - commit 281db3f - RDMA/rtrs-clt: Fix the max_send_wr setting (git-fixes) - commit 63679fd - RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (git-fixes) - commit 3c73c12 - RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (git-fixes) - commit 8cc2bd1 - RDMA/rtrs-srv: Check return values while processing info request (git-fixes) - commit 8d9fb90 - RDMA/rtrs-clt: Start hb after path_up (git-fixes) - commit e242a3d - RDMA/rtrs-srv: Do not unconditionally enable irq (git-fixes) - commit 29a41f7 - RDMA/irdma: Add wait for suspend on SQD (git-fixes) - commit 538f2e3 - RDMA/irdma: Do not modify to SQD on error (git-fixes) - commit 263fc9c - RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm (git-fixes) - commit 59ab729 - rpm/kernel-docs.spec.in: fix build with 6.8 Since upstream commit f061c9f7d058 (Documentation: Document each netlink family), the build needs python yaml. - commit 6a7ece3 - scsi: hisi_sas: Modify v3 HW SSP underflow error processing (git-fixes). - Refresh patches.suse/scsi-hisi_sas-Handle-NCQ-error-when-IPTT-is-valid.patch. - commit 44aa3a5 - blacklist.conf: kABI - commit d83f18a - blacklist.conf: kABI - commit 59ff7e1 - Update patch reference for ax88179 fix (bsc#1218948) - commit 5a21b74 - hv_netvsc: rndis_filter needs to select NLS (git-fixes). - x86/hyperv: Use atomic_try_cmpxchg() to micro-optimize hv_nmi_unknown() (git-fixes). - x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM (git-fixes). - commit 7633c65 - drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer (git-fixes). - commit 3bf351b - dmaengine: fix NULL pointer in channel unregistration function (git-fixes). - libapi: Add missing linux/types.h header to get the __u64 type on io.h (git-fixes). - ALSA: oxygen: Fix right channel of capture volume mixer (git-fixes). - power: supply: cw2015: correct time_to_empty units in sysfs (git-fixes). - power: supply: bq256xx: fix some problem in bq256xx_hw_init (git-fixes). - apparmor: avoid crash when parsed profile name is empty (git-fixes). - ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx (git-fixes). - ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models (git-fixes). - drm/amd/display: get dprefclk ss info from integration info table (git-fixes). - drm/crtc: fix uninitialized variable use (git-fixes). - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (git-fixes). - drm/exynos: fix a wrong error checking (git-fixes). - drm/exynos: fix a potential error pointer dereference (git-fixes). - drm/amdgpu: Add NULL checks for function pointers (git-fixes). - nouveau/tu102: flush all pdbs on vmm flush (git-fixes). - ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format (git-fixes). - drm/amd/display: update dcn315 lpddr pstate latency (git-fixes). - commit 091325f - net: usb: ax88179_178a: avoid two consecutive device resets (bsc#1218948). - net: usb: ax88179_178a: Bind only to vendor-specific interface (bsc#1218948). - net: usb: ax88179_178a: restore state on resume (bsc#1218948). - commit d91b154 - nfsd: fix RELEASE_LOCKOWNER (bsc#1218968). - commit ad625bb - badblocks: avoid checking invalid range in badblocks_check() (bsc#1174649). - badblocks: switch to the improved badblock handling code (bsc#1174649). - badblocks: improve badblocks_check() for multiple ranges handling (bsc#1174649). - badblocks: improve badblocks_clear() for multiple ranges handling (bsc#1174649). - badblocks: improve badblocks_set() for multiple ranges handling (bsc#1174649). - badblocks: add helper routines for badblock ranges handling (bsc#1174649). - badblocks: add more helper structure and routines in badblocks.h (bsc#1174649). - commit 6a46786 - dt-bindings: gpio: Remove FSI domain ports on Tegra234 (jsc#PED-6694) - commit 4ac18f0 - perf/x86/intel/uncore: Factor out topology_gidnid_map() (bsc#1218958). - perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (bsc#1218958). - commit fe3658c - net: usb: ax88179_178a: move priv to driver_priv (git-fixes). - Refresh patches.suse/net-usb-ax88179_178a-wol-optimizations.patch. - commit 8b1488e - s390/vfio-ap: let on_scan_complete() callback filter matrix and update guest's APCB (git-fixes bsc#1219014). - commit b83db20 - s390/vfio-ap: loop over the shadow APCB when filtering guest's AP configuration (git-fixes bsc#1219013). - commit 0f291d1 - s390/vfio-ap: always filter entire AP matrix (git-fixes bsc#1219012). - commit a461bd5 - s390/pci: fix max size calculation in zpci_memcpy_toio() (git-fixes bsc#1219006). - commit 18b0ac3 - modpost: move __attribute__((format(printf, 2, 3))) to modpost.h (git-fixes). - kdb: Fix a potential buffer overflow in kdb_local() (git-fixes). - i2c: s3c24xx: fix transferring more than one message in polling mode (git-fixes). - i2c: s3c24xx: fix read transfers in polling mode (git-fixes). - pwm: jz4740: Don't use dev_err_probe() in .request() (git-fixes). - pwm: Fix out-of-bounds access in of_pwm_single_xlate() (git-fixes). - dma-debug: fix kernel-doc warnings (git-fixes). - usb: mon: Fix atomicity violation in mon_bin_vma_fault (git-fixes). - usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes). - usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer (git-fixes). - usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() (git-fixes). - usb: chipidea: wait controller resume finished for wakeup irq (git-fixes). - usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled (git-fixes). - usb: cdns3: fix uvc failure work since sg support enabled (git-fixes). - usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (git-fixes). - Revert &quot;usb: dwc3: don't reset device side if dwc3 was configured as host-only&quot; (git-fixes). - Revert &quot;usb: dwc3: Soft reset phy on probe for host&quot; (git-fixes). - Revert &quot;usb: typec: class: fix typec_altmode_put_partner to put plugs&quot; (git-fixes). - serial: sc16is7xx: set safe default SPI clock frequency (git-fixes). - serial: sc16is7xx: add check for unsupported SPI modes during probe (git-fixes). - serial: imx: Correct clock error message in function probe() (git-fixes). - serial: imx: fix tx statemachine deadlock (git-fixes). - serial: sccnxp: Improve error message if regulator_disable() fails (git-fixes). - serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed (git-fixes). - software node: Let args be NULL in software_node_get_reference_args (git-fixes). - acpi: property: Let args be NULL in __acpi_node_get_property_reference (git-fixes). - iio: adc: ad7091r: Pass iio_dev to event handler (git-fixes). - iio: adc: ad9467: add mutex to struct ad9467_state (git-fixes). - iio: adc: ad9467: don't ignore error codes (git-fixes). - iio: adc: ad9467: fix reset gpio handling (git-fixes). - bus: mhi: host: Drop chan lock before queuing buffers (git-fixes). - bus: mhi: host: Add spinlock to protect WP access when queueing TREs (git-fixes). - bus: mhi: host: Add alignment check for event ring read pointer (git-fixes). - PCI: keystone: Fix race condition when initializing PHYs (git-fixes). - PCI: Add ACS quirk for more Zhaoxin Root Ports (git-fixes). - PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() (git-fixes). - pinctrl: intel: Revert &quot;Unexport intel_pinctrl_probe()&quot; (git-fixes). - leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (git-fixes). - leds: aw2013: Select missing dependency REGMAP_I2C (git-fixes). - mfd: intel-lpss: Fix the fractional clock divider flags (git-fixes). - firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards (git-fixes). - mmc: core: Cancel delayed work before releasing host (git-fixes). - net: usb: ax88179_178a: remove redundant init code (git-fixes). - commit 050b9b3 - blacklist.conf: documentation fix - commit 056879c - KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes bsc#1218997). - commit a78caf7 - nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515). - commit d640b69 - netfilter: nf_tables: Reject tables of unsupported family (bsc#1218752 CVE-2023-6040). - commit e03f1d3 - nvme: start keep-alive after admin queue setup (bsc#1211515). - nvme-loop: always quiesce and cancel commands before destroying admin q (bsc#1211515). - nvme-tcp: avoid open-coding nvme_tcp_teardown_admin_queue() (bsc#1211515). - commit f407c87 - fbdev: Only disable sysfb on the primary device (bsc#1216441) - commit 79783f0 - ubifs: ubifs_symlink: Fix memleak of inode-&gt;i_link in error path (git-fixes). - commit cc469c7 - ubifs: Check @c-&gt;dirty_[n|p]n_cnt and @c-&gt;nroot state under @c-&gt;lp_mutex (git-fixes). - commit d5d1991 - tipc: fix a potential deadlock on &amp;tx-&gt;lock (bsc#1218916 CVE-2024-0641). - commit d898738 - Drop PCI vmd patches that caused a regression (bsc#1218005) Deleted: patches.suse/PCI-vmd-Fix-secondary-bus-reset-for-Intel-bridges.patch patches.suse/PCI-vmd-Fix-uninitialized-variable-usage-in-vmd_enab.patch - commit 1697177 - tipc: fix a potential deadlock on &amp;tx-&gt;lock (bsc#1218916 CVE-2024-0641). - commit 7953be2 - Update metadata - commit c015ae2 - smb: client: fix OOB in receive_encrypted_standard() (bsc#1218832 CVE-2024-0565). - commit 3cac9c2 - smb: client: fix OOB in receive_encrypted_standard() (bsc#1218832 CVE-2024-0565). - commit e9083ae - x86/mce: Cleanup mce_usable_address() (jsc#PED-7623). - commit b54373d - x86/mce: Define amd_mce_usable_address() (jsc#PED-7623). - commit 69805de - x86/MCE/AMD: Split amd_mce_is_memory_error() (jsc#PED-7623). - commit 17233cd - IB/iser: Prevent invalidating wrong MR (git-fixes) - commit 3e4d18d - RDMA/hns: Remove unnecessary checks for NULL in mtr_alloc_bufs() (git-fixes) - commit c22413e - RDMA/hns: Fix inappropriate err code for unsupported operations (git-fixes) - commit 366f439 - RDMA/usnic: Silence uninitialized symbol smatch warnings (git-fixes) - commit bb70cd4 - Documentation: Begin a RAS section (jsc#PED-7622). - commit b55cb06 - x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (jsc#PED-7622). - commit 2a68e97 - EDAC/mce_amd: Remove SMCA Extended Error code descriptions (jsc#PED-7622). - commit 44e51c1 - EDAC/amd64: Add support for family 0x19, models 0x90-9f devices (jsc#PED-7622). - commit 05504bb - EDAC/mc: Add support for HBM3 memory type (jsc#PED-7622). - commit ea69eb6 - x86/amd_nb: Add AMD Family MI300 PCI IDs (jsc#PED-7622). - Refresh patches.suse/PCI-Prevent-xHCI-driver-from-claiming-AMD-VanGogh-US.patch. - commit 7126e83 - ida: Fix crash in ida_free when the bitmap is empty (bsc#1218804 CVE-2023-6915). - commit 7caa324 - platform/x86/amd/hsmp: Fix iomem handling (jsc#PED-7620). - commit 12e7799 - platform/x86/amd/hsmp: improve the error log (jsc#PED-7620). - commit 1360d63 - platform/x86/amd/hsmp: add support for metrics tbl (jsc#PED-7620). - commit 289eab7 - platform/x86/amd/hsmp: create plat specific struct (jsc#PED-7620). - commit ac44ea2 - platform/x86: use PLATFORM_DEVID_NONE instead of -1 (jsc#PED-7620). - Refresh patches.suse/platform-x86-amd-pmc-remove-CONFIG_DEBUG_FS-checks.patch. - commit 9b51c97 - EDAC/amd64: Cache and use GPU node map (jsc#PED-7616). - commit 58aa5aa - EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh (jsc#PED-7616). - commit f30c55c - EDAC/amd64: Document heterogeneous system enumeration (jsc#PED-7616). - commit ffa78e3 - x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (jsc#PED-7616). - commit cfe246e - x86/amd_nb: Add MI200 PCI IDs (jsc#PED-7616). - Refresh patches.suse/PCI-Prevent-xHCI-driver-from-claiming-AMD-VanGogh-US.patch. - commit cb392fd - EDAC/mc: Add new HBM2 memory type (jsc#PED-7616). - Refresh patches.suse/edac-add-rddr5-and-lrddr5-memory-types.patch. - commit eca21a4 - usb: otg numberpad exception (bsc#1218527). - commit 3d70e84 - EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (jsc#PED-7615). - commit 16c2c66 - EDAC/amd64: Remove module version string (jsc#PED-7615). - commit b84231c - EDAC/amd64: Fix indentation in umc_determine_edac_cap() (jsc#PED-7615). - commit b7d2f10 - EDAC/amd64: Add get_err_info() to pvt-&gt;ops (jsc#PED-7615). - commit ea43a00 - EDAC/amd64: Split dump_misc_regs() into dct/umc functions (jsc#PED-7615). - commit 2c6263f - EDAC/amd64: Split init_csrows() into dct/umc functions (jsc#PED-7615). - commit 375eb6a - EDAC/amd64: Split determine_edac_cap() into dct/umc functions (jsc#PED-7615). - commit 2903760 - EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (jsc#PED-7615). - commit 9071635 - EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (jsc#PED-7615). - commit 21842b7 - EDAC/amd64: Split ecc_enabled() into dct/umc functions (jsc#PED-7615). - commit 93157a0 - EDAC/amd64: Split read_mc_regs() into dct/umc functions (jsc#PED-7615). - commit 01c4123 - EDAC/amd64: Split determine_memory_type() into dct/umc functions (jsc#PED-7615). - commit 59d41b9 - EDAC/amd64: Split read_base_mask() into dct/umc functions (jsc#PED-7615). - commit ddb7d7a - EDAC/amd64: Split prep_chip_selects() into dct/umc functions (jsc#PED-7615). - commit cb412ef - EDAC/amd64: Rework hw_info_{get,put} (jsc#PED-7615). - commit f32e3e6 - EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (jsc#PED-7615). - commit e87aae6 - EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (jsc#PED-7615). - commit 555ada3 - EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (jsc#PED-7615). - commit 8839a23 - EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (jsc#PED-7615). - commit 9f0bb93 - EDAC/amd64: Rename debug_display_dimm_sizes() (jsc#PED-7615). - commit 13890aa - EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (jsc#PED-7615). - commit 78d7b48 - EDAC/amd64: Remove early_channel_count() (jsc#PED-7615). - commit a00b2ae - EDAC/amd64: Remove PCI Function 0 (jsc#PED-7615). - commit 49bc10d - EDAC/amd64: Remove PCI Function 6 (jsc#PED-7615). - commit c2e9755 - EDAC/amd64: Remove scrub rate control for Family 17h and later (jsc#PED-7615). - commit 320ccbc - EDAC/amd64: Don't set up EDAC PCI control on Family 17h+ (jsc#PED-7615). - commit 85a16a7 - EDAC/amd64: Add context struct (jsc#PED-7615). - commit 98c3472 - EDAC/amd64: Allow for DF Indirect Broadcast reads (jsc#PED-7615). - commit d8a1ed8 - x86/cpu: Read/save PPIN MSR during initialization (jsc#PED-7615). - commit deabf4e - x86/cpu: Merge Intel and AMD ppin_init() functions (jsc#PED-7615). - commit c071d82 - s390: vfio-ap: tighten the NIB validity check (git-fixes) blacklist.conf: the reason for valid for SLE15-SP4, not so much for SP5 - commit fbc62d2 - coresight: etm4x: Ensure valid drvdata and clock before clk_put() (bsc#1218779) - commit 854c05d - blacklist.conf: not a fix - commit e48ddb7 - Delete patches.suse/s390-sles15sp2-kdump-fix-out-of-memory-with-PCI.patch. Patch obsoleted by 73045a08cf55 (&quot;s390: unify identity mapping limits handling&quot;) - commit efb62ac - s390/dasd: fix double module refcount decrement (bsc#1141539). - commit 3b938a7 - coresight: etm4x: Add ACPI support in platform driver (bsc#1218779) - commit a6bc99c - coresight: platform: acpi: Ignore the absence of graph (bsc#1218779) - commit 36e1498 - coresight: etm4x: Change etm4_platform_driver driver for MMIO devices (bsc#1218779) - commit aa5d7f2 - coresight: etm4x: Drop pid argument from etm4_probe() (bsc#1218779) - commit cf6ac73 - coresight: etm4x: Drop iomem 'base' argument from etm4_probe() (bsc#1218779) - commit 1e7e6ff - coresight: etm4x: Allocate and device assign 'struct etmv4_drvdata' (bsc#1218779) - commit 86846ee - PCI/AER: Configure ECRC only if AER is native (bsc#1218778) - commit 6ecb7b5 Package coreutils was updated: - tail: fix tailing sysfs files where PAGE_SIZE &gt; BUFSIZ (bsc#1219321) - add coreutils-tail-fix-tailing-sysfs-files-where-PAGE_SIZE-BUFSIZ.patch Package cpio was updated: - Fix cpio not working after the fix in bsc#1218571, fixes bsc#1219238 * fix-bsc1219238.patch Package crmsh was updated: - Update to version 4.5.1+20240220.de17a142: * Fix: report: Escape special characters in pattern (bsc#1220022) - Update to version 4.5.1+20240124.63fbb492: * Fix: bootstrap: ssh key of the init node is duplicated in the authorized_keys files of other node (bsc#1218940) * Fix: parallax: refine error message when parallax fails to perform passwordless authentication (bsc#1218940) * Fix: ui_cluster: Improve the process of 'crm cluster stop' (bsc#1213889) * Dev: report: Redirect warning and error from remote node into stderr * Fix: utils: Add 'sudo' only when there is a sudoer(bsc#1215549) Package samba was updated: - fd_handle_destructor() panics within an smbd_smb2_close() if vfs_stat_fsp() fails in fd_close(); (bso#15527); (bsc#1219937). - Remove -x from bash shebang update-apparmor-samba-profile; (bsc#1218431). Package curl was updated: - Security fix: [bsc#1221665, CVE-2024-2004] * Usage of disabled protocol * Add curl-CVE-2024-2004.patch - Security fix: [bsc#1221667, CVE-2024-2398] * curl: HTTP/2 push headers memory-leak * Add curl-CVE-2024-2398.patch Package docker was updated: - Add patch to fix bsc#1220339 * 0007-daemon-overlay2-remove-world-writable-permission-fro.patch - rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch * 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch - Allow to disable apparmor support (ALP supports only SELinux) - Vendor latest buildkit v0.11: Add patch 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch that vendors in the latest v0.11 buildkit branch including bugfixes for the following: * bsc#1219438: CVE-2024-23653 * bsc#1219268: CVE-2024-23652 * bsc#1219267: CVE-2024-23651 - rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch - switch from %patchN to %patch -PN syntax - remove unused rpmlint filters and add filters to silence pointless bash &amp; zsh completion warnings Package dracut was updated: - Update to version 055+suse.382.g80b55af2: * fix(dracut): correct regression with multiple `rd.break=` options (bsc#1221675) * fix(dracut-util): do not call `strcmp` if the `value` argument is NULL (bsc#1219841) * fix(zfcp_rules): correct shellcheck regression when parsing ccw args (bsc#1220485) * fix(dracut.sh): skip README for AMD microcode generation (bsc#1217083) Package expat was updated: - Security fix (boo#1221289, CVE-2024-28757): XML Entity Expansion attack when there is isolated use of external parsers. * Added expat-CVE-2024-28757.patch - Security fix: * (CVE-2023-52425, bsc#1219559) denial of service (resource consumption) caused by processing large tokens. - Added patch expat-CVE-2023-52425-1.patch - Added patch expat-CVE-2023-52425-2.patch - Added patch expat-CVE-2023-52425-backport-parser-changes.patch - Added patch expat-CVE-2023-52425-fix-tests.patch Package fence-agents was updated: - L3: fence_vmware_rest : monitoring is not detecting problems accessing the fence device (bsc#1218718) o Add upstream patch: 0001-fence_vmware_rest-monitoring-action-is-not-detecting.patch - Update fence-agents package with fence_aws and fence_ibm_powervs (jsc#PED-7701) Package glibc was updated: - iconv-iso-2022-cn-ext.patch: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) - duplocale-global-locale.patch: duplocale: protect use of global locale (bsc#1220441, BZ #23970) - qsort-invalid-cmp.patch: qsort: handle degenerated compare function (bsc#1218866) - getaddrinfo-eai-memory.patch: getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64-rawmemchr-unwind.patch: aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) Package gnutls was updated: - Security fix: [bsc#1221747, CVE-2024-28835] * gnutls: certtool crash when verifying a certificate chain * Add gnutls-CVE-2024-28835.patch - Security fix: [bsc#1221746, CVE-2024-28834] * gnutls: side-channel in the deterministic ECDSA * Add gnutls-CVE-2024-28834.patch - jitterentropy: Release the memory of the entropy collector when using jitterentropy with phtreads as there is also a pre-intitization done in the main thread. [bsc#1221242] * Add gnutls-FIPS-jitterentropy-deinit-threads.patch - Security fix: [bsc#1218862, CVE-2024-0567] * gnutls: rejects certificate chain with distributed trust * Cockpit (which uses gnuTLS) rejects certificate chain with distributed trust. * Add gnutls-CVE-2024-0567.patch - Security fix: [bsc#1218865, CVE-2024-0553] * Incomplete fix for CVE-2023-5981. * The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. * Add gnutls-CVE-2024-0553.patch Package google-cloud-sap-agent was updated: - Update to version 3.2 (bsc#1222215, bsc#1222216) * Remove internal gensupport package. * Restore additional error handling and response checking to internal data warehouse client. * Updating the aggregate function in HANA insight rules * Remove a leftover debug log * Allow multipart uploads for PIPE file types. * Update go-hdb version to v1.8.0 * Perform log restores in serial rather than parallel. * Add sample usage examples to commandlineexecutor * Small update to configureinstance OTE * Add nil check in backup and restore flows to protect against panics. * Close http response body in WriteInsight() and soap.go * Record topology type. * Initialize usagemetrics for OTEs * Add Instance Number to SAP System instance properties * Set `min_version` for WLM `os_settings` system metric. * Increase timeout for saptune re-apply commands. * Adding handling for encrypted snapshots in backup and restore * Change the version check comparisons to account for versions older than those listed in SAP Note. * Skip the Netweaver metrics that need dpmon on NW kernels affected by SAP Note: 3366597 * Fix imports * No public description * Use internal data warehouse client. * Fix disp+work command invocation for Netweaver Kernel version discovery. * Add note about default parameter values to installbackint. * Add mutex in multipart writer for potential data races. * Update go.mod and go.sum * Skip XFS freeze by default unless user passes a parameter to do it explicitly * configureinstance minor updates. * Add safety check for usage metrics on BMS * Storage Class parameter added to Backint. * Update configureinstance's X4 saptune conf. * XML Multipart Write() and Close() methods completed. * Fixes the vmmanager policies for sles12 and sles15 used in the cloud console removes the individual cloud console policies and consolidates them into one Adds a general gcloud command line policy * Standardize logging for workloadmanager package. * Multipart XML API Uploads for Backint. * Add database system SID to database properties. * Fix NW HA node identification for RedHat deployments. * Add workload properties to discovery object returned by discoverSAPSystems * Add ASCS instance number to application data * Add Workload Manager validation rule for checking OS settings. * Enable WLM metric collection by default, disable submission of data to Cloud Monitoring. * Decoupling primary executable command and providing an alternative to lsof * Added HANA version in support bundle collection * Add WorkloadProperties to merged system details and to WLM Insights * Replace the link placeholder with the actual link * Add instance number to SAP discovery data * Tranche 12: HRE Rules * Minor typo fix in workloadmanager's hana metrics module * Add pacemaker metrics with SID labels to process metrics * updating the regex for backup and backint files to take care of log rotation in support bundle * Add support for disk snapshot labels for easy lifecycle management of snapshots * Added new OTE for changedisktype workflow * Add WorkloadProperties to SapSystemDetails for apps_discovery * Testing the timeseries in unit tests instead of just checking the count * Record Netweaver kernel version. * Tranche 12: HRE Rules * Testing the timeseries in unit tests instead of just checking the count * Testing the timeseries in unit tests instead of just checking the count * Relocating pacemaker collection related packages to internal/pacemaker for common use between process metrics and WLM * Use results from latest round of discovery for the collection of process metrics. * Handling zero rows returned case better in HANA insights * Adding docstrings to workloadmanager package * Adding docstring to configure OTE * adding docstrings to methods in support bundle * Add X4 specific configurations to configureinstance OTE. * Add helper functions to configureinstance OTE. * Display updates for HANA Insights WLM rules rollout. * configureinstance OTE * We expect the command to return a non-zero exit code and we should not be returning an error. Execute treats non-zero exit code as error. * Removing the sap control process command line params * Revert &quot;Fixing system replication status code being returned&quot; * configureinstance OTE * We expect the command to return a non-zero exit code and we should not be returning an error. Execute treats non-zero exit code as error. * Removing the sap control process command line params * Fixing system replication status code being returned * Wait for hdbindex server to stop after HANA is stopped * Log error to console in cases where LVM is not being used * Adding JournalCTL logs to support bunddle * hanadiskbckup - Add missing params to the Usage string * Move usagemetrics package into shared folder * Fixed data race error in TestCollectAndSendSlowMovingMetrics() * Disk backup/restore - Enable send-metrics-to-monitoring by default - Update to version 3.1 (bsc#1220010, bsc#1220111) * Fixing system replication status code being returned * Reduce disk snapshot wait durations * Fix test flakes in workloadcollector test. * adding metrics for db freeze time and total workflow time * Fix for SAP System discovery adding the current host to all components. * Restore default WLM metric collection settings. * change description of validate OTE * fix a typo in the command name and add a delay before we try the unmount * Use underscore as separator for flags in place of hyphens * Enable host_metrics and disable reliability_metrics by default in configure OTE * Collect reliability metrics in the free namespace * Remove user from cmd params for HANA Replication * Enable workload manager metric collection by default. * Add support configuration flag to enable legacy WLM metric data submission workflow. * Lowers the log level of discovery to info * Fix for HANA Replication Config * Add additional instance-id parameter for users who do not want to provide port number * Use _ instead of - for parameters in configurebackint * Implementing panic recovery to HANA Monitoring: CreateWorkerPool * Fix issue with process metrics subroutine starting. * Add a flag to enable or disable workload discovery. * Reduce logs in sapdiscovery to debug, these are now run a lot more frequently and are flooding the logs * Use bucket `cloudsapdeploystaging` for staging environment. * Updates default value handling for system discovery flag. * Added default values to some frequency flags in configure OTE * force a sync before unmounting to clear out stale file handles * Retain recoverable routine in process metrics. * Ensures slow metrics workers stop on context cancellation. * Log lsof output if unmount fails during restore * SAP Discovery - Discover R3trans data * Add panic recovery to collectiondefinition update routine * configurebackint OTE. * Adding panic recovery to remote.go * Prevent host metrics from restarting the daily metrics report if it has already been started. * Add panic recovery to agent metrics * Implementing panic recovery for hana monitoring: logging action daily * Routines now use their own context and cancel in the event of a panic recovery. * Add panic recovery to host metrics routines * Removed -path flag and fixed usage string * Add workload properties to the SAP System definition. * Add panic recovery to collectMetricsFromConfig routines. * Add panic recovery to fast metric collection routine. * Reduces the log severity to debug for the exponential backoff policy * Add panic recovery to heartbeat routine. * Updating configuration.json file to remove deprecated sap_discovery field * Use protojson instead of custom function for snake_case marshaling * Add panic recovery to WLM metrics collection * HANA Insights rules tranche 11: Create unit tests and add to auto push * Add panic recovery to workload collector daily usage metrics. * Processmetrics - suppress Error and Warn logs that really need to be debug * Formatting the output of messages printed by configure OTE * Changing flag names of configure OTE to align better with configuration.json fields * Add automatic panic recovery to slow metrics collection * Add panic recovery to goroutine collectAndSend * Add panic recovery to goroutine * Retain recoverable routines beyond function scope. * Implement recovery handler for SAP System discovery package * Tranche 11: HRE Rules * Update github build * Adds generic panic recovery to SAP System discovery package * Initialize the sidadm env to ensure restore can be run as root user * not pacaking gcbdr scripts till launch of the feature * Change datatype of frequency flags from string to int * Breaking down --frequency flag into separate flags for different features for better isolation * Fix configuration.json file from being written in camelCase to snake_case * Tranche 6,7,8,9,10: HRE Rules * Suppress pacemaker related log from Error to Debug * creating the OTE for GCBDR discovery * Update HA node identification * Tranche 10: HRE Rules * Update file permissions and ownership for installbackint when running as root. * Adding newline after version print. * Exposing HANA Logical volumes availability metrics * Make workloadmanager parameters test more robust. * Fix panic in cloud discovery * Tranche 10: HRE Rules * Add recovery_folder_prefix parameter to Backint. * Mark process_metrics_send_frequency as deprecated * Add snapshot-type param to hanadiskbackup with default as STANDARD type. Users can override to ARCHIVE type if needed. * Add new folder_prefix parameter to Backint. * Add HANA new HANA insight rules to BUILD file and embed sources * Tranche 10a: HRE Rules * Tranche 6b: HRE Rules * Tranche 8b: HRE Rules * Fix for sending isABAP value * Updating logusage command line flags - Update to version 3.0 (bsc#1218736, bsc#1218737) * Suppress packemaker command error to debug to avoid log flooding * Expand load balancing cluster discovery. * Log success messages in OTEs to STDOUT instead of STDERR used by log.Print * Use bash always to avoid variation of behavior across OS/Shell types * Minor updates to installbackint. * Backint compose step properly saves metadata. * Fix issue with discovery on ASCS instances. * hanadiskrestore - fix the format of disktype string for disk create API * Fix issue with PCS cluster address discovery. * Update transform to insight * Rename HANA backup/restore OTEs to reflect they are supported for all disks and not just persistent disk * Increase the timeout for HDB stop to account for busy DBs * Adding project sap-ecs-testing to the list. * PD Restore - Support provisioned-iops and provisioned-throughput * Integration test for configure OTE * Added precondition in hana pd backup for stripped LVM * Add a precondition check to verify user has passed a valid snapshot name that is present in the current project * Update the usage to reflect additional required param * Minor path update for supportbundle OTE. * Fixing bug in slow moving metrics partial collection scenarios * Adding check for agent status after restart. * Ensure Backint ComposeChunks has a valid bucket handle * Discover whether a Netweaver instance is ABAP or Java * Replace standard slices package with third party version * WLM HANA metric `ha_in_same_zone` now reports instance names for HA nodes in the same zone * Fix data race condition for Backint Backup with new client connections * Make -new-disk-name a required parameter to avoid the 63 char limit in the name length due to auto-generated names * Fix command for collecting Corosync metric `two_node_runtime` * Make snapshot name similar to disk name * Bump golang.org/x/crypto from 0.15.0 to 0.17.0 * Enable Discovery config flag controls submission to Data Warehouse and Cloud Logging * Create new clients for each operation in Backint * Add `client_endpoint` to Backint proto. * Getting the build number into the version for display * Backint config name change: service_account to service_account_key * Add HANA HA metrics to collection definition. * Fix sorting bug in a diff in apps_discovery_test.go * Add discoverHANATenantDBs to main code path * Change PIPE filemode to WRONLY to allow us to detect broken pipes * Deprecate `sap_system_discovery` config field in favor of `enable_discovery` * Move the validation of whether user passed correct PD, before stopping HANA * Add a placeholder for public doc link with next steps after hanapdrestore workflow has completed * Fix executable path for HDB version command * Add optional param `new-disk-name` to hanapdrestore for users that wish to override the default * Sort the skipmetrics in unit test to avoid order related flakes * Generalizing configure OTE * Discover Netweaver kernel version * Fix Sprintf call * Use SAP System data to determine if HANA HA nodes share the same zone. * hanapdrestore - do not delete PDs in case of failures * Create discoverHANATenantDBs method to support multiple SIDs for HANA tenant DBs * Send additional fields in Data Warehouse WriteInsightRequest * Updating the username parameters for hana pd backup and restore * Retrieve Reliability data every 2 hours instead of 24 * Discover HANA version * Fix import for GitHub build * Add instance properties, and topology information to system data * Keep the device nam and disk name same after restore * Move sapdiscovery package into system package * Changer the default name of the disk created by restore workflow * Updates the generated protobuf go for system.proto * Update generated system proto * Update go.yml * Add topology and instance properties info to SAP System data * Add a check to verify the disk is attached to instance, fail if disk is not attached * Add application and database software properties to system representation * Fix race condition in heartbeat test case * Add error handling to restore workflow to try and keep the HANA system in a clean state on failures * Enable LogToCloud by default for both OTE and Daemon modes * Bump Agent version to 3.0 * Reliability OTE added to SAP Agent * Declare public Get interface for SAP System discovery data * Integration testing for Networkstats Package * Adding project sap-ecs-testing to the list * Adding one time execution for enabling/disabling of features * Change to using custom retries for initial bucket connection * Default collection definition to be fetched from GCS * Add a 2 minute context timeout for initial bucket connection * Add `collection_config_version` as a WLM system metric * Make project, host param optional for hanapdbackup, in addition make user param optional for hanapdrestore * Fix potential nil dereference WLM metrics collection * Add force-stop-hana to restore workflow to forcefully stop HANA when the param is passed * Rename the HANA PD snapshot and restore workflows * Add unit tests for GetProvisionIOps and GetProvisionedThoughput * Remove the TestCollect unit test which relies on nc command which can be flaky in unit tests * Increase Backint timeout for PIPE files to 3 minutes * Add XFS freeze and unfreeze to PD based snapshot Package google-guest-agent was updated: Package google-guest-oslogin was updated: Package graphviz was updated: - VUL-0: CVE-2023-46045: graphviz: out-of-bounds read via a crafted config6a file bsc#1219491 A gvc-detect-plugin-installation-failure-and-display-an-error.patch Package growpart-rootgrow was updated: - Update to version 1.0.7 (bsc#1219941) + Support root to be in a btrfs snapshot + 1.0.6 had different implementation for btrfs in snapshot support Package grub2 was updated: - Fix LPAR falls into grub shell after installation with lvm (bsc#1221866) * 0001-ofdisk-Enhance-canonical-path-handling-for-bootpath.patch - Fix memdisk becomes the default boot entry, resolving no graphic display device error in guest vnc console (bsc#1221779) * grub2-xen-pv-firmware.cfg - Fix grub.xen memdisk script doesn't look for /boot/grub/grub.cfg (bsc#1219248) (bsc#1181762) * grub2-xen-pv-firmware.cfg * 0001-disk-Optimize-disk-iteration-by-moving-memdisk-to-th.patch - Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to SLE-15-SP2 (bsc#1217102) * add 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch * add 0002-ofdisk-add-early_log-support.patch Package hawk2 was updated: - Update to version 2.6.4+git.1708604510.dc8c081f: * Enable ACL (bsc#1214396,bsc#1219548) Package kdump was updated: - dracut: always create fstab, even if empty (bsc#1218494)- fix NOSPLIT option - Honor the KDUMP_VERBOSE setting in kdump-save Package krb5 was updated: - Fix memory leaks, add patch 0010-Fix-three-memory-leaks.patch * CVE-2024-26458, bsc#1220770 * CVE-2024-26461, bsc#1220771 * CVE-2024-26462, bsc#1220772 Package resource-agents was updated: - resource-agents:azure-lb IPv6 support (bsc#1220997) Add patch: 0001-Support-IPv6-with-Azure-load-balncer.patch Package less was updated: - Fix CVE-2022-48624, LESSCLOSE handling in less does not quote shell metacharacters, bsc#1219901 * CVE-2022-48624.patch Package gcc13 was updated: - Add gcc13-pr111731.patch to fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [boo#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Use %patch -P N instead of %patchN. - Add gcc13-sanitizer-remove-crypt-interception.patch to remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Update to gcc-13 branch head, 67ac78caf31f7cb3202177e642, git8285 - Add gcc13-pr88345-min-func-alignment.diff to add support for - fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Update to gcc-13 branch head, fc7d87e0ffadca49bec29b2107, git8250 * Includes fix for building TVM. [boo#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [boo#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [boo#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Update to gcc-13 branch head, 36ddb5230f56a30317630a928, git8205 - Update to gcc-13 branch head, 741743c028dc00f27b9c8b1d5, git8109 * Includes fix for building mariadb on i686. [bsc#1217667] * Remove pr111411.patch contained in the update. - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] Package avahi was updated: - Add avahi-CVE-2023-38471.patch: Extract host name using avahi_unescape_label (bsc#1216594, CVE-2023-38471). - Add avahi-CVE-2023-38469.patch: Reject overly long TXT resource records (bsc#1216598, CVE-2023-38469). Package util-linux was updated: - Properly neutralize escape sequences in wall (util-linux-CVE-2024-28085.patch, bsc#1221831, CVE-2024-28085, and its prerequisites: util-linux-fputs_careful1.patch, util-linux-wall-migrate-to-memstream.patch util-linux-fputs_careful2.patch). Package c-ares was updated: - CVE-2024-25629.patch: fix out of bounds read in ares__read_line() (bsc#1220279, CVE-2024-25629) Package duktape was updated: Package mozilla-nss was updated: - update to NSS 3.90.2 * bmo#1780432 - (CVE-2023-5388) Timing attack against RSA decryption in TLS. (bsc#1216198) * bmo#1867408 - add a defensive check for large ssl_DefSend return values. Package ncurses was updated: - Add patch ncurses-6.1-bsc1220061.patch (bsc#1220061, CVE-2023-45918) * Backport from ncurses-6.4-20230615.patch improve checks in convert_string() for corrupt terminfo entry Package nftables was updated: - port python-single-spec logic from Factory package to allow shipment of python311 modules as well (bsc#1219253). Package nghttp2 was updated: - security update- added patches fix CVE-2024-28182 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks + nghttp2-CVE-2024-28182-1.patch fix CVE-2024-28182-2 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks + nghttp2-CVE-2024-28182-2.patch Package openssl-1_1 was updated: - Security fix: [bsc#1219243, CVE-2024-0727] * Add NULL checks where ContentInfo data can be NULL * Add openssl-CVE-2024-0727.patch Package polkit was updated: Package protobuf was updated: - update to 25.1: * Raise warnings for deprecated python syntax usages * Add support for extensions in CRuby, JRuby, and FFI Ruby * Add support for options in CRuby, JRuby and FFI (#14594) - update to 25.0: * Implement proto2/proto3 with editions * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Editions: Introduce functionality to protoc for generating edition feature set defaults. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Editions: Refactor feature resolution to use an intermediate message. * Publish extension declarations with declaration verifications. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Protoc: parser rejects explicit use of map_entry option * Protoc: validate that reserved range start is before end * Protoc: support identifiers as reserved names in addition to string literals (only in editions) * Drop support for Bazel 5. * Allow code generators to specify whether or not they support editions. [#] C++ * Set `PROTOBUF_EXPORT` on `InternalOutOfLineDeleteMessageLite()` * Update stale checked-in files * Apply PROTOBUF_NOINLINE to declarations of some functions that want it. * Implement proto2/proto3 with editions * Make JSON UTF-8 boundary check inclusive of the largest possible UTF-8 character. * Reduce `Map::size_type` to 32-bits. Protobuf containers can't have more than that * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Fix bug in reflection based Swap of map fields. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Add prefetching to arena allocations. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated repeated and map field accessors. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated string field accessors. * Editions: Refactor feature resolution to use an intermediate message. * Fixes for 32-bit MSVC. * Publish extension declarations with declaration verifications. * Export the constants in protobuf's any.h to support DLL builds. * Implement AbslStringify for the Descriptor family of types. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated message field accessors. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Introduce C++ feature for UTF8 validation. * Protoc: validate that reserved range start is before end * Remove option to disable the table-driven parser in protoc. * Lock down ctype=CORD in proto file. * Support split repeated fields. * In OSS mode omit some extern template specializations. * Allow code generators to specify whether or not they support editions. [#] Java * Implement proto2/proto3 with editions * Remove synthetic oneofs from Java gencode field accessor tables. * Timestamps.parse: Add error handling for invalid hours/minutes in the timezone offset. * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Add missing debugging version info to Protobuf Java gencode when multiple files are generated. * Fix a bad cast in putBuilderIfAbsent when already present due to using the result of put() directly (which is null if it currently has no value) * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Fix a NPE in putBuilderIfAbsent due to using the result of put() directly (which is null if it currently has no value) * Update Kotlin compiler to escape package names * Add MapFieldBuilder and change codegen to generate it and the put{field}BuilderIfAbsent method. * Introduce recursion limit in Java text format parsing * Consider the protobuf.Any invalid if typeUrl.split(&quot;/&quot;) returns an empty array. * Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated. * Fixed Python memory leak in map lookup. * Loosen upb for json name conflict check in proto2 between json name and field * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Ensure Timestamp.ToDatetime(tz) has correct offset * Do not check required field for upb python MergeFrom * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Comparing a proto message with an object of unknown returns NotImplemented * Emit __slots__ in pyi output as a tuple rather than a list for --pyi_out. * Fix a bug that strips options from descriptor.proto in Python. * Raise warings for message.UnknownFields() usages and navigate to the new add * Add protobuf python keyword support in path for stub generator. * Add tuple support to set Struct * ### Python C-Extension (Default) * Comparing a proto message with an object of unknown returns NotImplemented * Check that ffi-compiler loads before using it to define tasks. [#] UPB (Python/PHP/Ruby C-Extension) * Include .inc files directly instead of through a filegroup * Loosen upb for json name conflict check in proto2 between json name and field * Add utf8_validation feature back to the global feature set. * Do not check required field for upb python MergeFrom * Merge the protobuf and upb Bazel repos * Added malloc_trim() calls to Python allocator so RSS will decrease when memory is freed * Upb: fix a Python memory leak in ByteSize() * Support ASAN detection on clang * Upb: bugfix for importing a proto3 enum from within a proto2 file * Expose methods needed by Ruby FFI using UPB_API * Fix `PyUpb_Message_MergeInternal` segfault - build against modern python on sle15 - Build with source and target levels 8 * fixes build with JDK21 - Install the pom file with the new %%mvn_install_pom macro - Do not install the pom-only artifacts, since the %%mvn_install_pom macro resolves the variables at the install time - update to 23.4: * Add dllexport_decl for generated default instance. * Deps: Update Guava to 32.0.1 - update to 23.3: C++ * Regenerate stale files * Use the same ABI for static and shared libraries on non- Windows platforms * Add a workaround for GCC constexpr bug Objective-C * Regenerate stale files UPB (Python/PHP/Ruby C-Extension) * Fixed a bug in `upb_Map_Delete()` that caused crashes in map.delete(k) for Ruby when string-keyed maps were in use. Compiler * Add missing header to Objective-c generator * Add a workaround for GCC constexpr bug Java * Rollback of: Simplify protobuf Java message builder by removing methods that calls the super class only. Csharp * [C#] Replace regex that validates descriptor names - drop 0001-Use-the-same-ABI-for-static-and-shared-libraries-on-.patch (upstream) - Add patch to fix linking ThreadSafeArena: * 0001-Use-the-same-ABI-for-static-and-shared-libraries-on-.patch - Drop the protobuf-source package, no longer used - update to 22.5: C++ * Add missing cstdint header * Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700) * Avoid using string(JOIN..., which requires cmake 3.12 * Explicitly include GTest package in examples * Bump Abseil submodule to 20230125.3 (#12660) - update to 22.4: C++ * Fix libprotoc: export useful symbols from .so * Fix btree issue in map tests. Python * Fix bug in _internal_copy_files where the rule would fail in downstream repositories. Other * Bump utf8_range to version with working pkg-config (#12584) * Fix declared dependencies for pkg-config * Update abseil dependency and reorder dependencies to ensure we use the version specified in protobuf_deps. * Turn off clang::musttail on i386 - drop python2 handling - fix version handling and package the private libs again - Fix confusion in versions - Mention the rpmlintrc file in the spec. - Make possible to build on older systems, like SLE12 that miss some of the used macros. - update to v22.3 UPB (Python/PHP/Ruby C-Extension) * Remove src prefix from proto import * Fix .gitmodules to use the correct absl branch * Remove erroneous dependency on googletest - update to 22.2: Java * Add version to intra proto dependencies and add kotlin stdlib dependency * Add $ back for osgi header * Remove $ in pom files - update to 22.1: * Add visibility of plugin.proto to python directory * Strip &quot;src&quot; from file name of plugin.proto * Add OSGi headers to pom files. * Remove errorprone dependency from kotlin protos. * Version protoc according to the compiler version number. - update to 22.0: * This version includes breaking changes to: Cpp. Please refer to the migration guide for information: https://protobuf.dev/support/migration/#compiler-22 * [Cpp] Migrate to Abseil's logging library. * [Cpp] `proto2::Map::value_type` changes to `std::pair`. * [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream, and DefaultFieldComparator classes. * [Cpp] Add a dependency on Abseil (#10416) * [Cpp] Remove all autotools usage (#10132) * [Cpp] Add C++20 reserved keywords * [Cpp] Dropped C++11 Support * [Cpp] Delete Arena::Init * [Cpp] Replace JSON parser with new implementation * [Cpp] Make RepeatedField::GetArena non-const in order to support split RepeatedFields. * long list of bindings specific fixes see https://github.com/protocolbuffers/protobuf/releases/tag/v22.0 - python sub packages version is set 4.22.3 as defined in python/google/protobuf/__init__.py to stay compatible - skip python2 builds by default - drop patches: * 10355.patch, * gcc12-disable-__constinit-with-c++-11.patch (merged upstream) - added patches: * add-missing-stdint-header.patch added for compile fixes - Enable LTO (boo#1133277). - update to v21.12: * Python * Fix broken enum ranges (#11171) * Stop requiring extension fields to have a sythetic oneof (#11091) * Python runtime 4.21.10 not works generated code can not load valid proto. - update to 21.11: * Python * Add license file to pypi wheels (#10936) * Fix round-trip bug (#10158) - update to 21.10: * Java * Use bit-field int values in buildPartial to skip work on unset groups of fields. (#10960) * Mark nested builder as clean after clear is called (#10984) - update to 21.9: * Ruby * Replace libc strdup usage with internal impl to restore musl compat (#10818) * Auto capitalize enums name in Ruby (#10454) (#10763) * Other * Fix for grpc.tools #17995 &amp; protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721) * C++ * 21.x No longer define no_threadlocal on OpenBSD (#10743) * Java * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771) * Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. * Move proto wireformat parsing functionality from the private &quot;parsing constructor&quot; to the Builder class. * Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. * Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. * Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. - update to 21.6: C++: * Reduce memory consumption of MessageSet parsing - update to 21.5: PHP * Added getContainingOneof and getRealContainingOneof to descriptor. * fix PHP readonly legacy files for nested messages Python * Fixed comparison of maps in Python. - add 10355.patch to fix soversioning - update to 21.4: * Reduce the required alignment of ArenaString from 8 to 4 - update to 21.3: * C++ * Add header search paths to Protobuf-C++.podspec (#10024) * Fixed Visual Studio constinit errors (#10232) * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271) * UPB * Allow empty package names (fixes behavior regression in 4.21.0) * Fix a SEGV bug when comparing a non-materialized sub-message (#10208) * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name) * for x in mapping now yields keys rather than values, to match Python conventions and the behavior of the old library. * Lookup operations now correctly reject unhashable types as map keys. * We implement repr() to use the same format as dict. * Fix maps to use the ScalarMapContainer class when appropriate * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717) * PHP * Add &quot;readonly&quot; as a keyword for PHP and add previous classnames to descriptor pool (#10041) * Python * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118) * Bazel * Add back a filegroup for :well_known_protos (#10061) - Update to 21.2: - C++ - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614) - Escape GetObject macro inside protoc-generated code (#9739) - Update CMake configuration to add a dependency on Abseil (#9793) - Fix cmake install targets (#9822) - Use __constinit only in GCC 12.2 and up (#9936) - Java - Update protobuf_version.bzl to separate protoc and per-language java … (#9900) - Python - Increment python major version to 4 in version.json for python upb (#9926) - The C extension module for Python has been rewritten to use the upb library. - This is expected to deliver significant performance benefits, especially when parsing large payloads. There are some minor breaking changes, but these should not impact most users. For more information see: https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates - PHP - [PHP] fix PHP build system (#9571) - Fix building packaged PHP extension (#9727) - fix: reserve &quot;ReadOnly&quot; keyword for PHP 8.1 and add compatibility (#9633) - fix: phpdoc syntax for repeatedfield parameters (#9784) - fix: phpdoc for repeatedfield (#9783) - Change enum string name for reserved words (#9780) - chore: [PHP] fix phpdoc for MapField keys (#9536) - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996) - Ruby - Allow pre-compiled binaries for ruby 3.1.0 (#9566) - Implement respond_to? in RubyMessage (#9677) - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722) - Do not use range based UTF-8 validation in truffleruby (#9769) - Improve range handling logic of RepeatedField (#9799) - Other - Fix invalid dependency manifest when using descriptor_set_out (#9647) - Remove duplicate java generated code (#9909) - Do not use %%autosetup, but %%setup and %%patch on other line * Allows building on SLE-12-SP5 - Add temporary patch gcc12-disable-__constinit-with-c++-11.patch that addresses gh#protocolbuffers/protobuf#9916. Package python3 was updated: - Add bpo38361-syslog-no-slash-ident.patch (bsc#1222109, gh#python/cpython!16557) fixes syslog making default &quot;ident&quot; from sys.argv[0]. - (bsc#1219666, CVE-2023-6597) Add CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from gh#python/cpython!99930) fixing symlink bug in cleanup of tempfile.TemporaryDirectory. - Merge together bpo-36576-skip_tests_for_OpenSSL-111.patch into skip_SSL_tests.patch, and make them include all conditionals. - Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). Package libsolv was updated: - build for multiple python versions [jsc#PED-6218]- bump version to 0.7.28 Package libssh was updated: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) * Added libssh-fix-ipv6-hostname-regression.patch Package libssh2_org was updated: - Fix an issue with Encrypt-then-MAC family. [bsc#1221622] * Test the ETM feature in the remote end's configuration when receiving data. Upstream issue: #1331. * Add libssh2_org-ETM-remote.patch - Always add the KEX pseudo-methods &quot;ext-info-c&quot; and &quot;kex-strict-c-v00@openssh.com&quot; when configuring custom method list. [bsc#1218971, CVE-2023-48795] * The strict-kex extension is announced in the list of available KEX methods. However, when the default KEX method list is modified or replaced, the extension is not added back automatically. * Add libssh2_org-CVE-2023-48795-ext.patch Package suseconnect-ng was updated: - Allow &quot;--rollback&quot; flag to run on readonly filesystem (bsc#1220679) - Update to version 1.7.0 * Allow SUSEConnect on read write transactional systems (bsc#1219425) Package tiff was updated: - security update: * CVE-2023-40745[bsc#1214687] CVE-2023-41175[bsc#1214686] [bsc#1221187] CVE-2023-38288[bsc#1213590] Fix potential int overflow in raw2tiff.c and tiffcp.c Rename tiff-CVE-2023-38288.patch into tiff-CVE-2023-38288,CVE-2023-40745,CVE-2023-41175.patch - security update: * CVE-2023-52356 [bsc#1219213] Fix segfault in TIFFReadRGBATileExt() + tiff-CVE-2023-52356.patch Package libvirt was updated: - CVE-2024-2494: remote: check for negative array lengths before allocation bsc#1221815 - interface: fix udev_device_get_sysattr_value return value check CVE-2024-2496 bsc#1221468 - Fix off-by-one error in udevListInterfacesByStatus CVE-2024-1441 bsc#1221237 - qemu: domain: Fix logic when tainting domain bsc#1220512 - conf: Remove some firmware validation checks bsc#1216980 - libxl: Fix connection to modular network daemon bsc#1214223 Package libxkbcommon was updated: - enable 32bit libxkbregistry0 and libxkbregistry0-devel for use by Wine. (bsc#1218639) Package libxml2 was updated: - Security fix (CVE-2024-25062, bsc#1219576) use-after-free in XMLReader * Added libxml2-CVE-2024-25062.patch Package libzypp was updated: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) Some install workflows in YAST may lead to too restrictive (0700) raw cache directories in case of newly created repos. Later commands running with user privileges may not be able to access these repos. - version 17.32.4 (32) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed. - version 17.32.3 (32) - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) Fixed the name of the keyword to &quot;support_superseded&quot; as it was agreed on in jsc#OBS-301. - version 17.32.2 (32) - Add resolver option 'removeUnneeded' to file weak remove jobs for unneeded packages (bsc#1175678) - version 17.32.1 (32) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Tests: fix vsftpd.conf where SUSE and Fedora use different defaults (fixes #522) - Add default stripe minimum (#529) - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config. - version 17.32.0 (32) - ProblemSolution::skipsPatchesOnly overload to handout the patches. - Remove https-&gt;http redirection exceptions for download.opensuse.org. - version 17.31.32 (22) - tui: allow to access the underlying ostream of out::Info. - Add MLSep: Helper to produce not-NL-terminated multi line output. - version 17.31.31 (22) - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Add ProblemSolution::skipsPatchesOnly (for openSUSE/zypper#514) - Fix problems with EINTR in ExternalDataSource::getline (fixes bsc#1215698) - version 17.31.30 (22) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) - Make Wakeup class EINTR safe. - Add a way to cancel media operations on shutdown (openSUSE/zypper#522) This patch adds a mechanism to signal libzypp that a shutdown was requested, usually when CTRL+C was pressed by the user. Currently only the media backend will utilize this, but can be extended to all code paths that use g_poll() to wait for events. - Manually poll fds for curl in MediaCurl. Using curl_easy_perform does not give us the required control on when we want to cancel a download. Switching to the MultiCurl implementation with a external poll() event loop will give us much more freedom and helps us to improve our Ctrl+C handling. - Move reusable curl poll code to curlhelper.h. - version 17.31.29 (22) - Fix to build with libxml 2.12.x (fixes #505) - version 17.31.28 (22) Package lifecycle-data-sle-module-live-patching was updated: - Added data for 4_12_14-150100_197_168, 5_14_21-150400_24_103, 5_14_21-150400_24_108, 5_14_21-150500_55_44, 5_14_21-150500_55_49, 5_3_18-150200_24_175, 5_3_18-150200_24_178, 5_3_18-150300_59_147, 5_3_18-150300_59_150, +kernel-livepatch-5_14_21-150400_15_65-rt,*,+kernel-livepatch-5_14_21-150400_15_68-rt,*,+kernel-livepatch-5_14_21-150500_13_30-rt,*,+kernel-livepatch-5_14_21-150500_13_35-rt,*. (bsc#1020320) - Added data for 4_12_14-150100_197_160, 4_12_14-150100_197_165, 5_14_21-150400_24_100, 5_14_21-150400_24_66, 5_14_21-150400_24_88, 5_14_21-150400_24_92, 5_14_21-150400_24_97, 5_14_21-150500_55_28, 5_14_21-150500_55_31, 5_14_21-150500_55_36, 5_14_21-150500_55_39, 5_3_18-150200_24_166, 5_3_18-150200_24_169, 5_3_18-150200_24_172, 5_3_18-150300_59_138, 5_3_18-150300_59_141, 5_3_18-150300_59_144, +kernel-livepatch-5_14_21-150400_15_53-rt,*,+kernel-livepatch-5_14_21-150400_15_56-rt,*,+kernel-livepatch-5_14_21-150400_15_59-rt,*,+kernel-livepatch-5_14_21-150400_15_62-rt,*,+kernel-livepatch-5_14_21-150500_13_18-rt,*,+kernel-livepatch-5_14_21-150500_13_21-rt,*,+kernel-livepatch-5_14_21-150500_13_24-rt,*,+kernel-livepatch-5_14_21-150500_13_27-rt,*. (bsc#1020320) Package shadow was updated: - bsc#1176006: Fix chage date miscalculation Add shadow-bsc1176006-chage-date.patch - bsc#1188307: Fix passwd segfault Add shadow-bsc1188307-passwd-segfault.patch - bsc#1203823: Remove pam_keyinit from PAM config files Remove pam_keyinit from PAM configuration. This was introduced for bsc#1144060. Package netcfg was updated: Package nvme-cli was updated: - Update to version 2.4+32.g2e2531a: * nvme-netapp: add nspath tlv handling (bsc#1220971) Package openssh was updated: - Add patches from upstream to change the default value of UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled). This makes ssh update the known_hosts stored keys with all published versions by the server (after it's authenticated with an existing key), which will allow to identify the server with a different key if the existing key is considered insecure at some point in the future (bsc#1222831). * 0001-upstream-enable-UpdateHostkeys-by-default-when-the.patch * 0002-upstream-disable-UpdateHostkeys-by-default-if.patch - Add patches openssh-7.7p1-seccomp_getuid.patch and openssh-bsc1216474-s390-leave-fds-open.patch (bsc#1216474, bsc#1218871) - Fix hostbased ssh login failing occasionally with &quot;signature unverified: incorrect signature&quot; by fixing a typo in patch (bsc#1221123): * openssh-7.8p1-role-mls.patch - Added openssh-cve-2023-51385.patch (bsc#1218215, CVE-2023-51385). This limits the use of shell metacharacters in host- and user names. Package pacemaker was updated: - libcrmservice: avoid async zombie children by resending ignored SIGCHLD (bsc#1216972, gh#ClusterLabs/pacemaker#3374) * bsc#1216972-0001-Fix-libcrmservice-avoid-async-zombie-children-by-res.patch - fencer: fix pcmk_delay_max description (gh#ClusterLabs/pacemaker#3373) * pacemaker#3373-0001-Doc-fencer-fix-pcmk_delay_max-description.patch - libcrmcommon: avoid file descriptor leak in IPC client with async connection (bsc#1219323, gh#ClusterLabs/pacemaker#3351) * bsc#1219323-0001-Fix-libcrmcommon-avoid-file-descriptor-leak-in-IPC-c.patch - libcrmcommon: Always output request= in XML output. (gh#ClusterLabs/pacemaker#3362) * pacemaker#3362-0001-Low-libcrmcommon-Always-output-request-in-XML-output.patch - libcrmcommon: crm_xml_escape() shouldn't stop on Unicode characters (gh#ClusterLabs/pacemaker#3323) * pacemaker#3323-0001-Low-libcrmcommon-crm_xml_escape-shouldn-t-stop-on-Un.patch - tools: crm_attribute emits garbage for --node localhost or auto (gh#ClusterLabs/pacemaker#3339) * pacemaker#3339-0001-Fix-tools-crm_attribute-emits-garbage-for-node-local.patch - tools: Fix memory leak in crm_mon with HTML output (gh#ClusterLabs/pacemaker#3332) * pacemaker#3332-0001-Low-tools-Fix-memory-leak-in-crm_mon-with-HTML-outpu.patch - tools: crm_mon segfaults when fencer connection is lost (bsc#1219220, gh#ClusterLabs/pacemaker#3331) * bsc#1219220-0001-Fix-tools-crm_mon-segfaults-when-fencer-connection-i.patch - attrd: write Pacemaker Remote node attributes even if not in cache (gh#ClusterLabs/pacemaker#3304) * pacemaker#3304-0001-Fix-attrd-write-Pacemaker-Remote-node-attributes-eve.patch - agents: Use attrd_updater dampen delay in SysInfo (gh#ClusterLabs/pacemaker#3286) * pacemaker#3286-0002-Fix-agents-Use-attrd_updater-dampen-delay-in-SysInfo.patch - libcrmcommon: Check correct env vars in pcmk__node_attr_target() (gh#ClusterLabs/pacemaker#3286) * pacemaker#3286-0001-Low-libcrmcommon-Check-correct-env-vars-in-pcmk__nod.patch - scheduler: restore nvpair behavior without id-ref (gh#ClusterLabs/pacemaker#3292) * pacemaker#3292-0004-Low-scheduler-restore-nvpair-behavior-without-id-ref.patch - scheduler: reject expression without op sooner (gh#ClusterLabs/pacemaker#3292) * pacemaker#3292-0003-Low-scheduler-reject-expression-without-op-sooner.patch - libcrmcommon: fix NULL dereference in expand_idref() (gh#ClusterLabs/pacemaker#3292) * pacemaker#3292-0002-Low-libcrmcommon-fix-NULL-dereference-in-expand_idre.patch - scheduler: improve logs for invalid id-ref's (gh#ClusterLabs/pacemaker#3292) * pacemaker#3292-0001-Log-scheduler-improve-logs-for-invalid-id-ref-s.patch - pacemaker-attrd,libcrmcluster: avoid use-after-free when remote node in cluster node cache (gh#ClusterLabs/pacemaker#3293) * pacemaker#3293-0002-Fix-pacemaker-attrd-libcrmcluster-avoid-use-after-fr.patch - libcrmcluster: avoid use-after-free in trace log (gh#ClusterLabs/pacemaker#3293) * pacemaker#3293-0001-Low-libcrmcluster-avoid-use-after-free-in-trace-log.patch - HealthSmart: Check the parameter values of check_temperature to avoid error output (gh#ClusterLabs/pacemaker#3289) * pacemaker#3289-0001-Fix-HealthSmart-Check-the-parameter-values-of-check_.patch - agents: handle dampening parameter consistently and correctly * 0001-Fix-agents-handle-dampening-parameter-consistently-a.patch - crm_resource: make --wait wait for pending actions in CIB * 0001-Refactor-crm_resource-make-wait-wait-for-pending-act.patch - scheduler: don't show pending nodes as having &quot;&lt;3.15.1&quot; feature set * 0001-Fix-scheduler-don-t-show-pending-nodes-as-having-3.1.patch - scheduler: avoid double free with disabled recurring actions * 0001-Fix-scheduler-avoid-double-free-with-disabled-recurr.patch - agents: HealthCPU - fix the validation of input * 0001-fix-the-validation-of-input.patch - controller: don't try to execute agent action at shutdown * 0001-Fix-controller-don-t-try-to-execute-agent-action-at-.patch - tools: The dampen parameter is disabled when setting values with attrd_updater. * 0001-High-tools-The-dampen-parameter-is-disabled-when-set.patch - libcrmcommon: wait for reply from appropriate controller commands (bsc#1218312, rh#2225631, rh#2221084) * bsc#1218312-0001-Fix-libcrmcommon-wait-for-reply-from-appropriate-con.patch Package pam-config was updated: - Fix pam_gnome_keyring module for AUTH. [pam-config-fix-pam_gnome_keyring.patch, bsc#1219767] Package perl-Bootloader was updated: - merge gh#openSUSE/perl-bootloader#166- log grub2-install errors correctly (bsc#1221470) - 0.947 - merge gh#openSUSE/perl-bootloader#161 - support old grub versions (&lt;= 2.02) that used /usr/lib (bsc#1218842) - create EFI boot fallback directory if necessary - 0.946 Package python-instance-billing-flavor-check was updated: - Version 0.0.6 (bsc#1218561) Support proxy setup on the client to access the update infrastructure API - Version 0.0.5 Add IPv6 support (bsc#1218739) Package python3-M2Crypto was updated: - Disable broken tests with openssl 3.2, bsc#1217782 - add timeout_300hz.patch to accept a small deviation from time in the testsuite (bsc#1212757) - Adapt tests for OpenSSL v3.1.0 * Add openssl-adapt-tests-for-3.1.0.patch - add openssl-stop-parsing-header.patch (bsc#1205042) - add m2crypto-0.38-ossl3-tests.patch Package python-idna was updated: - Add CVE-2024-3651.patch, backported from upstream commit gh#kjd/idna#172/commits/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7 (bsc#1222842, CVE-2024-3651) Package python-pycryptodome was updated: - Add CVE-2023-52323-side_channel-RSA_decrypt.patch (bsc#1218564, CVE-2023-52323) fixing side-channel leakage in RSA decryption. - Add CVE-2023-52323-const_time-decoding.patch (bsc#1218564, CVE-2023-52323) using constant-time (faster) padding decoding also for OAEP. Package rpm-ndb was updated: Package rubygem-rack was updated: - security update- added patches fix CVE-2024-25126 [bsc#1220239], Denial of Service Vulnerability in Rack Content-Type Parsing + rubygem-rack-CVE-2024-25126.patch fix CVE-2024-26141 [bsc#1220242], Denial of Service Vulnerability in Range request header parsing + rubygem-rack-CVE-2024-26141.patch fix CVE-2024-26146 [bsc#1220248], Denial of Service vulnerability in Rack headers parsing routine + rubygem-rack-CVE-2024-26146.patch Package runc was updated: - Add upstream patch &lt;https://github.com/opencontainers/runc/pull/4219&gt; to properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050 + 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch + 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch + 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch - Update to runc v1.1.12. Upstream changelog is available from &lt;https://github.com/opencontainers/runc/releases/tag/v1.1.12&gt;. bsc#1218894 * This release fixes a container breakout vulnerability (CVE-2024-21626). For more details, see the upstream security advisory: &lt;https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv&gt; * Remove upstreamed patches: - CVE-2024-21626.patch * Update runc.keyring to match upstream changes. [ This was only ever released for SLES. ] - Add upstream patch to fix embargoed issue CVE-2024-21626. bsc#1218894 &lt;https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv&gt; + CVE-2024-21626.patch - Update to runc v1.1.11. Upstream changelog is available from &lt;https://github.com/opencontainers/runc/releases/tag/v1.1.11&gt;. Package sapconf was updated: - add require of package sysctl-logger for 15SP4 and 15SP5 too (jsc#PED-6220) - version update from 5.0.6 to 5.0.7 - add require of package sysctl-logger for 15SP6 (jsc#PED-5025) - suppress error message regarding missing systemd service file during posttrans script Package saptune was updated: - add require of package sysctl-logger for 15SP4 and 15SP5 too (jsc#PED-6220) - update package version of saptune to 3.1.2 * to support setups with saptune monitoring and heavy automation we limited the setting of our saptune lock to commands having the potential to change anything in the system. (bsc#1219500) * fix timestamp in log messages of saptune * remove redundant version information in header comment of note definition files * SAP Note 1656250 updated to Version 63 SAP Note 1771258 updated to Version 8 SAP Note 2382421 updated to Version 45 SAP Note 3024346 updated to Version 10 but without parameter value changes, only house keeping of the version section and comment updates * SAP Note 1984787 updated to Version 42 SAP Note 2578899 updated to Version 47 - add require of package sysctl-logger for 15SP6 (jsc#PED-5025) Package sed was updated: - 0001-sed-set-correct-umask-on-temporary-files.patch Fix for bsc#1221218 Package 000release-packages:sle-ha-release was updated: Package 000release-packages:sle-module-basesystem-release was updated: Package 000release-packages:sle-module-containers-release was updated: Package 000release-packages:sle-module-desktop-applications-release was updated: Package 000release-packages:sle-module-development-tools-release was updated: Package 000release-packages:sle-module-live-patching-release was updated: Package 000release-packages:sle-module-public-cloud-release was updated: Package 000release-packages:sle-module-python3-release was updated: Package 000release-packages:sle-module-sap-applications-release was updated: Package 000release-packages:sle-module-server-applications-release was updated: Package 000release-packages:sle-module-web-scripting-release was updated: Package sudo was updated: - Fix NOPASSWD issue introduced by patches for CVE-2023-42465 [bsc#1221151, bsc#1221134] * Update sudo-CVE-2023-42465-1of2.patch sudo-CVE-2023-42465-2of2.patch * Enable running regression selftests during build time. - Security fix: [bsc#1219026, bsc#1220389, CVE-2023-42465] * Try to make sudo less vulnerable to ROWHAMMER attacks. * Add sudo-CVE-2023-42465-1of2.patch sudo-CVE-2023-42465-2of2.patch Package supportutils-plugin-ha-sap was updated: - Update to version 0.0.5+git.1709295499.1c8e8cd * adapt documentation links * add support for SAP systemd services regarding SID retrieval * add information about SAP related systemd services * add information about sapcontrol function GetStartProfile * add information from daemon.ini * collect hook script logs (suschksrv and saphanasr_multitarget_hook) * collect logs of sap_suse_cluster_connector and sapstartsrv * Add python version * Check sudoers for srhook configuration Package supportutils-plugin-suse-public-cloud was updated: - Update to version 1.0.9 (bsc#1218762, bsc#1218763) + Remove duplicate data collection for the plugin itself + Collect archive metering data when available + Query billing flavor status Package supportutils was updated: - Changes to version 3.1.29 + Extended scaling for performance (bsc#1214713) + Fixed kdumptool output error (bsc#1218632) + Corrected podman ID errors (bsc#1218812) + Duplicate non root podman entries removed (bsc#1218814) + Corrected get_sles_ver for SLE Micro (bsc#1219241) + Check nvidida-persistenced state (bsc#1219639) - Additional changes in version 3.1.28 + ipset - List entries for all sets + ipvsadm - Inspect the virtual server table (pr#185) + Correctly detects Xen Dom0 (bsc#1218201) + Fixed smart disk error (bsc#1218282) - Changes in version 3.1.28 + Inhibit the conversion of port numbers to port names for network files (cherry picked from commit 55f5f716638fb15e3eb1315443949ed98723d250) + powerpc: collect rtas_errd.log and lp_diag.log files (pr#175) + Get list of pam.d file (cherry picked from commit eaf35c77fd4bc039fd7e3d779ec1c2c6521283e2) + Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173) + Added missing klp information to kernel-livepatch.txt (bsc#1216390) + Fixed plugins creating empty files when using supportconfig.rc (bsc#1216388) + Provides long listing for /etc/sssd/sssd.conf (bsc#1211547) + Optimize lsof usage (bsc#1183663) + Added mokutil commands for secureboot (pr#179) + Collects chrony or ntp as needed (bsc#1196293) - Changes in version 3.1.27 + Fixed podman display issue (bsc#1217287) + Added nvme-stas configuration to nvme.txt (bsc#1216049) + Added timed command to fs-files.txt (bsc#1216827) + Collects zypp history file issue#166 (bsc#1216522) + Changed -x OPTION to really be exclude only (issue#146) + Collect HA related rpm package versions in ha.txt (pr#169) Package suse-build-key was updated: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run rpm commands in import script only when libzypp is not active. bsc#1219189 bsc#1219123 - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 Package systemd-default-settings was updated: - Import 0.10 5088997 SLE: Disable pids controller limit under user instances (jsc#SLE-10123) - Import 0.9 bb859bf user@.service: Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP. Hence the early drop-ins SUSE specific &quot;feature&quot; has been abandoned. - Import 0.8 f34372f User priority '26' for SLE-Micro c8b6f0a Revert &quot;Convert more drop-ins into early ones&quot; - Import commit 6b8dde1d4f867aff713af6d6830510a84fad58d2 6b8dde1 Convert more drop-ins into early ones Package systemd-presets-common-SUSE was updated: - Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84) Support both the old and new service to avoid complex version interdependency. Package systemd-rpm-macros was updated: - Bump version to 15 - Order packages that requires systemd after systemd-sysvcompat when this part of the transaction (bsc#1217964) systemd-sysvcompat has been introduced recently and contains the compatibility scripts used to support SysV init scripts. Make sure that the packages ordered after systemd are also ordered after systemd-sysvcompat so theirs rpm scriptlets can still rely on the compat scripts. On distributions where systemd-sysvcompat doesn't exist, the new ordering constraint should be a nop. Package timezone was updated: - update to 2024a: * Kazakhstan unifies on UTC+5. This affects Asia/Almaty and Asia/Qostanay which together represent the eastern portion of the country that will transition from UTC+6 on 2024-03-01 at 00:00 to join the western portion. (Thanks to Zhanbolat Raimbekov.) * Palestine springs forward a week later than previously predicted in 2024 and 2025. (Thanks to Heba Hamad.) Change spring-forward predictions to the second Saturday after Ramadan, not the first; this also affects other predictions starting in 2039. * Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00. (Thanks to Đoàn Trần Công Danh.) * From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00. (Thanks to Chris Walton.) * In 1911 Miquelon adopted standard time on June 15, not May 15. * The FROM and TO columns of Rule lines can no longer be &quot;minimum&quot; or an abbreviation of &quot;minimum&quot;, because TZif files do not support DST rules that extend into the indefinite past - although these rules were supported when TZif files had only 32-bit data, this stopped working when 64-bit TZif files were introduced in 1995. This should not be a problem for realistic data, since DST was first used in the 20th century. As a transition aid, FROM columns like &quot;minimum&quot; are now diagnosed and then treated as if they were the year 1900; this should suffice for TZif files on old systems with only 32-bit time_t, and it is more compatible with bugs in 2023c-and-earlier localtime.c. (Problem reported by Yoshito Umaoka.) * localtime and related functions no longer mishandle some timestamps that occur about 400 years after a switch to a time zone with a DST schedule. In 2023d data this problem was visible for some timestamps in November 2422, November 2822, etc. in America/Ciudad_Juarez. (Problem reported by Gilmore Davidson.) * strftime %s now uses tm_gmtoff if available. (Problem and draft patch reported by Dag-Erling Smørgrav.) * The strftime man page documents which struct tm members affect which conversion specs, and that tzset is called. (Problems reported by Robert Elz and Steve Summit.) - update to 2023d: * Ittoqqortoormiit, Greenland changes time zones on 2024-03-31. * Vostok, Antarctica changed time zones on 2023-12-18. * Casey, Antarctica changed time zones five times since 2020. * Code and data fixes for Palestine timestamps starting in 2072. * A new data file zonenow.tab for timestamps starting now. * Fix predictions for DST transitions in Palestine in 2072-2075, correcting a typo introduced in 2023a. * Vostok, Antarctica changed to +05 on 2023-12-18. It had been at +07 (not +06) for years. * Change data for Casey, Antarctica to agree with timeanddate.com, by adding five time zone changes since 2020. Casey is now at +08 instead of +11. * Much of Greenland, represented by America/Nuuk, changed its standard time from -03 to -02 on 2023-03-25, not on 2023-10-28. * localtime.c no longer mishandles TZif files that contain a single transition into a DST regime. Previously, it incorrectly assumed DST was in effect before the transition too. * tzselect no longer creates temporary files. * tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/. * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments. * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension. * zic no longer mishandles data for Palestine after the year 2075. - Refresh tzdata-china.diff Package util-linux-systemd was updated: - Properly neutralize escape sequences in wall (util-linux-CVE-2024-28085.patch, bsc#1221831, CVE-2024-28085, and its prerequisites: util-linux-fputs_careful1.patch, util-linux-wall-migrate-to-memstream.patch util-linux-fputs_careful2.patch). - Add upstream patch util-linux-libuuid-avoid-truncate-clocks.txt-to-improve-perform.patch bsc#1207987 gh#util-linux/util-linux@1d98827edde4 Package vim was updated: - Updated to version 9.1 with patch level 0111, fixes the following security problems * Fixing bsc#1217316 (CVE-2023-48231) - VUL-0: CVE-2023-48231: vim: Use-After-Free in win_close() * Fixing bsc#1217320 (CVE-2023-48232) - VUL-0: CVE-2023-48232: vim: Floating point Exception in adjust_plines_for_skipcol() * Fixing bsc#1217321 (CVE-2023-48233) - VUL-0: CVE-2023-48233: vim: overflow with count for :s command * Fixing bsc#1217324 (CVE-2023-48234) - VUL-0: CVE-2023-48234: vim: overflow in nv_z_get_count * Fixing bsc#1217326 (CVE-2023-48235) - VUL-0: CVE-2023-48235: vim: overflow in ex address parsing * Fixing bsc#1217329 (CVE-2023-48236) - VUL-0: CVE-2023-48236: vim: overflow in get_number * Fixing bsc#1217330 (CVE-2023-48237) - VUL-0: CVE-2023-48237: vim: overflow in shift_line * Fixing bsc#1217432 (CVE-2023-48706) - VUL-0: CVE-2023-48706: vim: heap-use-after-free in ex_substitute * Fixing bsc#1219581 (CVE-2024-22667) - VUL-0: CVE-2024-22667: vim: stack-based buffer overflow in did_set_langmap function in map.c * Fixing bsc#1215005 (CVE-2023-4750) - VUL-0: CVE-2023-4750: vim: Heap use-after-free in function bt_quickfix - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111 Package wicked was updated: - client: do not convert sec to msec twice (bsc#1222105) [+ 0005-client-do-to-not-convert-sec-to-msec-twice-bsc-1222105.patch] - addrconf: fix fallback-lease drop (bsc#1220996) [+ 0001-addrconf-fix-fallback-lease-drop-bsc-1220996.patch] - extensions/nbft: use upstream `nvme nbft show` (bsc#1221358) [+ 0002-extensions-nbft-replace-nvme-show-nbft-with-nvme-nbf.patch] - hide secrets in debug log (bsc#1221194) [+ 0003-move-all-attribute-definitions-to-compiler-h.patch] [+ 0004-hide-secrets-in-debug-log-bsc-1221194.patch] - update to version 0.6.74 + team: add new options like link_watch_policy (jsc#PED-7183) + Fix memory leaks in dbus variant destroy and fsm free (gh#openSUSE/wicked#1001) + xpath: allow underscore in node identifier (gh#openSUSE/wicked#999) + vxlan: don't format unknown rtnl attrs (bsc#1219751) - removed patches included in the source archive: [- 0009-ifreload-VLAN-changes-require-device-deletion-bsc-12.patch] [- 0008-ifcheck-fix-config-changed-check-bsc-1218926.patch] [- 0007-Fix-ifstatus-exit-code-for-NI_WICKED_ST_NO_CARRIER-s.patch] [- 0006-dhcp6-omit-the-SO_REUSEPORT-option-bsc-1215692.patch] [- 0005-duid-fix-comment-for-v6time.patch] [- 0004-rtnl-parse-peer-address-on-non-ptp-interfaces.patch] [- 0003-rtnl-pass-ifname-in-newaddr-parsing-and-logging.patch] [- 0002-system-updater-Parse-updater-format-from-XML-configu.patch] [- 0001-fix_arp_notify_loop_and_burst_sending.patch] - ifreload: VLAN changes require device deletion (bsc#1218927) [+ 0009-ifreload-VLAN-changes-require-device-deletion-bsc-12.patch] - ifcheck: fix config changed check (bsc#1218926) [+ 0008-ifcheck-fix-config-changed-check-bsc-1218926.patch] - client: fix exit code for no-carrier status (bsc#1219265) [+ 0007-Fix-ifstatus-exit-code-for-NI_WICKED_ST_NO_CARRIER-s.patch] - dhcp6: omit the SO_REUSEPORT