SUSE 5180 Published by

The following updates are available for openSUSE Leap and SUSE Linux Enterprise:

SUSE-SU-2024:0574-1: important: Security update for bind
SUSE-SU-2024:0573-1: moderate: Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2
SUSE-SU-2024:0548-1: important: Security update for webkit2gtk3
SUSE-SU-2024:0549-1: moderate: Security update for openssl-1_1
SUSE-SU-2024:0553-1: important: Security update for openvswitch
SUSE-SU-2024:0551-1: important: Security update for postgresql15
SUSE-SU-2024:0552-1: important: Security update for postgresql14
SUSE-SU-2024:0558-1: important: Security update for libssh2_org
SUSE-SU-2024:0522-1: important: Security update for postgresql13
SUSE-SU-2024:0479-1: important: Security update for java-1_8_0-openj9
SUSE-SU-2024:0510-1: important: Security update for salt
SUSE-SU-2024:0509-1: important: Security update for salt
SUSE-SU-2024:0518-1: moderate: Security update for openssl-3
SUSE-SU-2024:0515-1: important: Security update for the Linux Kernel
SUSE-SU-2024:0512-1: important: Security update for golang-github-prometheus-alertmanager
SUSE-SU-2024:0472-1: important: Security update for tomcat
SUSE-SU-2024:0513-1: important: Security update for SUSE Manager 4.3.11 Release Notes
SUSE-SU-2024:0476-1: important: Security update for the Linux Kernel
SUSE-SU-2024:0469-1: important: Security update for the Linux Kernel
SUSE-SU-2024:0473-1: important: Security update for tomcat10
SUSE-SU-2024:0459-1: important: Security update for runc
SUSE-SU-2024:0435-1: moderate: Security update for netpbm
SUSE-SU-2024:0428-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP4)
SUSE-SU-2024:0429-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP4)
SUSE-SU-2024:0421-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP4)
SUSE-SU-2024:0411-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP3)




SUSE-SU-2024:0574-1: important: Security update for bind


# Security update for bind

Announcement ID: SUSE-SU-2024:0574-1
Rating: important
References:

* bsc#1219823
* bsc#1219826
* bsc#1219851
* bsc#1219852
* bsc#1219853
* bsc#1219854

Cross-References:

* CVE-2023-4408
* CVE-2023-50387
* CVE-2023-50868
* CVE-2023-5517
* CVE-2023-5679
* CVE-2023-6516

CVSS scores:

* CVE-2023-4408 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-50387 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-50387 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-50868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-5517 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-5679 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6516 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* Server Applications Module 15-SP5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves six vulnerabilities can now be installed.

## Description:

This update for bind fixes the following issues:

Update to release 9.16.48:

* CVE-2023-50387: Fixed a denial-of-service caused by DNS messages containing
a lot of DNSSEC signatures (bsc#1219823).
* CVE-2023-50868: Fixed a denial-of-service caused by NSEC3 closest encloser
proof (bsc#1219826).
* CVE-2023-4408: Fixed a denial-of-service caused by DNS messages with many
different names (bsc#1219851).
* CVE-2023-5517: Fixed a possible crash when nxdomain-redirect was enabled
(bsc#1219852).
* CVE-2023-5679: Fixed a possible crash when bad interaction between DNS64 and
serve-stale, when both of these features are enabled (bsc#1219853).
* CVE-2023-6516: Fixed excessive memory consumption when continuously trigger
the cache database maintenance (bsc#1219854).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-574=1 openSUSE-SLE-15.5-2024-574=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-574=1

* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-574=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* bind-9.16.48-150500.8.16.1
* bind-debugsource-9.16.48-150500.8.16.1
* bind-utils-9.16.48-150500.8.16.1
* bind-debuginfo-9.16.48-150500.8.16.1
* bind-utils-debuginfo-9.16.48-150500.8.16.1
* openSUSE Leap 15.5 (noarch)
* python3-bind-9.16.48-150500.8.16.1
* bind-doc-9.16.48-150500.8.16.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* bind-debugsource-9.16.48-150500.8.16.1
* bind-utils-9.16.48-150500.8.16.1
* bind-debuginfo-9.16.48-150500.8.16.1
* bind-utils-debuginfo-9.16.48-150500.8.16.1
* Basesystem Module 15-SP5 (noarch)
* python3-bind-9.16.48-150500.8.16.1
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* bind-9.16.48-150500.8.16.1
* bind-debugsource-9.16.48-150500.8.16.1
* bind-debuginfo-9.16.48-150500.8.16.1
* Server Applications Module 15-SP5 (noarch)
* bind-doc-9.16.48-150500.8.16.1

## References:

* https://www.suse.com/security/cve/CVE-2023-4408.html
* https://www.suse.com/security/cve/CVE-2023-50387.html
* https://www.suse.com/security/cve/CVE-2023-50868.html
* https://www.suse.com/security/cve/CVE-2023-5517.html
* https://www.suse.com/security/cve/CVE-2023-5679.html
* https://www.suse.com/security/cve/CVE-2023-6516.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219823
* https://bugzilla.suse.com/show_bug.cgi?id=1219826
* https://bugzilla.suse.com/show_bug.cgi?id=1219851
* https://bugzilla.suse.com/show_bug.cgi?id=1219852
* https://bugzilla.suse.com/show_bug.cgi?id=1219853
* https://bugzilla.suse.com/show_bug.cgi?id=1219854



SUSE-SU-2024:0573-1: moderate: Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2


# Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-
abseil, python-grpcio, re2

Announcement ID: SUSE-SU-2024:0573-1
Rating: moderate
References:

* bsc#1133277
* bsc#1182659
* bsc#1203378
* bsc#1208794
* bsc#1212180
* bsc#1212182
* bsc#1214148
* bsc#1215334
* jsc#PED-5014

Cross-References:

* CVE-2023-32731
* CVE-2023-32732
* CVE-2023-33953
* CVE-2023-44487
* CVE-2023-4785

CVSS scores:

* CVE-2023-32731 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-32731 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-32732 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-32732 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-33953 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-33953 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4785 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4785 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP5
* Development Tools Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* Public Cloud Module 15-SP4
* Public Cloud Module 15-SP5
* Python 3 Module 15-SP5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP5

An update that solves five vulnerabilities, contains one feature and has three
security fixes can now be installed.

## Description:

This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil,
python-grpcio, re2 fixes the following issues:

abseil-cpp was updated to:

Update to 20230802.1:

* Add StdcppWaiter to the end of the list of waiter implementations

Update to 20230802.0

What's New:

* Added the nullability library for designating the expected nullability of
pointers. Currently these serve as annotations only, but it is expected that
compilers will one day be able to use these annotations for diagnostic
purposes.
* Added the prefetch library as a portable layer for moving data into caches
before it is read.
* Abseil's hash tables now detect many more programming errors in debug and
sanitizer builds.
* Abseil's synchronization objects now differentiate absolute waits (when
passed an absl::Time) from relative waits (when passed an absl::Duration)
when the underlying platform supports differentiating these cases. This only
makes a difference when system clocks are adjusted.
* Abseil's flag parsing library includes additional methods that make it
easier to use when another library also expects to be able to parse flags.
* absl::string_view is now available as a smaller target,
@com_google_absl//absl/strings:string_view, so that users may use this
library without depending on the much larger @com_google_absl//absl/strings
target.

Update to 20230125.3

Details can be found on:

https://github.com/abseil/abseil-cpp/releases/tag/20230125.3

Update to 20230125.2

What's New:

The Abseil logging library has been released. This library
provides facilities for writing short text messages about the
status of a program to stderr, disk files, or other sinks
(via an extension API). See the logging library documentation
for more information.
An extension point, AbslStringify(), allows user-defined types
to seamlessly work with Abseil's string formatting functions
like absl::StrCat() and absl::StrFormat().
A library for computing CRC32C checksums has been added.
Floating-point parsing now uses the Eisel-Lemire algorithm,
which provides a significant speed improvement.
The flags library now provides suggestions for the closest
flag(s) in the case of misspelled flags.
Using CMake to install Abseil now makes the installed artifacts
(in particular absl/base/options.h) reflect the compiled ABI.

Breaking Changes:

Abseil now requires at least C++14 and follows Google's Foundational
C++ Support Policy. See this table for a list of currently supported
versions compilers, platforms, and build tools.
The legacy spellings of the thread annotation macros/functions
(e.g. GUARDED_BY()) have been removed by default in favor of the
ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with
other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS
can be defined on the compile command-line to temporarily restore these
spellings, but this compatibility macro will be removed in the future.

Known Issues

The Abseil logging library in this release is not a feature-complete
replacement for glog yet. VLOG and DFATAL are examples of features
that have not yet been released.

Update to version 20220623.0

What's New:

* Added absl::AnyInvocable, a move-only function type.
* Added absl::CordBuffer, a type for buffering data for eventual inclusion an
absl::Cord, which is useful for writing zero-copy code.
* Added support for command-line flags of type absl::optional.

Breaking Changes:

* CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control
whether or not unit tests are built.
* The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that
are experiencing new warnings can use -Wno-deprecated-declatations silence
the warnings or use -Wno-error=deprecated-declarations to see warnings but
not fail the build.
* ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some
compilers are more strict about where this keyword must appear compared to
the pre-C++20 implementation.
* Bazel builds now depend on the bazelbuild/bazel-skylib repository. See
Abseil's WORKSPACE file for an example of how to add this dependency.

Other:

* This will be the last release to support C++11. Future releases will require
at least C++14.

grpc was updated to 1.60:

Update to release 1.60

* Implemented dualstack IPv4 and IPv6 backend support, as per draft gRFC A61.
xDS support currently guarded by GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS
env var.
* Support for setting proxy for addresses.
* Add v1 reflection.

update to 1.59.3:

* Security - Revocation: Crl backport to 1.59. (#34926)

Update to release 1.59.2

* Fixes for CVE-2023-44487

Update to version 1.59.1:

* C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552).

Update to version 1.59.0:

* xds ssa: Remove environment variable protection for stateful affinity
(gh#grpc/grpc#34435).
* c-ares: fix spin loop bug when c-ares gives up on a socket that still has
data left in its read buffer (gh#grpc/grpc#34185).
* Deps: Adding upb as a submodule (gh#grpc/grpc#34199).
* EventEngine: Update Cancel contract on closure deletion timeline
(gh#grpc/grpc#34167).
* csharp codegen: Handle empty base_namespace option value to fix
gh#grpc/grpc#34113 (gh#grpc/grpc#34137).
* Ruby:
* replace strdup with gpr_strdup (gh#grpc/grpc#34177).
* drop ruby 2.6 support (gh#grpc/grpc#34198).

Update to release 1.58.1

* Reintroduced c-ares 1.14 or later support

Update to release 1.58

* ruby extension: remove unnecessary background thread startup wait logic that
interferes with forking

Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148)

* EventEngine: Change GetDNSResolver to return
absl::StatusOr.
* Improve server handling of file descriptor exhaustion.
* Add a channel argument to set DSCP on streams.

Update to release 1.56.2

* Improve server handling of file descriptor exhaustion

Update to release 1.56.0 (CVE-2023-32731, bsc#1212180)

* core: Add support for vsock transport.
* EventEngine: Change TXT lookup result type to std::vector.
* C++/Authz: support customizable audit functionality for authorization
policy.

Update to release 1.54.1

* Bring declarations and definitions to be in sync

Update to release 1.54 (CVE-2023-32732, bsc#1212182)

* XDS: enable XDS federation by default
* TlsCreds: Support revocation of intermediate in chain

Update to release 1.51.1

* Only a macOS/aarch64-related change

Update to release 1.51

* c-ares DNS resolver: fix logical race between resolution
timeout/cancellation and fd readability.
* Remove support for pthread TLS

Update to release 1.50.0

* Core

* Derive EventEngine from std::enable_shared_from_this. (#31060)

* Revert "Revert "[chttp2] fix stream leak with queued flow control update and
absence of writes (#30907)" (#30991)". (#30992)
* [chttp2] fix stream leak with queued flow control update and absence of
writes. (#30907)
* Remove gpr_codegen. (#30899)
* client_channel: allow LB policy to communicate update errors to resolver.
(#30809)
* FaultInjection: Fix random number generation. (#30623)

* C++

* OpenCensus Plugin: Add measure and views for started RPCs. (#31034)

* C#

* Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371)

* Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099).
(#30411)
* Grpc.Tools document AdditionalImportDirs. (#30405)
* Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410)

Update to release 1.49.1

* All

* Update protobuf to v21.6 on 1.49.x. (#31028)

* Ruby

* Backport "Fix ruby windows ucrt build #31051" to 1.49.x. (#31053)

Update to release 1.49.0

* Core
* Backport: "stabilize the C2P resolver URI scheme" to v1.49.x. (#30654)
* Bump core version. (#30588)
* Update OpenCensus to HEAD. (#30567)
* Update protobuf submodule to 3.21.5. (#30548)
* Update third_party/protobuf to 3.21.4. (#30377)
* [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443)
* HTTP2: Fix keepalive time throttling. (#30164)
* Use AnyInvocable in EventEngine APIs. (#30220)

* Python

* Add type stub generation support to grpcio-tools. (#30498)

Update to release 1.48.1

* Backport EventEngine Forkables

Update to release 1.48.0

* C++14 is now required
* xDS: Workaround to get gRPC clients working with istio

Update to release 1.46.3

* backport: xds: use federation env var to guard new-style resource name
parsing (#29725) #29727

Update to release 1.46

* Added HTTP/1.1 support in httpcli
* HTTP2: Add graceful goaway

Update to release 1.45.2

* Various fixes related to XDS
* HTTP2: Should not run cancelling logic on servers when receiving GOAWAY

Update to release 1.45.1

* Switched to epoll1 as a default polling engine for Linux

Update to version 1.45.0:

* Core:

* Backport "Include ADS stream error in XDS error updates (#29014)" to 1.45.x
[gh#grpc/grpc#29121].

* Bump core version to 23.0.0 for upcoming release [gh#grpc/grpc#29026].
* Fix memory leak in HTTP request security handshake cancellation
[gh#grpc/grpc#28971].
* CompositeChannelCredentials: Comparator implementation [gh#grpc/grpc#28902].
* Delete custom iomgr [gh#grpc/grpc#28816].
* Implement transparent retries [gh#grpc/grpc#28548].
* Uniquify channel args keys [gh#grpc/grpc#28799].
* Set trailing_metadata_available for recv_initial_metadata ops when
generating a fake status [gh#grpc/grpc#28827].
* Eliminate gRPC insecure build [gh#grpc/grpc#25586].
* Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769].
* InsecureCredentials: singleton object [gh#grpc/grpc#28777].
* Add http cancel api [gh#grpc/grpc#28354].
* Memory leak fix on windows in grpc_tcp_create() [gh#grpc/grpc#27457].
* xDS: Rbac filter updates [gh#grpc/grpc#28568].

* C++

* Bump the minimum gcc to 5 [gh#grpc/grpc#28786].

* Add experimental API for CRL checking support to gRPC C++ TlsCredentials
[gh#grpc/grpc#28407].

Update to release 1.44.0

* Add a trace to list which filters are contained in a channel stack.
* Remove grpc_httpcli_context.
* xDS: Add support for RBAC HTTP filter.
* API to cancel grpc_resolve_address.

Update to version 1.43.2:

* Fix google-c2p-experimental issue (gh#grpc/grpc#28692).

Changes from version 1.43.0:

* Core:

* Remove redundant work serializer usage in c-ares windows code
(gh#grpc/grpc#28016).

* Support RDS updates on the server (gh#grpc/grpc#27851).
* Use WorkSerializer in XdsClient to propagate updates in a synchronized
manner (gh#grpc/grpc#27975).
* Support Custom Post-handshake Verification in TlsCredentials
(gh#grpc/grpc#25631).
* Reintroduce the EventEngine default factory (gh#grpc/grpc#27920).
* Assert Android API >= v21 (gh#grpc/grpc#27943).
* Add support for abstract unix domain sockets (gh#grpc/grpc#27906).
* C++:

* OpenCensus: Move metadata storage to arena (gh#grpc/grpc#27948).

* [C#] Add nullable type attributes to Grpc.Core.Api (gh#grpc/grpc#27887).

* Update package name libgrpc++1 to libgrpc++1_43 in keeping with updated so
number.

Update to release 1.41.0

* xDS: Remove environmental variable guard for security.
* xDS Security: Use new way to fetch certificate provider plugin instance
config.
* xDS server serving status: Use a struct to allow more fields to be added in
the future.

Update to release 1.39.1

* Fix C# protoc plugin argument parsing on 1.39.x

Update to version 1.39.0:

* Core

* Initialize tcp_posix for CFStream when needed (gh#grpc/grpc#26530).

* Update boringssl submodule (gh#grpc/grpc#26520).
* Fix backup poller races (gh#grpc/grpc#26446).
* Use default port 443 in HTTP CONNECT request (gh#grpc/grpc#26331).
* C++

* New iomgr implementation backed by the EventEngine API (gh#grpc/grpc#26026).

* async_unary_call: add a Destroy method, called by std::default_delete
(gh#grpc/grpc#26389).
* De-experimentalize C++ callback API (gh#grpc/grpc#25728).

* PHP: stop reading composer.json file just to read the version string
(gh#grpc/grpc#26156).

* Ruby: Set XDS user agent in ruby via macros (gh#grpc/grpc#26268).

Update to release 1.38.0

* Invalidate ExecCtx now before computing timeouts in all repeating timer
events using a WorkSerializer or combiner.
* Fix use-after-unref bug in fault_injection_filter
* New gRPC EventEngine Interface
* Allow the AWS_DEFAULT_REGION environment variable
* s/OnServingStatusChange/OnServingStatusUpdate/

Update to release 1.37.1

* Use URI form of address for channelz listen node
* Implementation CSDS (xDS Config Dump)
* xDS status notifier
* Remove CAS loops in global subchannel pool and simplify subchannel
refcounting

Update to release 1.36.4

* A fix for DNS SRV lookups on Windows

Update to 1.36.1:

* Core:
* Remove unnecessary internal pollset set in c-ares DNS resolver
* Support Default Root Certs in Tls Credentials
* back-port: add env var protection for google-c2p resolver
* C++:
* Move third party identity C++ api out of experimental namespace
* refactor!: change error_details functions to templates
* Support ServerContext for callback API
* PHP:
* support for PSM security
* fixed segfault on reused call object
* fixed phpunit 8 warnings
* Python:
* Implement Python Client and Server xDS Creds

Update to version 1.34.1:

* Backport "Lazily import grpc_tools when using runtime stub/message
generation" to 1.34.x (gh#grpc/grpc#25011).
* Backport "do not use true on non-windows" to 1.34.x
(gh#grpc/grpc#24995).

Update to version 1.34.0:

* Core:

* Protect xds security code with the environment variable
"GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT" (gh#grpc/grpc#24782).

* Add support for "unix-abstract:" URIs to support abstract unix domain
sockets (gh#grpc/grpc#24500).
* Increment Index when parsing not plumbed SAN fields (gh#grpc/grpc#24601).
* Revert "Revert "Deprecate
GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS""
(gh#grpc/grpc#24518).
* xds: Set status code to INVALID_ARGUMENT when NACKing (gh#grpc/grpc#24516).
* Include stddef.h in address_sorting.h (gh#grpc/grpc#24514).
* xds: Add support for case_sensitive option in RouteMatch
(gh#grpc/grpc#24381).
* C++:
* Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503).
* Experimental support and tests for
CreateCustomInsecureChannelWithInterceptorsFromFd (gh#grpc/grpc#24362).

Update to release 1.33.2

* Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS.
* Expose Cronet error message to the application layer.
* Remove grpc_channel_ping from surface API.
* Do not send BDP pings if there is no receive side activity.

Update to version 1.33.1

* Core

* Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS
(gh#grpc/grpc#24063).

* Expose Cronet error message to the application layer (gh#grpc/grpc#24083).
* Remove grpc_channel_ping from surface API (gh#grpc/grpc#23894).
* Do not send BDP pings if there is no receive side activity
(gh#grpc/grpc#22997).

* C++

* Makefile: only support building deps from submodule (gh#grpc/grpc#23957).

* Add new subpackages - libupb and upb-devel. Currently, grpc sources include
also upb sources. Before this change, libupb and upb-devel used to be
included in a separate package - upb.

Update to version 1.32.0:

* Core
* Remove stream from stalled lists on remove_stream (gh#grpc/grpc#23984).
* Do not cancel RPC if send metadata size if larger than peer's limit
(gh#grpc/grpc#23806).
* Don't consider receiving non-OK status as an error for HTTP2
(gh#grpc/grpc#19545).
* Keepalive throttling (gh#grpc/grpc#23313).
* Include the target_uri in "target uri is not valid" error messages
(gh#grpc/grpc#23782).
* Fix "cannot send compressed message large than 1024B" in cronet_transport
(gh#grpc/grpc#23219).
* Receive SETTINGS frame on clients before declaring subchannel READY
(gh#grpc/grpc#23636).
* Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372).
* Experimental xDS v3 support (gh#grpc/grpc#23281).

* C++

* Upgrade bazel used for all tests to 2.2.0 (gh#grpc/grpc#23902).

* Remove test targets and test helper libraries from Makefile
(gh#grpc/grpc#23813).
* Fix repeated builds broken by re2's cmake (gh#grpc/grpc#23587).
* Log the peer address of grpc_cli CallMethod RPCs to stderr
(gh#grpc/grpc#23557).

opencensus-proto was updated to 0.3.0+git.20200721:

* Update to version 0.3.0+git.20200721:

* Bump version to 0.3.0

* Generate Go types using protocolbuffers/protobuf-go (#218)
* Load proto_library() rule. (#216)

* Update to version 0.2.1+git.20190826:

* Remove grpc_java dependency and java_proto rules. (#214)

* Add C++ targets, especially for gRPC services. (#212)
* Upgrade bazel and dependencies to latest. (#211)
* Bring back bazel cache to make CI faster. (#210)
* Travis: don't require sudo for bazel installation. (#209)

* Update to version 0.2.1:

* Add grpc-gateway for metrics service. (#205)

* Pin bazel version in travis builds (#207)
* Update gen-go files (#199)
* Add Web JS as a LibraryInfo.Language option (#198)
* Set up Python packaging for PyPI release. (#197)
* Add tracestate to links. (#191)
* Python proto file generator and generated proto files (#196)
* Ruby proto file generator and generated proto files (#192)
* Add py_proto_library() rules for envoy/api. (#194)
* Gradle: Upgrade dependency versions. (#193)
* Update release versions for readme. (#189)
* Start 0.3.0 development cycle
* Update gen-go files. (#187)
* Revert "Start 0.3.0 development cycle (#167)" (#183)
* Revert optimization for metric descriptor and bucket options for now. (#184)
* Constant sampler: add option to always follow the parent's decision. (#182)
* Document that all maximum values must be specified. (#181)
* Fix typo in bucket bounds. (#178)
* Restrict people who can approve reviews. This is to ensure code quality.
(#177)
* Use bazel cache to make CI faster. (#176)
* Add grpc generated files to the idea plugin. (#175)
* Add Resource to Span (#174)
* time is required (#170)
* Upgrade protobuf dependency to v3.6.1.3. (#173)
* assume Ok Status when not set (#171)
* Minor comments fixes (#160)
* Start 0.3.0 development cycle (#167)
* Update gen-go files. (#162)
* Update releasing instruction. (#163)
* Fix Travis build. (#165)
* Add OpenApi doc for trace agent grpc-gateway (#157)
* Add command to generate OpenApi/Swagger doc for grpc-gateway (#156)
* Update gen-go files (#155)
* Add trace export grpc-gateway config (#77)
* Fix bazel build after bazel upgrade (#154)
* README: Add gitter, javadoc and godoc badge. (#151)
* Update release versions for README. (#150)
* Start 0.2.0 development cycle
* Add resource and metrics_service proto to mkgogen. Re-generate gen-go files.
(#147)
* Add resource to protocol (#137)
* Fix generating the javadoc. (#144)
* Metrics/TimeSeries: start time should not be included while end time should.
(#142)
* README: Add instructions on using opencensus_proto with Bazel. (#140)
* agent/README: update package info. (#138)
* Agent: Add metrics service. (#136)
* Tracing: Add default limits to TraceConfig. (#133)
* Remove a stale TODO. (#134)
* README: Add a note about go_proto_library rules. (#135)
* add golang bazel build support (#132)
* Remove exporter protos from mkgogen. (#128)
* Update README and RELEASING. (#130)
* Change histogram buckets definition to be OpenMetrics compatible. (#121)
* Remove exporter/v1 protos. (#124)
* Clean up the README for Agent proto. (#126)
* Change Quantiles to ValuesAtPercentile. (#122)
* Extend the TraceService service to support export/config for multiple
Applications. (#119)
* Add specifications on Agent implementation details. (#112)
* Update gitignore (#118)
* Remove maven support. Not used. (#116)
* Add gauge distribution. (#117)
* Add support for Summary type and value. (#110)
* Add Maven status and instructions on adding dependencies. (#115)
* Bump version to 0.0.3-SNAPSHOT
* Bump version to 0.0.2
* Update gen-go files. (#114)
* Gradle: Add missing source and javadoc rules. (#113)
* Add support for float attributes. (#98)
* Change from mean to sum in distribution. (#109)
* Bump version to v0.0.2-SNAPSHOT
* Bump version to v0.0.1
* Add releasing instructions in RELEASING.md. (#106)
* Add Gradle build rules for generating gRPC service and releasing to Maven.
(#102)
* Re-organize proto directory structure. (#103)
* Update gen-go files. (#101)
* Add a note about interceptors of other libraries. (#94)
* agent/common/v1: use exporter_version, core_library_version in LibraryInfo
(#100)
* opencensus/proto: add default Agent port to README (#97)
* Update the message names for Config RPC. (#93)
* Add details about agent protocol in the README. (#88)
* Update gen-go files. (#92)
* agent/trace/v1: fix signature for Config and comments too (#91)
* Update gen-go files. (#86)
* Make tracestate a list instead of a map to preserve ordering. (#84)
* Allow MetricDescriptor to be sent only the first time. (#78)
* Update mkgogen.sh. (#85)
* Add agent trace service proto definitions. (#79)
* Update proto and gen-go package names. (#83)
* Add agent/common proto and BUILD. (#81)
* Add trace_config.proto. (#80)
* Build exporters with maven. (#76)
* Make clear that cumulative int/float can go only up. (#75)
* Add tracestate field to the Span proto. (#74)
* gradle wrapper --gradle-version 4.9 (#72)
* Change from multiple types of timeseries to have one. (#71)
* Move exemplars in the Bucket. (#70)
* Update gen-go files. (#69)
* Move metrics in the top level directory. (#68)
* Remove Range from Distribution. No backend supports this. (#67)
* Remove unused MetricSet message. (#66)
* Metrics: Add Exemplar to DistributionValue. (#62)
* Gauge vs Cumulative. (#65)
* Clarifying comment about bucket boundaries. (#64)
* Make MetricDescriptor.Type capture the type of the value as well. (#63)
* Regenerate the Go artifacts (#61)
* Add export service proto (#60)

* Initial version 20180523

protobuf was updated to 25.1:

update to 25.1:

* Raise warnings for deprecated python syntax usages
* Add support for extensions in CRuby, JRuby, and FFI Ruby
* Add support for options in CRuby, JRuby and FFI (#14594)

update to 25.0:

* Implement proto2/proto3 with editions
* Defines Protobuf compiler version strings as macros and separates out suffix
string definition.
* Add utf8_validation feature back to the global feature set.
* Setting up version updater to prepare for poison pills and embedding version
info into C++, Python and Java gencode.
* Merge the protobuf and upb Bazel repos
* Editions: Introduce functionality to protoc for generating edition feature
set defaults.
* Editions: Migrate edition strings to enum in C++ code.
* Create a reflection helper for ExtensionIdentifier.
* Editions: Provide an API for C++ generators to specify their features.
* Editions: Refactor feature resolution to use an intermediate message.
* Publish extension declarations with declaration verifications.
* Editions: Stop propagating partially resolved feature sets to plugins.
* Editions: Migrate string_field_validation to a C++ feature
* Editions: Include defaults for any features in the generated pool.
* Protoc: parser rejects explicit use of map_entry option
* Protoc: validate that reserved range start is before end
* Protoc: support identifiers as reserved names in addition to string literals
(only in editions)
* Drop support for Bazel 5.
* Allow code generators to specify whether or not they support editions. C++:
* Set `PROTOBUF_EXPORT` on `InternalOutOfLineDeleteMessageLite()`
* Update stale checked-in files
* Apply PROTOBUF_NOINLINE to declarations of some functions that want it.
* Implement proto2/proto3 with editions
* Make JSON UTF-8 boundary check inclusive of the largest possible UTF-8
character.
* Reduce `Map::size_type` to 32-bits. Protobuf containers can't have more than
that
* Defines Protobuf compiler version strings as macros and separates out suffix
string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors.
* Fix bug in reflection based Swap of map fields.
* Add utf8_validation feature back to the global feature set.
* Setting up version updater to prepare for poison pills and embedding version
info into C++, Python and Java gencode.
* Add prefetching to arena allocations.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated repeated and map
field accessors.
* Editions: Migrate edition strings to enum in C++ code.
* Create a reflection helper for ExtensionIdentifier.
* Editions: Provide an API for C++ generators to specify their features.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated string field
accessors.
* Editions: Refactor feature resolution to use an intermediate message.
* Fixes for 32-bit MSVC.
* Publish extension declarations with declaration verifications.
* Export the constants in protobuf's any.h to support DLL builds.
* Implement AbslStringify for the Descriptor family of types.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated message field
accessors.
* Editions: Stop propagating partially resolved feature sets to plugins.
* Editions: Migrate string_field_validation to a C++ feature
* Editions: Include defaults for any features in the generated pool.
* Introduce C++ feature for UTF8 validation.
* Protoc: validate that reserved range start is before end
* Remove option to disable the table-driven parser in protoc.
* Lock down ctype=CORD in proto file.
* Support split repeated fields.
* In OSS mode omit some extern template specializations.
* Allow code generators to specify whether or not they support editions. Java:
* Implement proto2/proto3 with editions
* Remove synthetic oneofs from Java gencode field accessor tables.
* Timestamps.parse: Add error handling for invalid hours/minutes in the
timezone offset.
* Defines Protobuf compiler version strings as macros and separates out suffix
string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors.
* Add missing debugging version info to Protobuf Java gencode when multiple
files are generated.
* Fix a bad cast in putBuilderIfAbsent when already present due to using the
result of put() directly (which is null if it currently has no value)
* Setting up version updater to prepare for poison pills and embedding version
info into C++, Python and Java gencode.
* Fix a NPE in putBuilderIfAbsent due to using the result of put() directly
(which is null if it currently has no value)
* Update Kotlin compiler to escape package names
* Add MapFieldBuilder and change codegen to generate it and the
put{field}BuilderIfAbsent method.
* Introduce recursion limit in Java text format parsing
* Consider the protobuf.Any invalid if typeUrl.split("/") returns an empty
array.
* Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated.
* Fixed Python memory leak in map lookup.
* Loosen upb for json name conflict check in proto2 between json name and
field
* Defines Protobuf compiler version strings as macros and separates out suffix
string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors.
* Ensure Timestamp.ToDatetime(tz) has correct offset
* Do not check required field for upb python MergeFrom
* Setting up version updater to prepare for poison pills and embedding version
info into C++, Python and Java gencode.
* Merge the protobuf and upb Bazel repos
* Comparing a proto message with an object of unknown returns NotImplemented
* Emit **slots** in pyi output as a tuple rather than a list for --pyi_out.
* Fix a bug that strips options from descriptor.proto in Python.
* Raise warings for message.UnknownFields() usages and navigate to the new add
* Add protobuf python keyword support in path for stub generator.
* Add tuple support to set Struct
* ### Python C-Extension (Default)

* Comparing a proto message with an object of unknown returns NotImplemented
* Check that ffi-compiler loads before using it to define tasks. UPB
(Python/PHP/Ruby C-Extension):
* Include .inc files directly instead of through a filegroup
* Loosen upb for json name conflict check in proto2 between json name and
field
* Add utf8_validation feature back to the global feature set.
* Do not check required field for upb python MergeFrom
* Merge the protobuf and upb Bazel repos
* Added malloc_trim() calls to Python allocator so RSS will decrease when
memory is freed
* Upb: fix a Python memory leak in ByteSize()
* Support ASAN detection on clang
* Upb: bugfix for importing a proto3 enum from within a proto2 file
* Expose methods needed by Ruby FFI using UPB_API
* Fix `PyUpb_Message_MergeInternal` segfault

* Build with source and target levels 8

* fixes build with JDK21
* Install the pom file with the new %%mvn_install_pom macro
* Do not install the pom-only artifacts, since the %%mvn_install_pom macro
resolves the variables at the install time

update to 23.4:

* Add dllexport_decl for generated default instance.
* Deps: Update Guava to 32.0.1

update to 23.3:

C++:

* Regenerate stale files
* Use the same ABI for static and shared libraries on non- Windows platforms
* Add a workaround for GCC constexpr bug Objective-C:
* Regenerate stale files UPB (Python/PHP/Ruby C-Extension)
* Fixed a bug in `upb_Map_Delete()` that caused crashes in map.delete(k) for
Ruby when string-keyed maps were in use.

Compiler: * Add missing header to Objective-c generator * Add a workaround for
GCC constexpr bug

Java: * Rollback of: Simplify protobuf Java message builder by removing methods
that calls the super class only.

Csharp: * [C#] Replace regex that validates descriptor names

update to 22.5:

C++: * Add missing cstdint header * Fix: missing -DPROTOBUF_USE_DLLS in pkg-
config (#12700) * Avoid using string(JOIN..., which requires cmake 3.12 *
Explicitly include GTest package in examples * Bump Abseil submodule to
20230125.3 (#12660)

update to 22.4:

C++: * Fix libprotoc: export useful symbols from .so

Python: * Fix bug in _internal_copy_files where the rule would fail in
downstream repositories.

Other: * Bump utf8_range to version with working pkg-config (#12584) * Fix
declared dependencies for pkg-config * Update abseil dependency and reorder
dependencies to ensure we use the version specified in protobuf_deps. * Turn off
clang::musttail on i386

update to v22.3

UPB (Python/PHP/Ruby C-Extension): * Remove src prefix from proto import * Fix
.gitmodules to use the correct absl branch * Remove erroneous dependency on
googletest

update to 22.2:

Java: * Add version to intra proto dependencies and add kotlin stdlib dependency
* Add $ back for osgi header * Remove $ in pom files

update to 22.1: * Add visibility of plugin.proto to python directory * Strip
"src" from file name of plugin.proto * Add OSGi headers to pom files. * Remove
errorprone dependency from kotlin protos. * Version protoc according to the
compiler version number.

* update to 22.0:

* This version includes breaking changes to: Cpp. Please refer to the
migration guide for information:
https://protobuf.dev/support/migration/#compiler-22

* [Cpp] Migrate to Abseil's logging library.
* [Cpp] `proto2::Map::value_type` changes to `std::pair`.
* [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream, and
DefaultFieldComparator classes.
* [Cpp] Add a dependency on Abseil (#10416)
* [Cpp] Remove all autotools usage (#10132)
* [Cpp] Add C++20 reserved keywords
* [Cpp] Dropped C++11 Support
* [Cpp] Delete Arena::Init
* [Cpp] Replace JSON parser with new implementation
* [Cpp] Make RepeatedField::GetArena non-const in order to support split
RepeatedFields.
* long list of bindings specific fixes see
https://github.com/protocolbuffers/protobuf/releases/tag/v22.0

update to v21.12:

* Python:
* Fix broken enum ranges (#11171)
* Stop requiring extension fields to have a sythetic oneof (#11091)
* Python runtime 4.21.10 not works generated code can not load valid proto.

update to 21.11:

* Python:
* Add license file to pypi wheels (#10936)
* Fix round-trip bug (#10158)

update to 21.10::

* Java:
* Use bit-field int values in buildPartial to skip work on unset groups of
fields. (#10960)
* Mark nested builder as clean after clear is called (#10984)

update to 21.9: * Ruby: * Replace libc strdup usage with internal impl to
restore musl compat (#10818) * Auto capitalize enums name in Ruby (#10454)
(#10763) * Other: * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8
paths in argumentfile) (#10721) * C++: * 21.x No longer define no_threadlocal on
OpenBSD (#10743) * Java: * Mark default instance as immutable first to avoid
race during static initialization of default instances (#10771) * Refactoring
java full runtime to reuse sub-message builders and prepare to migrate parsing
logic from parse constructor to builder. * Move proto wireformat parsing
functionality from the private "parsing constructor" to the Builder class. *
Change the Lite runtime to prefer merging from the wireformat into mutable
messages rather than building up a new immutable object before merging. This way
results in fewer allocations and copy operations. * Make message-type extensions
merge from wire-format instead of building up instances and merging afterwards.
This has much better performance. * Fix TextFormat parser to build up recurring
(but supposedly not repeated) sub-messages directly from text rather than
building a new sub-message and merging the fully formed message into the
existing field.

update to 21.6: C++: * Reduce memory consumption of MessageSet parsing

update to 21.5:

PHP: * Added getContainingOneof and getRealContainingOneof to descriptor. * fix
PHP readonly legacy files for nested messages

Python:

* Fixed comparison of maps in Python.

* update to 21.4:

* Reduce the required alignment of ArenaString from 8 to 4

* update to 21.3:

* C++:

* Add header search paths to Protobuf-C++.podspec (#10024)
* Fixed Visual Studio constinit errors (#10232)
* Fix #9947: make the ABI compatible between debug and non-debug builds (#10271)
* UPB:
* Allow empty package names (fixes behavior regression in 4.21.0)
* Fix a SEGV bug when comparing a non-materialized sub-message (#10208)
* Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name)
* for x in mapping now yields keys rather than values, to match Python conventions and the behavior of the old library.
* Lookup operations now correctly reject unhashable types as map keys.
* We implement repr() to use the same format as dict.
* Fix maps to use the ScalarMapContainer class when appropriate
* Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717)
* PHP:
* Add "readonly" as a keyword for PHP and add previous classnames to descriptor pool (#10041)
* Python:
* Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118)
* Bazel:
* Add back a filegroup for :well_known_protos (#10061)

Update to 21.2: \- C++: \- cmake: Call get_filename_component() with DIRECTORY
mode instead of PATH mode (#9614) \- Escape GetObject macro inside protoc-
generated code (#9739) \- Update CMake configuration to add a dependency on
Abseil (#9793) \- Fix cmake install targets (#9822) \- Use __constinit only in
GCC 12.2 and up (#9936) \- Java: \- Update protobuf_version.bzl to separate
protoc and per-language java ā€¦ (#9900) \- Python: \- Increment python major
version to 4 in version.json for python upb (#9926) \- The C extension module
for Python has been rewritten to use the upb library. \- This is expected to
deliver significant performance benefits, especially when parsing large
payloads. There are some minor breaking changes, but these should not impact
most users. For more information see: https://developers.google.com/protocol-
buffers/docs/news/2022-05-06#python-updates \- PHP: \- [PHP] fix PHP build
system (#9571) \- Fix building packaged PHP extension (#9727) \- fix: reserve
"ReadOnly" keyword for PHP 8.1 and add compatibility (#9633) \- fix: phpdoc
syntax for repeatedfield parameters (#9784) \- fix: phpdoc for repeatedfield
(#9783) \- Change enum string name for reserved words (#9780) \- chore: [PHP]
fix phpdoc for MapField keys (#9536) \- Fixed PHP SEGV by not writing to shared
memory for zend_class_entry. (#9996) \- Ruby: \- Allow pre-compiled binaries for
ruby 3.1.0 (#9566) \- Implement respond_to? in RubyMessage (#9677) \- [Ruby] Fix
RepeatedField#last, #first inconsistencies (#9722) \- Do not use range based
UTF-8 validation in truffleruby (#9769) \- Improve range handling logic of
RepeatedField (#9799) \- Other: \- Fix invalid dependency manifest when using
descriptor_set_out (#9647) \- Remove duplicate java generated code (#9909)

* Update to 3.20.1:

* PHP:

* Fix building packaged PHP extension (#9727)
* Fixed composer.json to only advertise compatibility with PHP 7.0+. (#9819)
* Ruby:
* Disable the aarch64 build on macOS until it can be fixed. (#9816)
* Other:

* Fix versioning issues in 3.20.0
* Update to 3.20.1:

* Ruby:
* Dropped Ruby 2.3 and 2.4 support for CI and releases. (#9311)
* Added Ruby 3.1 support for CI and releases (#9566).
* Message.decode/encode: Add recursion_limit option (#9218/#9486)
* Allocate with xrealloc()/xfree() so message allocation is visible to the
* Ruby GC. In certain tests this leads to much lower memory usage due to more
* frequent GC runs (#9586).
* Fix conversion of singleton classes in Ruby (#9342)
* Suppress warning for intentional circular require (#9556)
* JSON will now output shorter strings for double and float fields when possible
* without losing precision.
* Encoding and decoding of binary format will now work properly on big-endian
* systems.
* UTF-8 verification was fixed to properly reject surrogate code points.
* Unknown enums for proto2 protos now properly implement proto2's behavior of
* putting such values in unknown fields.
* Java:
* Revert "Standardize on Array copyOf" (#9400)
* Resolve more java field accessor name conflicts (#8198)
* Fix parseFrom to only throw InvalidProtocolBufferException
* InvalidProtocolBufferException now allows arbitrary wrapped Exception types.
* Fix bug in FieldSet.Builder.mergeFrom
* Flush CodedOutputStream also flushes underlying OutputStream
* When oneof case is the same and the field type is Message, merge the
* subfield. (previously it was replaced.)ā€™
* Add @CheckReturnValue to some protobuf types
* Report original exceptions when parsing JSON
* Add more info to @deprecated javadoc for set/get/has methods
* Fix initialization bug in doc comment line numbers
* Fix comments for message set wire format.
* Kotlin:
* Add test scope to kotlin-test for protobuf-kotlin-lite (#9518)
* Add orNull extensions for optional message fields.
* Add orNull extensions to all proto3 message fields.
* Python:
* Dropped support for Python < 3.7 (#9480)
* Protoc is now able to generate python stubs (.pyi) with \--pyi_out
* Pin multibuild scripts to get manylinux1 wheels back (#9216)
* Fix type annotations of some Duration and Timestamp methods.
* Repeated field containers are now generic in field types and could be used in type annotations.
* Protobuf python generated codes are simplified. Descriptors and message classes' definitions are now dynamic created in internal/builder.py.
* Insertion Points for messages classes are discarded.
* has_presence is added for FieldDescriptor in python
* Loosen indexing type requirements to allow valid index() implementations rather than only PyLongObjects.
* Fix the deepcopy bug caused by not copying message_listener.
* Added python JSON parse recursion limit (default 100)
* Path info is added for python JSON parse errors
* Pure python repeated scalar fields will not able to pickle. Convert to list first.
* Timestamp.ToDatetime() now accepts an optional tzinfo parameter. If specified, the function returns a timezone-aware datetime in the given time zone. If omitted or None, the function returns a timezone-naive UTC datetime (as previously).
* Adds client_streaming and server_streaming fields to MethodDescriptor.
* Add "ensure_ascii" parameter to json_format.MessageToJson. This allows smaller JSON serializations with UTF-8 or other non-ASCII encodings.
* Added experimental support for directly assigning numpy scalars and array.
* Improve the calculation of public_dependencies in DescriptorPool.
* [Breaking Change] Disallow setting fields to numpy singleton arrays or repeated fields to numpy multi-dimensional arrays. Numpy arrays should be indexed or flattened explicitly before assignment.
* Compiler:
* Migrate IsDefault(const std::string _) and UnsafeSetDefault(const std::string_ )
* Implement strong qualified tags for TaggedPtr
* Rework allocations to power-of-two byte sizes.
* Migrate IsDefault(const std::string _) and UnsafeSetDefault(const std::string_ )
* Implement strong qualified tags for TaggedPtr
* Make TaggedPtr Set...() calls explicitly spell out the content type.
* Check for parsing error before verifying UTF8.
* Enforce a maximum message nesting limit of 32 in the descriptor builder to
* guard against stack overflows
* Fixed bugs in operators for RepeatedPtrIterator
* Assert a maximum map alignment for allocated values
* Fix proto1 group extension protodb parsing error
* Do not log/report the same descriptor symbol multiple times if it contains
* more than one invalid character.
* Add UnknownFieldSet::SerializeToString and SerializeToCodedStream.
* Remove explicit default pointers and deprecated API from protocol compiler
* Arenas:
* Change Repeated*Field to reuse memory when using arenas.
* Implements pbarenaz for profiling proto arenas
* Introduce CreateString() and CreateArenaString() for cleaner semantics
* Fix unreferenced parameter for MSVC builds
* Add UnsafeSetAllocated to be used for one-of string fields.
* Make Arena::AllocateAligned() a public function.
* Determine if ArenaDtor related code generation is necessary in one place.
* Implement on demand register ArenaDtor for InlinedStringField
* C++:
* Enable testing via CTest (#8737)
* Add option to use external GTest in CMake (#8736)
* CMake: Set correct sonames for libprotobuf-lite.so and libprotoc.so (#8635) (#9529)
* Add cmake option protobuf_INSTALL to not install files (#7123)
* CMake: Allow custom plugin options e.g. to generate mocks (#9105)
* CMake: Use linker version scripts (#9545)
* Manually *struct Cord fields to work better with arenas.
* Manually destruct map fields.
* Generate narrower code
* Fix #9378 by removing
* shadowed cached_size field
* Remove GetPointer() and explicit nullptr defaults.
* Add proto_h flag for speeding up large builds
* Add missing overload for reference wrapped fields.
* Add MergedDescriptorDatabase::FindAllFileNames()
* RepeatedField now defines an iterator type instead of using a pointer.
* Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and GOOGLE_PROTOBUF_HAS_ARENAS.
* PHP:
* Fix: add missing reserved classnames (#9458)
* PHP 8.1 compatibility (#9370)
* C#:
* Fix trim warnings (#9182)
* Fixes NullReferenceException when accessing FieldDescriptor.IsPacked (#9430)
* Add ToProto() method to all descriptor classes (#9426)
* Add an option to preserve proto names in JsonFormatter (#6307)
* Objective-C:

* Add prefix_to_proto_package_mappings_path option. (#9498)
* Rename proto_package_to_prefix_mappings_path to package_to_prefix_mappings_path. (#9552)
* Add a generation option to control use of forward declarations in headers. (#9568)
* update to 3.19.4: Python:

* Make libprotobuf symbols local on OSX to fix issue #9395 (#9435) Ruby:
* Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32 PHP:
* Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32.
* Update to 3.19.3: C++:

* Make proto2::Message::DiscardUnknownFields() non-virtual
* Separate RepeatedPtrField into its own header file
* For default floating point values of 0, consider all bits significant
* Fix shadowing warnings
* Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment Java:
* Improve performance characteristics of UnknownFieldSet parsing
* For default floating point values of 0, consider all bits significant
* Annotate //java/com/google/protobuf/util/... with nullness annotations
* Use ArrayList copy constructor Bazel:
* Ensure that release archives contain everything needed for Bazel
* Align dependency handling with Bazel best practices Javascript:
* Fix ReferenceError: window is not defined when getting the global object Ruby:
* Fix memory leak in MessageClass.encode
* Override Map.clone to use Map's dup method
* Ruby: build extensions for arm64-darwin
* Add class method Timestamp.from_time to ruby well known types
* Adopt pure ruby DSL implementation for JRuby
* Add size to Map class
* Fix for descriptor_pb.rb: google/protobuf should be required first Python:
* Proto2 DecodeError now includes message name in error message
* Make MessageToDict convert map keys to strings
* Add python-requires in setup.py
* Add python 3.10
* Update to 3.17.3: C++

* Introduce FieldAccessListener.
* Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class
* Provide stable versions of SortAndUnique().
* Make sure to cache proto3 optional message fields when they are cleared.
* Expose UnsafeArena methods to Reflection.
* Use std::string::empty() rather than std::string::size() > 0.
* [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in
incorrect order (#8296)
* Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
* Delete StringPiecePod (#8353)
* Create a CMake option to control whether or not RTTI is enabled (#8347)
* Make util::Status more similar to absl::Status (#8405)
* The ::pb namespace is no longer exposed due to conflicts.
* Allow MessageDifferencer::TreatAsSet() (and friends) to override previous
calls instead of crashing.
* Reduce the size of generated proto headers for protos with string or bytes
fields.
* Move arena() operation on uncommon path to out-of-line routine
* For iterator-pair function parameter types, take both iterators by value.
* Code-space savings and perhaps some modest performance improvements in
* RepeatedPtrField.
* Eliminate nullptr check from every tag parse.
* Remove unused _$name$cached_byte_size fields.
* Serialize extension ranges together when not broken by a proto field in the
middle.
* Do out-of-line allocation and deallocation of string object in ArenaString.
* Streamline ParseContext::ParseMessage to avoid code bloat and improve
performance.
* New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}.
on an error path.
* util::DefaultFieldComparator will be final in a future version of protobuf.
* Subclasses should inherit from SimpleFieldComparator instead. Kotlin
* Introduce support for Kotlin protos (#8272)
* Restrict extension setter and getter operators to non-nullable T. Java
* Fixed parser to check that we are at a proper limit when a sub-message has
finished parsing.
* updating GSON and Guava to more recent versions (#8524)
* Reduce the time spent evaluating isExtensionNumber by storing the extension
ranges in a TreeMap for faster queries. This is particularly relevant for
protos which define a large number of extension ranges, for example when
each tag is defined as an extension.
* Fix java bytecode estimation logic for optional fields.
* Optimize Descriptor.isExtensionNumber.
* deps: update JUnit and Truth (#8319)
* Detect invalid overflow of byteLimit and return
InvalidProtocolBufferException as documented.
* Exceptions thrown while reading from an InputStream in parseFrom are now
included as causes.
* Support potentially more efficient proto parsing from RopeByteStrings.
* Clarify runtime of ByteString.Output.toStringBuffer().
* Added UnsafeByteOperations to protobuf-lite (#8426) Python:
* Add MethodDescriptor.CopyToProto() (#8327)
* Remove unused python_protobuf.{cc,h} (#8513)
* Start publishing python aarch64 manylinux wheels normally (#8530)
* Fix constness issue detected by MSVC standard conforming mode (#8568)
* Make JSON parsing match C++ and Java when multiple fields from the same
oneof are present and all but one is null.
* Fix some constness / char literal issues being found by MSVC standard
conforming mode (#8344)
* Switch on "new" buffer API (#8339)
* Enable crosscompiling aarch64 python wheels under dockcross manylinux docker
image (#8280)
* Fixed a bug in text format where a trailing colon was printed for repeated
field.
* When TextFormat encounters a duplicate message map key, replace the current
one instead of merging. Ruby:
* Add support for proto3 json_name in compiler and field definitions (#8356)
* Fixed memory leak of Ruby arena objects. (#8461)
* Fix source gem compilation (#8471)
* Fix various exceptions in Ruby on 64-bit Windows (#8563)
* Fix crash when calculating Message hash values on 64-bit Windows (#8565)
General:
* Support M1 (#8557)

Update to 3.15.8: \- Fixed memory leak of Ruby arena objects (#8461)

Update to 3.15.7:

C++: * Remove the ::pb namespace (alias) (#8423) Ruby: * Fix unbounded memory
growth for Ruby =233 (gh#grpc/grpc#32671).
* [python O11Y] Initial Implementation (gh#grpc/grpc#32974).
* Build with LTO (don't set _lto_cflags to %nil).
* No need to pass '-std=c++17' to build CFLAGS.

* Update to version 1.56.2:

* [WRR] backport (gh#grpc/grpc#33694) to 1.56 (gh#grpc/grpc#33698)

* [backport][iomgr][EventEngine] Improve server handling of file descriptor
exhaustion (gh#grpc/grpc#33667)
* Switch build to pip/wheel.
* Use system abseil with '-std=c++17' to prevent undefined symbol eg. with
python-grpcio-tools ( _ZN3re23RE213GlobalReplaceEPNSt7__
cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_
2023012511string_viewE)

* Upstream only supports python >= 3.7, so adjust BuildRequires accordingly.

* Add %{?sle15_python_module_pythons}

* Update to version 1.56.0: (CVE-2023-32731, bsc#1212180)

* [aio types] Fix some grpc.aio python types (gh#grpc/grpc#32475).

* Update to version 1.55.0:

* [EventEngine] Disable EventEngine polling in gRPC Python
(gh#grpc/grpc#33279) (gh#grpc/grpc#33320).
* [Bazel Python3.11] Update Bazel dependencies for Python 3.11
(gh#grpc/grpc#33318) (gh#grpc/grpc#33319).
* Drop Requires: python-six; not required any more.
* Switch Suggests to Recommends.

* Update to version 1.54.0: (CVE-2023-32732, bsc#1212182)

* Fix DeprecationWarning when calling asyncio.get_event_loop()
(gh#grpc/grpc#32533).
* Remove references to deprecated syntax field (gh#grpc/grpc#32497).

* Update to version 1.51.1:

* No Linux specific changes.
* Changes from version 1.51.0:
* Fix lack of cooldown between poll attempts (gh#grpc/grpc#31550).
* Remove enum and future (gh#grpc/grpc#31381).
* [Remove Six] Remove dependency on six (gh#grpc/grpc#31340).
* Update xds-protos package to pull in protobuf 4.X (gh#grpc/grpc#31113).

* Update to version 1.50.0:

* Support Python 3.11. [gh#grpc/grpc#30818].

* Update to version 1.49.1

* Support Python 3.11. (#30818)
* Add type stub generation support to grpcio-tools. (#30498)

* Update to version 1.48.0:

* [Aio] Ensure Core channel closes when deallocated [gh#grpc/grpc#29797].
* [Aio] Fix the wait_for_termination return value [gh#grpc/grpc#29795].

* update to 1.46.3:

* backport: xds: use federation env var to guard new-style resource name
parsing
* This release contains refinements, improvements, and bug fixes.

* Update to version 1.46.0:

* Add Python GCF Distribtest [gh#grpc/grpc#29303].
* Add Python Reflection Client [gh#grpc/grpc#29085].
* Revert "Fix prefork handler register's default behavior"
[gh#grpc/grpc#29229].
* Fix prefork handler register's default behavior [gh#grpc/grpc#29103].
* Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873].

* Update to version 1.45.0:

* Reimplement Gevent Integration [gh#grpc/grpc#28276].
* Support musllinux binary wheels on x64 and x86 [gh#grpc/grpc#28092].
* Increase the Python protobuf requirement to >=3.12.0 [gh#grpc/grpc#28604].
* Build with system re2; add BuildRequires: pkgconfig(re2).

* Update to version 1.44.0:

* Add python async example for hellostreamingworld using generator
(gh#grpc/grpc#27343).

* Disable __wrap_memcpy hack for Python builds (gh#grpc/grpc#28410).
* Bump Bazel Python Cython dependency to 0.29.26 (gh#grpc/grpc#28398).
* Fix libatomic linking on Raspberry Pi OS Bullseye (gh#grpc/grpc#28041).
* Allow generated proto sources in remote repositories for py_proto_library
(gh#grpc/grpc#28103).

* Update to version 1.43.0:

* [Aio] Validate the input type for set_trailing_metadata and abort
(gh#grpc/grpc#27958).

* update to 1.41.1:

* This is release 1.41.0 (goat) of gRPC Core.

* Update to version 1.41.0:

* Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074).
* [Aio] Remove custom IO manager support (gh#grpc/grpc#27090).

* Update to version 1.39.0:

* Python AIO: Match continuation typing on Interceptors (gh#grpc/grpc#26500).
* Workaround #26279 by publishing manylinux_2_24 wheels instead of
manylinux2014 on aarch64 (gh#grpc/grpc#26430).
* Fix zlib unistd.h import problem (gh#grpc/grpc#26374).
* Handle gevent exception in gevent poller (gh#grpc/grpc#26058).

* Update to version 1.38.1:

* Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x
(gh#grpc/grpc#26436).

* Update to version 1.38.0:

* Add grpcio-admin Python package (gh#grpc/grpc#26166).
* Add CSDS API to Python (gh#grpc/grpc#26114).
* Expose code and details from context on the server side
(gh#grpc/grpc#25457).
* Explicitly import importlib.abc; required on Python 3.10. Fixes #26062
(gh#grpc/grpc#26083).
* Fix potential deadlock on the GIL in AuthMetdataPlugin (gh#grpc/grpc#26009).
* Introduce new Python package "xds_protos" (gh#grpc/grpc#25975).
* Remove async mark for set_trailing_metadata interface (gh#grpc/grpc#25814).

* Update to version 1.37.1:

* No user visible changes.
* Changes from version 1.37.0:
* Clarify Guarantees about grpc.Future Interface (gh#grpc/grpc#25383).
* [Aio] Add time_remaining method to ServicerContext (gh#grpc/grpc#25719).
* Standardize all environment variable boolean configuration in python's
setup.py (gh#grpc/grpc#25444).
* Fix Signal Safety Issue (gh#grpc/grpc#25394).

* Update to version 1.36.1:

* Core: back-port: add env var protection for google-c2p resolver
(gh#grpc/grpc#25569).

* Update to version 1.35.0:

* Implement Python Client and Server xDS Creds. (gh#grpc/grpc#25365)
* Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533)
* Link roots.pem to ca-bundle.pem from ca-certificates package

* Update to version 1.34.1:

* Backport "Lazily import grpc_tools when using runtime stub/message
generation" to 1.34.x (gh#grpc/grpc#25011).

* Update to version 1.34.0:

* Incur setuptools as an dependency for grpcio_tools (gh#grpc/grpc#24752).
* Stop the spamming log generated by ctrl-c for AsyncIO server
(gh#grpc/grpc#24718).
* [gRPC Easy] Make Well-Known Types Available to Runtime Protos
(gh#grpc/grpc#24478).
* Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python (gh#grpc/grpc#24480).
* Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24407).
* [Linux] [macOS] Support pre-compiled Python 3.9 wheels (gh#grpc/grpc#24356).

* Update to version 1.33.2:

* [Backport] Implement grpc.Future interface in SingleThreadedRendezvous
(gh#grpc/grpc#24574).

* Update to version 1.33.1:

* [Backport] Make Python 2 an optional dependency for Bazel build
(gh#grpc/grpc#24452).

* Allow asyncio API to be imported as grpc.aio. (gh#grpc/grpc#24289).
* [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124).
* Make version check for importlib.abc in grpcio-tools more stringent
(gh#grpc/grpc#24098).

Added re2 package in version 2024-02-01.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-573=1

* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2024-573=1

* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2024-573=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-573=1

* SUSE Linux Enterprise High Performance Computing 15 SP4
zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2024-573=1

* SUSE Linux Enterprise Server 15 SP4
zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2024-573=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2024-573=1 SUSE-SLE-Product-SUSE-
Manager-Server-4.3-2024-573=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-573=1 SUSE-SLE-
INSTALLER-15-SP4-2024-573=1

* SUSE Linux Enterprise Desktop 15 SP4
zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2024-573=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2024-573=1 SUSE-SLE-Product-SUSE-
Manager-Retail-Branch-Server-4.3-2024-573=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-573=1 SUSE-SLE-
INSTALLER-15-SP4-2024-573=1

* SUSE Linux Enterprise High Performance Computing 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2024-573=1

* SUSE Linux Enterprise Server 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2024-573=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2024-573=1

* SUSE Linux Enterprise Desktop 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2024-573=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-573=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-573=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-573=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-573=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-573=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-573=1

* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-573=1

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-573=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-573=1

* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-573=1

* Python 3 Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-573=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-573=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-573=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-573=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-573=1

* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-573=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python311-grpcio-debuginfo-1.60.0-150400.9.3.2
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* protobuf-java-25.1-150400.9.3.1
* libprotobuf25_1_0-25.1-150400.9.3.1
* libgrpc37-debuginfo-1.60.0-150400.8.3.2
* libupb37-debuginfo-1.60.0-150400.8.3.2
* grpc-debugsource-1.60.0-150400.8.3.2
* libabsl2308_0_0-debuginfo-20230802.1-150400.10.4.1
* protobuf-debugsource-25.1-150400.9.3.1
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libgrpc1_60-1.60.0-150400.8.3.2
* python311-protobuf-4.25.1-150400.9.3.1
* libupb37-1.60.0-150400.8.3.2
* libre2-11-20240201-150400.9.3.1
* grpc-devel-1.60.0-150400.8.3.2
* python311-grpcio-1.60.0-150400.9.3.2
* protobuf-devel-debuginfo-25.1-150400.9.3.1
* python-grpcio-debugsource-1.60.0-150400.9.3.2
* re2-debugsource-20240201-150400.9.3.1
* libprotobuf25_1_0-debuginfo-25.1-150400.9.3.1
* abseil-cpp-debugsource-20230802.1-150400.10.4.1
* upb-devel-1.60.0-150400.8.3.2
* libre2-11-debuginfo-20240201-150400.9.3.1
* libgrpc++1_60-debuginfo-1.60.0-150400.8.3.2
* libgrpc++1_60-1.60.0-150400.8.3.2
* grpc-debuginfo-1.60.0-150400.8.3.2
* libgrpc1_60-debuginfo-1.60.0-150400.8.3.2
* re2-devel-20240201-150400.9.3.1
* libprotoc25_1_0-debuginfo-25.1-150400.9.3.1
* protobuf-devel-25.1-150400.9.3.1
* libprotoc25_1_0-25.1-150400.9.3.1
* libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.3.1
* libgrpc37-1.60.0-150400.8.3.2
* abseil-cpp-devel-20230802.1-150400.10.4.1
* grpc-devel-debuginfo-1.60.0-150400.8.3.2
* openSUSE Leap 15.4 (x86_64)
* libre2-11-32bit-debuginfo-20240201-150400.9.3.1
* libre2-11-32bit-20240201-150400.9.3.1
* libprotobuf-lite25_1_0-32bit-25.1-150400.9.3.1
* libabsl2308_0_0-32bit-debuginfo-20230802.1-150400.10.4.1
* libprotobuf-lite25_1_0-32bit-debuginfo-25.1-150400.9.3.1
* libprotobuf25_1_0-32bit-debuginfo-25.1-150400.9.3.1
* libprotoc25_1_0-32bit-25.1-150400.9.3.1
* libprotoc25_1_0-32bit-debuginfo-25.1-150400.9.3.1
* libabsl2308_0_0-32bit-20230802.1-150400.10.4.1
* libprotobuf25_1_0-32bit-25.1-150400.9.3.1
* openSUSE Leap 15.4 (noarch)
* grpc-source-1.60.0-150400.8.3.2
* python311-abseil-1.4.0-150400.9.3.1
* opencensus-proto-source-0.3.0+git.20200721-150400.9.3.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libabsl2308_0_0-64bit-20230802.1-150400.10.4.1
* libprotobuf-lite25_1_0-64bit-25.1-150400.9.3.1
* libprotoc25_1_0-64bit-debuginfo-25.1-150400.9.3.1
* libprotobuf25_1_0-64bit-25.1-150400.9.3.1
* libprotobuf25_1_0-64bit-debuginfo-25.1-150400.9.3.1
* libprotoc25_1_0-64bit-25.1-150400.9.3.1
* libprotobuf-lite25_1_0-64bit-debuginfo-25.1-150400.9.3.1
* libabsl2308_0_0-64bit-debuginfo-20230802.1-150400.10.4.1
* libre2-11-64bit-debuginfo-20240201-150400.9.3.1
* libre2-11-64bit-20240201-150400.9.3.1
* openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64)
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.3.1
* abseil-cpp-debugsource-20230802.1-150400.10.4.1
* libabsl2308_0_0-debuginfo-20230802.1-150400.10.4.1
* openSUSE Leap Micro 5.4 (aarch64 ppc64le s390x x86_64)
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.3.1
* abseil-cpp-debugsource-20230802.1-150400.10.4.1
* libabsl2308_0_0-debuginfo-20230802.1-150400.10.4.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* python311-grpcio-debuginfo-1.60.0-150400.9.3.2
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* protobuf-java-25.1-150400.9.3.1
* libprotobuf25_1_0-25.1-150400.9.3.1
* libgrpc37-debuginfo-1.60.0-150400.8.3.2
* libupb37-debuginfo-1.60.0-150400.8.3.2
* grpc-debugsource-1.60.0-150400.8.3.2
* libabsl2308_0_0-debuginfo-20230802.1-150400.10.4.1
* protobuf-debugsource-25.1-150400.9.3.1
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libgrpc1_60-1.60.0-150400.8.3.2
* python311-protobuf-4.25.1-150400.9.3.1
* libupb37-1.60.0-150400.8.3.2
* libre2-11-20240201-150400.9.3.1
* grpc-devel-1.60.0-150400.8.3.2
* python311-grpcio-1.60.0-150400.9.3.2
* protobuf-devel-debuginfo-25.1-150400.9.3.1
* python-grpcio-debugsource-1.60.0-150400.9.3.2
* re2-debugsource-20240201-150400.9.3.1
* libprotobuf25_1_0-debuginfo-25.1-150400.9.3.1
* abseil-cpp-debugsource-20230802.1-150400.10.4.1
* upb-devel-1.60.0-150400.8.3.2
* libre2-11-debuginfo-20240201-150400.9.3.1
* libgrpc++1_60-debuginfo-1.60.0-150400.8.3.2
* libgrpc++1_60-1.60.0-150400.8.3.2
* grpc-debuginfo-1.60.0-150400.8.3.2
* libgrpc1_60-debuginfo-1.60.0-150400.8.3.2
* re2-devel-20240201-150400.9.3.1
* libprotoc25_1_0-debuginfo-25.1-150400.9.3.1
* protobuf-devel-25.1-150400.9.3.1
* libprotoc25_1_0-25.1-150400.9.3.1
* libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.3.1
* libgrpc37-1.60.0-150400.8.3.2
* abseil-cpp-devel-20230802.1-150400.10.4.1
* grpc-devel-debuginfo-1.60.0-150400.8.3.2
* openSUSE Leap 15.5 (noarch)
* grpc-source-1.60.0-150400.8.3.2
* python311-abseil-1.4.0-150400.9.3.1
* opencensus-proto-source-0.3.0+git.20200721-150400.9.3.1
* openSUSE Leap 15.5 (x86_64)
* libre2-11-32bit-debuginfo-20240201-150400.9.3.1
* libre2-11-32bit-20240201-150400.9.3.1
* libprotobuf-lite25_1_0-32bit-25.1-150400.9.3.1
* libabsl2308_0_0-32bit-debuginfo-20230802.1-150400.10.4.1
* libprotobuf-lite25_1_0-32bit-debuginfo-25.1-150400.9.3.1
* libprotobuf25_1_0-32bit-debuginfo-25.1-150400.9.3.1
* libprotoc25_1_0-32bit-25.1-150400.9.3.1
* libprotoc25_1_0-32bit-debuginfo-25.1-150400.9.3.1
* libabsl2308_0_0-32bit-20230802.1-150400.10.4.1
* libprotobuf25_1_0-32bit-25.1-150400.9.3.1
* SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64)
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64)
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libgrpc1_60-1.60.0-150400.8.3.2
* libre2-11-debuginfo-20240201-150400.9.3.1
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* libgrpc++1_60-debuginfo-1.60.0-150400.8.3.2
* libprotobuf25_1_0-25.1-150400.9.3.1
* libgrpc37-debuginfo-1.60.0-150400.8.3.2
* libprotoc25_1_0-25.1-150400.9.3.1
* libre2-11-20240201-150400.9.3.1
* libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.3.1
* libupb37-1.60.0-150400.8.3.2
* libgrpc++1_60-1.60.0-150400.8.3.2
* libgrpc37-1.60.0-150400.8.3.2
* libupb37-debuginfo-1.60.0-150400.8.3.2
* libgrpc1_60-debuginfo-1.60.0-150400.8.3.2
* re2-debugsource-20240201-150400.9.3.1
* libprotobuf25_1_0-debuginfo-25.1-150400.9.3.1
* abseil-cpp-debugsource-20230802.1-150400.10.4.1
* libprotoc25_1_0-debuginfo-25.1-150400.9.3.1
* libabsl2308_0_0-debuginfo-20230802.1-150400.10.4.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* libprotobuf25_1_0-25.1-150400.9.3.1
* libgrpc37-debuginfo-1.60.0-150400.8.3.2
* libupb37-debuginfo-1.60.0-150400.8.3.2
* grpc-debugsource-1.60.0-150400.8.3.2
* libabsl2308_0_0-debuginfo-20230802.1-150400.10.4.1
* protobuf-debugsource-25.1-150400.9.3.1
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libgrpc1_60-1.60.0-150400.8.3.2
* libupb37-1.60.0-150400.8.3.2
* libre2-11-20240201-150400.9.3.1
* protobuf-devel-debuginfo-25.1-150400.9.3.1
* re2-debugsource-20240201-150400.9.3.1
* libprotobuf25_1_0-debuginfo-25.1-150400.9.3.1
* abseil-cpp-debugsource-20230802.1-150400.10.4.1
* libre2-11-debuginfo-20240201-150400.9.3.1
* libgrpc++1_60-debuginfo-1.60.0-150400.8.3.2
* libgrpc++1_60-1.60.0-150400.8.3.2
* grpc-debuginfo-1.60.0-150400.8.3.2
* libgrpc1_60-debuginfo-1.60.0-150400.8.3.2
* libprotoc25_1_0-debuginfo-25.1-150400.9.3.1
* protobuf-devel-25.1-150400.9.3.1
* libprotoc25_1_0-25.1-150400.9.3.1
* libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.3.1
* libgrpc37-1.60.0-150400.8.3.2
* abseil-cpp-devel-20230802.1-150400.10.4.1
* SUSE Linux Enterprise Desktop 15 SP4 (x86_64)
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libgrpc1_60-1.60.0-150400.8.3.2
* libre2-11-debuginfo-20240201-150400.9.3.1
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* libgrpc++1_60-debuginfo-1.60.0-150400.8.3.2
* libprotobuf25_1_0-25.1-150400.9.3.1
* libgrpc37-debuginfo-1.60.0-150400.8.3.2
* libprotoc25_1_0-25.1-150400.9.3.1
* libre2-11-20240201-150400.9.3.1
* libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.3.1
* libupb37-1.60.0-150400.8.3.2
* libgrpc++1_60-1.60.0-150400.8.3.2
* libgrpc37-1.60.0-150400.8.3.2
* libupb37-debuginfo-1.60.0-150400.8.3.2
* libgrpc1_60-debuginfo-1.60.0-150400.8.3.2
* re2-debugsource-20240201-150400.9.3.1
* libprotobuf25_1_0-debuginfo-25.1-150400.9.3.1
* abseil-cpp-debugsource-20230802.1-150400.10.4.1
* libprotoc25_1_0-debuginfo-25.1-150400.9.3.1
* libabsl2308_0_0-debuginfo-20230802.1-150400.10.4.1
* SUSE Manager Proxy 4.3 (x86_64)
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libgrpc1_60-1.60.0-150400.8.3.2
* libre2-11-debuginfo-20240201-150400.9.3.1
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* libgrpc++1_60-debuginfo-1.60.0-150400.8.3.2
* libprotobuf25_1_0-25.1-150400.9.3.1
* libgrpc37-debuginfo-1.60.0-150400.8.3.2
* libprotoc25_1_0-25.1-150400.9.3.1
* libre2-11-20240201-150400.9.3.1
* libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.3.1
* libupb37-1.60.0-150400.8.3.2
* libgrpc++1_60-1.60.0-150400.8.3.2
* libgrpc37-1.60.0-150400.8.3.2
* libupb37-debuginfo-1.60.0-150400.8.3.2
* libgrpc1_60-debuginfo-1.60.0-150400.8.3.2
* re2-debugsource-20240201-150400.9.3.1
* libprotobuf25_1_0-debuginfo-25.1-150400.9.3.1
* abseil-cpp-debugsource-20230802.1-150400.10.4.1
* libprotoc25_1_0-debuginfo-25.1-150400.9.3.1
* libabsl2308_0_0-debuginfo-20230802.1-150400.10.4.1
* SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64)
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* SUSE Linux Enterprise Server 15 SP5 (aarch64 ppc64le s390x x86_64)
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* SUSE Linux Enterprise Desktop 15 SP5 (x86_64)
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.3.1
* abseil-cpp-debugsource-20230802.1-150400.10.4.1
* libabsl2308_0_0-debuginfo-20230802.1-150400.10.4.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.3.1
* abseil-cpp-debugsource-20230802.1-150400.10.4.1
* libabsl2308_0_0-debuginfo-20230802.1-150400.10.4.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.3.1
* abseil-cpp-debugsource-20230802.1-150400.10.4.1
* libabsl2308_0_0-debuginfo-20230802.1-150400.10.4.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.3.1
* abseil-cpp-debugsource-20230802.1-150400.10.4.1
* libabsl2308_0_0-debuginfo-20230802.1-150400.10.4.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.3.1
* abseil-cpp-debugsource-20230802.1-150400.10.4.1
* libabsl2308_0_0-debuginfo-20230802.1-150400.10.4.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* libprotobuf25_1_0-25.1-150400.9.3.1
* libgrpc37-debuginfo-1.60.0-150400.8.3.2
* libupb37-debuginfo-1.60.0-150400.8.3.2
* grpc-debugsource-1.60.0-150400.8.3.2
* libabsl2308_0_0-debuginfo-20230802.1-150400.10.4.1
* protobuf-debugsource-25.1-150400.9.3.1
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libgrpc1_60-1.60.0-150400.8.3.2
* libupb37-1.60.0-150400.8.3.2
* libre2-11-20240201-150400.9.3.1
* re2-debugsource-20240201-150400.9.3.1
* libprotobuf25_1_0-debuginfo-25.1-150400.9.3.1
* abseil-cpp-debugsource-20230802.1-150400.10.4.1
* libre2-11-debuginfo-20240201-150400.9.3.1
* libgrpc++1_60-debuginfo-1.60.0-150400.8.3.2
* libgrpc++1_60-1.60.0-150400.8.3.2
* grpc-debuginfo-1.60.0-150400.8.3.2
* libgrpc1_60-debuginfo-1.60.0-150400.8.3.2
* libprotoc25_1_0-debuginfo-25.1-150400.9.3.1
* libprotoc25_1_0-25.1-150400.9.3.1
* libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.3.1
* libgrpc37-1.60.0-150400.8.3.2
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libprotoc25_1_0-25.1-150400.9.3.1
* protobuf-devel-25.1-150400.9.3.1
* protobuf-devel-debuginfo-25.1-150400.9.3.1
* abseil-cpp-devel-20230802.1-150400.10.4.1
* libprotoc25_1_0-debuginfo-25.1-150400.9.3.1
* protobuf-debugsource-25.1-150400.9.3.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* protobuf-debugsource-25.1-150400.9.3.1
* Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* grpc-debuginfo-1.60.0-150400.8.3.2
* grpc-debugsource-1.60.0-150400.8.3.2
* protobuf-debugsource-25.1-150400.9.3.1
* Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libgrpc1_60-1.60.0-150400.8.3.2
* libre2-11-debuginfo-20240201-150400.9.3.1
* libgrpc37-debuginfo-1.60.0-150400.8.3.2
* libprotoc25_1_0-25.1-150400.9.3.1
* libre2-11-20240201-150400.9.3.1
* libupb37-1.60.0-150400.8.3.2
* libupb37-debuginfo-1.60.0-150400.8.3.2
* libgrpc37-1.60.0-150400.8.3.2
* grpc-debuginfo-1.60.0-150400.8.3.2
* grpc-debugsource-1.60.0-150400.8.3.2
* libgrpc1_60-debuginfo-1.60.0-150400.8.3.2
* re2-debugsource-20240201-150400.9.3.1
* libprotoc25_1_0-debuginfo-25.1-150400.9.3.1
* protobuf-debugsource-25.1-150400.9.3.1
* Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* python311-protobuf-4.25.1-150400.9.3.1
* python311-grpcio-debuginfo-1.60.0-150400.9.3.2
* python311-grpcio-1.60.0-150400.9.3.2
* python-grpcio-debugsource-1.60.0-150400.9.3.2
* Python 3 Module 15-SP5 (noarch)
* python311-abseil-1.4.0-150400.9.3.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* libprotobuf25_1_0-25.1-150400.9.3.1
* libgrpc37-debuginfo-1.60.0-150400.8.3.2
* libupb37-debuginfo-1.60.0-150400.8.3.2
* grpc-debugsource-1.60.0-150400.8.3.2
* libabsl2308_0_0-debuginfo-20230802.1-150400.10.4.1
* protobuf-debugsource-25.1-150400.9.3.1
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libgrpc1_60-1.60.0-150400.8.3.2
* libupb37-1.60.0-150400.8.3.2
* libre2-11-20240201-150400.9.3.1
* protobuf-devel-debuginfo-25.1-150400.9.3.1
* re2-debugsource-20240201-150400.9.3.1
* libprotobuf25_1_0-debuginfo-25.1-150400.9.3.1
* abseil-cpp-debugsource-20230802.1-150400.10.4.1
* libre2-11-debuginfo-20240201-150400.9.3.1
* libgrpc++1_60-debuginfo-1.60.0-150400.8.3.2
* libgrpc++1_60-1.60.0-150400.8.3.2
* grpc-debuginfo-1.60.0-150400.8.3.2
* libgrpc1_60-debuginfo-1.60.0-150400.8.3.2
* libprotoc25_1_0-debuginfo-25.1-150400.9.3.1
* protobuf-devel-25.1-150400.9.3.1
* libprotoc25_1_0-25.1-150400.9.3.1
* libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.3.1
* libgrpc37-1.60.0-150400.8.3.2
* abseil-cpp-devel-20230802.1-150400.10.4.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* libprotobuf25_1_0-25.1-150400.9.3.1
* libgrpc37-debuginfo-1.60.0-150400.8.3.2
* libupb37-debuginfo-1.60.0-150400.8.3.2
* grpc-debugsource-1.60.0-150400.8.3.2
* libabsl2308_0_0-debuginfo-20230802.1-150400.10.4.1
* protobuf-debugsource-25.1-150400.9.3.1
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libgrpc1_60-1.60.0-150400.8.3.2
* libupb37-1.60.0-150400.8.3.2
* libre2-11-20240201-150400.9.3.1
* protobuf-devel-debuginfo-25.1-150400.9.3.1
* re2-debugsource-20240201-150400.9.3.1
* libprotobuf25_1_0-debuginfo-25.1-150400.9.3.1
* abseil-cpp-debugsource-20230802.1-150400.10.4.1
* libre2-11-debuginfo-20240201-150400.9.3.1
* libgrpc++1_60-debuginfo-1.60.0-150400.8.3.2
* libgrpc++1_60-1.60.0-150400.8.3.2
* grpc-debuginfo-1.60.0-150400.8.3.2
* libgrpc1_60-debuginfo-1.60.0-150400.8.3.2
* libprotoc25_1_0-debuginfo-25.1-150400.9.3.1
* protobuf-devel-25.1-150400.9.3.1
* libprotoc25_1_0-25.1-150400.9.3.1
* libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.3.1
* libgrpc37-1.60.0-150400.8.3.2
* abseil-cpp-devel-20230802.1-150400.10.4.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* libprotobuf25_1_0-25.1-150400.9.3.1
* libgrpc37-debuginfo-1.60.0-150400.8.3.2
* libupb37-debuginfo-1.60.0-150400.8.3.2
* grpc-debugsource-1.60.0-150400.8.3.2
* libabsl2308_0_0-debuginfo-20230802.1-150400.10.4.1
* protobuf-debugsource-25.1-150400.9.3.1
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libgrpc1_60-1.60.0-150400.8.3.2
* libupb37-1.60.0-150400.8.3.2
* libre2-11-20240201-150400.9.3.1
* protobuf-devel-debuginfo-25.1-150400.9.3.1
* re2-debugsource-20240201-150400.9.3.1
* libprotobuf25_1_0-debuginfo-25.1-150400.9.3.1
* abseil-cpp-debugsource-20230802.1-150400.10.4.1
* libre2-11-debuginfo-20240201-150400.9.3.1
* libgrpc++1_60-debuginfo-1.60.0-150400.8.3.2
* libgrpc++1_60-1.60.0-150400.8.3.2
* grpc-debuginfo-1.60.0-150400.8.3.2
* libgrpc1_60-debuginfo-1.60.0-150400.8.3.2
* libprotoc25_1_0-debuginfo-25.1-150400.9.3.1
* protobuf-devel-25.1-150400.9.3.1
* libprotoc25_1_0-25.1-150400.9.3.1
* libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.3.1
* libgrpc37-1.60.0-150400.8.3.2
* abseil-cpp-devel-20230802.1-150400.10.4.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* libprotobuf-lite25_1_0-25.1-150400.9.3.1
* libprotobuf25_1_0-25.1-150400.9.3.1
* libgrpc37-debuginfo-1.60.0-150400.8.3.2
* libupb37-debuginfo-1.60.0-150400.8.3.2
* grpc-debugsource-1.60.0-150400.8.3.2
* libabsl2308_0_0-debuginfo-20230802.1-150400.10.4.1
* protobuf-debugsource-25.1-150400.9.3.1
* libabsl2308_0_0-20230802.1-150400.10.4.1
* libgrpc1_60-1.60.0-150400.8.3.2
* libupb37-1.60.0-150400.8.3.2
* libre2-11-20240201-150400.9.3.1
* protobuf-devel-debuginfo-25.1-150400.9.3.1
* re2-debugsource-20240201-150400.9.3.1
* libprotobuf25_1_0-debuginfo-25.1-150400.9.3.1
* abseil-cpp-debugsource-20230802.1-150400.10.4.1
* libre2-11-debuginfo-20240201-150400.9.3.1
* libgrpc++1_60-debuginfo-1.60.0-150400.8.3.2
* libgrpc++1_60-1.60.0-150400.8.3.2
* grpc-debuginfo-1.60.0-150400.8.3.2
* libgrpc1_60-debuginfo-1.60.0-150400.8.3.2
* libprotoc25_1_0-debuginfo-25.1-150400.9.3.1
* protobuf-devel-25.1-150400.9.3.1
* libprotoc25_1_0-25.1-150400.9.3.1
* libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.3.1
* libgrpc37-1.60.0-150400.8.3.2
* abseil-cpp-devel-20230802.1-150400.10.4.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* abseil-cpp-debugsource-20230802.1-150400.10.4.1

## References:

* https://www.suse.com/security/cve/CVE-2023-32731.html
* https://www.suse.com/security/cve/CVE-2023-32732.html
* https://www.suse.com/security/cve/CVE-2023-33953.html
* https://www.suse.com/security/cve/CVE-2023-44487.html
* https://www.suse.com/security/cve/CVE-2023-4785.html
* https://bugzilla.suse.com/show_bug.cgi?id=1133277
* https://bugzilla.suse.com/show_bug.cgi?id=1182659
* https://bugzilla.suse.com/show_bug.cgi?id=1203378
* https://bugzilla.suse.com/show_bug.cgi?id=1208794
* https://bugzilla.suse.com/show_bug.cgi?id=1212180
* https://bugzilla.suse.com/show_bug.cgi?id=1212182
* https://bugzilla.suse.com/show_bug.cgi?id=1214148
* https://bugzilla.suse.com/show_bug.cgi?id=1215334
* https://jira.suse.com/browse/PED-5014



SUSE-SU-2024:0548-1: important: Security update for webkit2gtk3


# Security update for webkit2gtk3

Announcement ID: SUSE-SU-2024:0548-1
Rating: important
References:

* bsc#1219113
* bsc#1219604

Cross-References:

* CVE-2014-1745
* CVE-2023-40414
* CVE-2023-42833
* CVE-2024-23206
* CVE-2024-23213
* CVE-2024-23222

CVSS scores:

* CVE-2023-40414 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-40414 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-42833 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-42833 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-23206 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2024-23206 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2024-23213 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-23213 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-23222 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-23222 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP5
* Desktop Applications Module 15-SP5
* Development Tools Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves six vulnerabilities can now be installed.