option (bsc#1215692) [+ 0006-dhcp6-omit-the-SO_REUSEPORT-option-bsc-1215692.patch] - duid: fix comment for v6time (https://github.com/openSUSE/wicked/pull/989) [+ 0005-duid-fix-comment-for-v6time.patch] - rtnl: fix peer address parsing for non ptp-interfaces (https://github.com/openSUSE/wicked/pull/987, https://github.com/openSUSE/wicked/pull/988) [+ 0003-rtnl-pass-ifname-in-newaddr-parsing-and-logging.patch] [+ 0004-rtnl-parse-peer-address-on-non-ptp-interfaces.patch] - system-updater: Parse updater format from XML configuration to ensure install calls can run. (https://github.com/openSUSE/wicked/pull/985) [+ 0002-system-updater-Parse-updater-format-from-XML-configu.patch] Package xen was updated: - Update to Xen 4.17.4 security bug fix release (bsc#1027519) xen-4.17.4-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) - bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic for BTC/SRSO mitigations (XSA-455) - bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch History Injection (XSA-456) - Dropped patches contained in new tarball 650dac01-x86-paging-drop-update_cr3-do_locking.patch 65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch 659d44da-x86-HVM-hide-SVM-VMX-when.patch 65a7a0a4-x86-Intel-GPCC-setup.patch 65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch 65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch 65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch 65b8f9ab-VT-d-else-vs-endif-misplacement.patch 65c2104d-AMD-IVMD-memtype-check.patch 65cb29fe-x86-HVM-tidy-state-on-hvmemul_map_linear_addr.patch 65d7277f-build-fail-when-kconfig-fails.patch 65d727cf-x86emul-EVEX-R-checks.patch 65dca902-x86-spec-set-BRANCH_HARDEN-option-only-when.patch 65dcd66b-x86-entry-EFRAME_-constants.patch 65ddda52-x86-CET-stub-exn-recovery.patch 65ddea60-x86-spec-log-builtin-HARDEN-options.patch 65ddea7c-x86-spec-set-INDIRECT_THUNK-only-when-enabled.patch 65ddea90-x86-spec-dont-log-thunk-option-if-not.patch 65df3430-x86-Resync-intel-family-h.patch 65e02fce-libxl-SEGV-in-device_model_spawn_outcome.patch 65e2371b-x86-CP-allow-levelling-of-VERW-side-effects.patch 65eee676-x86-mm-last-L1e-detection-in-mxml.patch 65f079a1-VMX-perform-VERW-flushing-later.patch 65f079a2-x86-spec-ctrl-perform-VERW-flushing-later.patch 65f079a3-x86-spec-ctrl-rename-VERW-related-options.patch 65f079a4-x86-spec-ctrl-VERW-handling-adjustments.patch 65f079a5-x86-spec-ctrl-mitigate-RFDS.patch 65f079a6-swap-order-of-actions-in-FREE-macros.patch 65f079a7-x86-spinlock-block-speculation-into.patch 65f079a8-rwlock-block-speculation-into.patch 65f079a9-percpu-rwlock-block-speculation-into.patch 65f079aa-locking-wrappers-always-inline.patch 65f079ab-x86-mm-speculation-barriers-in-open-coded.patch 65f079ac-x86-protect-conditional-locking-from-speculative.patch - bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data Sampling (XSA-452) 65dcd66b-x86-entry-EFRAME_-constants.patch 65df3430-x86-Resync-intel-family-h.patch 65f079a1-VMX-perform-VERW-flushing-later.patch 65f079a2-x86-spec-ctrl-perform-VERW-flushing-later.patch 65f079a3-x86-spec-ctrl-rename-VERW-related-options.patch 65f079a4-x86-spec-ctrl-VERW-handling-adjustments.patch 65f079a5-x86-spec-ctrl-mitigate-RFDS.patch - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) 650dac01-x86-paging-drop-update_cr3-do_locking.patch 65f079a6-swap-order-of-actions-in-FREE-macros.patch 65f079a7-x86-spinlock-block-speculation-into.patch 65f079a8-rwlock-block-speculation-into.patch 65f079a9-percpu-rwlock-block-speculation-into.patch 65f079aa-locking-wrappers-always-inline.patch 65f079ab-x86-mm-speculation-barriers-in-open-coded.patch 65f079ac-x86-protect-conditional-locking-from-speculative.patch - Upstream bug fixes (bsc#1027519) 65eee676-x86-mm-last-L1e-detection-in-mxml.patch - bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs exceptions from emulation stubs (XSA-451) 65ddda52-x86-CET-stub-exn-recovery.patch - Upstream bug fixes (bsc#1027519) 659d44da-x86-HVM-hide-SVM-VMX-when.patch 65c2104d-AMD-IVMD-memtype-check.patch 65cb29fe-x86-HVM-tidy-state-on-hvmemul_map_linear_addr.patch 65d7277f-build-fail-when-kconfig-fails.patch 65d727cf-x86emul-EVEX-R-checks.patch 65dca902-x86-spec-set-BRANCH_HARDEN-option-only-when.patch 65ddea60-x86-spec-log-builtin-HARDEN-options.patch 65ddea7c-x86-spec-set-INDIRECT_THUNK-only-when-enabled.patch 65ddea90-x86-spec-dont-log-thunk-option-if-not.patch 65e02fce-libxl-SEGV-in-device_model_spawn_outcome.patch 65e2371b-x86-CP-allow-levelling-of-VERW-side-effects.patch - Patches replaced by newer upstream versions xsa451.patch - bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs exceptions from emulation stubs (XSA-451) xsa451.patch - Upstream bug fixes (bsc#1027519) 65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch 65a7a0a4-x86-Intel-GPCC-setup.patch 65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch 65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) 65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) 65b8f9ab-VT-d-else-vs-endif-misplacement.patch - Patches replaced by newer upstream versions xsa449.patch xsa450.patch - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) xsa450.patch - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) xsa449.patch Package xterm was updated: - xterm-reset-parsing-state.patch: A bug in the parser for several escape sequences causes the first character following the sequence to be ignored (bsc#1220585). Patch backported from version 335n. Package yast2-http-server was updated: - bsc#1218943 - followup of previous fix - fixed internal issue which caused Server modules not to be displayed at all. - 4.5.2 Package yast2 was updated: - Allow host/domain names starting with an underscore (bsc#1219920)- 4.5.26 Package yast2-network was updated: - Guard secret attributes against leaking to the log (bsc#1221194)- 4.5.24 - Consider firmware configured interfaces as non bridgeable (bsc#1218595). - 4.5.23 Package yast2-packager was updated: - Reimplemented the hardcoded product mapping to support also the migration from SLE_HPC to SLES SP6+ (with the HPC module) (bsc#1220567) - 4.5.20 - Fixed ERB template loading in self update, if the template cannot be found using a relative path then fallback to the absolute path (bsc#1219174) - 4.5.19 - After installation disable the empty installation repository from the SLE15 Online medium (bsc#1182303) - 4.5.18 Package yast2-registration was updated: - Set the new product mapping when upgrading SLE_HPC to SLES SP6+ (with the HPC module), use the old product mapping when upgrading from SLE_HPC-SP4 to SLE_HPC-SP5 (bsc#1220567) - 4.5.9 Package yast2-sap-ha was updated: - yast2-sap-ha: Error occurred during the unattended installation: undefined class/module SapHA::Configuration::ClusterFinalizer (bsc#1221049) - 4.5.11 - yast2-sap-ha setup workflow is bad (bsc#1217596) Reworking the workflow: 1. Setting up SAP HANA System Replication 2. Setting up SAP HANA HA/DR providers 3. Confiugring the base cluster on all nodes 4. Configuring cluster properties and resources with the new function HANA.finalize The whole class ClusterFinlizer was removed. - 4.5.10 - yast2-sap-ha wizard terminates abruptly when save configuration option is selected post configuration (bsc#1214603) - yast2-sap-ha does not set global_allocation_limit for non productive database (bsc#1216651) - Take care that the read values from the saved configuration will not be overridden during initialization of the modules - Check if the required HANA systems are installed on the nodes. - 4.5.9 Package zypper was updated: - Do not try to refresh repo metadata as non-root user (bsc#1222086) Instead show refresh stats and hint how to update them. - man: Explain how to protect orphaned packages by collecting them in a plaindir repo. - packages: Add --autoinstalled and --userinstalled options to list them. - Don't print 'reboot required' message if download-only or dry-run (fixes #529) Instead point out that a reboot would be required if the option was not used. - Resepect zypper.conf option `showAlias` search commands (bsc#1221963) Repository::asUserString (or Repository::label) respects the zypper.conf option, while name/alias return the property. - version 1.14.71 - dup: New option --remove-orphaned to remove all orphaned packages in dup (bsc#1221525) - version 1.14.70 - info,summary: Support VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - BuildRequires: libzypp-devel &gt;= 17.32.0. API cleanup and changes for VendorSupportSuperseded. - Show active dry-run/download-only at the commit propmpt. - patch: Add --skip-not-applicable-patches option (closes #514) - Fix printing detailed solver problem description. The problem description() is one rule out possibly many in completeProblemInfo() the solver has chosen to represent the problem. So either description or completeProblemInfo should be printed, but not both. - Fix bash-completion to work with right adjusted numbers in the 1st column too (closes #505) - Set libzypp shutdown request signal on Ctrl+C (fixes #522) - lr REPO: In the detailed view show all baseurls not just the first one (bsc#1218171) - version 1.14.69 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://publiccloudimagechangeinfo.suse.com/google/sles-15-sp5-sap-v20240427-x86-64/ Public Cloud Image Info https://www.suse.com/support/security/rating/ SUSE Security Ratings Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 SAPHanaSR-0.162.3-150000.4.41.1 SAPHanaSR-doc-0.162.3-150000.4.41.1 aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 aaa_base-extras-84.87+git20180409.04c9dae-150300.10.12.1 audit-3.0.6-150400.4.16.1 autofs-5.1.3-150000.7.17.2 bind-utils-9.16.48-150500.8.16.1 ca-certificates-2+git20240416.98ae794-150300.4.3.3 cloud-netconfig-gce-1.14-150000.25.23.1 cloud-regionsrv-client-10.1.7-150000.6.108.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.108.1 cluster-md-kmp-default-5.14.21-150500.55.52.1 containerd-1.7.10-150000.108.1 coreutils-8.32-150400.9.3.1 cpio-2.13-150400.3.6.1 crmsh-4.5.1+20240220.de17a142-150500.3.22.1 crmsh-scripts-4.5.1+20240220.de17a142-150500.3.22.1 ctdb-4.17.12+git.462.df636292e62-150500.3.23.7 curl-8.0.1-150400.5.44.1 dhcp-4.3.6.P1-150000.6.19.1 dhcp-client-4.3.6.P1-150000.6.19.1 dlm-kmp-default-5.14.21-150500.55.52.1 docker-24.0.7_ce-150000.198.2 dracut-055+suse.382.g80b55af2-150500.3.18.1 expat-2.4.4-150400.3.17.1 fence-agents-4.12.1+git.1677142927.bf55c675-150500.4.6.1 gfs2-kmp-default-5.14.21-150500.55.52.1 glibc-2.31-150300.74.1 glibc-32bit-2.31-150300.74.1 glibc-i18ndata-2.31-150300.74.1 glibc-locale-2.31-150300.74.1 glibc-locale-base-2.31-150300.74.1 gnutls-3.7.3-150400.4.44.1 google-cloud-sap-agent-3.2-150100.3.29.1 google-guest-agent-20231031.01-150000.1.43.1 google-guest-oslogin-20231101.00-150000.1.38.1 graphviz-2.48.0-150400.3.3.1 graphviz-gd-2.48.0-150400.3.3.1 graphviz-plugins-core-2.48.0-150400.3.3.1 growpart-rootgrow-1.0.7-150000.1.12.1 grub2-2.06-150500.29.25.12 grub2-i386-pc-2.06-150500.29.25.12 grub2-x86_64-efi-2.06-150500.29.25.12 hawk2-2.6.4+git.1708604510.dc8c081f-150000.3.45.1 kdump-1.0.2+git45.g7e4faf4-150500.3.3.1 kernel-default-5.14.21-150500.55.52.1 krb5-1.20.1-150500.3.6.1 krb5-client-1.20.1-150500.3.6.1 ldirectord-4.12.0+git30.7fd7c8fa-150500.3.6.2 less-590-150400.3.6.2 libLLVM15-15.0.7-150500.4.6.2 libatomic1-13.2.1+git8285-150000.1.9.1 libaudit1-3.0.6-150400.4.16.1 libauparse0-3.0.6-150400.4.16.1 libavahi-client3-0.8-150400.7.16.1 libavahi-common3-0.8-150400.7.16.1 libblkid1-2.37.4-150500.9.6.1 libcares2-1.19.1-150000.3.26.1 libcurl4-8.0.1-150400.5.44.1 libduktape206-2.6.0-150500.4.5.1 libexpat1-2.4.4-150400.3.17.1 libfdisk1-2.37.4-150500.9.6.1 libfreebl3-3.90.2-150400.3.39.1 libgcc_s1-13.2.1+git8285-150000.1.9.1 libgnutls30-3.7.3-150400.4.44.1 libgraphviz6-2.48.0-150400.3.3.1 libltdl7-2.4.6-150000.3.6.2 libmaxminddb0-1.4.3-150000.1.8.1 libmetalink3-0.1.3-150000.3.2.1 libmount1-2.37.4-150500.9.6.1 libncurses6-6.1-150000.5.24.1 libnftables1-0.9.8-150400.6.3.1 libnghttp2-14-1.40.0-150200.17.1 libopenssl1_1-1.1.1l-150500.17.25.1 libpolkit-agent-1-0-121-150500.3.3.1 libpolkit-gobject-1-0-121-150500.3.3.1 libpython3_6m1_0-3.6.15-150300.10.60.1 libsmartcols1-2.37.4-150500.9.6.1 libsoftokn3-3.90.2-150400.3.39.1 libsolv-tools-0.7.28-150400.3.16.2 libssh-config-0.9.8-150400.3.6.1 libssh2-1-1.11.0-150000.4.29.1 libssh4-0.9.8-150400.3.6.1 libstdc++6-13.2.1+git8285-150000.1.9.1 libsuseconnect-1.8.0-150500.3.18.1 libtiff5-4.0.9-150000.45.41.1 libuuid1-2.37.4-150500.9.6.1 libuv1-1.44.2-150500.3.2.1 libvirt-client-9.0.0-150500.6.20.1 libvirt-libs-9.0.0-150500.6.20.1 libxkbcommon-x11-0-1.3.0-150400.3.5.1 libxkbcommon0-1.3.0-150400.3.5.1 libxml2-2-2.10.3-150500.5.14.1 libxml2-tools-2.10.3-150500.5.14.1 libyui-ncurses-pkg16-4.5.3-150500.3.5.11 libyui-ncurses16-4.5.3-150500.3.5.4 libyui-qt16-4.5.3-150500.3.5.4 libyui16-4.5.3-150500.3.5.4 libzypp-17.32.4-150400.3.61.1 lifecycle-data-sle-module-live-patching-15-150000.4.108.1 login_defs-4.8.1-150400.10.15.1 mozilla-nss-3.90.2-150400.3.39.1 mozilla-nss-certs-3.90.2-150400.3.39.1 mozilla-nss-tools-3.90.2-150400.3.39.1 ncurses-utils-6.1-150000.5.24.1 netcfg-11.6-150000.3.6.1 nftables-0.9.8-150400.6.3.1 nscd-2.31-150300.74.1 nvme-cli-2.4+32.g2e2531a-150500.4.15.3 ocfs2-kmp-default-5.14.21-150500.55.52.1 openssh-8.4p1-150300.3.37.1 openssh-clients-8.4p1-150300.3.37.1 openssh-common-8.4p1-150300.3.37.1 openssh-server-8.4p1-150300.3.37.1 openssl-1_1-1.1.1l-150500.17.25.1 pacemaker-2.1.5+20221208.a3f44794f-150500.6.14.4 pacemaker-cli-2.1.5+20221208.a3f44794f-150500.6.14.4 pacemaker-libs-2.1.5+20221208.a3f44794f-150500.6.14.4 pam-config-1.1-150200.3.6.1 perl-Bootloader-0.947-150400.3.12.1 polkit-121-150500.3.3.1 python-instance-billing-flavor-check-0.0.6-150000.1.9.1 python3-3.6.15-150300.10.60.1 python3-M2Crypto-0.38.0-150400.10.1 python3-base-3.6.15-150300.10.60.1 python3-bind-9.16.48-150500.8.16.1 python3-curses-3.6.15-150300.10.60.1 python3-idna-2.6-150000.3.3.1 python3-nftables-0.9.8-150400.6.3.1 python3-pycryptodome-3.9.0-150200.9.1 python3-rpm-4.14.3-150400.59.13.1 python3-solv-0.7.28-150400.3.16.2 resource-agents-4.12.0+git30.7fd7c8fa-150500.3.6.2 rpm-ndb-4.14.3-150400.59.13.1 ruby-solv-0.7.28-150400.3.16.2 ruby2.5-rubygem-rack-2.0.8-150000.3.21.2 runc-1.1.12-150000.64.1 samba-client-libs-4.17.12+git.462.df636292e62-150500.3.23.7 samba-libs-4.17.12+git.462.df636292e62-150500.3.23.7 sapconf-5.0.7-150400.16.4.1 saptune-3.1.2-150400.15.4.1 sed-4.4-150300.13.3.1 shadow-4.8.1-150400.10.15.1 shim-15.8-150300.4.20.2 sudo-1.9.12p1-150500.7.10.1 supportutils-3.1.29-150300.7.35.27.1 supportutils-plugin-ha-sap-0.0.5+git.1709295499.1c8e8cd-150000.1.15.1 supportutils-plugin-suse-public-cloud-1.0.9-150000.3.20.1 suse-build-key-12.0-150000.8.43.1 suseconnect-ng-1.8.0-150500.3.18.1 suseconnect-ruby-bindings-1.8.0-150500.3.18.1 system-group-audit-3.0.6-150400.4.16.1 systemd-default-settings-0.10-150300.3.7.1 systemd-default-settings-branding-SLE-0.10-150300.3.7.1 systemd-presets-common-SUSE-15-150500.20.6.1 systemd-rpm-macros-15-150000.7.39.1 terminfo-6.1-150000.5.24.1 terminfo-base-6.1-150000.5.24.1 timezone-2024a-150000.75.28.1 util-linux-2.37.4-150500.9.6.1 util-linux-systemd-2.37.4-150500.9.6.1 uuidd-2.37.4-150500.9.6.1 vim-9.1.0111-150500.20.9.1 vim-data-common-9.1.0111-150500.20.9.1 wget-1.20.3-150000.3.17.1 wicked-0.6.74-150500.3.21.1 wicked-service-0.6.74-150500.3.21.1 xen-libs-4.17.4_02-150500.3.30.1 xfsprogs-5.13.0-150400.3.7.1 xterm-bin-330-150200.11.15.1 yast2-4.5.26-150500.3.3.2 yast2-http-server-4.5.2-150500.3.3.1 yast2-logs-4.5.26-150500.3.3.2 yast2-network-4.5.24-150500.3.14.1 yast2-packager-4.5.20-150500.3.11.4 yast2-pkg-bindings-4.5.3-150500.3.5.11 yast2-registration-4.5.9-150500.3.3.4 yast2-sap-ha-4.5.11-150500.3.10.1 zypper-1.14.71-150400.3.45.2 SAPHanaSR-0.162.3-150000.4.41.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 SAPHanaSR-doc-0.162.3-150000.4.41.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 aaa_base-extras-84.87+git20180409.04c9dae-150300.10.12.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 audit-3.0.6-150400.4.16.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 autofs-5.1.3-150000.7.17.2 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 bind-utils-9.16.48-150500.8.16.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 ca-certificates-2+git20240416.98ae794-150300.4.3.3 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 cloud-netconfig-gce-1.14-150000.25.23.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 cloud-regionsrv-client-10.1.7-150000.6.108.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.108.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 cluster-md-kmp-default-5.14.21-150500.55.52.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 containerd-1.7.10-150000.108.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 coreutils-8.32-150400.9.3.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 cpio-2.13-150400.3.6.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 crmsh-4.5.1+20240220.de17a142-150500.3.22.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 crmsh-scripts-4.5.1+20240220.de17a142-150500.3.22.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 ctdb-4.17.12+git.462.df636292e62-150500.3.23.7 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 curl-8.0.1-150400.5.44.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 dhcp-4.3.6.P1-150000.6.19.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 dhcp-client-4.3.6.P1-150000.6.19.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 dlm-kmp-default-5.14.21-150500.55.52.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 docker-24.0.7_ce-150000.198.2 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 dracut-055+suse.382.g80b55af2-150500.3.18.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 expat-2.4.4-150400.3.17.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 fence-agents-4.12.1+git.1677142927.bf55c675-150500.4.6.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 gfs2-kmp-default-5.14.21-150500.55.52.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 glibc-2.31-150300.74.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 glibc-32bit-2.31-150300.74.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 glibc-i18ndata-2.31-150300.74.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 glibc-locale-2.31-150300.74.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 glibc-locale-base-2.31-150300.74.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 gnutls-3.7.3-150400.4.44.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 google-cloud-sap-agent-3.2-150100.3.29.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 google-guest-agent-20231031.01-150000.1.43.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 google-guest-oslogin-20231101.00-150000.1.38.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 graphviz-2.48.0-150400.3.3.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 graphviz-gd-2.48.0-150400.3.3.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 graphviz-plugins-core-2.48.0-150400.3.3.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 growpart-rootgrow-1.0.7-150000.1.12.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 grub2-2.06-150500.29.25.12 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 grub2-i386-pc-2.06-150500.29.25.12 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 grub2-x86_64-efi-2.06-150500.29.25.12 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 hawk2-2.6.4+git.1708604510.dc8c081f-150000.3.45.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 kdump-1.0.2+git45.g7e4faf4-150500.3.3.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 kernel-default-5.14.21-150500.55.52.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 krb5-1.20.1-150500.3.6.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 krb5-client-1.20.1-150500.3.6.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 ldirectord-4.12.0+git30.7fd7c8fa-150500.3.6.2 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 less-590-150400.3.6.2 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libLLVM15-15.0.7-150500.4.6.2 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libatomic1-13.2.1+git8285-150000.1.9.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libaudit1-3.0.6-150400.4.16.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libauparse0-3.0.6-150400.4.16.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libavahi-client3-0.8-150400.7.16.