## Description:

This update for webkit2gtk3 fixes the following issues:

Update to version 2.42.5 (bsc#1219604):

* CVE-2024-23222: Fixed processing maliciously crafted web content that may
have led to arbitrary code execution (bsc#1219113).
* CVE-2024-23206: Fixed fingerprint user via maliciously crafted webpages
(bsc#1219604).
* CVE-2024-23213: Fixed processing web content that may have led to arbitrary
code execution (bsc#1219604).
* CVE-2023-40414: Fixed processing web content that may have led to arbitrary
code execution (bsc#1219604).
* CVE-2014-1745: Fixed denial-of-service or potentially disclose memory
contents while processing maliciously crafted files (bsc#1219604).
* CVE-2023-42833: Fixed processing web content that may have led to arbitrary
code execution (bsc#1219604).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-548=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-548=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-548=1

* Desktop Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-548=1

* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-548=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-548=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-548=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-548=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-548=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-548=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-548=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-548=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-548=1

## Package List:

* openSUSE Leap 15.4 (noarch)
* WebKitGTK-4.0-lang-2.42.5-150400.4.75.1
* WebKitGTK-6.0-lang-2.42.5-150400.4.75.1
* WebKitGTK-4.1-lang-2.42.5-150400.4.75.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libjavascriptcoregtk-4_1-0-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk3-minibrowser-2.42.5-150400.4.75.1
* webkit-jsc-6.0-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk4-devel-2.42.5-150400.4.75.1
* typelib-1_0-WebKit-6_0-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-2.42.5-150400.4.75.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.42.5-150400.4.75.1
* webkit2gtk3-devel-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk-4_1-injected-bundles-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-4_1-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-minibrowser-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk4-minibrowser-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-6_0-2.42.5-150400.4.75.1
* webkit2gtk4-minibrowser-2.42.5-150400.4.75.1
* libwebkitgtk-6_0-4-debuginfo-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-4_0-2.42.5-150400.4.75.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk4-debugsource-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-minibrowser-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk3-debugsource-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-2.42.5-150400.4.75.1
* webkit-jsc-4.1-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2-4_1-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2WebExtension-4_1-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-2.42.5-150400.4.75.1
* libwebkitgtk-6_0-4-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-debugsource-2.42.5-150400.4.75.1
* webkit-jsc-4.1-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* webkit-jsc-4-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_1-0-2.42.5-150400.4.75.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* libjavascriptcoregtk-6_0-1-2.42.5-150400.4.75.1
* webkitgtk-6_0-injected-bundles-2.42.5-150400.4.75.1
* webkit-jsc-6.0-2.42.5-150400.4.75.1
* webkit2gtk3-minibrowser-debuginfo-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2WebExtension-4_0-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-devel-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2-4_0-2.42.5-150400.4.75.1
* webkit-jsc-4-debuginfo-2.42.5-150400.4.75.1
* openSUSE Leap 15.4 (x86_64)
* libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-32bit-debuginfo-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_1-0-32bit-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-32bit-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-32bit-debuginfo-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-32bit-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-32bit-2.42.5-150400.4.75.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-64bit-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-64bit-debuginfo-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-64bit-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_1-0-64bit-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-64bit-debuginfo-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-64bit-2.42.5-150400.4.75.1
* openSUSE Leap 15.5 (noarch)
* WebKitGTK-4.0-lang-2.42.5-150400.4.75.1
* WebKitGTK-6.0-lang-2.42.5-150400.4.75.1
* WebKitGTK-4.1-lang-2.42.5-150400.4.75.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* libjavascriptcoregtk-4_1-0-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk3-minibrowser-2.42.5-150400.4.75.1
* webkit-jsc-6.0-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk4-devel-2.42.5-150400.4.75.1
* typelib-1_0-WebKit-6_0-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-2.42.5-150400.4.75.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.42.5-150400.4.75.1
* webkit2gtk-4_1-injected-bundles-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-4_1-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk3-devel-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-minibrowser-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk4-minibrowser-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-6_0-2.42.5-150400.4.75.1
* webkit2gtk4-minibrowser-2.42.5-150400.4.75.1
* libwebkitgtk-6_0-4-debuginfo-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-4_0-2.42.5-150400.4.75.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk4-debugsource-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-minibrowser-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk3-debugsource-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-2.42.5-150400.4.75.1
* webkit-jsc-4.1-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2-4_1-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2WebExtension-4_1-2.42.5-150400.4.75.1
* libwebkitgtk-6_0-4-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-debugsource-2.42.5-150400.4.75.1
* webkit-jsc-4.1-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* webkit-jsc-4-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_1-0-2.42.5-150400.4.75.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* libjavascriptcoregtk-6_0-1-2.42.5-150400.4.75.1
* webkitgtk-6_0-injected-bundles-2.42.5-150400.4.75.1
* webkit-jsc-6.0-2.42.5-150400.4.75.1
* webkit2gtk3-minibrowser-debuginfo-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2WebExtension-4_0-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-devel-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2-4_0-2.42.5-150400.4.75.1
* webkit-jsc-4-debuginfo-2.42.5-150400.4.75.1
* openSUSE Leap 15.5 (x86_64)
* libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-32bit-debuginfo-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-32bit-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_1-0-32bit-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-32bit-debuginfo-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-32bit-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-32bit-2.42.5-150400.4.75.1
* Basesystem Module 15-SP5 (noarch)
* WebKitGTK-4.0-lang-2.42.5-150400.4.75.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libjavascriptcoregtk-4_0-18-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-4_0-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-debugsource-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-devel-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2WebExtension-4_0-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-debuginfo-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2-4_0-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* Desktop Applications Module 15-SP5 (noarch)
* WebKitGTK-4.1-lang-2.42.5-150400.4.75.1
* Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libjavascriptcoregtk-4_1-0-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk3-devel-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk3-debugsource-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2-4_1-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2WebExtension-4_1-2.42.5-150400.4.75.1
* webkit2gtk-4_1-injected-bundles-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-4_1-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_1-0-2.42.5-150400.4.75.1
* Development Tools Module 15-SP5 (noarch)
* WebKitGTK-6.0-lang-2.42.5-150400.4.75.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libjavascriptcoregtk-6_0-1-2.42.5-150400.4.75.1
* webkitgtk-6_0-injected-bundles-2.42.5-150400.4.75.1
* libwebkitgtk-6_0-4-debuginfo-2.42.5-150400.4.75.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.42.5-150400.4.75.1
* libwebkitgtk-6_0-4-2.42.5-150400.4.75.1
* webkit2gtk4-debugsource-2.42.5-150400.4.75.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* WebKitGTK-4.0-lang-2.42.5-150400.4.75.1
* WebKitGTK-6.0-lang-2.42.5-150400.4.75.1
* WebKitGTK-4.1-lang-2.42.5-150400.4.75.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libjavascriptcoregtk-4_1-0-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-2.42.5-150400.4.75.1
* webkit2gtk-4_1-injected-bundles-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-4_1-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk3-devel-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-2.42.5-150400.4.75.1
* libwebkitgtk-6_0-4-debuginfo-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-4_0-2.42.5-150400.4.75.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk4-debugsource-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk3-debugsource-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2-4_1-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2WebExtension-4_1-2.42.5-150400.4.75.1
* libwebkitgtk-6_0-4-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-debugsource-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_1-0-2.42.5-150400.4.75.1
* libjavascriptcoregtk-6_0-1-2.42.5-150400.4.75.1
* webkitgtk-6_0-injected-bundles-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2WebExtension-4_0-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-devel-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2-4_0-2.42.5-150400.4.75.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* WebKitGTK-4.0-lang-2.42.5-150400.4.75.1
* WebKitGTK-6.0-lang-2.42.5-150400.4.75.1
* WebKitGTK-4.1-lang-2.42.5-150400.4.75.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libjavascriptcoregtk-4_1-0-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-2.42.5-150400.4.75.1
* webkit2gtk-4_1-injected-bundles-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-4_1-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk3-devel-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-2.42.5-150400.4.75.1
* libwebkitgtk-6_0-4-debuginfo-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-4_0-2.42.5-150400.4.75.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk4-debugsource-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk3-debugsource-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2-4_1-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2WebExtension-4_1-2.42.5-150400.4.75.1
* libwebkitgtk-6_0-4-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-debugsource-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_1-0-2.42.5-150400.4.75.1
* libjavascriptcoregtk-6_0-1-2.42.5-150400.4.75.1
* webkitgtk-6_0-injected-bundles-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2WebExtension-4_0-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-devel-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2-4_0-2.42.5-150400.4.75.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch)
* WebKitGTK-4.0-lang-2.42.5-150400.4.75.1
* WebKitGTK-6.0-lang-2.42.5-150400.4.75.1
* WebKitGTK-4.1-lang-2.42.5-150400.4.75.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* libjavascriptcoregtk-4_1-0-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-2.42.5-150400.4.75.1
* webkit2gtk-4_1-injected-bundles-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-4_1-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk3-devel-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-2.42.5-150400.4.75.1
* libwebkitgtk-6_0-4-debuginfo-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-4_0-2.42.5-150400.4.75.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk4-debugsource-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk3-debugsource-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2-4_1-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2WebExtension-4_1-2.42.5-150400.4.75.1
* libwebkitgtk-6_0-4-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-debugsource-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_1-0-2.42.5-150400.4.75.1
* libjavascriptcoregtk-6_0-1-2.42.5-150400.4.75.1
* webkitgtk-6_0-injected-bundles-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2WebExtension-4_0-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-devel-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2-4_0-2.42.5-150400.4.75.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* WebKitGTK-4.0-lang-2.42.5-150400.4.75.1
* WebKitGTK-6.0-lang-2.42.5-150400.4.75.1
* WebKitGTK-4.1-lang-2.42.5-150400.4.75.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* libjavascriptcoregtk-4_1-0-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-2.42.5-150400.4.75.1
* webkit2gtk-4_1-injected-bundles-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-4_1-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk3-devel-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-2.42.5-150400.4.75.1
* libwebkitgtk-6_0-4-debuginfo-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-4_0-2.42.5-150400.4.75.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk4-debugsource-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk3-debugsource-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2-4_1-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2WebExtension-4_1-2.42.5-150400.4.75.1
* libwebkitgtk-6_0-4-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-debugsource-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_1-0-2.42.5-150400.4.75.1
* libjavascriptcoregtk-6_0-1-2.42.5-150400.4.75.1
* webkitgtk-6_0-injected-bundles-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2WebExtension-4_0-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-devel-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2-4_0-2.42.5-150400.4.75.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* WebKitGTK-4.0-lang-2.42.5-150400.4.75.1
* WebKitGTK-6.0-lang-2.42.5-150400.4.75.1
* WebKitGTK-4.1-lang-2.42.5-150400.4.75.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libjavascriptcoregtk-4_1-0-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-2.42.5-150400.4.75.1
* webkit2gtk-4_1-injected-bundles-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-4_1-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk3-devel-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-2.42.5-150400.4.75.1
* libwebkitgtk-6_0-4-debuginfo-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-4_0-2.42.5-150400.4.75.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk4-debugsource-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk3-debugsource-2.42.5-150400.4.75.1
* libwebkit2gtk-4_1-0-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2-4_1-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2WebExtension-4_1-2.42.5-150400.4.75.1
* libwebkitgtk-6_0-4-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-debugsource-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_1-0-2.42.5-150400.4.75.1
* libjavascriptcoregtk-6_0-1-2.42.5-150400.4.75.1
* webkitgtk-6_0-injected-bundles-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2WebExtension-4_0-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-devel-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2-4_0-2.42.5-150400.4.75.1
* SUSE Manager Proxy 4.3 (noarch)
* WebKitGTK-4.0-lang-2.42.5-150400.4.75.1
* SUSE Manager Proxy 4.3 (x86_64)
* libjavascriptcoregtk-4_0-18-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-4_0-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-debugsource-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-devel-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2WebExtension-4_0-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-debuginfo-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2-4_0-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* WebKitGTK-4.0-lang-2.42.5-150400.4.75.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* libjavascriptcoregtk-4_0-18-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-4_0-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-debugsource-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-devel-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2WebExtension-4_0-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-debuginfo-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2-4_0-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.42.5-150400.4.75.1
* SUSE Manager Server 4.3 (noarch)
* WebKitGTK-4.0-lang-2.42.5-150400.4.75.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* libjavascriptcoregtk-4_0-18-debuginfo-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-2.42.5-150400.4.75.1
* libjavascriptcoregtk-4_0-18-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-2.42.5-150400.4.75.1
* typelib-1_0-JavaScriptCore-4_0-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-debugsource-2.42.5-150400.4.75.1
* webkit2gtk3-soup2-devel-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2WebExtension-4_0-2.42.5-150400.4.75.1
* libwebkit2gtk-4_0-37-debuginfo-2.42.5-150400.4.75.1
* typelib-1_0-WebKit2-4_0-2.42.5-150400.4.75.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.42.5-150400.4.75.1

## References:

* https://www.suse.com/security/cve/CVE-2014-1745.html
* https://www.suse.com/security/cve/CVE-2023-40414.html
* https://www.suse.com/security/cve/CVE-2023-42833.html
* https://www.suse.com/security/cve/CVE-2024-23206.html
* https://www.suse.com/security/cve/CVE-2024-23213.html
* https://www.suse.com/security/cve/CVE-2024-23222.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219113
* https://bugzilla.suse.com/show_bug.cgi?id=1219604



SUSE-SU-2024:0549-1: moderate: Security update for openssl-1_1


# Security update for openssl-1_1

Announcement ID: SUSE-SU-2024:0549-1
Rating: moderate
References:

* bsc#1219243

Cross-References:

* CVE-2024-0727

CVSS scores:

* CVE-2024-0727 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2024-0727 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for openssl-1_1 fixes the following issues:

* CVE-2024-0727: Denial of service when processing a maliciously formatted
PKCS12 file (bsc#1219243).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-549=1 SUSE-2024-549=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-549=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-549=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* openssl-1_1-debugsource-1.1.1l-150500.17.25.1
* libopenssl1_1-debuginfo-1.1.1l-150500.17.25.1
* libopenssl-1_1-devel-1.1.1l-150500.17.25.1
* openssl-1_1-1.1.1l-150500.17.25.1
* openssl-1_1-debuginfo-1.1.1l-150500.17.25.1
* libopenssl1_1-hmac-1.1.1l-150500.17.25.1
* libopenssl1_1-1.1.1l-150500.17.25.1
* openSUSE Leap 15.5 (x86_64)
* libopenssl1_1-32bit-1.1.1l-150500.17.25.1
* libopenssl1_1-hmac-32bit-1.1.1l-150500.17.25.1
* libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.25.1
* libopenssl-1_1-devel-32bit-1.1.1l-150500.17.25.1
* openSUSE Leap 15.5 (noarch)
* openssl-1_1-doc-1.1.1l-150500.17.25.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libopenssl-1_1-devel-64bit-1.1.1l-150500.17.25.1
* libopenssl1_1-64bit-1.1.1l-150500.17.25.1
* libopenssl1_1-hmac-64bit-1.1.1l-150500.17.25.1
* libopenssl1_1-64bit-debuginfo-1.1.1l-150500.17.25.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* openssl-1_1-debugsource-1.1.1l-150500.17.25.1
* libopenssl1_1-debuginfo-1.1.1l-150500.17.25.1
* libopenssl-1_1-devel-1.1.1l-150500.17.25.1
* openssl-1_1-1.1.1l-150500.17.25.1
* openssl-1_1-debuginfo-1.1.1l-150500.17.25.1
* libopenssl1_1-hmac-1.1.1l-150500.17.25.1
* libopenssl1_1-1.1.1l-150500.17.25.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* openssl-1_1-debugsource-1.1.1l-150500.17.25.1
* libopenssl1_1-debuginfo-1.1.1l-150500.17.25.1
* libopenssl-1_1-devel-1.1.1l-150500.17.25.1
* openssl-1_1-1.1.1l-150500.17.25.1
* openssl-1_1-debuginfo-1.1.1l-150500.17.25.1
* libopenssl1_1-hmac-1.1.1l-150500.17.25.1
* libopenssl1_1-1.1.1l-150500.17.25.1
* Basesystem Module 15-SP5 (x86_64)
* libopenssl1_1-32bit-1.1.1l-150500.17.25.1
* libopenssl1_1-hmac-32bit-1.1.1l-150500.17.25.1
* libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.25.1

## References:

* https://www.suse.com/security/cve/CVE-2024-0727.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219243



SUSE-SU-2024:0553-1: important: Security update for openvswitch


# Security update for openvswitch

Announcement ID: SUSE-SU-2024:0553-1
Rating: important
References:

* bsc#1219059

Cross-References:

* CVE-2024-22563

CVSS scores:

* CVE-2024-22563 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-22563 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Legacy Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for openvswitch fixes the following issues:

* CVE-2024-22563: Fixed memory leak via the function xmalloc__ in /lib/util.c
(bsc#1219059).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-553=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-553=1

* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-553=1

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-553=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-553=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-553=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-553=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-553=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-553=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-553=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-553=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* ovn-central-debuginfo-20.06.2-150400.24.20.1
* ovn-central-20.06.2-150400.24.20.1
* openvswitch-test-2.14.2-150400.24.20.1
* ovn-devel-20.06.2-150400.24.20.1
* ovn-vtep-20.06.2-150400.24.20.1
* openvswitch-devel-2.14.2-150400.24.20.1
* ovn-debuginfo-20.06.2-150400.24.20.1
* openvswitch-vtep-debuginfo-2.14.2-150400.24.20.1
* ovn-20.06.2-150400.24.20.1
* openvswitch-vtep-2.14.2-150400.24.20.1
* openvswitch-test-debuginfo-2.14.2-150400.24.20.1
* openvswitch-debugsource-2.14.2-150400.24.20.1
* libovn-20_06-0-20.06.2-150400.24.20.1
* python3-ovs-2.14.2-150400.24.20.1
* openvswitch-2.14.2-150400.24.20.1
* ovn-docker-20.06.2-150400.24.20.1
* ovn-host-20.06.2-150400.24.20.1
* ovn-vtep-debuginfo-20.06.2-150400.24.20.1
* libovn-20_06-0-debuginfo-20.06.2-150400.24.20.1
* openvswitch-pki-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-2.14.2-150400.24.20.1
* openvswitch-ipsec-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.20.1
* ovn-host-debuginfo-20.06.2-150400.24.20.1
* openvswitch-debuginfo-2.14.2-150400.24.20.1
* openSUSE Leap 15.4 (noarch)
* openvswitch-doc-2.14.2-150400.24.20.1
* ovn-doc-20.06.2-150400.24.20.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* ovn-central-debuginfo-20.06.2-150400.24.20.1
* ovn-central-20.06.2-150400.24.20.1
* openvswitch-test-2.14.2-150400.24.20.1
* ovn-devel-20.06.2-150400.24.20.1
* ovn-vtep-20.06.2-150400.24.20.1
* openvswitch-devel-2.14.2-150400.24.20.1
* ovn-debuginfo-20.06.2-150400.24.20.1
* openvswitch-vtep-debuginfo-2.14.2-150400.24.20.1
* ovn-20.06.2-150400.24.20.1
* openvswitch-vtep-2.14.2-150400.24.20.1
* openvswitch-test-debuginfo-2.14.2-150400.24.20.1
* openvswitch-debugsource-2.14.2-150400.24.20.1
* libovn-20_06-0-20.06.2-150400.24.20.1
* python3-ovs-2.14.2-150400.24.20.1
* openvswitch-2.14.2-150400.24.20.1
* ovn-docker-20.06.2-150400.24.20.1
* ovn-host-20.06.2-150400.24.20.1
* ovn-vtep-debuginfo-20.06.2-150400.24.20.1
* libovn-20_06-0-debuginfo-20.06.2-150400.24.20.1
* openvswitch-pki-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-2.14.2-150400.24.20.1
* openvswitch-ipsec-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.20.1
* ovn-host-debuginfo-20.06.2-150400.24.20.1
* openvswitch-debuginfo-2.14.2-150400.24.20.1
* openSUSE Leap 15.5 (noarch)
* openvswitch-doc-2.14.2-150400.24.20.1
* ovn-doc-20.06.2-150400.24.20.1
* Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* ovn-central-debuginfo-20.06.2-150400.24.20.1
* ovn-central-20.06.2-150400.24.20.1
* openvswitch-test-2.14.2-150400.24.20.1
* ovn-devel-20.06.2-150400.24.20.1
* ovn-vtep-20.06.2-150400.24.20.1
* openvswitch-devel-2.14.2-150400.24.20.1
* ovn-debuginfo-20.06.2-150400.24.20.1
* openvswitch-vtep-debuginfo-2.14.2-150400.24.20.1
* ovn-20.06.2-150400.24.20.1
* openvswitch-vtep-2.14.2-150400.24.20.1
* openvswitch-test-debuginfo-2.14.2-150400.24.20.1
* openvswitch-debugsource-2.14.2-150400.24.20.1
* libovn-20_06-0-20.06.2-150400.24.20.1
* python3-ovs-2.14.2-150400.24.20.1
* openvswitch-2.14.2-150400.24.20.1
* ovn-docker-20.06.2-150400.24.20.1
* ovn-host-20.06.2-150400.24.20.1
* ovn-vtep-debuginfo-20.06.2-150400.24.20.1
* libovn-20_06-0-debuginfo-20.06.2-150400.24.20.1
* openvswitch-pki-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-2.14.2-150400.24.20.1
* openvswitch-ipsec-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.20.1
* ovn-host-debuginfo-20.06.2-150400.24.20.1
* openvswitch-debuginfo-2.14.2-150400.24.20.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* openvswitch-debugsource-2.14.2-150400.24.20.1
* python3-ovs-2.14.2-150400.24.20.1
* openvswitch-debuginfo-2.14.2-150400.24.20.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* ovn-central-debuginfo-20.06.2-150400.24.20.1
* ovn-central-20.06.2-150400.24.20.1
* openvswitch-test-2.14.2-150400.24.20.1
* ovn-devel-20.06.2-150400.24.20.1
* ovn-vtep-20.06.2-150400.24.20.1
* openvswitch-devel-2.14.2-150400.24.20.1
* ovn-debuginfo-20.06.2-150400.24.20.1
* openvswitch-vtep-debuginfo-2.14.2-150400.24.20.1
* ovn-20.06.2-150400.24.20.1
* openvswitch-vtep-2.14.2-150400.24.20.1
* openvswitch-test-debuginfo-2.14.2-150400.24.20.1
* openvswitch-debugsource-2.14.2-150400.24.20.1
* libovn-20_06-0-20.06.2-150400.24.20.1
* python3-ovs-2.14.2-150400.24.20.1
* openvswitch-2.14.2-150400.24.20.1
* ovn-docker-20.06.2-150400.24.20.1
* ovn-host-20.06.2-150400.24.20.1
* ovn-vtep-debuginfo-20.06.2-150400.24.20.1
* libovn-20_06-0-debuginfo-20.06.2-150400.24.20.1
* openvswitch-pki-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-2.14.2-150400.24.20.1
* openvswitch-ipsec-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.20.1
* ovn-host-debuginfo-20.06.2-150400.24.20.1
* openvswitch-debuginfo-2.14.2-150400.24.20.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* ovn-central-debuginfo-20.06.2-150400.24.20.1
* ovn-central-20.06.2-150400.24.20.1
* openvswitch-test-2.14.2-150400.24.20.1
* ovn-devel-20.06.2-150400.24.20.1
* ovn-vtep-20.06.2-150400.24.20.1
* openvswitch-devel-2.14.2-150400.24.20.1
* ovn-debuginfo-20.06.2-150400.24.20.1
* openvswitch-vtep-debuginfo-2.14.2-150400.24.20.1
* ovn-20.06.2-150400.24.20.1
* openvswitch-vtep-2.14.2-150400.24.20.1
* openvswitch-test-debuginfo-2.14.2-150400.24.20.1
* openvswitch-debugsource-2.14.2-150400.24.20.1
* libovn-20_06-0-20.06.2-150400.24.20.1
* python3-ovs-2.14.2-150400.24.20.1
* openvswitch-2.14.2-150400.24.20.1
* ovn-docker-20.06.2-150400.24.20.1
* ovn-host-20.06.2-150400.24.20.1
* ovn-vtep-debuginfo-20.06.2-150400.24.20.1
* libovn-20_06-0-debuginfo-20.06.2-150400.24.20.1
* openvswitch-pki-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-2.14.2-150400.24.20.1
* openvswitch-ipsec-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.20.1
* ovn-host-debuginfo-20.06.2-150400.24.20.1
* openvswitch-debuginfo-2.14.2-150400.24.20.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* ovn-central-debuginfo-20.06.2-150400.24.20.1
* ovn-central-20.06.2-150400.24.20.1
* openvswitch-test-2.14.2-150400.24.20.1
* ovn-devel-20.06.2-150400.24.20.1
* ovn-vtep-20.06.2-150400.24.20.1
* openvswitch-devel-2.14.2-150400.24.20.1
* ovn-debuginfo-20.06.2-150400.24.20.1
* openvswitch-vtep-debuginfo-2.14.2-150400.24.20.1
* ovn-20.06.2-150400.24.20.1
* openvswitch-vtep-2.14.2-150400.24.20.1
* openvswitch-test-debuginfo-2.14.2-150400.24.20.1
* openvswitch-debugsource-2.14.2-150400.24.20.1
* libovn-20_06-0-20.06.2-150400.24.20.1
* python3-ovs-2.14.2-150400.24.20.1
* openvswitch-2.14.2-150400.24.20.1
* ovn-docker-20.06.2-150400.24.20.1
* ovn-host-20.06.2-150400.24.20.1
* ovn-vtep-debuginfo-20.06.2-150400.24.20.1
* libovn-20_06-0-debuginfo-20.06.2-150400.24.20.1
* openvswitch-pki-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-2.14.2-150400.24.20.1
* openvswitch-ipsec-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.20.1
* ovn-host-debuginfo-20.06.2-150400.24.20.1
* openvswitch-debuginfo-2.14.2-150400.24.20.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* ovn-central-debuginfo-20.06.2-150400.24.20.1
* ovn-central-20.06.2-150400.24.20.1
* openvswitch-test-2.14.2-150400.24.20.1
* ovn-devel-20.06.2-150400.24.20.1
* ovn-vtep-20.06.2-150400.24.20.1
* openvswitch-devel-2.14.2-150400.24.20.1
* ovn-debuginfo-20.06.2-150400.24.20.1
* openvswitch-vtep-debuginfo-2.14.2-150400.24.20.1
* ovn-20.06.2-150400.24.20.1
* openvswitch-vtep-2.14.2-150400.24.20.1
* openvswitch-test-debuginfo-2.14.2-150400.24.20.1
* openvswitch-debugsource-2.14.2-150400.24.20.1
* libovn-20_06-0-20.06.2-150400.24.20.1
* python3-ovs-2.14.2-150400.24.20.1
* openvswitch-2.14.2-150400.24.20.1
* ovn-docker-20.06.2-150400.24.20.1
* ovn-host-20.06.2-150400.24.20.1
* ovn-vtep-debuginfo-20.06.2-150400.24.20.1
* libovn-20_06-0-debuginfo-20.06.2-150400.24.20.1
* openvswitch-pki-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-2.14.2-150400.24.20.1
* openvswitch-ipsec-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.20.1
* ovn-host-debuginfo-20.06.2-150400.24.20.1
* openvswitch-debuginfo-2.14.2-150400.24.20.1
* SUSE Manager Proxy 4.3 (x86_64)
* ovn-central-debuginfo-20.06.2-150400.24.20.1
* ovn-central-20.06.2-150400.24.20.1
* openvswitch-test-2.14.2-150400.24.20.1
* ovn-devel-20.06.2-150400.24.20.1
* ovn-vtep-20.06.2-150400.24.20.1
* openvswitch-devel-2.14.2-150400.24.20.1
* ovn-debuginfo-20.06.2-150400.24.20.1
* openvswitch-vtep-debuginfo-2.14.2-150400.24.20.1
* ovn-20.06.2-150400.24.20.1
* openvswitch-vtep-2.14.2-150400.24.20.1
* openvswitch-test-debuginfo-2.14.2-150400.24.20.1
* openvswitch-debugsource-2.14.2-150400.24.20.1
* libovn-20_06-0-20.06.2-150400.24.20.1
* python3-ovs-2.14.2-150400.24.20.1
* openvswitch-2.14.2-150400.24.20.1
* ovn-docker-20.06.2-150400.24.20.1
* ovn-host-20.06.2-150400.24.20.1
* ovn-vtep-debuginfo-20.06.2-150400.24.20.1
* libovn-20_06-0-debuginfo-20.06.2-150400.24.20.1
* openvswitch-pki-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-2.14.2-150400.24.20.1
* openvswitch-ipsec-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.20.1
* ovn-host-debuginfo-20.06.2-150400.24.20.1
* openvswitch-debuginfo-2.14.2-150400.24.20.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* ovn-central-debuginfo-20.06.2-150400.24.20.1
* ovn-central-20.06.2-150400.24.20.1
* openvswitch-test-2.14.2-150400.24.20.1
* ovn-devel-20.06.2-150400.24.20.1
* ovn-vtep-20.06.2-150400.24.20.1
* openvswitch-devel-2.14.2-150400.24.20.1
* ovn-debuginfo-20.06.2-150400.24.20.1
* openvswitch-vtep-debuginfo-2.14.2-150400.24.20.1
* ovn-20.06.2-150400.24.20.1
* openvswitch-vtep-2.14.2-150400.24.20.1
* openvswitch-test-debuginfo-2.14.2-150400.24.20.1
* openvswitch-debugsource-2.14.2-150400.24.20.1
* libovn-20_06-0-20.06.2-150400.24.20.1
* python3-ovs-2.14.2-150400.24.20.1
* openvswitch-2.14.2-150400.24.20.1
* ovn-docker-20.06.2-150400.24.20.1
* ovn-host-20.06.2-150400.24.20.1
* ovn-vtep-debuginfo-20.06.2-150400.24.20.1
* libovn-20_06-0-debuginfo-20.06.2-150400.24.20.1
* openvswitch-pki-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-2.14.2-150400.24.20.1
* openvswitch-ipsec-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.20.1
* ovn-host-debuginfo-20.06.2-150400.24.20.1
* openvswitch-debuginfo-2.14.2-150400.24.20.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* ovn-central-debuginfo-20.06.2-150400.24.20.1
* ovn-central-20.06.2-150400.24.20.1
* openvswitch-test-2.14.2-150400.24.20.1
* ovn-devel-20.06.2-150400.24.20.1
* ovn-vtep-20.06.2-150400.24.20.1
* openvswitch-devel-2.14.2-150400.24.20.1
* ovn-debuginfo-20.06.2-150400.24.20.1
* openvswitch-vtep-debuginfo-2.14.2-150400.24.20.1
* ovn-20.06.2-150400.24.20.1
* openvswitch-vtep-2.14.2-150400.24.20.1
* openvswitch-test-debuginfo-2.14.2-150400.24.20.1
* openvswitch-debugsource-2.14.2-150400.24.20.1
* libovn-20_06-0-20.06.2-150400.24.20.1
* python3-ovs-2.14.2-150400.24.20.1
* openvswitch-2.14.2-150400.24.20.1
* ovn-docker-20.06.2-150400.24.20.1
* ovn-host-20.06.2-150400.24.20.1
* ovn-vtep-debuginfo-20.06.2-150400.24.20.1
* libovn-20_06-0-debuginfo-20.06.2-150400.24.20.1
* openvswitch-pki-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-2.14.2-150400.24.20.1
* openvswitch-ipsec-2.14.2-150400.24.20.1
* libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.20.1
* ovn-host-debuginfo-20.06.2-150400.24.20.1
* openvswitch-debuginfo-2.14.2-150400.24.20.1