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libavahi-common3-0.8-150400.7.16.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libblkid1-2.37.4-150500.9.6.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libcares2-1.19.1-150000.3.26.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libcurl4-8.0.1-150400.5.44.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libduktape206-2.6.0-150500.4.5.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libexpat1-2.4.4-150400.3.17.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libfdisk1-2.37.4-150500.9.6.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libfreebl3-3.90.2-150400.3.39.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libgcc_s1-13.2.1+git8285-150000.1.9.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libgnutls30-3.7.3-150400.4.44.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libgraphviz6-2.48.0-150400.3.3.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libltdl7-2.4.6-150000.3.6.2 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libmaxminddb0-1.4.3-150000.1.8.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libmetalink3-0.1.3-150000.3.2.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libmount1-2.37.4-150500.9.6.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libncurses6-6.1-150000.5.24.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libnftables1-0.9.8-150400.6.3.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libnghttp2-14-1.40.0-150200.17.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libopenssl1_1-1.1.1l-150500.17.25.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libpolkit-agent-1-0-121-150500.3.3.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libpolkit-gobject-1-0-121-150500.3.3.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libpython3_6m1_0-3.6.15-150300.10.60.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libsmartcols1-2.37.4-150500.9.6.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libsoftokn3-3.90.2-150400.3.39.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libsolv-tools-0.7.28-150400.3.16.2 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libssh-config-0.9.8-150400.3.6.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libssh2-1-1.11.0-150000.4.29.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libssh4-0.9.8-150400.3.6.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libstdc++6-13.2.1+git8285-150000.1.9.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libsuseconnect-1.8.0-150500.3.18.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libtiff5-4.0.9-150000.45.41.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libuuid1-2.37.4-150500.9.6.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libuv1-1.44.2-150500.3.2.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libvirt-client-9.0.0-150500.6.20.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libvirt-libs-9.0.0-150500.6.20.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libxkbcommon-x11-0-1.3.0-150400.3.5.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libxkbcommon0-1.3.0-150400.3.5.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libxml2-2-2.10.3-150500.5.14.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libxml2-tools-2.10.3-150500.5.14.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libyui-ncurses-pkg16-4.5.3-150500.3.5.11 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libyui-ncurses16-4.5.3-150500.3.5.4 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libyui-qt16-4.5.3-150500.3.5.4 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libyui16-4.5.3-150500.3.5.4 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 libzypp-17.32.4-150400.3.61.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 lifecycle-data-sle-module-live-patching-15-150000.4.108.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 login_defs-4.8.1-150400.10.15.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 mozilla-nss-3.90.2-150400.3.39.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 mozilla-nss-certs-3.90.2-150400.3.39.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 mozilla-nss-tools-3.90.2-150400.3.39.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 ncurses-utils-6.1-150000.5.24.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 netcfg-11.6-150000.3.6.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 nftables-0.9.8-150400.6.3.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 nscd-2.31-150300.74.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 nvme-cli-2.4+32.g2e2531a-150500.4.15.3 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 ocfs2-kmp-default-5.14.21-150500.55.52.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 openssh-8.4p1-150300.3.37.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 openssh-clients-8.4p1-150300.3.37.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 openssh-common-8.4p1-150300.3.37.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 openssh-server-8.4p1-150300.3.37.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 openssl-1_1-1.1.1l-150500.17.25.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 pacemaker-2.1.5+20221208.a3f44794f-150500.6.14.4 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 pacemaker-cli-2.1.5+20221208.a3f44794f-150500.6.14.4 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 pacemaker-libs-2.1.5+20221208.a3f44794f-150500.6.14.4 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 pam-config-1.1-150200.3.6.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 perl-Bootloader-0.947-150400.3.12.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 polkit-121-150500.3.3.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 python-instance-billing-flavor-check-0.0.6-150000.1.9.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 python3-3.6.15-150300.10.60.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 python3-M2Crypto-0.38.0-150400.10.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 python3-base-3.6.15-150300.10.60.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 python3-bind-9.16.48-150500.8.16.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 python3-curses-3.6.15-150300.10.60.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 python3-idna-2.6-150000.3.3.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 python3-nftables-0.9.8-150400.6.3.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 python3-pycryptodome-3.9.0-150200.9.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 python3-rpm-4.14.3-150400.59.13.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 python3-solv-0.7.28-150400.3.16.2 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 resource-agents-4.12.0+git30.7fd7c8fa-150500.3.6.2 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 rpm-ndb-4.14.3-150400.59.13.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 ruby-solv-0.7.28-150400.3.16.2 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 ruby2.5-rubygem-rack-2.0.8-150000.3.21.2 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 runc-1.1.12-150000.64.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 samba-client-libs-4.17.12+git.462.df636292e62-150500.3.23.7 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 samba-libs-4.17.12+git.462.df636292e62-150500.3.23.7 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 sapconf-5.0.7-150400.16.4.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 saptune-3.1.2-150400.15.4.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 sed-4.4-150300.13.3.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 shadow-4.8.1-150400.10.15.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 shim-15.8-150300.4.20.2 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 sudo-1.9.12p1-150500.7.10.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 supportutils-3.1.29-150300.7.35.27.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 supportutils-plugin-ha-sap-0.0.5+git.1709295499.1c8e8cd-150000.1.15.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 supportutils-plugin-suse-public-cloud-1.0.9-150000.3.20.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 suse-build-key-12.0-150000.8.43.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 suseconnect-ng-1.8.0-150500.3.18.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 suseconnect-ruby-bindings-1.8.0-150500.3.18.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 system-group-audit-3.0.6-150400.4.16.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 systemd-default-settings-0.10-150300.3.7.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 systemd-default-settings-branding-SLE-0.10-150300.3.7.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 systemd-presets-common-SUSE-15-150500.20.6.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 systemd-rpm-macros-15-150000.7.39.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 terminfo-6.1-150000.5.24.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 terminfo-base-6.1-150000.5.24.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 timezone-2024a-150000.75.28.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 util-linux-2.37.4-150500.9.6.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 util-linux-systemd-2.37.4-150500.9.6.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 uuidd-2.37.4-150500.9.6.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 vim-9.1.0111-150500.20.9.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 vim-data-common-9.1.0111-150500.20.9.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 wget-1.20.3-150000.3.17.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 wicked-0.6.74-150500.3.21.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 wicked-service-0.6.74-150500.3.21.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 xen-libs-4.17.4_02-150500.3.30.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 xfsprogs-5.13.0-150400.3.7.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 xterm-bin-330-150200.11.15.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 yast2-4.5.26-150500.3.3.2 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 yast2-http-server-4.5.2-150500.3.3.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 yast2-logs-4.5.26-150500.3.3.2 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 yast2-network-4.5.24-150500.3.14.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 yast2-packager-4.5.20-150500.3.11.4 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 yast2-pkg-bindings-4.5.3-150500.3.5.11 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 yast2-registration-4.5.9-150500.3.3.4 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 yast2-sap-ha-4.5.11-150500.3.10.1 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 zypper-1.14.71-150400.3.45.2 as a component of Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64 In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device() down a bit to avoid the use after free. [wsa: added comment to the code, added Fixes tag] CVE-2019-25162 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0. CVE-2021-33631 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: fs/mount_setattr: always cleanup mount_kattr Make sure that finish_mount_kattr() is called after mount_kattr was succesfully built in both the success and failure case to prevent leaking any references we took when we built it. We returned early if path lookup failed thereby risking to leak an additional reference we took when building mount_kattr when an idmapped mount was requested. CVE-2021-46923 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 low In the Linux kernel, the following vulnerability has been resolved: NFC: st21nfca: Fix memory leak in device probe and remove 'phy->pending_skb' is alloced when device probe, but forgot to free in the error handling path and remove path, this cause memory leak as follows: unreferenced object 0xffff88800bc06800 (size 512): comm "8", pid 11775, jiffies 4295159829 (age 9.032s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000d66c09ce>] __kmalloc_node_track_caller+0x1ed/0x450 [<00000000c93382b3>] kmalloc_reserve+0x37/0xd0 [<000000005fea522c>] __alloc_skb+0x124/0x380 [<0000000019f29f9a>] st21nfca_hci_i2c_probe+0x170/0x8f2 Fix it by freeing 'pending_skb' in error and remove. CVE-2021-46924 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in __flush_work(). This warning is caused by work->func == NULL, which means missing work initialization. This may happen, since input_dev->close() calls cancel_work_sync(&dev->work), but dev->work initalization happens _after_ input_register_device() call. So this patch moves dev->work initialization before registering input device CVE-2021-46932 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 low close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. CVE-2022-48624 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:less-590-150400.3.6.2 important The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. CVE-2023-27043 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:python3-3.6.15-150300.10.60.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:python3-curses-3.6.15-150300.10.60.1 moderate Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2023-28746 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:xen-libs-4.17.4_02-150500.3.30.1 moderate ** REJECT ** Not a Security Issue. CVE-2023-38288 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libtiff5-4.0.9-150000.45.41.1 low A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. CVE-2023-38469 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libavahi-client3-0.8-150400.7.16.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libavahi-common3-0.8-150400.7.16.1 moderate A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. CVE-2023-38471 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libavahi-client3-0.8-150400.7.16.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libavahi-common3-0.8-150400.7.16.1 moderate LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. CVE-2023-40745 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libtiff5-4.0.9-150000.45.41.1 moderate Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. CVE-2023-42465 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:sudo-1.9.12p1-150500.7.10.1 moderate The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. CVE-2023-4408 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:bind-utils-9.16.48-150500.8.16.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:python3-bind-9.16.48-150500.8.16.1 important ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2023-45918 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libncurses6-6.1-150000.5.24.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ncurses-utils-6.1-150000.5.24.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:terminfo-6.1-150000.5.24.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:terminfo-base-6.1-150000.5.24.1 low Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root. CVE-2023-46045 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:graphviz-2.48.0-150400.3.3.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:graphviz-plugins-core-2.48.0-150400.3.3.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libgraphviz6-2.48.0-150400.3.3.1 low Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code. CVE-2023-46838 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions need an IOMMU context setup, but failure to setup the context is not fatal when the device is assigned. Not failing device assignment when such failure happens can lead to the primary device being assigned to a guest, while some of the phantom functions are assigned to a different domain. CVE-2023-46839 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:xen-libs-4.17.4_02-150500.3.30.1 moderate Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen. CVE-2023-46840 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:xen-libs-4.17.4_02-150500.3.30.1 moderate Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses are accompanied by so called "shadow stacks", holding little more than return addresses. Shadow stacks aren't writable by normal instructions, and upon function returns their contents are used to check for possible manipulation of a return address coming from the traditional stack. In particular certain memory accesses need intercepting by Xen. In various cases the necessary emulation involves kind of replaying of the instruction. Such replaying typically involves filling and then invoking of a stub. Such a replayed instruction may raise an exceptions, which is expected and dealt with accordingly. Unfortunately the interaction of both of the above wasn't right: Recovery involves removal of a call frame from the (traditional) stack. The counterpart of this operation for the shadow stack was missing. CVE-2023-46841 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:xen-libs-4.17.4_02-150500.3.30.1 moderate Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them to. When processing of hypercalls takes a considerable amount of time, the hypervisor may choose to invoke a hypercall continuation. Doing so involves putting (perhaps updated) hypercall arguments in respective registers. For guests not running in 64-bit mode this further involves a certain amount of translation of the values. Unfortunately internal sanity checking of these translated values assumes high halves of registers to always be clear when invoking a hypercall. When this is found not to be the case, it triggers a consistency check in the hypervisor and causes a crash. CVE-2023-46842 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:xen-libs-4.17.4_02-150500.3.30.1 moderate The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. CVE-2023-47233 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate Use After Free in GitHub repository vim/vim prior to 9.0.1857. CVE-2023-4750 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-9.1.0111-150500.20.9.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-data-common-9.1.0111-150500.20.9.1 important Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVE-2023-48231 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-9.1.0111-150500.20.9.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-data-common-9.1.0111-150500.20.9.1 low Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVE-2023-48232 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-9.1.0111-150500.20.9.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-data-common-9.1.0111-150500.20.9.1 low Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `ac6378773` which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVE-2023-48233 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-9.1.0111-150500.20.9.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-data-common-9.1.0111-150500.20.9.1 low Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVE-2023-48234 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-9.1.0111-150500.20.9.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-data-common-9.1.0111-150500.20.9.1 low Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVE-2023-48235 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-9.1.0111-150500.20.9.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-data-common-9.1.0111-150500.20.9.1 low Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVE-2023-48236 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-9.1.0111-150500.20.9.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-data-common-9.1.0111-150500.20.9.1 low Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVE-2023-48237 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-9.1.0111-150500.20.9.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-data-common-9.1.0111-150500.20.9.1 low Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue. CVE-2023-48706 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-9.1.0111-150500.20.9.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-data-common-9.1.0111-150500.20.9.1 low The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust. CVE-2023-48795 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libssh2-1-1.11.0-150000.4.29.1 important A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. CVE-2023-4921 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 important Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. CVE-2023-50387 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:bind-utils-9.16.48-150500.8.16.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:python3-bind-9.16.48-150500.8.16.1 important The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations. CVE-2023-50868 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:bind-utils-9.16.48-150500.8.16.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:python3-bind-9.16.48-150500.8.16.1 important In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free. CVE-2023-51042 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload. CVE-2023-51043 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. CVE-2023-51385 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:openssh-8.4p1-150300.3.37.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:openssh-clients-8.4p1-150300.3.37.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:openssh-common-8.4p1-150300.3.37.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:openssh-server-8.4p1-150300.3.37.1 moderate An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition. CVE-2023-51780 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 important A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free. We recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325. CVE-2023-5197 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. CVE-2023-52323 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:python3-pycryptodome-3.9.0-150200.9.1 moderate The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket. CVE-2023-52340 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 important A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. CVE-2023-52356 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libtiff5-4.0.9-150000.45.41.1 moderate libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. CVE-2023-52425 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:expat-2.4.4-150400.3.17.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libexpat1-2.4.4-150400.3.17.1 moderate dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. CVE-2023-52429 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2023-52437 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ------------------------------------------------------- uio_unregister_device uio_open idev = idr_find() device_unregister(&idev->dev) put_device(&idev->dev) uio_device_release get_device(&idev->dev) kfree(idev) uio_free_minor(minor) uio_release put_device(&idev->dev) kfree(idev) ------------------------------------------------------- In the core-1 uio_unregister_device(), the device_unregister will kfree idev when the idev->dev kobject ref is 1. But after core-1 device_unregister, put_device and before doing kfree, the core-2 may get_device. Then: 1. After core-1 kfree idev, the core-2 will do use-after-free for idev. 2. When core-2 do uio_release and put_device, the idev will be double freed. To address this issue, we can get idev atomic & inc idev reference with minor_lock. CVE-2023-52439 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed profile in unpack_profile() described like "profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}" a string ":samba-dcerpcd" is unpacked as a fully-qualified name and then passed to aa_splitn_fqname(). aa_splitn_fqname() treats ":samba-dcerpcd" as only containing a namespace. Thus it returns NULL for tmpname, meanwhile tmpns is non-NULL. Later aa_alloc_profile() crashes as the new profile name is NULL now. general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 6 PID: 1657 Comm: apparmor_parser Not tainted 6.7.0-rc2-dirty #16 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:strlen+0x1e/0xa0 Call Trace: <TASK> ? strlen+0x1e/0xa0 aa_policy_init+0x1bb/0x230 aa_alloc_profile+0xb1/0x480 unpack_profile+0x3bc/0x4960 aa_unpack+0x309/0x15e0 aa_replace_profiles+0x213/0x33c0 policy_update+0x261/0x370 profile_replace+0x20e/0x2a0 vfs_write+0x2af/0xe00 ksys_write+0x126/0x250 do_syscall_64+0x46/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 </TASK> ---[ end trace 0000000000000000 ]--- RIP: 0010:strlen+0x1e/0xa0 It seems such behaviour of aa_splitn_fqname() is expected and checked in other places where it is called (e.g. aa_remove_profiles). Well, there is an explicit comment "a ns name without a following profile is allowed" inside. AFAICS, nothing can prevent unpacked "name" to be in form like ":samba-dcerpcd" - it is passed from userspace. Deny the whole profile set replacement in such case and inform user with EPROTO and an explaining message. Found by Linux Verification Center (linuxtesting.org). CVE-2023-52443 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on the context object. However, that might happen before the usb hub_event handler is able to notify the driver. This patch adds a sanity check before the invalid read reported by syzbot, within the context disconnection call stack. CVE-2023-52445 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpf_map_fd_put_ptr() decreases the ref-counter of the inner map directly through bpf_map_put(), if the ref-counter is the last one (which is true for most cases), the inner map will be freed by ops->map_free() in a kworker. But for now, most .map_free() callbacks don't use synchronize_rcu() or its variants to wait for the elapse of a RCU grace period, so after the invocation of ops->map_free completes, the bpf program which is accessing the inner map may incur use-after-free problem. Fix the free of inner map by invoking bpf_map_free_deferred() after both one RCU grace period and one tasks trace RCU grace period if the inner map has been removed from the outer map before. The deferment is accomplished by using call_rcu() or call_rcu_tasks_trace() when releasing the last ref-counter of bpf map. The newly-added rcu_head field in bpf_map shares the same storage space with work field to reduce the size of bpf_map. CVE-2023-52447 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump Syzkaller has reported a NULL pointer dereference when accessing rgd->rd_rgl in gfs2_rgrp_dump(). This can happen when creating rgd->rd_gl fails in read_rindex_entry(). Add a NULL pointer check in gfs2_rgrp_dump() to prevent that. CVE-2023-52448 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: mtd: Fix gluebi NULL pointer dereference caused by ftl notifier If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereference when trying to access 'gluebi->desc' in gluebi_read(). ubi_gluebi_init ubi_register_volume_notifier ubi_enumerate_volumes ubi_notify_all gluebi_notify nb->notifier_call() gluebi_create mtd_device_register mtd_device_parse_register add_mtd_device blktrans_notify_add not->add() ftl_add_mtd tr->add_mtd() scan_header mtd_read mtd_read_oob mtd_read_oob_std gluebi_read mtd->read() gluebi->desc - NULL Detailed reproduction information available at the Link [1], In the normal case, obtain gluebi->desc in the gluebi_get_device(), and access gluebi->desc in the gluebi_read(). However, gluebi_get_device() is not executed in advance in the ftl_add_mtd() process, which leads to NULL pointer dereference. The solution for the gluebi module is to run jffs2 on the UBI volume without considering working with ftl or mtdblock [2]. Therefore, this problem can be avoided by preventing gluebi from creating the mtdblock device after creating mtd partition of the type MTD_UBIVOLUME. CVE-2023-52449 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_by_index() may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC index. When the search fails, the cursor is left pointing to &drmem_info->lmbs[drmem_info->n_lmbs], which is one element past the last valid entry in the array. The debug message at the end of the function then dereferences this pointer: pr_debug("Failed to hot-remove memory at %llx\n", lmb->base_addr); This was found by inspection and confirmed with KASAN: pseries-hotplug-mem: Attempting to hot-remove LMB, drc index 1234 ================================================================== BUG: KASAN: slab-out-of-bounds in dlpar_memory+0x298/0x1658 Read of size 8 at addr c000000364e97fd0 by task bash/949 dump_stack_lvl+0xa4/0xfc (unreliable) print_report+0x214/0x63c kasan_report+0x140/0x2e0 __asan_load8+0xa8/0xe0 dlpar_memory+0x298/0x1658 handle_dlpar_errorlog+0x130/0x1d0 dlpar_store+0x18c/0x3e0 kobj_attr_store+0x68/0xa0 sysfs_kf_write+0xc4/0x110 kernfs_fop_write_iter+0x26c/0x390 vfs_write+0x2d4/0x4e0 ksys_write+0xac/0x1a0 system_call_exception+0x268/0x530 system_call_vectored_common+0x15c/0x2ec Allocated by task 1: kasan_save_stack+0x48/0x80 kasan_set_track+0x34/0x50 kasan_save_alloc_info+0x34/0x50 __kasan_kmalloc+0xd0/0x120 __kmalloc+0x8c/0x320 kmalloc_array.constprop.0+0x48/0x5c drmem_init+0x2a0/0x41c do_one_initcall+0xe0/0x5c0 kernel_init_freeable+0x4ec/0x5a0 kernel_init+0x30/0x1e0 ret_from_kernel_user_thread+0x14/0x1c The buggy address belongs to the object at c000000364e80000 which belongs to the cache kmalloc-128k of size 131072 The buggy address is located 0 bytes to the right of allocated 98256-byte region [c000000364e80000, c000000364e97fd0) ================================================================== pseries-hotplug-mem: Failed to hot-remove memory at 0 Log failed lookups with a separate message and dereference the cursor only when it points to a valid entry. CVE-2023-52451 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: bpf: Fix accesses to uninit stack slots Privileged programs are supposed to be able to read uninitialized stack memory (ever since 6715df8d5) but, before this patch, these accesses were permitted inconsistently. In particular, accesses were permitted above state->allocated_stack, but not below it. In other words, if the stack was already "large enough", the access was permitted, but otherwise the access was rejected instead of being allowed to "grow the stack". This undesired rejection was happening in two places: - in check_stack_slot_within_bounds() - in check_stack_range_initialized() This patch arranges for these accesses to be permitted. A bunch of tests that were relying on the old rejection had to change; all of them were changed to add also run unprivileged, in which case the old behavior persists. One tests couldn't be updated - global_func16 - because it can't run unprivileged for other reasons. This patch also fixes the tracking of the stack size for variable-offset reads. This second fix is bundled in the same commit as the first one because they're inter-related. Before this patch, writes to the stack using registers containing a variable offset (as opposed to registers with fixed, known values) were not properly contributing to the function's needed stack size. As a result, it was possible for a program to verify, but then to attempt to read out-of-bounds data at runtime because a too small stack had been allocated for it. Each function tracks the size of the stack it needs in bpf_subprog_info.stack_depth, which is maintained by update_stack_depth(). For regular memory accesses, check_mem_access() was calling update_state_depth() but it was passing in only the fixed part of the offset register, ignoring the variable offset. This was incorrect; the minimum possible value of that register should be used instead. This tracking is now fixed by centralizing the tracking of stack size in grow_stack_state(), and by lifting the calls to grow_stack_state() to check_stack_access_within_bounds() as suggested by Andrii. The code is now simpler and more convincingly tracks the correct maximum stack size. check_stack_range_initialized() can now rely on enough stack having been allocated for the access; this helps with the fix for the first issue. A few tests were changed to also check the stack depth computation. The one that fails without this patch is verifier_var_off:stack_write_priv_vs_unpriv. CVE-2023-52452 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: serial: imx: fix tx statemachine deadlock When using the serial port as RS485 port, the tx statemachine is used to control the RTS pin to drive the RS485 transceiver TX_EN pin. When the TTY port is closed in the middle of a transmission (for instance during userland application crash), imx_uart_shutdown disables the interface and disables the Transmission Complete interrupt. afer that, imx_uart_stop_tx bails on an incomplete transmission, to be retriggered by the TC interrupt. This interrupt is disabled and therefore the tx statemachine never transitions out of SEND. The statemachine is in deadlock now, and the TX_EN remains low, making the interface useless. imx_uart_stop_tx now checks for incomplete transmission AND whether TC interrupts are enabled before bailing to be retriggered. This makes sure the state machine handling is reached, and is properly set to WAIT_AFTER_SEND. CVE-2023-52456 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 low In the Linux kernel, the following vulnerability has been resolved: serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed Returning an error code from .remove() makes the driver core emit the little helpful error message: remove callback returned a non-zero value. This will be ignored. and then remove the device anyhow. So all resources that were not freed are leaked in this case. Skipping serial8250_unregister_port() has the potential to keep enough of the UART around to trigger a use-after-free. So replace the error return (and with it the little helpful error message) by a more useful error message and continue to cleanup. CVE-2023-52457 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At the same time mount the efivarfs as RO so no one can call that. However, we never check the permission flags when someone remounts the filesystem as RW. As a result this leads to a crash looking like this: $ mount -o remount,rw /sys/firmware/efi/efivars $ efi-updatevar -f PK.auth PK [ 303.279166] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 303.280482] Mem abort info: [ 303.280854] ESR = 0x0000000086000004 [ 303.281338] EC = 0x21: IABT (current EL), IL = 32 bits [ 303.282016] SET = 0, FnV = 0 [ 303.282414] EA = 0, S1PTW = 0 [ 303.282821] FSC = 0x04: level 0 translation fault [ 303.283771] user pgtable: 4k pages, 48-bit VAs, pgdp=000000004258c000 [ 303.284913] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 [ 303.286076] Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP [ 303.286936] Modules linked in: qrtr tpm_tis tpm_tis_core crct10dif_ce arm_smccc_trng rng_core drm fuse ip_tables x_tables ipv6 [ 303.288586] CPU: 1 PID: 755 Comm: efi-updatevar Not tainted 6.3.0-rc1-00108-gc7d0c4695c68 #1 [ 303.289748] Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.04-00627-g88336918701d 04/01/2023 [ 303.291150] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 303.292123] pc : 0x0 [ 303.292443] lr : efivar_set_variable_locked+0x74/0xec [ 303.293156] sp : ffff800008673c10 [ 303.293619] x29: ffff800008673c10 x28: ffff0000037e8000 x27: 0000000000000000 [ 303.294592] x26: 0000000000000800 x25: ffff000002467400 x24: 0000000000000027 [ 303.295572] x23: ffffd49ea9832000 x22: ffff0000020c9800 x21: ffff000002467000 [ 303.296566] x20: 0000000000000001 x19: 00000000000007fc x18: 0000000000000000 [ 303.297531] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaac807ab54 [ 303.298495] x14: ed37489f673633c0 x13: 71c45c606de13f80 x12: 47464259e219acf4 [ 303.299453] x11: ffff000002af7b01 x10: 0000000000000003 x9 : 0000000000000002 [ 303.300431] x8 : 0000000000000010 x7 : ffffd49ea8973230 x6 : 0000000000a85201 [ 303.301412] x5 : 0000000000000000 x4 : ffff0000020c9800 x3 : 00000000000007fc [ 303.302370] x2 : 0000000000000027 x1 : ffff000002467400 x0 : ffff000002467000 [ 303.303341] Call trace: [ 303.303679] 0x0 [ 303.303938] efivar_entry_set_get_size+0x98/0x16c [ 303.304585] efivarfs_file_write+0xd0/0x1a4 [ 303.305148] vfs_write+0xc4/0x2e4 [ 303.305601] ksys_write+0x70/0x104 [ 303.306073] __arm64_sys_write+0x1c/0x28 [ 303.306622] invoke_syscall+0x48/0x114 [ 303.307156] el0_svc_common.constprop.0+0x44/0xec [ 303.307803] do_el0_svc+0x38/0x98 [ 303.308268] el0_svc+0x2c/0x84 [ 303.308702] el0t_64_sync_handler+0xf4/0x120 [ 303.309293] el0t_64_sync+0x190/0x194 [ 303.309794] Code: ???????? ???????? ???????? ???????? (????????) [ 303.310612] ---[ end trace 0000000000000000 ]--- Fix this by adding a .reconfigure() function to the fs operations which we can use to check the requested flags and deny anything that's not RO if the firmware doesn't implement SetVariable at runtime. CVE-2023-52463 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat(): drivers/edac/thunderx_edac.c: In function 'thunderx_ocx_com_threaded_isr': drivers/edac/thunderx_edac.c:1136:17: error: 'strncat' specified bound 1024 equals destination size [-Werror=stringop-overflow=] 1136 | strncat(msg, other, OCX_MESSAGE_SIZE); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ... 1145 | strncat(msg, other, OCX_MESSAGE_SIZE); ... 1150 | strncat(msg, other, OCX_MESSAGE_SIZE); ... Apparently the author of this driver expected strncat() to behave the way that strlcat() does, which uses the size of the destination buffer as its third argument rather than the length of the source buffer. The result is that there is no check on the size of the allocated buffer. Change it to strlcat(). [ bp: Trim compiler output, fixup commit message. ] CVE-2023-52464 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermate_config_complete syzbot has found a use-after-free bug [1] in the powermate driver. This happens when the device is disconnected, which leads to a memory free from the powermate_device struct. When an asynchronous control message completes after the kfree and its callback is invoked, the lock does not exist anymore and hence the bug. Use usb_kill_urb() on pm->config to cancel any in-progress requests upon device disconnection. [1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e CVE-2023-52475 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidpp_connect_event() has *four* time-of-check vs time-of-use (TOCTOU) races when it races with itself. hidpp_connect_event() primarily runs from a workqueue but it also runs on probe() and if a "device-connected" packet is received by the hw when the thread running hidpp_connect_event() from probe() is waiting on the hw, then a second thread running hidpp_connect_event() will be started from the workqueue. This opens the following races (note the below code is simplified): 1. Retrieving + printing the protocol (harmless race): if (!hidpp->protocol_major) { hidpp_root_get_protocol_version() hidpp->protocol_major = response.rap.params[0]; } We can actually see this race hit in the dmesg in the abrt output attached to rhbz#2227968: [ 3064.624215] logitech-hidpp-device 0003:046D:4071.0049: HID++ 4.5 device connected. [ 3064.658184] logitech-hidpp-device 0003:046D:4071.0049: HID++ 4.5 device connected. Testing with extra logging added has shown that after this the 2 threads take turn grabbing the hw access mutex (send_mutex) so they ping-pong through all the other TOCTOU cases managing to hit all of them: 2. Updating the name to the HIDPP name (harmless race): if (hidpp->name == hdev->name) { ... hidpp->name = new_name; } 3. Initializing the power_supply class for the battery (problematic!): hidpp_initialize_battery() { if (hidpp->battery.ps) return 0; probe_battery(); /* Blocks, threads take turns executing this */ hidpp->battery.desc.properties = devm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL); hidpp->battery.ps = devm_power_supply_register(&hidpp->hid_dev->dev, &hidpp->battery.desc, cfg); } 4. Creating delayed input_device (potentially problematic): if (hidpp->delayed_input) return; hidpp->delayed_input = hidpp_allocate_input(hdev); The really big problem here is 3. Hitting the race leads to the following sequence: hidpp->battery.desc.properties = devm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL); hidpp->battery.ps = devm_power_supply_register(&hidpp->hid_dev->dev, &hidpp->battery.desc, cfg); ... hidpp->battery.desc.properties = devm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL); hidpp->battery.ps = devm_power_supply_register(&hidpp->hid_dev->dev, &hidpp->battery.desc, cfg); So now we have registered 2 power supplies for the same battery, which looks a bit weird from userspace's pov but this is not even the really big problem. Notice how: 1. This is all devm-maganaged 2. The hidpp->battery.desc struct is shared between the 2 power supplies 3. hidpp->battery.desc.properties points to the result from the second devm_kmemdup() This causes a use after free scenario on USB disconnect of the receiver: 1. The last registered power supply class device gets unregistered 2. The memory from the last devm_kmemdup() call gets freed, hidpp->battery.desc.properties now points to freed memory 3. The first registered power supply class device gets unregistered, this involves sending a remove uevent to userspace which invokes power_supply_uevent() to fill the uevent data 4. power_supply_uevent() uses hidpp->battery.desc.properties which now points to freed memory leading to backtraces like this one: Sep 22 20:01:35 eric kernel: BUG: unable to handle page fault for address: ffffb2140e017f08 ... Sep 22 20:01:35 eric kernel: Workqueue: usb_hub_wq hub_event Sep 22 20:01:35 eric kernel: RIP: 0010:power_supply_uevent+0xee/0x1d0 ... Sep 22 20:01:35 eric kernel: ? asm_exc_page_fault+0x26/0x30 Sep 22 20:01:35 eric kernel: ? power_supply_uevent+0xee/0x1d0 Sep 22 20:01:35 eric kernel: ? power_supply_uevent+0x10d/0x1d0 Sep 22 20:01:35 eric kernel: dev_uevent+0x10f/0x2d0 Sep 22 20:01:35 eric kernel: kobject_uevent_env+0x291/0x680 Sep 22 20:01:35 eric kernel: ---truncated--- CVE-2023-52478 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. CVE-2023-5388 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libfreebl3-3.90.2-150400.3.39.