## References:

* https://www.suse.com/security/cve/CVE-2024-22563.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219059



SUSE-SU-2024:0551-1: important: Security update for postgresql15


# Security update for postgresql15

Announcement ID: SUSE-SU-2024:0551-1
Rating: important
References:

* bsc#1219679

Cross-References:

* CVE-2024-0985

CVSS scores:

* CVE-2024-0985 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-0985 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* Server Applications Module 15-SP5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for postgresql15 fixes the following issues:

Upgrade to 15.6:

* CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED
VIEW CONCURRENTLY (bsc#1219679).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-551=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-551=1

* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-551=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-551=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-551=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-551=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-551=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-551=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-551=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-551=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-551=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-551=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-551=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-551=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-551=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* postgresql15-contrib-debuginfo-15.6-150200.5.22.1
* postgresql15-devel-15.6-150200.5.22.1
* postgresql15-server-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-server-15.6-150200.5.22.1
* postgresql15-plperl-debuginfo-15.6-150200.5.22.1
* postgresql15-plpython-debuginfo-15.6-150200.5.22.1
* postgresql15-server-debuginfo-15.6-150200.5.22.1
* postgresql15-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-test-15.6-150200.5.22.1
* postgresql15-contrib-15.6-150200.5.22.1
* postgresql15-server-devel-15.6-150200.5.22.1
* postgresql15-pltcl-debuginfo-15.6-150200.5.22.1
* postgresql15-15.6-150200.5.22.1
* postgresql15-pltcl-15.6-150200.5.22.1
* postgresql15-plpython-15.6-150200.5.22.1
* postgresql15-debugsource-15.6-150200.5.22.1
* postgresql15-llvmjit-15.6-150200.5.22.1
* postgresql15-llvmjit-debuginfo-15.6-150200.5.22.1
* postgresql15-debuginfo-15.6-150200.5.22.1
* postgresql15-llvmjit-devel-15.6-150200.5.22.1
* postgresql15-plperl-15.6-150200.5.22.1
* openSUSE Leap 15.5 (noarch)
* postgresql15-docs-15.6-150200.5.22.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* postgresql15-15.6-150200.5.22.1
* postgresql15-debugsource-15.6-150200.5.22.1
* postgresql15-debuginfo-15.6-150200.5.22.1
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* postgresql15-plpython-debuginfo-15.6-150200.5.22.1
* postgresql15-server-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-15.6-150200.5.22.1
* postgresql15-devel-15.6-150200.5.22.1
* postgresql15-debuginfo-15.6-150200.5.22.1
* postgresql15-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-plpython-15.6-150200.5.22.1
* postgresql15-server-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-15.6-150200.5.22.1
* postgresql15-server-15.6-150200.5.22.1
* postgresql15-server-devel-15.6-150200.5.22.1
* postgresql15-debugsource-15.6-150200.5.22.1
* postgresql15-plperl-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-debuginfo-15.6-150200.5.22.1
* postgresql15-plperl-15.6-150200.5.22.1
* Server Applications Module 15-SP5 (noarch)
* postgresql15-docs-15.6-150200.5.22.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* postgresql15-15.6-150200.5.22.1
* postgresql15-plpython-debuginfo-15.6-150200.5.22.1
* postgresql15-server-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-15.6-150200.5.22.1
* postgresql15-devel-15.6-150200.5.22.1
* postgresql15-debuginfo-15.6-150200.5.22.1
* postgresql15-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-plpython-15.6-150200.5.22.1
* postgresql15-server-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-15.6-150200.5.22.1
* postgresql15-server-15.6-150200.5.22.1
* postgresql15-server-devel-15.6-150200.5.22.1
* postgresql15-debugsource-15.6-150200.5.22.1
* postgresql15-plperl-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-debuginfo-15.6-150200.5.22.1
* postgresql15-plperl-15.6-150200.5.22.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* postgresql15-docs-15.6-150200.5.22.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* postgresql15-15.6-150200.5.22.1
* postgresql15-plpython-debuginfo-15.6-150200.5.22.1
* postgresql15-server-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-15.6-150200.5.22.1
* postgresql15-devel-15.6-150200.5.22.1
* postgresql15-debuginfo-15.6-150200.5.22.1
* postgresql15-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-plpython-15.6-150200.5.22.1
* postgresql15-server-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-15.6-150200.5.22.1
* postgresql15-server-15.6-150200.5.22.1
* postgresql15-server-devel-15.6-150200.5.22.1
* postgresql15-debugsource-15.6-150200.5.22.1
* postgresql15-plperl-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-debuginfo-15.6-150200.5.22.1
* postgresql15-plperl-15.6-150200.5.22.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* postgresql15-docs-15.6-150200.5.22.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* postgresql15-15.6-150200.5.22.1
* postgresql15-plpython-debuginfo-15.6-150200.5.22.1
* postgresql15-server-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-15.6-150200.5.22.1
* postgresql15-devel-15.6-150200.5.22.1
* postgresql15-debuginfo-15.6-150200.5.22.1
* postgresql15-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-plpython-15.6-150200.5.22.1
* postgresql15-server-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-15.6-150200.5.22.1
* postgresql15-server-15.6-150200.5.22.1
* postgresql15-server-devel-15.6-150200.5.22.1
* postgresql15-debugsource-15.6-150200.5.22.1
* postgresql15-plperl-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-debuginfo-15.6-150200.5.22.1
* postgresql15-plperl-15.6-150200.5.22.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* postgresql15-docs-15.6-150200.5.22.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* postgresql15-15.6-150200.5.22.1
* postgresql15-debugsource-15.6-150200.5.22.1
* postgresql15-debuginfo-15.6-150200.5.22.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* postgresql15-15.6-150200.5.22.1
* postgresql15-plpython-debuginfo-15.6-150200.5.22.1
* postgresql15-server-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-15.6-150200.5.22.1
* postgresql15-devel-15.6-150200.5.22.1
* postgresql15-debuginfo-15.6-150200.5.22.1
* postgresql15-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-plpython-15.6-150200.5.22.1
* postgresql15-server-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-15.6-150200.5.22.1
* postgresql15-server-15.6-150200.5.22.1
* postgresql15-server-devel-15.6-150200.5.22.1
* postgresql15-debugsource-15.6-150200.5.22.1
* postgresql15-plperl-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-debuginfo-15.6-150200.5.22.1
* postgresql15-plperl-15.6-150200.5.22.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* postgresql15-docs-15.6-150200.5.22.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* postgresql15-15.6-150200.5.22.1
* postgresql15-plpython-debuginfo-15.6-150200.5.22.1
* postgresql15-server-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-15.6-150200.5.22.1
* postgresql15-devel-15.6-150200.5.22.1
* postgresql15-debuginfo-15.6-150200.5.22.1
* postgresql15-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-plpython-15.6-150200.5.22.1
* postgresql15-server-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-15.6-150200.5.22.1
* postgresql15-server-15.6-150200.5.22.1
* postgresql15-server-devel-15.6-150200.5.22.1
* postgresql15-debugsource-15.6-150200.5.22.1
* postgresql15-plperl-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-debuginfo-15.6-150200.5.22.1
* postgresql15-plperl-15.6-150200.5.22.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* postgresql15-docs-15.6-150200.5.22.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* postgresql15-15.6-150200.5.22.1
* postgresql15-plpython-debuginfo-15.6-150200.5.22.1
* postgresql15-server-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-15.6-150200.5.22.1
* postgresql15-devel-15.6-150200.5.22.1
* postgresql15-debuginfo-15.6-150200.5.22.1
* postgresql15-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-plpython-15.6-150200.5.22.1
* postgresql15-server-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-15.6-150200.5.22.1
* postgresql15-server-15.6-150200.5.22.1
* postgresql15-server-devel-15.6-150200.5.22.1
* postgresql15-debugsource-15.6-150200.5.22.1
* postgresql15-plperl-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-debuginfo-15.6-150200.5.22.1
* postgresql15-plperl-15.6-150200.5.22.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* postgresql15-docs-15.6-150200.5.22.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* postgresql15-15.6-150200.5.22.1
* postgresql15-plpython-debuginfo-15.6-150200.5.22.1
* postgresql15-server-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-15.6-150200.5.22.1
* postgresql15-devel-15.6-150200.5.22.1
* postgresql15-debuginfo-15.6-150200.5.22.1
* postgresql15-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-plpython-15.6-150200.5.22.1
* postgresql15-server-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-15.6-150200.5.22.1
* postgresql15-server-15.6-150200.5.22.1
* postgresql15-server-devel-15.6-150200.5.22.1
* postgresql15-debugsource-15.6-150200.5.22.1
* postgresql15-plperl-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-debuginfo-15.6-150200.5.22.1
* postgresql15-plperl-15.6-150200.5.22.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* postgresql15-docs-15.6-150200.5.22.1
* SUSE Manager Proxy 4.3 (x86_64)
* postgresql15-15.6-150200.5.22.1
* postgresql15-plpython-debuginfo-15.6-150200.5.22.1
* postgresql15-server-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-15.6-150200.5.22.1
* postgresql15-devel-15.6-150200.5.22.1
* postgresql15-debuginfo-15.6-150200.5.22.1
* postgresql15-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-plpython-15.6-150200.5.22.1
* postgresql15-server-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-15.6-150200.5.22.1
* postgresql15-server-15.6-150200.5.22.1
* postgresql15-server-devel-15.6-150200.5.22.1
* postgresql15-debugsource-15.6-150200.5.22.1
* postgresql15-plperl-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-debuginfo-15.6-150200.5.22.1
* postgresql15-plperl-15.6-150200.5.22.1
* SUSE Manager Proxy 4.3 (noarch)
* postgresql15-docs-15.6-150200.5.22.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* postgresql15-15.6-150200.5.22.1
* postgresql15-plpython-debuginfo-15.6-150200.5.22.1
* postgresql15-server-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-15.6-150200.5.22.1
* postgresql15-devel-15.6-150200.5.22.1
* postgresql15-debuginfo-15.6-150200.5.22.1
* postgresql15-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-plpython-15.6-150200.5.22.1
* postgresql15-server-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-15.6-150200.5.22.1
* postgresql15-server-15.6-150200.5.22.1
* postgresql15-server-devel-15.6-150200.5.22.1
* postgresql15-debugsource-15.6-150200.5.22.1
* postgresql15-plperl-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-debuginfo-15.6-150200.5.22.1
* postgresql15-plperl-15.6-150200.5.22.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* postgresql15-docs-15.6-150200.5.22.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* postgresql15-15.6-150200.5.22.1
* postgresql15-plpython-debuginfo-15.6-150200.5.22.1
* postgresql15-server-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-15.6-150200.5.22.1
* postgresql15-devel-15.6-150200.5.22.1
* postgresql15-debuginfo-15.6-150200.5.22.1
* postgresql15-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-plpython-15.6-150200.5.22.1
* postgresql15-server-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-15.6-150200.5.22.1
* postgresql15-server-15.6-150200.5.22.1
* postgresql15-server-devel-15.6-150200.5.22.1
* postgresql15-debugsource-15.6-150200.5.22.1
* postgresql15-plperl-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-debuginfo-15.6-150200.5.22.1
* postgresql15-plperl-15.6-150200.5.22.1
* SUSE Manager Server 4.3 (noarch)
* postgresql15-docs-15.6-150200.5.22.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* postgresql15-15.6-150200.5.22.1
* postgresql15-plpython-debuginfo-15.6-150200.5.22.1
* postgresql15-server-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-15.6-150200.5.22.1
* postgresql15-devel-15.6-150200.5.22.1
* postgresql15-debuginfo-15.6-150200.5.22.1
* postgresql15-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-plpython-15.6-150200.5.22.1
* postgresql15-server-devel-debuginfo-15.6-150200.5.22.1
* postgresql15-contrib-15.6-150200.5.22.1
* postgresql15-server-15.6-150200.5.22.1
* postgresql15-server-devel-15.6-150200.5.22.1
* postgresql15-debugsource-15.6-150200.5.22.1
* postgresql15-plperl-debuginfo-15.6-150200.5.22.1
* postgresql15-pltcl-debuginfo-15.6-150200.5.22.1
* postgresql15-plperl-15.6-150200.5.22.1
* SUSE Enterprise Storage 7.1 (noarch)
* postgresql15-docs-15.6-150200.5.22.1

## References:

* https://www.suse.com/security/cve/CVE-2024-0985.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219679



SUSE-SU-2024:0552-1: important: Security update for postgresql14


# Security update for postgresql14

Announcement ID: SUSE-SU-2024:0552-1
Rating: important
References:

* bsc#1219679

Cross-References:

* CVE-2024-0985

CVSS scores:

* CVE-2024-0985 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-0985 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Legacy Module 15-SP5
* openSUSE Leap 15.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for postgresql14 fixes the following issues:

Upgrade to 14.11:

* CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED
VIEW CONCURRENTLY (bsc#1219679).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-552=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-552=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-552=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-552=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-552=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-552=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-552=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-552=1

* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-552=1

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-552=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-552=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-552=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-552=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-552=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-552=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-552=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-552=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-552=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* postgresql14-debugsource-14.11-150200.5.39.1
* postgresql14-server-debuginfo-14.11-150200.5.39.1
* postgresql14-debuginfo-14.11-150200.5.39.1
* postgresql14-pltcl-debuginfo-14.11-150200.5.39.1
* postgresql14-devel-14.11-150200.5.39.1
* postgresql14-server-14.11-150200.5.39.1
* postgresql14-14.11-150200.5.39.1
* postgresql14-contrib-debuginfo-14.11-150200.5.39.1
* postgresql14-server-devel-14.11-150200.5.39.1
* postgresql14-pltcl-14.11-150200.5.39.1
* postgresql14-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-contrib-14.11-150200.5.39.1
* postgresql14-plperl-debuginfo-14.11-150200.5.39.1
* postgresql14-plperl-14.11-150200.5.39.1
* postgresql14-server-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-14.11-150200.5.39.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* postgresql14-docs-14.11-150200.5.39.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* postgresql14-debugsource-14.11-150200.5.39.1
* postgresql14-server-debuginfo-14.11-150200.5.39.1
* postgresql14-debuginfo-14.11-150200.5.39.1
* postgresql14-pltcl-debuginfo-14.11-150200.5.39.1
* postgresql14-devel-14.11-150200.5.39.1
* postgresql14-server-14.11-150200.5.39.1
* postgresql14-14.11-150200.5.39.1
* postgresql14-contrib-debuginfo-14.11-150200.5.39.1
* postgresql14-server-devel-14.11-150200.5.39.1
* postgresql14-pltcl-14.11-150200.5.39.1
* postgresql14-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-contrib-14.11-150200.5.39.1
* postgresql14-plperl-debuginfo-14.11-150200.5.39.1
* postgresql14-plperl-14.11-150200.5.39.1
* postgresql14-server-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-14.11-150200.5.39.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* postgresql14-docs-14.11-150200.5.39.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* postgresql14-debugsource-14.11-150200.5.39.1
* postgresql14-server-debuginfo-14.11-150200.5.39.1
* postgresql14-debuginfo-14.11-150200.5.39.1
* postgresql14-pltcl-debuginfo-14.11-150200.5.39.1
* postgresql14-devel-14.11-150200.5.39.1
* postgresql14-server-14.11-150200.5.39.1
* postgresql14-14.11-150200.5.39.1
* postgresql14-contrib-debuginfo-14.11-150200.5.39.1
* postgresql14-server-devel-14.11-150200.5.39.1
* postgresql14-pltcl-14.11-150200.5.39.1
* postgresql14-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-contrib-14.11-150200.5.39.1
* postgresql14-plperl-debuginfo-14.11-150200.5.39.1
* postgresql14-plperl-14.11-150200.5.39.1
* postgresql14-server-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-14.11-150200.5.39.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* postgresql14-docs-14.11-150200.5.39.1
* SUSE Manager Proxy 4.3 (x86_64)
* postgresql14-debugsource-14.11-150200.5.39.1
* postgresql14-server-debuginfo-14.11-150200.5.39.1
* postgresql14-debuginfo-14.11-150200.5.39.1
* postgresql14-pltcl-debuginfo-14.11-150200.5.39.1
* postgresql14-devel-14.11-150200.5.39.1
* postgresql14-server-14.11-150200.5.39.1
* postgresql14-14.11-150200.5.39.1
* postgresql14-contrib-debuginfo-14.11-150200.5.39.1
* postgresql14-server-devel-14.11-150200.5.39.1
* postgresql14-pltcl-14.11-150200.5.39.1
* postgresql14-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-contrib-14.11-150200.5.39.1
* postgresql14-plperl-debuginfo-14.11-150200.5.39.1
* postgresql14-plperl-14.11-150200.5.39.1
* postgresql14-server-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-14.11-150200.5.39.1
* SUSE Manager Proxy 4.3 (noarch)
* postgresql14-docs-14.11-150200.5.39.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* postgresql14-debugsource-14.11-150200.5.39.1
* postgresql14-server-debuginfo-14.11-150200.5.39.1
* postgresql14-debuginfo-14.11-150200.5.39.1
* postgresql14-pltcl-debuginfo-14.11-150200.5.39.1
* postgresql14-devel-14.11-150200.5.39.1
* postgresql14-server-14.11-150200.5.39.1
* postgresql14-14.11-150200.5.39.1
* postgresql14-contrib-debuginfo-14.11-150200.5.39.1
* postgresql14-server-devel-14.11-150200.5.39.1
* postgresql14-pltcl-14.11-150200.5.39.1
* postgresql14-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-contrib-14.11-150200.5.39.1
* postgresql14-plperl-debuginfo-14.11-150200.5.39.1
* postgresql14-plperl-14.11-150200.5.39.1
* postgresql14-server-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-14.11-150200.5.39.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* postgresql14-docs-14.11-150200.5.39.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* postgresql14-debugsource-14.11-150200.5.39.1
* postgresql14-server-debuginfo-14.11-150200.5.39.1
* postgresql14-debuginfo-14.11-150200.5.39.1
* postgresql14-pltcl-debuginfo-14.11-150200.5.39.1
* postgresql14-devel-14.11-150200.5.39.1
* postgresql14-server-14.11-150200.5.39.1
* postgresql14-14.11-150200.5.39.1
* postgresql14-contrib-debuginfo-14.11-150200.5.39.1
* postgresql14-server-devel-14.11-150200.5.39.1
* postgresql14-pltcl-14.11-150200.5.39.1
* postgresql14-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-contrib-14.11-150200.5.39.1
* postgresql14-plperl-debuginfo-14.11-150200.5.39.1
* postgresql14-plperl-14.11-150200.5.39.1
* postgresql14-server-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-14.11-150200.5.39.1
* SUSE Manager Server 4.3 (noarch)
* postgresql14-docs-14.11-150200.5.39.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* postgresql14-debugsource-14.11-150200.5.39.1
* postgresql14-server-debuginfo-14.11-150200.5.39.1
* postgresql14-debuginfo-14.11-150200.5.39.1
* postgresql14-pltcl-debuginfo-14.11-150200.5.39.1
* postgresql14-devel-14.11-150200.5.39.1
* postgresql14-server-14.11-150200.5.39.1
* postgresql14-14.11-150200.5.39.1
* postgresql14-contrib-debuginfo-14.11-150200.5.39.1
* postgresql14-server-devel-14.11-150200.5.39.1
* postgresql14-pltcl-14.11-150200.5.39.1
* postgresql14-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-contrib-14.11-150200.5.39.1
* postgresql14-plperl-debuginfo-14.11-150200.5.39.1
* postgresql14-plperl-14.11-150200.5.39.1
* postgresql14-server-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-14.11-150200.5.39.1
* SUSE Enterprise Storage 7.1 (noarch)
* postgresql14-docs-14.11-150200.5.39.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* postgresql14-debuginfo-14.11-150200.5.39.1
* postgresql14-pltcl-debuginfo-14.11-150200.5.39.1
* postgresql14-devel-14.11-150200.5.39.1
* postgresql14-contrib-debuginfo-14.11-150200.5.39.1
* postgresql14-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-contrib-14.11-150200.5.39.1
* postgresql14-llvmjit-devel-14.11-150200.5.39.1
* postgresql14-plperl-14.11-150200.5.39.1
* postgresql14-server-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-server-14.11-150200.5.39.1
* postgresql14-server-devel-14.11-150200.5.39.1
* postgresql14-pltcl-14.11-150200.5.39.1
* postgresql14-plperl-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-14.11-150200.5.39.1
* postgresql14-debugsource-14.11-150200.5.39.1
* postgresql14-server-debuginfo-14.11-150200.5.39.1
* postgresql14-llvmjit-debuginfo-14.11-150200.5.39.1
* postgresql14-14.11-150200.5.39.1
* postgresql14-llvmjit-14.11-150200.5.39.1
* postgresql14-test-14.11-150200.5.39.1
* openSUSE Leap 15.5 (noarch)
* postgresql14-docs-14.11-150200.5.39.1
* Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* postgresql14-debugsource-14.11-150200.5.39.1
* postgresql14-server-debuginfo-14.11-150200.5.39.1
* postgresql14-debuginfo-14.11-150200.5.39.1
* postgresql14-llvmjit-debuginfo-14.11-150200.5.39.1
* postgresql14-devel-14.11-150200.5.39.1
* postgresql14-pltcl-debuginfo-14.11-150200.5.39.1
* postgresql14-14.11-150200.5.39.1
* postgresql14-server-14.11-150200.5.39.1
* postgresql14-contrib-debuginfo-14.11-150200.5.39.1
* postgresql14-server-devel-14.11-150200.5.39.1
* postgresql14-pltcl-14.11-150200.5.39.1
* postgresql14-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-contrib-14.11-150200.5.39.1
* postgresql14-llvmjit-devel-14.11-150200.5.39.1
* postgresql14-llvmjit-14.11-150200.5.39.1
* postgresql14-plperl-debuginfo-14.11-150200.5.39.1
* postgresql14-plperl-14.11-150200.5.39.1
* postgresql14-server-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-14.11-150200.5.39.1
* Legacy Module 15-SP5 (noarch)
* postgresql14-docs-14.11-150200.5.39.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* postgresql14-debugsource-14.11-150200.5.39.1
* postgresql14-llvmjit-debuginfo-14.11-150200.5.39.1
* postgresql14-debuginfo-14.11-150200.5.39.1
* postgresql14-llvmjit-14.11-150200.5.39.1
* postgresql14-test-14.11-150200.5.39.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* postgresql14-debugsource-14.11-150200.5.39.1
* postgresql14-server-debuginfo-14.11-150200.5.39.1
* postgresql14-debuginfo-14.11-150200.5.39.1
* postgresql14-pltcl-debuginfo-14.11-150200.5.39.1
* postgresql14-devel-14.11-150200.5.39.1
* postgresql14-server-14.11-150200.5.39.1
* postgresql14-14.11-150200.5.39.1
* postgresql14-contrib-debuginfo-14.11-150200.5.39.1
* postgresql14-server-devel-14.11-150200.5.39.1
* postgresql14-pltcl-14.11-150200.5.39.1
* postgresql14-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-contrib-14.11-150200.5.39.1
* postgresql14-plperl-debuginfo-14.11-150200.5.39.1
* postgresql14-plperl-14.11-150200.5.39.1
* postgresql14-server-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-14.11-150200.5.39.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* postgresql14-docs-14.11-150200.5.39.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* postgresql14-debugsource-14.11-150200.5.39.1
* postgresql14-server-debuginfo-14.11-150200.5.39.1
* postgresql14-debuginfo-14.11-150200.5.39.1
* postgresql14-pltcl-debuginfo-14.11-150200.5.39.1
* postgresql14-devel-14.11-150200.5.39.1
* postgresql14-server-14.11-150200.5.39.1
* postgresql14-14.11-150200.5.39.1
* postgresql14-contrib-debuginfo-14.11-150200.5.39.1
* postgresql14-server-devel-14.11-150200.5.39.1
* postgresql14-pltcl-14.11-150200.5.39.1
* postgresql14-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-contrib-14.11-150200.5.39.1
* postgresql14-plperl-debuginfo-14.11-150200.5.39.1
* postgresql14-plperl-14.11-150200.5.39.1
* postgresql14-server-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-14.11-150200.5.39.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* postgresql14-docs-14.11-150200.5.39.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* postgresql14-debugsource-14.11-150200.5.39.1
* postgresql14-server-debuginfo-14.11-150200.5.39.1
* postgresql14-debuginfo-14.11-150200.5.39.1
* postgresql14-pltcl-debuginfo-14.11-150200.5.39.1
* postgresql14-devel-14.11-150200.5.39.1
* postgresql14-server-14.11-150200.5.39.1
* postgresql14-14.11-150200.5.39.1
* postgresql14-contrib-debuginfo-14.11-150200.5.39.1
* postgresql14-server-devel-14.11-150200.5.39.1
* postgresql14-pltcl-14.11-150200.5.39.1
* postgresql14-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-contrib-14.11-150200.5.39.1
* postgresql14-plperl-debuginfo-14.11-150200.5.39.1
* postgresql14-plperl-14.11-150200.5.39.1
* postgresql14-server-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-14.11-150200.5.39.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* postgresql14-docs-14.11-150200.5.39.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* postgresql14-debugsource-14.11-150200.5.39.1
* postgresql14-server-debuginfo-14.11-150200.5.39.1
* postgresql14-debuginfo-14.11-150200.5.39.1
* postgresql14-pltcl-debuginfo-14.11-150200.5.39.1
* postgresql14-devel-14.11-150200.5.39.1
* postgresql14-server-14.11-150200.5.39.1
* postgresql14-14.11-150200.5.39.1
* postgresql14-contrib-debuginfo-14.11-150200.5.39.1
* postgresql14-server-devel-14.11-150200.5.39.1
* postgresql14-pltcl-14.11-150200.5.39.1
* postgresql14-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-contrib-14.11-150200.5.39.1
* postgresql14-plperl-debuginfo-14.11-150200.5.39.1
* postgresql14-plperl-14.11-150200.5.39.1
* postgresql14-server-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-14.11-150200.5.39.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* postgresql14-docs-14.11-150200.5.39.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* postgresql14-debugsource-14.11-150200.5.39.1
* postgresql14-14.11-150200.5.39.1
* postgresql14-debuginfo-14.11-150200.5.39.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* postgresql14-debugsource-14.11-150200.5.39.1
* postgresql14-server-debuginfo-14.11-150200.5.39.1
* postgresql14-debuginfo-14.11-150200.5.39.1
* postgresql14-pltcl-debuginfo-14.11-150200.5.39.1
* postgresql14-devel-14.11-150200.5.39.1
* postgresql14-server-14.11-150200.5.39.1
* postgresql14-14.11-150200.5.39.1
* postgresql14-contrib-debuginfo-14.11-150200.5.39.1
* postgresql14-server-devel-14.11-150200.5.39.1
* postgresql14-pltcl-14.11-150200.5.39.1
* postgresql14-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-contrib-14.11-150200.5.39.1
* postgresql14-plperl-debuginfo-14.11-150200.5.39.1
* postgresql14-plperl-14.11-150200.5.39.1
* postgresql14-server-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-14.11-150200.5.39.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* postgresql14-docs-14.11-150200.5.39.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* postgresql14-debugsource-14.11-150200.5.39.1
* postgresql14-server-debuginfo-14.11-150200.5.39.1
* postgresql14-debuginfo-14.11-150200.5.39.1
* postgresql14-pltcl-debuginfo-14.11-150200.5.39.1
* postgresql14-devel-14.11-150200.5.39.1
* postgresql14-server-14.11-150200.5.39.1
* postgresql14-14.11-150200.5.39.1
* postgresql14-contrib-debuginfo-14.11-150200.5.39.1
* postgresql14-server-devel-14.11-150200.5.39.1
* postgresql14-pltcl-14.11-150200.5.39.1
* postgresql14-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-contrib-14.11-150200.5.39.1
* postgresql14-plperl-debuginfo-14.11-150200.5.39.1
* postgresql14-plperl-14.11-150200.5.39.1
* postgresql14-server-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-14.11-150200.5.39.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* postgresql14-docs-14.11-150200.5.39.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* postgresql14-debugsource-14.11-150200.5.39.1
* postgresql14-server-debuginfo-14.11-150200.5.39.1
* postgresql14-debuginfo-14.11-150200.5.39.1
* postgresql14-pltcl-debuginfo-14.11-150200.5.39.1
* postgresql14-devel-14.11-150200.5.39.1
* postgresql14-server-14.11-150200.5.39.1
* postgresql14-14.11-150200.5.39.1
* postgresql14-contrib-debuginfo-14.11-150200.5.39.1
* postgresql14-server-devel-14.11-150200.5.39.1
* postgresql14-pltcl-14.11-150200.5.39.1
* postgresql14-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-contrib-14.11-150200.5.39.1
* postgresql14-plperl-debuginfo-14.11-150200.5.39.1
* postgresql14-plperl-14.11-150200.5.39.1
* postgresql14-server-devel-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-debuginfo-14.11-150200.5.39.1
* postgresql14-plpython-14.11-150200.5.39.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* postgresql14-docs-14.11-150200.5.39.1

## References:

* https://www.suse.com/security/cve/CVE-2024-0985.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219679



SUSE-SU-2024:0558-1: important: Security update for libssh2_org


# Security update for libssh2_org

Announcement ID: SUSE-SU-2024:0558-1
Rating: important
References:

* bsc#1218971

Cross-References:

* CVE-2023-48795

CVSS scores:

* CVE-2023-48795 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-48795 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products:

* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for libssh2_org fixes the following issues:

* Always add the KEX pseudo-methods "ext-info-c" and "kex-strict-
c-v00@openssh.com" when configuring custom method list. [bsc#1218971,
CVE-2023-48795]

* The strict-kex extension is announced in the list of available KEX methods.
However, when the default KEX method list is modified or replaced, the
extension is not added back automatically.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2024-558=1

* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2024-558=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-558=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-558=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-558=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-558=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-558=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-558=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-558=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-558=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-558=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-558=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-558=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-558=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-558=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-558=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-558=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-558=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-558=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-558=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-558=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-558=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-558=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-558=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-558=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-558=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-558=1

## Package List:

* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2-devel-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* openSUSE Leap 15.5 (x86_64)
* libssh2-1-32bit-1.11.0-150000.4.25.1
* libssh2-1-32bit-debuginfo-1.11.0-150000.4.25.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2-devel-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2-devel-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64)
* libssh2-1-32bit-1.11.0-150000.4.25.1
* libssh2-1-32bit-debuginfo-1.11.0-150000.4.25.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2-devel-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2-devel-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2-devel-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2-devel-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2-devel-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64)
* libssh2-1-32bit-1.11.0-150000.4.25.1
* libssh2-1-32bit-debuginfo-1.11.0-150000.4.25.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2-devel-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2-devel-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2-devel-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
* libssh2-1-32bit-1.11.0-150000.4.25.1
* libssh2-1-32bit-debuginfo-1.11.0-150000.4.25.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2-devel-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2-devel-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Manager Proxy 4.3 (x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2-devel-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2-devel-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2-devel-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2-devel-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* libssh2-1-1.11.0-150000.4.25.1
* libssh2-1-debuginfo-1.11.0-150000.4.25.1
* libssh2_org-debugsource-1.11.0-150000.4.25.1

## References:

* https://www.suse.com/security/cve/CVE-2023-48795.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218971



SUSE-SU-2024:0522-1: important: Security update for postgresql13


# Security update for postgresql13

Announcement ID: SUSE-SU-2024:0522-1
Rating: important
References:

* bsc#1219679

Cross-References:

* CVE-2024-0985

CVSS scores:

* CVE-2024-0985 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-0985 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Galera for Ericsson 15 SP5
* openSUSE Leap 15.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves one vulnerability can now be installed.

## Description:

This update for postgresql13 fixes the following issues:

Upgrade to 13.14:

* CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED
VIEW CONCURRENTLY (bsc#1219679).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-522=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-522=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-522=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-522=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-522=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-522=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-522=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-522=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-522=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-522=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-522=1

* Galera for Ericsson 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-ERICSSON-2024-522=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-522=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* postgresql13-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-server-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-13.14-150200.5.53.1
* postgresql13-contrib-debuginfo-13.14-150200.5.53.1
* postgresql13-debuginfo-13.14-150200.5.53.1
* postgresql13-plperl-13.14-150200.5.53.1
* postgresql13-contrib-13.14-150200.5.53.1
* postgresql13-devel-13.14-150200.5.53.1
* postgresql13-pltcl-13.14-150200.5.53.1
* postgresql13-plperl-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-13.14-150200.5.53.1
* postgresql13-plpython-debuginfo-13.14-150200.5.53.1
* postgresql13-pltcl-debuginfo-13.14-150200.5.53.1
* postgresql13-debugsource-13.14-150200.5.53.1
* postgresql13-server-13.14-150200.5.53.1
* postgresql13-plpython-13.14-150200.5.53.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* postgresql13-docs-13.14-150200.5.53.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* postgresql13-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-llvmjit-devel-13.14-150200.5.53.1
* postgresql13-server-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-13.14-150200.5.53.1
* postgresql13-contrib-debuginfo-13.14-150200.5.53.1
* postgresql13-debuginfo-13.14-150200.5.53.1
* postgresql13-plperl-13.14-150200.5.53.1
* postgresql13-contrib-13.14-150200.5.53.1
* postgresql13-devel-13.14-150200.5.53.1
* postgresql13-llvmjit-13.14-150200.5.53.1
* postgresql13-plperl-debuginfo-13.14-150200.5.53.1
* postgresql13-pltcl-13.14-150200.5.53.1
* postgresql13-server-devel-13.14-150200.5.53.1
* postgresql13-plpython-debuginfo-13.14-150200.5.53.1
* postgresql13-pltcl-debuginfo-13.14-150200.5.53.1
* postgresql13-debugsource-13.14-150200.5.53.1
* postgresql13-server-13.14-150200.5.53.1
* postgresql13-llvmjit-debuginfo-13.14-150200.5.53.1
* postgresql13-plpython-13.14-150200.5.53.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* postgresql13-docs-13.14-150200.5.53.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* postgresql13-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-server-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-13.14-150200.5.53.1
* postgresql13-contrib-debuginfo-13.14-150200.5.53.1
* postgresql13-debuginfo-13.14-150200.5.53.1
* postgresql13-plperl-13.14-150200.5.53.1
* postgresql13-contrib-13.14-150200.5.53.1
* postgresql13-devel-13.14-150200.5.53.1
* postgresql13-pltcl-13.14-150200.5.53.1
* postgresql13-plperl-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-13.14-150200.5.53.1
* postgresql13-plpython-debuginfo-13.14-150200.5.53.1
* postgresql13-pltcl-debuginfo-13.14-150200.5.53.1
* postgresql13-debugsource-13.14-150200.5.53.1
* postgresql13-server-13.14-150200.5.53.1
* postgresql13-plpython-13.14-150200.5.53.1
* SUSE Enterprise Storage 7.1 (noarch)
* postgresql13-docs-13.14-150200.5.53.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* postgresql13-server-debuginfo-13.14-150200.5.53.1
* postgresql13-plperl-13.14-150200.5.53.1
* postgresql13-devel-13.14-150200.5.53.1
* postgresql13-llvmjit-13.14-150200.5.53.1
* postgresql13-plpython-debuginfo-13.14-150200.5.53.1
* postgresql13-server-13.14-150200.5.53.1
* postgresql13-llvmjit-debuginfo-13.14-150200.5.53.1
* postgresql13-plpython-13.14-150200.5.53.1
* postgresql13-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-llvmjit-devel-13.14-150200.5.53.1
* postgresql13-server-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-debugsource-13.14-150200.5.53.1
* postgresql13-test-13.14-150200.5.53.1
* postgresql13-13.14-150200.5.53.1
* postgresql13-contrib-13.14-150200.5.53.1
* postgresql13-pltcl-13.14-150200.5.53.1
* postgresql13-plperl-debuginfo-13.14-150200.5.53.1
* postgresql13-contrib-debuginfo-13.14-150200.5.53.1
* postgresql13-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-13.14-150200.5.53.1
* postgresql13-pltcl-debuginfo-13.14-150200.5.53.1
* openSUSE Leap 15.5 (noarch)
* postgresql13-docs-13.14-150200.5.53.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* postgresql13-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-server-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-13.14-150200.5.53.1
* postgresql13-contrib-debuginfo-13.14-150200.5.53.1
* postgresql13-debuginfo-13.14-150200.5.53.1
* postgresql13-plperl-13.14-150200.5.53.1
* postgresql13-contrib-13.14-150200.5.53.1
* postgresql13-devel-13.14-150200.5.53.1
* postgresql13-pltcl-13.14-150200.5.53.1
* postgresql13-plperl-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-13.14-150200.5.53.1
* postgresql13-plpython-debuginfo-13.14-150200.5.53.1
* postgresql13-pltcl-debuginfo-13.14-150200.5.53.1
* postgresql13-debugsource-13.14-150200.5.53.1
* postgresql13-server-13.14-150200.5.53.1
* postgresql13-plpython-13.14-150200.5.53.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* postgresql13-docs-13.14-150200.5.53.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* postgresql13-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-server-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-13.14-150200.5.53.1
* postgresql13-contrib-debuginfo-13.14-150200.5.53.1
* postgresql13-debuginfo-13.14-150200.5.53.1
* postgresql13-plperl-13.14-150200.5.53.1
* postgresql13-contrib-13.14-150200.5.53.1
* postgresql13-devel-13.14-150200.5.53.1
* postgresql13-pltcl-13.14-150200.5.53.1
* postgresql13-plperl-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-13.14-150200.5.53.1
* postgresql13-plpython-debuginfo-13.14-150200.5.53.1
* postgresql13-pltcl-debuginfo-13.14-150200.5.53.1
* postgresql13-debugsource-13.14-150200.5.53.1
* postgresql13-server-13.14-150200.5.53.1
* postgresql13-plpython-13.14-150200.5.53.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* postgresql13-docs-13.14-150200.5.53.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* postgresql13-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-llvmjit-devel-13.14-150200.5.53.1
* postgresql13-server-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-13.14-150200.5.53.1
* postgresql13-contrib-debuginfo-13.14-150200.5.53.1
* postgresql13-debuginfo-13.14-150200.5.53.1
* postgresql13-plperl-13.14-150200.5.53.1
* postgresql13-contrib-13.14-150200.5.53.1
* postgresql13-devel-13.14-150200.5.53.1
* postgresql13-llvmjit-13.14-150200.5.53.1
* postgresql13-plperl-debuginfo-13.14-150200.5.53.1
* postgresql13-pltcl-13.14-150200.5.53.1
* postgresql13-server-devel-13.14-150200.5.53.1
* postgresql13-plpython-debuginfo-13.14-150200.5.53.1
* postgresql13-pltcl-debuginfo-13.14-150200.5.53.1
* postgresql13-debugsource-13.14-150200.5.53.1
* postgresql13-server-13.14-150200.5.53.1
* postgresql13-llvmjit-debuginfo-13.14-150200.5.53.1
* postgresql13-plpython-13.14-150200.5.53.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* postgresql13-docs-13.14-150200.5.53.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* postgresql13-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-llvmjit-devel-13.14-150200.5.53.1
* postgresql13-server-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-13.14-150200.5.53.1
* postgresql13-contrib-debuginfo-13.14-150200.5.53.1
* postgresql13-debuginfo-13.14-150200.5.53.1
* postgresql13-plperl-13.14-150200.5.53.1
* postgresql13-contrib-13.14-150200.5.53.1
* postgresql13-devel-13.14-150200.5.53.1
* postgresql13-llvmjit-13.14-150200.5.53.1
* postgresql13-plperl-debuginfo-13.14-150200.5.53.1
* postgresql13-pltcl-13.14-150200.5.53.1
* postgresql13-server-devel-13.14-150200.5.53.1
* postgresql13-plpython-debuginfo-13.14-150200.5.53.1
* postgresql13-pltcl-debuginfo-13.14-150200.5.53.1
* postgresql13-debugsource-13.14-150200.5.53.1
* postgresql13-server-13.14-150200.5.53.1
* postgresql13-llvmjit-debuginfo-13.14-150200.5.53.1
* postgresql13-plpython-13.14-150200.5.53.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* postgresql13-docs-13.14-150200.5.53.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* postgresql13-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-server-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-13.14-150200.5.53.1
* postgresql13-contrib-debuginfo-13.14-150200.5.53.1
* postgresql13-debuginfo-13.14-150200.5.53.1
* postgresql13-plperl-13.14-150200.5.53.1
* postgresql13-contrib-13.14-150200.5.53.1
* postgresql13-devel-13.14-150200.5.53.1
* postgresql13-pltcl-13.14-150200.5.53.1
* postgresql13-plperl-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-13.14-150200.5.53.1
* postgresql13-plpython-debuginfo-13.14-150200.5.53.1
* postgresql13-pltcl-debuginfo-13.14-150200.5.53.1
* postgresql13-debugsource-13.14-150200.5.53.1
* postgresql13-server-13.14-150200.5.53.1
* postgresql13-plpython-13.14-150200.5.53.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* postgresql13-docs-13.14-150200.5.53.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* postgresql13-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-server-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-13.14-150200.5.53.1
* postgresql13-contrib-debuginfo-13.14-150200.5.53.1
* postgresql13-debuginfo-13.14-150200.5.53.1
* postgresql13-plperl-13.14-150200.5.53.1
* postgresql13-contrib-13.14-150200.5.53.1
* postgresql13-devel-13.14-150200.5.53.1
* postgresql13-pltcl-13.14-150200.5.53.1
* postgresql13-plperl-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-13.14-150200.5.53.1
* postgresql13-plpython-debuginfo-13.14-150200.5.53.1
* postgresql13-pltcl-debuginfo-13.14-150200.5.53.1
* postgresql13-debugsource-13.14-150200.5.53.1
* postgresql13-server-13.14-150200.5.53.1
* postgresql13-plpython-13.14-150200.5.53.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* postgresql13-docs-13.14-150200.5.53.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* postgresql13-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-llvmjit-devel-13.14-150200.5.53.1
* postgresql13-server-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-13.14-150200.5.53.1
* postgresql13-contrib-debuginfo-13.14-150200.5.53.1
* postgresql13-debuginfo-13.14-150200.5.53.1
* postgresql13-plperl-13.14-150200.5.53.1
* postgresql13-contrib-13.14-150200.5.53.1
* postgresql13-devel-13.14-150200.5.53.1
* postgresql13-llvmjit-13.14-150200.5.53.1
* postgresql13-plperl-debuginfo-13.14-150200.5.53.1
* postgresql13-pltcl-13.14-150200.5.53.1
* postgresql13-server-devel-13.14-150200.5.53.1
* postgresql13-plpython-debuginfo-13.14-150200.5.53.1
* postgresql13-pltcl-debuginfo-13.14-150200.5.53.1
* postgresql13-debugsource-13.14-150200.5.53.1
* postgresql13-server-13.14-150200.5.53.1
* postgresql13-llvmjit-debuginfo-13.14-150200.5.53.1
* postgresql13-plpython-13.14-150200.5.53.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* postgresql13-docs-13.14-150200.5.53.1
* Galera for Ericsson 15 SP5 (x86_64)
* postgresql13-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-server-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-13.14-150200.5.53.1
* postgresql13-contrib-debuginfo-13.14-150200.5.53.1
* postgresql13-debuginfo-13.14-150200.5.53.1
* postgresql13-plperl-13.14-150200.5.53.1
* postgresql13-contrib-13.14-150200.5.53.1
* postgresql13-devel-13.14-150200.5.53.1
* postgresql13-pltcl-13.14-150200.5.53.1
* postgresql13-plperl-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-13.14-150200.5.53.1
* postgresql13-plpython-debuginfo-13.14-150200.5.53.1
* postgresql13-pltcl-debuginfo-13.14-150200.5.53.1
* postgresql13-debugsource-13.14-150200.5.53.1
* postgresql13-server-13.14-150200.5.53.1
* postgresql13-plpython-13.14-150200.5.53.1
* Galera for Ericsson 15 SP5 (noarch)
* postgresql13-docs-13.14-150200.5.53.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* postgresql13-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-server-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-debuginfo-13.14-150200.5.53.1
* postgresql13-13.14-150200.5.53.1
* postgresql13-contrib-debuginfo-13.14-150200.5.53.1
* postgresql13-debuginfo-13.14-150200.5.53.1
* postgresql13-plperl-13.14-150200.5.53.1
* postgresql13-contrib-13.14-150200.5.53.1
* postgresql13-devel-13.14-150200.5.53.1
* postgresql13-pltcl-13.14-150200.5.53.1
* postgresql13-plperl-debuginfo-13.14-150200.5.53.1
* postgresql13-server-devel-13.14-150200.5.53.1
* postgresql13-plpython-debuginfo-13.14-150200.5.53.1
* postgresql13-pltcl-debuginfo-13.14-150200.5.53.1
* postgresql13-debugsource-13.14-150200.5.53.1
* postgresql13-server-13.14-150200.5.53.1
* postgresql13-plpython-13.14-150200.5.53.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* postgresql13-docs-13.14-150200.5.53.1

## References:

* https://www.suse.com/security/cve/CVE-2024-0985.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219679



SUSE-SU-2024:0479-1: important: Security update for java-1_8_0-openj9


# Security update for java-1_8_0-openj9

Announcement ID: SUSE-SU-2024:0479-1
Rating: important
References:

* bsc#1217214
* bsc#1218903
* bsc#1218905
* bsc#1218906
* bsc#1218907
* bsc#1218909
* bsc#1218911

Cross-References:

* CVE-2023-5676
* CVE-2024-20918
* CVE-2024-20919
* CVE-2024-20921
* CVE-2024-20926
* CVE-2024-20945
* CVE-2024-20952

CVSS scores:

* CVE-2023-5676 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-5676 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-20918 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-20919 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-20921 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-20926 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-20945 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-20952 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Package Hub 15 15-SP5

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for java-1_8_0-openj9 fixes the following issues:

Update to OpenJDK 8u402 build 06 with OpenJ9 0.43.0 virtual machine

* Including OpenJ9 0.41.0 fixes of CVE-2023-5676, bsc#1217214
* CVE-2024-20918 (bsc#1218907), CVE-2024-20919 (bsc#1218903), CVE-2024-20921
(bsc#1218905), CVE-2024-20926 (bsc#1218906), CVE-2024-20945 (bsc#1218909),
CVE-2024-20952 (bsc#1218911)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-479=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-479=1

## Package List:

* SUSE Package Hub 15 15-SP5 (ppc64le s390x)
* java-1_8_0-openj9-debugsource-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-demo-debuginfo-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-src-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-headless-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-devel-debuginfo-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-accessibility-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-demo-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-devel-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-headless-debuginfo-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-debuginfo-1.8.0.402-150200.3.42.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openj9-debugsource-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-demo-debuginfo-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-src-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-headless-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-devel-debuginfo-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-accessibility-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-demo-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-devel-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-headless-debuginfo-1.8.0.402-150200.3.42.1
* java-1_8_0-openj9-debuginfo-1.8.0.402-150200.3.42.1
* openSUSE Leap 15.5 (noarch)
* java-1_8_0-openj9-javadoc-1.8.0.402-150200.3.42.1

## References:

* https://www.suse.com/security/cve/CVE-2023-5676.html
* https://www.suse.com/security/cve/CVE-2024-20918.html
* https://www.suse.com/security/cve/CVE-2024-20919.html
* https://www.suse.com/security/cve/CVE-2024-20921.html
* https://www.suse.com/security/cve/CVE-2024-20926.html
* https://www.suse.com/security/cve/CVE-2024-20945.html
* https://www.suse.com/security/cve/CVE-2024-20952.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217214
* https://bugzilla.suse.com/show_bug.cgi?id=1218903
* https://bugzilla.suse.com/show_bug.cgi?id=1218905
* https://bugzilla.suse.com/show_bug.cgi?id=1218906
* https://bugzilla.suse.com/show_bug.cgi?id=1218907
* https://bugzilla.suse.com/show_bug.cgi?id=1218909
* https://bugzilla.suse.com/show_bug.cgi?id=1218911



SUSE-SU-2024:0510-1: important: Security update for salt


# Security update for salt

Announcement ID: SUSE-SU-2024:0510-1
Rating: important
References:

* bsc#1193948
* bsc#1211649
* bsc#1215963
* bsc#1216284
* bsc#1219430
* bsc#1219431
* jsc#MSQA-719

Cross-References:

* CVE-2024-22231
* CVE-2024-22232

CVSS scores:

* CVE-2024-22231 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
* CVE-2024-22232 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Products:

* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* Server Applications Module 15-SP5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* Transactional Server Module 15-SP5

An update that solves two vulnerabilities, contains one feature and has four
security fixes can now be installed.