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libsoftokn3-3.90.2-150400.3.39.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:mozilla-nss-3.90.2-150400.3.39.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:mozilla-nss-certs-3.90.2-150400.3.39.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:mozilla-nss-tools-3.90.2-150400.3.39.1 moderate A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. CVE-2023-5517 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:bind-utils-9.16.48-150500.8.16.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:python3-bind-9.16.48-150500.8.16.1 important A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. CVE-2023-5679 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:bind-utils-9.16.48-150500.8.16.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:python3-bind-9.16.48-150500.8.16.1 important A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. CVE-2023-5981 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gnutls-3.7.3-150400.4.44.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libgnutls30-3.7.3-150400.4.44.1 moderate An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. CVE-2023-6040 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service. CVE-2023-6356 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1. CVE-2023-6516 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:bind-utils-9.16.48-150500.8.16.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:python3-bind-9.16.48-150500.8.16.1 important A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. CVE-2023-6535 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. CVE-2023-6536 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. CVE-2023-6597 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:python3-3.6.15-150300.10.60.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:python3-curses-3.6.15-150300.10.60.1 important A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a. CVE-2023-6817 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return. CVE-2023-6915 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. CVE-2024-0340 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 low A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981. CVE-2024-0553 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gnutls-3.7.3-150400.4.44.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libgnutls30-3.7.3-150400.4.44.1 moderate An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service. CVE-2024-0565 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 important A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. CVE-2024-0567 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gnutls-3.7.3-150400.4.44.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libgnutls30-3.7.3-150400.4.44.1 moderate A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality. CVE-2024-0607 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel's TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system. CVE-2024-0641 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. CVE-2024-0727 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libopenssl1_1-1.1.1l-150500.17.25.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:openssl-1_1-1.1.1l-150500.17.25.1 low A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free. CVE-2024-0775 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 important A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability. We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7. CVE-2024-1085 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 important A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. CVE-2024-1086 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 important A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues. CVE-2024-1151 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash. CVE-2024-1441 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libvirt-client-9.0.0-150500.6.20.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libvirt-libs-9.0.0-150500.6.20.1 low When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug. CVE-2024-2004 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:curl-8.0.1-150400.5.44.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libcurl4-8.0.1-150400.5.44.1 low runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue. CVE-2024-21626 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:runc-1.1.12-150000.64.1 important A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. CVE-2024-2193 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:xen-libs-4.17.4_02-150500.3.30.1 moderate ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-2201 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:xen-libs-4.17.4_02-150500.3.30.1 moderate Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. CVE-2024-22667 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-9.1.0111-150500.20.9.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:vim-data-common-9.1.0111-150500.20.9.1 important BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options. CVE-2024-23651 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:docker-24.0.7_ce-150000.198.2 important BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature. CVE-2024-23652 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:docker-24.0.7_ce-150000.198.2 moderate BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources. CVE-2024-23653 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:docker-24.0.7_ce-150000.198.2 moderate In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access. CVE-2024-23849 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation. CVE-2024-23850 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application. CVE-2024-2398 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:curl-8.0.1-150400.5.44.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libcurl4-8.0.1-150400.5.44.1 moderate A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. CVE-2024-24860 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash. CVE-2024-2494 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libvirt-client-9.0.0-150500.6.20.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libvirt-libs-9.0.0-150500.6.20.1 moderate A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash. CVE-2024-2496 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libvirt-client-9.0.0-150500.6.20.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libvirt-libs-9.0.0-150500.6.20.1 moderate An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. CVE-2024-25062 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libxml2-2-2.10.3-150500.5.14.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libxml2-tools-2.10.3-150500.5.14.1 important Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack's media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1. CVE-2024-25126 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ruby2.5-rubygem-rack-2.0.8-150000.3.21.2 important c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist. CVE-2024-25629 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libcares2-1.19.1-150000.3.26.1 moderate In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. CVE-2024-25744 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 important Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1. CVE-2024-26141 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ruby2.5-rubygem-rack-2.0.8-150000.3.21.2 important Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1. CVE-2024-26146 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ruby2.5-rubygem-rack-2.0.8-150000.3.21.2 moderate Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. CVE-2024-26458 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:krb5-1.20.1-150500.3.6.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:krb5-client-1.20.1-150500.3.6.1 important Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. CVE-2024-26461 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:krb5-1.20.1-150500.3.6.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:krb5-client-1.20.1-150500.3.6.1 moderate Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c. CVE-2024-26462 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:krb5-1.20.1-150500.3.6.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:krb5-client-1.20.1-150500.3.6.1 important In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling the work before calling complete(). This seems more logical in the first place, as it's the inverse order of what the submitting thread will do. CVE-2024-26585 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn, each ACL points to a different TCAM region where the filters are stored. During forwarding, the ACLs are sequentially evaluated until a match is found. One reason to place filters in different regions is when they are added with decreasing priorities and in an alternating order so that two consecutive filters can never fit in the same region because of their key usage. In Spectrum-2 and newer ASICs the firmware started to report that the maximum number of ACLs in a group is more than 16, but the layout of the register that configures ACL groups (PAGT) was not updated to account for that. It is therefore possible to hit stack corruption [1] in the rare case where more than 16 ACLs in a group are required. Fix by limiting the maximum ACL group size to the minimum between what the firmware reports and the maximum ACLs that fit in the PAGT register. Add a test case to make sure the machine does not crash when this condition is hit. [1] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: mlxsw_sp_acl_tcam_group_update+0x116/0x120 [...] dump_stack_lvl+0x36/0x50 panic+0x305/0x330 __stack_chk_fail+0x15/0x20 mlxsw_sp_acl_tcam_group_update+0x116/0x120 mlxsw_sp_acl_tcam_group_region_attach+0x69/0x110 mlxsw_sp_acl_tcam_vchunk_get+0x492/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0 mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb_add+0xdc/0x1c0 fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90 rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb+0x58/0x100 netlink_unicast+0x244/0x390 netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b CVE-2024-26586 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS For PTR_TO_FLOW_KEYS, check_flow_keys_access() only uses fixed off for validation. However, variable offset ptr alu is not prohibited for this ptr kind. So the variable offset is not checked. The following prog is accepted: func#0 @0 0: R1=ctx() R10=fp0 0: (bf) r6 = r1 ; R1=ctx() R6_w=ctx() 1: (79) r7 = *(u64 *)(r6 +144) ; R6_w=ctx() R7_w=flow_keys() 2: (b7) r8 = 1024 ; R8_w=1024 3: (37) r8 /= 1 ; R8_w=scalar() 4: (57) r8 &= 1024 ; R8_w=scalar(smin=smin32=0, smax=umax=smax32=umax32=1024,var_off=(0x0; 0x400)) 5: (0f) r7 += r8 mark_precise: frame0: last_idx 5 first_idx 0 subseq_idx -1 mark_precise: frame0: regs=r8 stack= before 4: (57) r8 &= 1024 mark_precise: frame0: regs=r8 stack= before 3: (37) r8 /= 1 mark_precise: frame0: regs=r8 stack= before 2: (b7) r8 = 1024 6: R7_w=flow_keys(smin=smin32=0,smax=umax=smax32=umax32=1024,var_off =(0x0; 0x400)) R8_w=scalar(smin=smin32=0,smax=umax=smax32=umax32=1024, var_off=(0x0; 0x400)) 6: (79) r0 = *(u64 *)(r7 +0) ; R0_w=scalar() 7: (95) exit This prog loads flow_keys to r7, and adds the variable offset r8 to r7, and finally causes out-of-bounds access: BUG: unable to handle page fault for address: ffffc90014c80038 [...] Call Trace: <TASK> bpf_dispatcher_nop_func include/linux/bpf.h:1231 [inline] __bpf_prog_run include/linux/filter.h:651 [inline] bpf_prog_run include/linux/filter.h:658 [inline] bpf_prog_run_pin_on_cpu include/linux/filter.h:675 [inline] bpf_flow_dissect+0x15f/0x350 net/core/flow_dissector.c:991 bpf_prog_test_run_flow_dissector+0x39d/0x620 net/bpf/test_run.c:1359 bpf_prog_test_run kernel/bpf/syscall.c:4107 [inline] __sys_bpf+0xf8f/0x4560 kernel/bpf/syscall.c:5475 __do_sys_bpf kernel/bpf/syscall.c:5561 [inline] __se_sys_bpf kernel/bpf/syscall.c:5559 [inline] __x64_sys_bpf+0x73/0xb0 kernel/bpf/syscall.c:5559 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Fix this by rejecting ptr alu with variable offset on flow_keys. Applying the patch rejects the program with "R7 pointer arithmetic on flow_keys prohibited". CVE-2024-26589 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: bpf: Fix re-attachment branch in bpf_tracing_prog_attach The following case can cause a crash due to missing attach_btf: 1) load rawtp program 2) load fentry program with rawtp as target_fd 3) create tracing link for fentry program with target_fd = 0 4) repeat 3 In the end we have: - prog->aux->dst_trampoline == NULL - tgt_prog == NULL (because we did not provide target_fd to link_create) - prog->aux->attach_btf == NULL (the program was loaded with attach_prog_fd=X) - the program was loaded for tgt_prog but we have no way to find out which one BUG: kernel NULL pointer dereference, address: 0000000000000058 Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x15b/0x430 ? fixup_exception+0x22/0x330 ? exc_page_fault+0x6f/0x170 ? asm_exc_page_fault+0x22/0x30 ? bpf_tracing_prog_attach+0x279/0x560 ? btf_obj_id+0x5/0x10 bpf_tracing_prog_attach+0x439/0x560 __sys_bpf+0x1cf4/0x2de0 __x64_sys_bpf+0x1c/0x30 do_syscall_64+0x41/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Return -EINVAL in this situation. CVE-2024-26591 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to the buffer, and once again before reading the incoming data from the buffer. The driver is currently missing the second reset, causing the wrong portion of the block buffer to be read. CVE-2024-26593 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after failing to attach the region to an ACL group, we hit a NULL pointer dereference upon 'region->group->tcam' [1]. Fix by retrieving the 'tcam' pointer using mlxsw_sp_acl_to_tcam(). [1] BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] RIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0 [...] Call Trace: mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0 mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb_add+0xdc/0x1c0 fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90 rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb+0x58/0x100 netlink_unicast+0x244/0x390 netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b CVE-2024-26595 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is a potential UAF scenario in the case of an LPI translation cache hit racing with an operation that invalidates the cache, such as a DISCARD ITS command. The root of the problem is that vgic_its_check_cache() does not elevate the refcount on the vgic_irq before dropping the lock that serializes refcount changes. Have vgic_its_check_cache() raise the refcount on the returned vgic_irq and add the corresponding decrement after queueing the interrupt. CVE-2024-26598 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 important In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sys_membarrier On some systems, sys_membarrier can be very expensive, causing overall slowdowns for everything. So put a lock on the path in order to serialize the accesses to prevent the ability for this to be called at too high of a frequency and saturate the machine. CVE-2024-26602 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Stop relying on userspace for info to fault in xsave buffer Before this change, the expected size of the user space buffer was taken from fx_sw->xstate_size. fx_sw->xstate_size can be changed from user-space, so it is possible construct a sigreturn frame where: * fx_sw->xstate_size is smaller than the size required by valid bits in fx_sw->xfeatures. * user-space unmaps parts of the sigrame fpu buffer so that not all of the buffer required by xrstor is accessible. In this case, xrstor tries to restore and accesses the unmapped area which results in a fault. But fault_in_readable succeeds because buf + fx_sw->xstate_size is within the still mapped area, so it goes back and tries xrstor again. It will spin in this loop forever. Instead, fault in the maximum size which can be touched by XRSTOR (taken from fpstate->user_size). [ dhansen: tweak subject / changelog ] CVE-2024-26603 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 moderate In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems. CVE-2024-26622 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:cluster-md-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:dlm-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gfs2-kmp-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:kernel-default-5.14.21-150500.55.52.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:ocfs2-kmp-default-5.14.21-150500.55.52.1 important wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover. CVE-2024-28085 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libblkid1-2.37.4-150500.9.6.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libfdisk1-2.37.4-150500.9.6.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libmount1-2.37.4-150500.9.6.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libsmartcols1-2.37.4-150500.9.6.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libuuid1-2.37.4-150500.9.6.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:util-linux-2.37.4-150500.9.6.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:util-linux-systemd-2.37.4-150500.9.6.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:uuidd-2.37.4-150500.9.6.1 important nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability. CVE-2024-28182 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libnghttp2-14-1.40.0-150200.17.1 important libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). CVE-2024-28757 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:expat-2.4.4-150400.3.17.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libexpat1-2.4.4-150400.3.17.1 important A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. CVE-2024-28834 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gnutls-3.7.3-150400.4.44.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libgnutls30-3.7.3-150400.4.44.1 moderate A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. CVE-2024-28835 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:gnutls-3.7.3-150400.4.44.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:libgnutls30-3.7.3-150400.4.44.1 moderate The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. CVE-2024-2961 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:glibc-2.31-150300.74.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:glibc-i18ndata-2.31-150300.74.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:glibc-locale-2.31-150300.74.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:glibc-locale-base-2.31-150300.74.1 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:nscd-2.31-150300.74.1 important Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html CVE-2024-31142 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:xen-libs-4.17.4_02-150500.3.30.1 moderate A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size. CVE-2024-3651 Public Cloud Image google/sles-15-sp5-sap-v20240427-x86-64:python3-idna-2.6-150000.3.3.1 moderate