## Description:

This update for salt fixes the following issues:

Security issues fixed:

* CVE-2024-22231: Prevent directory traversal when creating syndic cache
directory on the master (bsc#1219430)
* CVE-2024-22232: Prevent directory traversal attacks in the master's
serve_file method (bsc#1219431)

Bugs fixed:

* Ensure that pillar refresh loads beacons from pillar without restart
* Fix the aptpkg.py unit test failure
* Prefer unittest.mock to python-mock in test suite
* Enable "KeepAlive" probes for Salt SSH executions (bsc#1211649)
* Revert changes to set Salt configured user early in the stack (bsc#1216284)
* Align behavior of some modules when using salt-call via symlink
(bsc#1215963)
* Fix gitfs " **env** " and improve cache cleaning (bsc#1193948)
* Remove python-boto dependency for the python3-salt-testsuite package for
Tumbleweed

## Special Instructions and Notes:

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-510=1 openSUSE-SLE-15.5-2024-510=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-510=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-510=1

* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-510=1

* Transactional Server Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP5-2024-510=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* salt-ssh-3006.0-150500.4.29.1
* salt-cloud-3006.0-150500.4.29.1
* python3-salt-testsuite-3006.0-150500.4.29.1
* salt-3006.0-150500.4.29.1
* salt-doc-3006.0-150500.4.29.1
* python3-salt-3006.0-150500.4.29.1
* salt-proxy-3006.0-150500.4.29.1
* salt-syndic-3006.0-150500.4.29.1
* salt-master-3006.0-150500.4.29.1
* salt-minion-3006.0-150500.4.29.1
* salt-transactional-update-3006.0-150500.4.29.1
* salt-api-3006.0-150500.4.29.1
* salt-standalone-formulas-configuration-3006.0-150500.4.29.1
* openSUSE Leap 15.5 (noarch)
* salt-bash-completion-3006.0-150500.4.29.1
* salt-fish-completion-3006.0-150500.4.29.1
* salt-zsh-completion-3006.0-150500.4.29.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* salt-minion-3006.0-150500.4.29.1
* salt-3006.0-150500.4.29.1
* python3-salt-3006.0-150500.4.29.1
* salt-transactional-update-3006.0-150500.4.29.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* salt-minion-3006.0-150500.4.29.1
* salt-3006.0-150500.4.29.1
* salt-doc-3006.0-150500.4.29.1
* python3-salt-3006.0-150500.4.29.1
* Basesystem Module 15-SP5 (noarch)
* salt-bash-completion-3006.0-150500.4.29.1
* salt-zsh-completion-3006.0-150500.4.29.1
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* salt-ssh-3006.0-150500.4.29.1
* salt-cloud-3006.0-150500.4.29.1
* salt-proxy-3006.0-150500.4.29.1
* salt-syndic-3006.0-150500.4.29.1
* salt-master-3006.0-150500.4.29.1
* salt-api-3006.0-150500.4.29.1
* salt-standalone-formulas-configuration-3006.0-150500.4.29.1
* Server Applications Module 15-SP5 (noarch)
* salt-fish-completion-3006.0-150500.4.29.1
* Transactional Server Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* salt-transactional-update-3006.0-150500.4.29.1

## References:

* https://www.suse.com/security/cve/CVE-2024-22231.html
* https://www.suse.com/security/cve/CVE-2024-22232.html
* https://bugzilla.suse.com/show_bug.cgi?id=1193948
* https://bugzilla.suse.com/show_bug.cgi?id=1211649
* https://bugzilla.suse.com/show_bug.cgi?id=1215963
* https://bugzilla.suse.com/show_bug.cgi?id=1216284
* https://bugzilla.suse.com/show_bug.cgi?id=1219430
* https://bugzilla.suse.com/show_bug.cgi?id=1219431
* https://jira.suse.com/browse/MSQA-719



SUSE-SU-2024:0509-1: important: Security update for salt


# Security update for salt

Announcement ID: SUSE-SU-2024:0509-1
Rating: important
References:

* bsc#1193948
* bsc#1211649
* bsc#1215963
* bsc#1216284
* bsc#1219430
* bsc#1219431
* jsc#MSQA-719

Cross-References:

* CVE-2024-22231
* CVE-2024-22232

CVSS scores:

* CVE-2024-22231 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
* CVE-2024-22232 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves two vulnerabilities, contains one feature and has four
security fixes can now be installed.

## Description:

This update for salt fixes the following issues:

Security issues fixed:

* CVE-2024-22231: Prevent directory traversal when creating syndic cache
directory on the master (bsc#1219430)
* CVE-2024-22232: Prevent directory traversal attacks in the master's
serve_file method (bsc#1219431)

Bugs fixed:

* Ensure that pillar refresh loads beacons from pillar without restart
* Fix the aptpkg.py unit test failure
* Prefer unittest.mock to python-mock in test suite
* Enable "KeepAlive" probes for Salt SSH executions (bsc#1211649)
* Revert changes to set Salt configured user early in the stack (bsc#1216284)
* Align behavior of some modules when using salt-call via symlink
(bsc#1215963)
* Fix gitfs " **env** " and improve cache cleaning (bsc#1193948)
* Remove python-boto dependency for the python3-salt-testsuite package for
Tumbleweed

## Special Instructions and Notes:

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-509=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-509=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-509=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-509=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-509=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-509=1

* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2024-509=1

* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2024-509=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-509=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-509=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-509=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-509=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-509=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-509=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-509=1

## Package List:

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* salt-syndic-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* python3-salt-3006.0-150400.8.54.1
* salt-proxy-3006.0-150400.8.54.1
* salt-standalone-formulas-configuration-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-doc-3006.0-150400.8.54.1
* salt-transactional-update-3006.0-150400.8.54.1
* salt-api-3006.0-150400.8.54.1
* salt-ssh-3006.0-150400.8.54.1
* salt-master-3006.0-150400.8.54.1
* salt-cloud-3006.0-150400.8.54.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* salt-fish-completion-3006.0-150400.8.54.1
* salt-zsh-completion-3006.0-150400.8.54.1
* salt-bash-completion-3006.0-150400.8.54.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* salt-syndic-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* python3-salt-3006.0-150400.8.54.1
* salt-proxy-3006.0-150400.8.54.1
* salt-standalone-formulas-configuration-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-doc-3006.0-150400.8.54.1
* salt-api-3006.0-150400.8.54.1
* salt-ssh-3006.0-150400.8.54.1
* salt-master-3006.0-150400.8.54.1
* salt-cloud-3006.0-150400.8.54.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* salt-fish-completion-3006.0-150400.8.54.1
* salt-zsh-completion-3006.0-150400.8.54.1
* salt-bash-completion-3006.0-150400.8.54.1
* SUSE Manager Proxy 4.3 (x86_64)
* salt-syndic-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* python3-salt-3006.0-150400.8.54.1
* salt-proxy-3006.0-150400.8.54.1
* salt-standalone-formulas-configuration-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-doc-3006.0-150400.8.54.1
* salt-api-3006.0-150400.8.54.1
* salt-ssh-3006.0-150400.8.54.1
* salt-master-3006.0-150400.8.54.1
* salt-cloud-3006.0-150400.8.54.1
* SUSE Manager Proxy 4.3 (noarch)
* salt-fish-completion-3006.0-150400.8.54.1
* salt-zsh-completion-3006.0-150400.8.54.1
* salt-bash-completion-3006.0-150400.8.54.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* salt-syndic-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* python3-salt-3006.0-150400.8.54.1
* salt-proxy-3006.0-150400.8.54.1
* salt-standalone-formulas-configuration-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-doc-3006.0-150400.8.54.1
* salt-api-3006.0-150400.8.54.1
* salt-ssh-3006.0-150400.8.54.1
* salt-master-3006.0-150400.8.54.1
* salt-cloud-3006.0-150400.8.54.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* salt-fish-completion-3006.0-150400.8.54.1
* salt-zsh-completion-3006.0-150400.8.54.1
* salt-bash-completion-3006.0-150400.8.54.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* salt-syndic-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* python3-salt-3006.0-150400.8.54.1
* salt-proxy-3006.0-150400.8.54.1
* salt-standalone-formulas-configuration-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-doc-3006.0-150400.8.54.1
* salt-api-3006.0-150400.8.54.1
* salt-ssh-3006.0-150400.8.54.1
* salt-master-3006.0-150400.8.54.1
* salt-cloud-3006.0-150400.8.54.1
* SUSE Manager Server 4.3 (noarch)
* salt-fish-completion-3006.0-150400.8.54.1
* salt-zsh-completion-3006.0-150400.8.54.1
* salt-bash-completion-3006.0-150400.8.54.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* salt-syndic-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* python3-salt-3006.0-150400.8.54.1
* python3-salt-testsuite-3006.0-150400.8.54.1
* salt-proxy-3006.0-150400.8.54.1
* salt-standalone-formulas-configuration-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-doc-3006.0-150400.8.54.1
* salt-transactional-update-3006.0-150400.8.54.1
* salt-api-3006.0-150400.8.54.1
* salt-ssh-3006.0-150400.8.54.1
* salt-master-3006.0-150400.8.54.1
* salt-cloud-3006.0-150400.8.54.1
* openSUSE Leap 15.4 (noarch)
* salt-fish-completion-3006.0-150400.8.54.1
* salt-zsh-completion-3006.0-150400.8.54.1
* salt-bash-completion-3006.0-150400.8.54.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* python3-salt-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-transactional-update-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* python3-salt-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-transactional-update-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* python3-salt-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-transactional-update-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* python3-salt-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-transactional-update-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* python3-salt-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-transactional-update-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* python3-salt-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-transactional-update-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* salt-syndic-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* python3-salt-3006.0-150400.8.54.1
* salt-proxy-3006.0-150400.8.54.1
* salt-standalone-formulas-configuration-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-doc-3006.0-150400.8.54.1
* salt-api-3006.0-150400.8.54.1
* salt-ssh-3006.0-150400.8.54.1
* salt-master-3006.0-150400.8.54.1
* salt-cloud-3006.0-150400.8.54.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* salt-fish-completion-3006.0-150400.8.54.1
* salt-zsh-completion-3006.0-150400.8.54.1
* salt-bash-completion-3006.0-150400.8.54.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* salt-syndic-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* python3-salt-3006.0-150400.8.54.1
* salt-proxy-3006.0-150400.8.54.1
* salt-standalone-formulas-configuration-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-doc-3006.0-150400.8.54.1
* salt-api-3006.0-150400.8.54.1
* salt-ssh-3006.0-150400.8.54.1
* salt-master-3006.0-150400.8.54.1
* salt-cloud-3006.0-150400.8.54.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* salt-fish-completion-3006.0-150400.8.54.1
* salt-zsh-completion-3006.0-150400.8.54.1
* salt-bash-completion-3006.0-150400.8.54.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* python3-salt-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-doc-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch)
* salt-zsh-completion-3006.0-150400.8.54.1
* salt-bash-completion-3006.0-150400.8.54.1

## References:

* https://www.suse.com/security/cve/CVE-2024-22231.html
* https://www.suse.com/security/cve/CVE-2024-22232.html
* https://bugzilla.suse.com/show_bug.cgi?id=1193948
* https://bugzilla.suse.com/show_bug.cgi?id=1211649
* https://bugzilla.suse.com/show_bug.cgi?id=1215963
* https://bugzilla.suse.com/show_bug.cgi?id=1216284
* https://bugzilla.suse.com/show_bug.cgi?id=1219430
* https://bugzilla.suse.com/show_bug.cgi?id=1219431
* https://jira.suse.com/browse/MSQA-719



SUSE-SU-2024:0518-1: moderate: Security update for openssl-3


# Security update for openssl-3

Announcement ID: SUSE-SU-2024:0518-1
Rating: moderate
References:

* bsc#1218690
* bsc#1218810
* bsc#1219243

Cross-References:

* CVE-2023-6129
* CVE-2023-6237
* CVE-2024-0727

CVSS scores:

* CVE-2023-6129 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-6129 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2023-6237 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0727 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2024-0727 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for openssl-3 fixes the following issues:

* CVE-2023-6129: Fixed vector register clobbering on PowerPC. (bsc#1218690)
* CVE-2023-6237: Fixed excessive time spent checking invalid RSA public keys.
(bsc#1218810)
* CVE-2024-0727: Denial of service when processing a maliciously formatted
PKCS12 file (bsc#1219243).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-518=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-518=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-518=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-518=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-518=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-518=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-518=1

* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2024-518=1

* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2024-518=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-518=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-518=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-518=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-518=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-518=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-518=1

## Package List:

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* openssl-3-debuginfo-3.0.8-150400.4.49.1
* libopenssl-3-devel-3.0.8-150400.4.49.1
* libopenssl3-debuginfo-3.0.8-150400.4.49.1
* openssl-3-debugsource-3.0.8-150400.4.49.1
* openssl-3-3.0.8-150400.4.49.1
* libopenssl3-3.0.8-150400.4.49.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* openssl-3-debuginfo-3.0.8-150400.4.49.1
* libopenssl-3-devel-3.0.8-150400.4.49.1
* libopenssl3-debuginfo-3.0.8-150400.4.49.1
* openssl-3-debugsource-3.0.8-150400.4.49.1
* openssl-3-3.0.8-150400.4.49.1
* libopenssl3-3.0.8-150400.4.49.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* openssl-3-debuginfo-3.0.8-150400.4.49.1
* libopenssl-3-devel-3.0.8-150400.4.49.1
* libopenssl3-debuginfo-3.0.8-150400.4.49.1
* openssl-3-debugsource-3.0.8-150400.4.49.1
* openssl-3-3.0.8-150400.4.49.1
* libopenssl3-3.0.8-150400.4.49.1
* SUSE Manager Proxy 4.3 (x86_64)
* openssl-3-debuginfo-3.0.8-150400.4.49.1
* libopenssl-3-devel-3.0.8-150400.4.49.1
* libopenssl3-debuginfo-3.0.8-150400.4.49.1
* openssl-3-debugsource-3.0.8-150400.4.49.1
* openssl-3-3.0.8-150400.4.49.1
* libopenssl3-3.0.8-150400.4.49.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* openssl-3-debuginfo-3.0.8-150400.4.49.1
* libopenssl-3-devel-3.0.8-150400.4.49.1
* libopenssl3-debuginfo-3.0.8-150400.4.49.1
* openssl-3-debugsource-3.0.8-150400.4.49.1
* openssl-3-3.0.8-150400.4.49.1
* libopenssl3-3.0.8-150400.4.49.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* openssl-3-debuginfo-3.0.8-150400.4.49.1
* libopenssl-3-devel-3.0.8-150400.4.49.1
* libopenssl3-debuginfo-3.0.8-150400.4.49.1
* openssl-3-debugsource-3.0.8-150400.4.49.1
* openssl-3-3.0.8-150400.4.49.1
* libopenssl3-3.0.8-150400.4.49.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* openssl-3-debuginfo-3.0.8-150400.4.49.1
* libopenssl-3-devel-3.0.8-150400.4.49.1
* libopenssl3-debuginfo-3.0.8-150400.4.49.1
* openssl-3-debugsource-3.0.8-150400.4.49.1
* openssl-3-3.0.8-150400.4.49.1
* libopenssl3-3.0.8-150400.4.49.1
* openSUSE Leap 15.4 (x86_64)
* libopenssl-3-devel-32bit-3.0.8-150400.4.49.1
* libopenssl3-32bit-3.0.8-150400.4.49.1
* libopenssl3-32bit-debuginfo-3.0.8-150400.4.49.1
* openSUSE Leap 15.4 (noarch)
* openssl-3-doc-3.0.8-150400.4.49.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libopenssl3-64bit-debuginfo-3.0.8-150400.4.49.1
* libopenssl-3-devel-64bit-3.0.8-150400.4.49.1
* libopenssl3-64bit-3.0.8-150400.4.49.1
* openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.49.1
* libopenssl3-debuginfo-3.0.8-150400.4.49.1
* libopenssl3-3.0.8-150400.4.49.1
* openSUSE Leap Micro 5.4 (aarch64 ppc64le s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.49.1
* libopenssl3-debuginfo-3.0.8-150400.4.49.1
* libopenssl3-3.0.8-150400.4.49.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.49.1
* libopenssl3-debuginfo-3.0.8-150400.4.49.1
* libopenssl3-3.0.8-150400.4.49.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.49.1
* libopenssl3-debuginfo-3.0.8-150400.4.49.1
* libopenssl3-3.0.8-150400.4.49.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.49.1
* libopenssl3-debuginfo-3.0.8-150400.4.49.1
* libopenssl3-3.0.8-150400.4.49.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.49.1
* libopenssl3-debuginfo-3.0.8-150400.4.49.1
* libopenssl3-3.0.8-150400.4.49.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* openssl-3-debuginfo-3.0.8-150400.4.49.1
* libopenssl-3-devel-3.0.8-150400.4.49.1
* libopenssl3-debuginfo-3.0.8-150400.4.49.1
* openssl-3-debugsource-3.0.8-150400.4.49.1
* openssl-3-3.0.8-150400.4.49.1
* libopenssl3-3.0.8-150400.4.49.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* openssl-3-debuginfo-3.0.8-150400.4.49.1
* libopenssl-3-devel-3.0.8-150400.4.49.1
* libopenssl3-debuginfo-3.0.8-150400.4.49.1
* openssl-3-debugsource-3.0.8-150400.4.49.1
* openssl-3-3.0.8-150400.4.49.1
* libopenssl3-3.0.8-150400.4.49.1

## References:

* https://www.suse.com/security/cve/CVE-2023-6129.html
* https://www.suse.com/security/cve/CVE-2023-6237.html
* https://www.suse.com/security/cve/CVE-2024-0727.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218690
* https://bugzilla.suse.com/show_bug.cgi?id=1218810
* https://bugzilla.suse.com/show_bug.cgi?id=1219243



SUSE-SU-2024:0515-1: important: Security update for the Linux Kernel


# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2024:0515-1
Rating: important
References:

* bsc#1108281
* bsc#1177529
* bsc#1209834
* bsc#1212091
* bsc#1215275
* bsc#1215885
* bsc#1216016
* bsc#1216702
* bsc#1217217
* bsc#1217670
* bsc#1217895
* bsc#1217987
* bsc#1217988
* bsc#1217989
* bsc#1218689
* bsc#1218713
* bsc#1218730
* bsc#1218752
* bsc#1218757
* bsc#1218768
* bsc#1218804
* bsc#1218832
* bsc#1218836
* bsc#1218916
* bsc#1218929
* bsc#1218930
* bsc#1218968
* bsc#1219053
* bsc#1219120
* bsc#1219128
* bsc#1219349
* bsc#1219412
* bsc#1219429
* bsc#1219434
* bsc#1219490
* bsc#1219608

Cross-References:

* CVE-2021-33631
* CVE-2023-46838
* CVE-2023-47233
* CVE-2023-4921
* CVE-2023-51042
* CVE-2023-51043
* CVE-2023-51780
* CVE-2023-51782
* CVE-2023-6040
* CVE-2023-6356
* CVE-2023-6535
* CVE-2023-6536
* CVE-2023-6915
* CVE-2024-0340
* CVE-2024-0565
* CVE-2024-0641
* CVE-2024-0775
* CVE-2024-1085
* CVE-2024-1086
* CVE-2024-24860

CVSS scores:

* CVE-2021-33631 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-33631 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-46838 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46838 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-47233 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-47233 ( NVD ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51042 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51042 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51043 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51043 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51780 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51780 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51782 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51782 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6040 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2023-6040 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6356 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6535 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6535 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6536 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6915 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6915 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0340 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-0340 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-0565 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0565 ( NVD ): 7.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-0641 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0641 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0775 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-0775 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-1085 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-1085 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-1086 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-1086 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-24860 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24860 ( NVD ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves 20 vulnerabilities and has 16 security fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

* CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the
nft_setelem_catchall_deactivate() function (bsc#1219429).
* CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables
component that could have been exploited to achieve local privilege
escalation (bsc#1219434).
* CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
* CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c,
because of a vcc_recvmsg race condition (bsc#1218730).
* CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length
transmit fragment (bsc#1218836).
* CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end()
(bsc#1219412).
* CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request
(bsc#1217988).
* CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete
(bsc#1217989).
* CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec
(bsc#1217987).
* CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect
the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
* CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network
scheduler which could be exploited to achieve local privilege escalation
(bsc#1215275).
* CVE-2023-51043: Fixed use-after-free during a race condition between a
nonblocking atomic commit and a driver unload in
drivers/gpu/drm/drm_atomic.c (bsc#1219120).
* CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c
that could allow a local user to cause an information leak problem while
freeing the old quota file names before a potential failure (bsc#1219053).
* CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a
new netfilter table, lack of a safeguard against invalid nf_tables family
(pf) values within `nf_tables_newtable` function (bsc#1218752).
* CVE-2024-0641: Fixed a denial of service vulnerability in
tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
* CVE-2024-0565: Fixed an out-of-bounds memory read flaw in
receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
* CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in
lib/idr.c (bsc#1218804).
* CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c
because of a rose_accept race condition (bsc#1218757).
* CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg()
(bsc#1218689).
* CVE-2024-24860: Fixed a denial of service caused by a race condition in
{min,max}_key_size_set() (bsc#1219608).

The following non-security bugs were fixed:

* Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
* bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
(git-fixes).
* bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
* bcache: add code comments for bch_btree_node_get() and
__bch_btree_node_alloc() (git-fixes).
* bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
* bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
* bcache: check return value from btree_node_alloc_replacement() (git-fixes).
* bcache: fixup btree_cache_wait list damage (git-fixes).
* bcache: fixup init dirty data errors (git-fixes).
* bcache: fixup lock c->root error (git-fixes).
* bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-
fixes).
* bcache: prevent potential division by zero error (git-fixes).
* bcache: remove redundant assignment to variable cur_idx (git-fixes).
* bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in
btree_gc_coalesce() (git-fixes).
* bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
* block: Fix kabi header include (bsc#1218929).
* block: free the extended dev_t minor later (bsc#1218930).
* clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217).
* clocksource: disable watchdog checks on TSC when TSC is watchdog
(bsc#1215885).
* dm cache policy smq: ensure IO does not prevent cleaner policy progress
(git-fixes).
* dm cache: add cond_resched() to various workqueue loops (git-fixes).
* dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-
fixes).
* dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
* dm crypt: avoid accessing uninitialized tasklet (git-fixes).
* dm flakey: do not corrupt the zero page (git-fixes).
* dm flakey: fix a crash with invalid table line (git-fixes).
* dm flakey: fix logic when corrupting a bio (git-fixes).
* dm init: add dm-mod.waitfor to wait for asynchronously probed block devices
(git-fixes).
* dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
(git-fixes).
* dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-
fixes).
* dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
* dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-
fixes).
* dm stats: check for and propagate alloc_percpu failure (git-fixes).
* dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-
fixes).
* dm thin metadata: check fail_io before using data_sm (git-fixes).
* dm thin: add cond_resched() to various workqueue loops (git-fixes).
* dm thin: fix deadlock when swapping to thin device (bsc#1177529).
* dm verity: do not perform FEC for failed readahead IO (git-fixes).
* dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
* dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes).
* dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
* dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
* dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata()
(git-fixes).
* dm-verity: align struct dm_verity_fec_io properly (git-fixes).
* dm: add cond_resched() to dm_wq_work() (git-fixes).
* dm: do not lock fs when the map is NULL during suspend or resume (git-
fixes).
* dm: do not lock fs when the map is NULL in process of resume (git-fixes).
* dm: remove flush_scheduled_work() during local_exit() (git-fixes).
* dm: send just one event on resize, not two (git-fixes).
* doc/README.KSYMS: Add to repo.
* hv_netvsc: rndis_filter needs to select NLS (git-fixes).
* intel_idle: add Emerald Rapids Xeon support (bsc#1216016).
* kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
* loop: suppress uevents while reconfiguring the device (git-fixes).
* nbd: Fix debugfs_create_dir error checking (git-fixes).
* nbd: fix incomplete validation of ioctl arg (git-fixes).
* nbd: use the correct block_device in nbd_bdev_reset (git-fixes).
* nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
* nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
* null_blk: Always check queue mode setting from configfs (git-fixes).
* powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-
IOV device (bsc#1212091 ltc#199106 git-fixes).
* rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-
fixes).
* rbd: decouple header read-in from updating rbd_dev->header (git-fixes).
* rbd: decouple parent info read-in from updating rbd_dev (git-fixes).
* rbd: get snapshot context after exclusive lock is ensured to be held (git-
fixes).
* rbd: harden get_lock_owner_info() a bit (git-fixes).
* rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes).
* rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes).
* rbd: move rbd_dev_refresh() definition (git-fixes).
* rbd: prevent busy loop when requesting exclusive lock (git-fixes).
* rbd: retrieve and check lock owner twice before blocklisting (git-fixes).
* rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes).
* sched/isolation: add cpu_is_isolated() API (bsc#1217895).
* scsi: ibmvfc: Implement channel queue depth and event buffer accounting
(bsc#1209834 ltc#202097).
* scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834
ltc#202097).
* trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
* vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-515=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-515=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-515=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-515=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-515=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-515=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-515=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-515=1

* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2024-515=1

* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2024-515=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-515=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-515=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-515=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-515=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-515=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.

* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2024-515=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-515=1

## Package List:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64)
* kernel-64kb-devel-5.14.21-150400.24.108.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-64kb-debugsource-5.14.21-150400.24.108.1
* kernel-64kb-debuginfo-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc
x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1
* kernel-obs-build-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* kernel-default-devel-5.14.21-150400.24.108.1
* kernel-obs-build-debugsource-5.14.21-150400.24.108.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-syms-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* reiserfs-kmp-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* kernel-source-5.14.21-150400.24.108.1
* kernel-macros-5.14.21-150400.24.108.1
* kernel-devel-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (nosrc x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* kernel-default-extra-5.14.21-150400.24.108.1
* kernel-obs-build-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* kernel-default-devel-5.14.21-150400.24.108.1
* kernel-obs-build-debugsource-5.14.21-150400.24.108.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-syms-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-extra-debuginfo-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch)
* kernel-source-5.14.21-150400.24.108.1
* kernel-macros-5.14.21-150400.24.108.1
* kernel-devel-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64)
* kernel-64kb-devel-5.14.21-150400.24.108.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-64kb-debugsource-5.14.21-150400.24.108.1
* kernel-64kb-debuginfo-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64 nosrc)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* kernel-default-devel-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* kernel-obs-build-debugsource-5.14.21-150400.24.108.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-syms-5.14.21-150400.24.108.1
* kernel-obs-build-5.14.21-150400.24.108.1
* reiserfs-kmp-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* kernel-source-5.14.21-150400.24.108.1
* kernel-macros-5.14.21-150400.24.108.1
* kernel-devel-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.108.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le
x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1
* kernel-obs-build-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* kernel-default-devel-5.14.21-150400.24.108.1
* kernel-obs-build-debugsource-5.14.21-150400.24.108.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-syms-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* reiserfs-kmp-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* kernel-source-5.14.21-150400.24.108.1
* kernel-macros-5.14.21-150400.24.108.1
* kernel-devel-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.108.1
* SUSE Manager Proxy 4.3 (nosrc x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Manager Proxy 4.3 (x86_64)
* kernel-default-debugsource-5.14.21-150400.24.108.1
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* kernel-default-devel-5.14.21-150400.24.108.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* SUSE Manager Proxy 4.3 (noarch)
* kernel-macros-5.14.21-150400.24.108.1
* kernel-devel-5.14.21-150400.24.108.1
* SUSE Manager Retail Branch Server 4.3 (nosrc x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* kernel-default-debugsource-5.14.21-150400.24.108.1
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* kernel-default-devel-5.14.21-150400.24.108.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* kernel-macros-5.14.21-150400.24.108.1
* kernel-devel-5.14.21-150400.24.108.1
* SUSE Manager Server 4.3 (nosrc ppc64le s390x x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Manager Server 4.3 (ppc64le x86_64)
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-default-devel-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* SUSE Manager Server 4.3 (noarch)
* kernel-macros-5.14.21-150400.24.108.1
* kernel-devel-5.14.21-150400.24.108.1
* SUSE Manager Server 4.3 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.108.1
* SUSE Manager Server 4.3 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.108.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (noarch)
* kernel-source-vanilla-5.14.21-150400.24.108.1
* kernel-source-5.14.21-150400.24.108.1
* kernel-docs-html-5.14.21-150400.24.108.1
* kernel-macros-5.14.21-150400.24.108.1
* kernel-devel-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (ppc64le x86_64)
* kernel-debug-debuginfo-5.14.21-150400.24.108.1
* kernel-debug-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-debug-livepatch-devel-5.14.21-150400.24.108.1
* kernel-debug-devel-5.14.21-150400.24.108.1
* kernel-debug-debugsource-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.108.1
* kernel-kvmsmall-debuginfo-5.14.21-150400.24.108.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* kernel-kvmsmall-devel-5.14.21-150400.24.108.1
* kernel-default-base-rebuild-5.14.21-150400.24.108.1.150400.24.50.2
* kernel-kvmsmall-debugsource-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kernel-default-livepatch-5.14.21-150400.24.108.1
* kernel-default-optional-5.14.21-150400.24.108.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.108.1
* kernel-syms-5.14.21-150400.24.108.1
* kernel-default-extra-debuginfo-5.14.21-150400.24.108.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-optional-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-devel-5.14.21-150400.24.108.1
* dlm-kmp-default-5.14.21-150400.24.108.1
* kernel-default-extra-5.14.21-150400.24.108.1
* kselftests-kmp-default-debuginfo-5.14.21-150400.24.108.1
* kernel-obs-qa-5.14.21-150400.24.108.1
* kernel-obs-build-debugsource-5.14.21-150400.24.108.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* reiserfs-kmp-default-5.14.21-150400.24.108.1
* cluster-md-kmp-default-5.14.21-150400.24.108.1
* ocfs2-kmp-default-5.14.21-150400.24.108.1
* kernel-default-livepatch-devel-5.14.21-150400.24.108.1
* gfs2-kmp-default-5.14.21-150400.24.108.1
* kselftests-kmp-default-5.14.21-150400.24.108.1
* kernel-obs-build-5.14.21-150400.24.108.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_23-debugsource-1-150400.9.5.1
* kernel-livepatch-5_14_21-150400_24_108-default-debuginfo-1-150400.9.5.1
* kernel-livepatch-5_14_21-150400_24_108-default-1-150400.9.5.1
* openSUSE Leap 15.4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.108.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (nosrc)
* dtb-aarch64-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (aarch64)
* dtb-altera-5.14.21-150400.24.108.1
* dtb-amlogic-5.14.21-150400.24.108.1
* dtb-nvidia-5.14.21-150400.24.108.1
* dtb-xilinx-5.14.21-150400.24.108.1
* kernel-64kb-livepatch-devel-5.14.21-150400.24.108.1
* kselftests-kmp-64kb-5.14.21-150400.24.108.1
* dtb-apm-5.14.21-150400.24.108.1
* reiserfs-kmp-64kb-5.14.21-150400.24.108.1
* dtb-lg-5.14.21-150400.24.108.1
* gfs2-kmp-64kb-5.14.21-150400.24.108.1
* dtb-qcom-5.14.21-150400.24.108.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.108.1
* ocfs2-kmp-64kb-5.14.21-150400.24.108.1
* dlm-kmp-64kb-debuginfo-5.14.21-150400.24.108.1
* kernel-64kb-devel-5.14.21-150400.24.108.1
* dtb-allwinner-5.14.21-150400.24.108.1
* dtb-hisilicon-5.14.21-150400.24.108.1
* dtb-rockchip-5.14.21-150400.24.108.1
* dlm-kmp-64kb-5.14.21-150400.24.108.1
* dtb-freescale-5.14.21-150400.24.108.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.108.1
* dtb-amazon-5.14.21-150400.24.108.1
* cluster-md-kmp-64kb-5.14.21-150400.24.108.1
* dtb-broadcom-5.14.21-150400.24.108.1
* dtb-renesas-5.14.21-150400.24.108.1
* kernel-64kb-extra-debuginfo-5.14.21-150400.24.108.1
* kernel-64kb-extra-5.14.21-150400.24.108.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.108.1
* dtb-cavium-5.14.21-150400.24.108.1
* kernel-64kb-optional-debuginfo-5.14.21-150400.24.108.1
* kernel-64kb-optional-5.14.21-150400.24.108.1
* dtb-apple-5.14.21-150400.24.108.1
* dtb-marvell-5.14.21-150400.24.108.1
* dtb-mediatek-5.14.21-150400.24.108.1
* dtb-arm-5.14.21-150400.24.108.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.108.1
* dtb-sprd-5.14.21-150400.24.108.1
* kernel-64kb-debuginfo-5.14.21-150400.24.108.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.108.1
* dtb-exynos-5.14.21-150400.24.108.1
* dtb-amd-5.14.21-150400.24.108.1
* dtb-socionext-5.14.21-150400.24.108.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.108.1
* kernel-64kb-debugsource-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.108.1
* openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64)
* kernel-default-5.14.21-150400.24.108.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* openSUSE Leap Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.108.1
* openSUSE Leap Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.108.1
* kernel-default-livepatch-devel-5.14.21-150400.24.108.1
* kernel-livepatch-SLE15-SP4_Update_23-debugsource-1-150400.9.5.1
* kernel-livepatch-5_14_21-150400_24_108-default-debuginfo-1-150400.9.5.1
* kernel-default-livepatch-5.14.21-150400.24.108.1
* kernel-livepatch-5_14_21-150400_24_108-default-1-150400.9.5.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* ocfs2-kmp-default-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* gfs2-kmp-default-5.14.21-150400.24.108.1
* cluster-md-kmp-default-5.14.21-150400.24.108.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.108.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.108.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.108.1
* dlm-kmp-default-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
nosrc)
* kernel-64kb-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64)
* kernel-64kb-devel-5.14.21-150400.24.108.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-64kb-debugsource-5.14.21-150400.24.108.1
* kernel-64kb-debuginfo-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc
x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1
* kernel-obs-build-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* kernel-default-devel-5.14.21-150400.24.108.1
* kernel-obs-build-debugsource-5.14.21-150400.24.108.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-syms-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* reiserfs-kmp-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* kernel-source-5.14.21-150400.24.108.1
* kernel-macros-5.14.21-150400.24.108.1
* kernel-devel-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.108.1

## References:

* https://www.suse.com/security/cve/CVE-2021-33631.html
* https://www.suse.com/security/cve/CVE-2023-46838.html
* https://www.suse.com/security/cve/CVE-2023-47233.html
* https://www.suse.com/security/cve/CVE-2023-4921.html
* https://www.suse.com/security/cve/CVE-2023-51042.html
* https://www.suse.com/security/cve/CVE-2023-51043.html
* https://www.suse.com/security/cve/CVE-2023-51780.html
* https://www.suse.com/security/cve/CVE-2023-51782.html
* https://www.suse.com/security/cve/CVE-2023-6040.html
* https://www.suse.com/security/cve/CVE-2023-6356.html
* https://www.suse.com/security/cve/CVE-2023-6535.html
* https://www.suse.com/security/cve/CVE-2023-6536.html
* https://www.suse.com/security/cve/CVE-2023-6915.html
* https://www.suse.com/security/cve/CVE-2024-0340.html
* https://www.suse.com/security/cve/CVE-2024-0565.html
* https://www.suse.com/security/cve/CVE-2024-0641.html
* https://www.suse.com/security/cve/CVE-2024-0775.html
* https://www.suse.com/security/cve/CVE-2024-1085.html
* https://www.suse.com/security/cve/CVE-2024-1086.html
* https://www.suse.com/security/cve/CVE-2024-24860.html
* https://bugzilla.suse.com/show_bug.cgi?id=1108281
* https://bugzilla.suse.com/show_bug.cgi?id=1177529
* https://bugzilla.suse.com/show_bug.cgi?id=1209834
* https://bugzilla.suse.com/show_bug.cgi?id=1212091
* https://bugzilla.suse.com/show_bug.cgi?id=1215275
* https://bugzilla.suse.com/show_bug.cgi?id=1215885
* https://bugzilla.suse.com/show_bug.cgi?id=1216016
* https://bugzilla.suse.com/show_bug.cgi?id=1216702
* https://bugzilla.suse.com/show_bug.cgi?id=1217217
* https://bugzilla.suse.com/show_bug.cgi?id=1217670
* https://bugzilla.suse.com/show_bug.cgi?id=1217895
* https://bugzilla.suse.com/show_bug.cgi?id=1217987
* https://bugzilla.suse.com/show_bug.cgi?id=1217988
* https://bugzilla.suse.com/show_bug.cgi?id=1217989
* https://bugzilla.suse.com/show_bug.cgi?id=1218689
* https://bugzilla.suse.com/show_bug.cgi?id=1218713
* https://bugzilla.suse.com/show_bug.cgi?id=1218730
* https://bugzilla.suse.com/show_bug.cgi?id=1218752
* https://bugzilla.suse.com/show_bug.cgi?id=1218757
* https://bugzilla.suse.com/show_bug.cgi?id=1218768
* https://bugzilla.suse.com/show_bug.cgi?id=1218804
* https://bugzilla.suse.com/show_bug.cgi?id=1218832
* https://bugzilla.suse.com/show_bug.cgi?id=1218836
* https://bugzilla.suse.com/show_bug.cgi?id=1218916
* https://bugzilla.suse.com/show_bug.cgi?id=1218929
* https://bugzilla.suse.com/show_bug.cgi?id=1218930
* https://bugzilla.suse.com/show_bug.cgi?id=1218968
* https://bugzilla.suse.com/show_bug.cgi?id=1219053
* https://bugzilla.suse.com/show_bug.cgi?id=1219120
* https://bugzilla.suse.com/show_bug.cgi?id=1219128
* https://bugzilla.suse.com/show_bug.cgi?id=1219349
* https://bugzilla.suse.com/show_bug.cgi?id=1219412
* https://bugzilla.suse.com/show_bug.cgi?id=1219429
* https://bugzilla.suse.com/show_bug.cgi?id=1219434
* https://bugzilla.suse.com/show_bug.cgi?id=1219490
* https://bugzilla.suse.com/show_bug.cgi?id=1219608



SUSE-SU-2024:0512-1: important: Security update for golang-github-prometheus-alertmanager


# Security update for golang-github-prometheus-alertmanager

Announcement ID: SUSE-SU-2024:0512-1
Rating: important
References:

* bsc#1218838
* jsc#MSQA-719
* jsc#PED-7353

Cross-References:

* CVE-2023-40577

CVSS scores:

* CVE-2023-40577 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-40577 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15
* SUSE Linux Enterprise Desktop 15 SP1
* SUSE Linux Enterprise Desktop 15 SP2
* SUSE Linux Enterprise Desktop 15 SP3
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP6
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP1
* SUSE Linux Enterprise Real Time 15 SP2
* SUSE Linux Enterprise Real Time 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Client Tools for SLE 15
* SUSE Manager Proxy 4.3
* SUSE Manager Proxy 4.3 Module 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Package Hub 15 15-SP5

An update that solves one vulnerability and contains two features can now be
installed.

## Description:

This update for golang-github-prometheus-alertmanager fixes the following
issues:

golang-github-prometheus-alertmanager was updated from version 0.23.0 to 0.26.0
(jsc#PED-7353):

* Version 0.26.0:
* Security fixes:
* CVE-2023-40577: Fix stored XSS via the /api/v1/alerts endpoint in the Alertmanager UI (bsc#1218838)
* Other changes and bugs fixed:
* Configuration: Fix empty list of receivers and inhibit_rules would cause the alertmanager to crash
* Templating: Fixed a race condition when using the title function. It is now race-safe
* API: Fixed duplicate receiver names in the api/v2/receivers API endpoint
* API: Attempting to delete a silence now returns the correct status code, 404 instead of 500
* Clustering: Fixes a panic when tls_client_config is empty
* Webhook: url is now marked as a secret. It will no longer show up in the logs as clear-text
* Metrics: New label reason for alertmanager_notifications_failed_total metric to indicate the type of error of the alert delivery
* Clustering: New flag --cluster.label, to help to block any traffic that is not meant for the cluster
* Integrations: Add Microsoft Teams as a supported integration
* Version 0.25.0:
* Fail configuration loading if api_key and api_key_file are defined at the
same time
* Fix the alertmanager_alerts metric to avoid counting resolved alerts as
active. Also added a new alertmanager_marked_alerts metric that retain the
old behavior
* Trim contents of Slack API URLs when reading from files
* amtool: Avoid panic when the label value matcher is empty
* Fail configuration loading if api_url is empty for OpsGenie
* Fix email template for resolved notifications
* Add proxy_url support for OAuth2 in HTTP client configuration
* Reload TLS certificate and key from disk when updated
* Add Discord integration
* Add Webex integration
* Add min_version support to select the minimum TLS version in HTTP client
configuration
* Add max_version support to select the maximum TLS version in HTTP client
configuration
* Emit warning logs when truncating messages in notifications
* Support HEAD method for the /-/healty and /-/ready endpoints
* Add support for reading global and local SMTP passwords from files
* UI: Add 'Link' button to alerts in list
* UI: Allow to choose the first day of the week as Sunday or Monday
* Version 0.24.0:
* Fix HTTP client configuration for the SNS receiver
* Fix unclosed file descriptor after reading the silences snapshot file
* Fix field names for mute_time_intervals in JSON marshaling
* Ensure that the root route doesn't have any matchers
* Truncate the message's title to 1024 chars to avoid hitting Slack limits
* Fix the default HTML email template (email.default.html) to match with the
canonical source
* Detect SNS FIFO topic based on the rendered value
* Avoid deleting and recreating a silence when an update is possible
* api/v2: Return 200 OK when deleting an expired silence
* amtool: Fix the silence's end date when adding a silence. The end date is
(start date + duration) while it used to be (current time + duration). The
new behavior is consistent with the update operation
* Add the /api/v2 prefix to all endpoints in the OpenAPI specification and
generated client code
* Add --cluster.tls-config experimental flag to secure cluster traffic via
mutual TLS
* Add Telegram integration

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Manager Proxy 4.3 Module 4.3
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2024-512=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-512=1

* SUSE Manager Client Tools for SLE 15
zypper in -t patch SUSE-SLE-Manager-Tools-15-2024-512=1

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-512=1

## Package List:

* SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1
* SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1

## References:

* https://www.suse.com/security/cve/CVE-2023-40577.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218838
* https://jira.suse.com/browse/MSQA-719
* https://jira.suse.com/browse/PED-7353



SUSE-SU-2024:0472-1: important: Security update for tomcat


# Security update for tomcat

Announcement ID: SUSE-SU-2024:0472-1
Rating: important
References:

* bsc#1216118
* bsc#1216119
* bsc#1216120
* bsc#1217402
* bsc#1217649
* bsc#1217768
* bsc#1219208

Cross-References:

* CVE-2023-42794
* CVE-2023-42795
* CVE-2023-45648
* CVE-2023-46589
* CVE-2024-22029

CVSS scores:

* CVE-2023-42794 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-42794 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-42795 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-42795 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-45648 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-45648 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-46589 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-46589 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-22029 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Server 4.3
* Web and Scripting Module 15-SP5

An update that solves five vulnerabilities and has two security fixes can now be
installed.

## Description:

This update for tomcat fixes the following issues:

Updated to Tomcat 9.0.85:

* CVE-2023-45648: Improve trailer header parsing (bsc#1216118).
* CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows
(bsc#1216120).
* CVE-2023-42795: Improve handling of failures during recycle() methods
(bsc#1216119).
* CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers
parsing (bsc#1217649)
* CVE-2024-22029: Fixed escalation to root from tomcat user via %post script.
(bsc#1219208)

The following non-security issues were fixed:

* Fixed the file permissions for server.xml (bsc#1217768, bsc#1217402).

Find the full release notes at:

https://tomcat.apache.org/tomcat-9.0-doc/changelog.html

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-472=1

* Web and Scripting Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2024-472=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-472=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-472=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-472=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-472=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-472=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-472=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-472=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-472=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-472=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-472=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-472=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-472=1

## Package List:

* openSUSE Leap 15.5 (noarch)
* tomcat-javadoc-9.0.85-150200.57.1
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-embed-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* tomcat-docs-webapp-9.0.85-150200.57.1
* tomcat-jsvc-9.0.85-150200.57.1
* Web and Scripting Module 15-SP5 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Manager Server 4.3 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Enterprise Storage 7.1 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1

## References:

* https://www.suse.com/security/cve/CVE-2023-42794.html
* https://www.suse.com/security/cve/CVE-2023-42795.html
* https://www.suse.com/security/cve/CVE-2023-45648.html
* https://www.suse.com/security/cve/CVE-2023-46589.html
* https://www.suse.com/security/cve/CVE-2024-22029.html
* https://bugzilla.suse.com/show_bug.cgi?id=1216118
* https://bugzilla.suse.com/show_bug.cgi?id=1216119
* https://bugzilla.suse.com/show_bug.cgi?id=1216120
* https://bugzilla.suse.com/show_bug.cgi?id=1217402
* https://bugzilla.suse.com/show_bug.cgi?id=1217649
* https://bugzilla.suse.com/show_bug.cgi?id=1217768
* https://bugzilla.suse.com/show_bug.cgi?id=1219208



SUSE-SU-2024:0513-1: important: Security update for SUSE Manager 4.3.11 Release Notes


# Security update for SUSE Manager 4.3.11 Release Notes

Announcement ID: SUSE-SU-2024:0513-1
Rating: important
References:

* bsc#1170848
* bsc#1210911
* bsc#1211254
* bsc#1211560
* bsc#1211912
* bsc#1213079
* bsc#1213507
* bsc#1213738
* bsc#1213981
* bsc#1214077
* bsc#1214791
* bsc#1215166
* bsc#1215514
* bsc#1215769
* bsc#1215810
* bsc#1215813
* bsc#1215982
* bsc#1216114
* bsc#1216394
* bsc#1216437
* bsc#1216550
* bsc#1216657
* bsc#1216753
* bsc#1216781
* bsc#1216988
* bsc#1217069
* bsc#1217209
* bsc#1217588
* bsc#1217784
* bsc#1217869
* bsc#1218019
* bsc#1218074
* bsc#1218075
* bsc#1218089
* bsc#1218094
* bsc#1218146
* bsc#1218490
* bsc#1218615
* bsc#1218669
* bsc#1218849
* bsc#1219577
* bsc#1219850
* jsc#MSQA-719

Cross-References:

* CVE-2023-32189
* CVE-2024-22231
* CVE-2024-22232

CVSS scores:

* CVE-2024-22231 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
* CVE-2024-22232 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves three vulnerabilities, contains one feature and has 39
security fixes can now be installed.

## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3

### Description:

This update fixes the following issues:

release-notes-susemanager-proxy:

* Update to SUSE Manager 4.3.11
* Bugs mentioned: bsc#1213738, bsc#1216657, bsc#1216781, bsc#1217209,
bsc#1217588 bsc#1218615, bsc#1218849, bsc#1219577, bsc#1219850

## Security update for SUSE Manager Server 4.3

### Description:

This update fixes the following issues:

release-notes-susemanager:

* Update to SUSE Manager 4.3.11
* Migrate from RHEL and its clones to SUSE Liberty Linux
* Reboot required indication for non-SUSE distributions
* SSH key rotation for enhanced security
* Configure remote command execution
* End of Debian 10 support
* CVEs fixed: CVE-2023-32189, CVE-2024-22231, CVE-2024-22232
* Bugs mentioned:
bsc#1170848, bsc#1210911, bsc#1211254, bsc#1211560, bsc#1211912 bsc#1213079,
bsc#1213507, bsc#1213738, bsc#1213981, bsc#1214077 bsc#1214791, bsc#1215166,
bsc#1215514, bsc#1215769, bsc#1215810 bsc#1215813, bsc#1215982, bsc#1216114,
bsc#1216394, bsc#1216437 bsc#1216550, bsc#1216657, bsc#1216753, bsc#1216781,
bsc#1216988 bsc#1217069, bsc#1217209, bsc#1217588, bsc#1217784, bsc#1217869
bsc#1218019, bsc#1218074, bsc#1218075, bsc#1218089, bsc#1218094 bsc#1218490,
bsc#1218615, bsc#1218669, bsc#1218849, bsc#1219577 bsc#1219850, bsc#1218146

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-513=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-513=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-513=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-513=1

## Package List:

* openSUSE Leap 15.4 (noarch)
* release-notes-susemanager-proxy-4.3.11-150400.3.79.1
* release-notes-susemanager-4.3.11-150400.3.100.1
* SUSE Manager Proxy 4.3 (noarch)
* release-notes-susemanager-proxy-4.3.11-150400.3.79.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* release-notes-susemanager-proxy-4.3.11-150400.3.79.1
* SUSE Manager Server 4.3 (noarch)
* release-notes-susemanager-4.3.11-150400.3.100.1

## References:

* https://www.suse.com/security/cve/CVE-2023-32189.html
* https://www.suse.com/security/cve/CVE-2024-22231.html
* https://www.suse.com/security/cve/CVE-2024-22232.html
* https://bugzilla.suse.com/show_bug.cgi?id=1170848
* https://bugzilla.suse.com/show_bug.cgi?id=1210911
* https://bugzilla.suse.com/show_bug.cgi?id=1211254
* https://bugzilla.suse.com/show_bug.cgi?id=1211560
* https://bugzilla.suse.com/show_bug.cgi?id=1211912
* https://bugzilla.suse.com/show_bug.cgi?id=1213079
* https://bugzilla.suse.com/show_bug.cgi?id=1213507
* https://bugzilla.suse.com/show_bug.cgi?id=1213738
* https://bugzilla.suse.com/show_bug.cgi?id=1213981
* https://bugzilla.suse.com/show_bug.cgi?id=1214077
* https://bugzilla.suse.com/show_bug.cgi?id=1214791
* https://bugzilla.suse.com/show_bug.cgi?id=1215166
* https://bugzilla.suse.com/show_bug.cgi?id=1215514
* https://bugzilla.suse.com/show_bug.cgi?id=1215769
* https://bugzilla.suse.com/show_bug.cgi?id=1215810
* https://bugzilla.suse.com/show_bug.cgi?id=1215813
* https://bugzilla.suse.com/show_bug.cgi?id=1215982
* https://bugzilla.suse.com/show_bug.cgi?id=1216114
* https://bugzilla.suse.com/show_bug.cgi?id=1216394
* https://bugzilla.suse.com/show_bug.cgi?id=1216437
* https://bugzilla.suse.com/show_bug.cgi?id=1216550
* https://bugzilla.suse.com/show_bug.cgi?id=1216657
* https://bugzilla.suse.com/show_bug.cgi?id=1216753
* https://bugzilla.suse.com/show_bug.cgi?id=1216781
* https://bugzilla.suse.com/show_bug.cgi?id=1216988
* https://bugzilla.suse.com/show_bug.cgi?id=1217069
* https://bugzilla.suse.com/show_bug.cgi?id=1217209
* https://bugzilla.suse.com/show_bug.cgi?id=1217588
* https://bugzilla.suse.com/show_bug.cgi?id=1217784
* https://bugzilla.suse.com/show_bug.cgi?id=1217869
* https://bugzilla.suse.com/show_bug.cgi?id=1218019
* https://bugzilla.suse.com/show_bug.cgi?id=1218074
* https://bugzilla.suse.com/show_bug.cgi?id=1218075
* https://bugzilla.suse.com/show_bug.cgi?id=1218089
* https://bugzilla.suse.com/show_bug.cgi?id=1218094
* https://bugzilla.suse.com/show_bug.cgi?id=1218146
* https://bugzilla.suse.com/show_bug.cgi?id=1218490
* https://bugzilla.suse.com/show_bug.cgi?id=1218615
* https://bugzilla.suse.com/show_bug.cgi?id=1218669
* https://bugzilla.suse.com/show_bug.cgi?id=1218849
* https://bugzilla.suse.com/show_bug.cgi?id=1219577
* https://bugzilla.suse.com/show_bug.cgi?id=1219850
* https://jira.suse.com/browse/MSQA-719



SUSE-SU-2024:0476-1: important: Security update for the Linux Kernel


# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2024:0476-1
Rating: important
References:

* bsc#1108281
* bsc#1177529
* bsc#1209834
* bsc#1212091
* bsc#1215885
* bsc#1216016
* bsc#1216702
* bsc#1217217
* bsc#1217670
* bsc#1217895
* bsc#1217987
* bsc#1217988
* bsc#1217989
* bsc#1218689
* bsc#1218713
* bsc#1218730
* bsc#1218752
* bsc#1218757
* bsc#1218768
* bsc#1218804
* bsc#1218832
* bsc#1218836
* bsc#1218916
* bsc#1218929
* bsc#1218930
* bsc#1218968
* bsc#1219053
* bsc#1219120
* bsc#1219128
* bsc#1219349
* bsc#1219412
* bsc#1219429
* bsc#1219434
* bsc#1219490
* bsc#1219608

Cross-References:

* CVE-2021-33631
* CVE-2023-46838
* CVE-2023-47233
* CVE-2023-51042
* CVE-2023-51043
* CVE-2023-51780
* CVE-2023-51782
* CVE-2023-6040
* CVE-2023-6356
* CVE-2023-6535
* CVE-2023-6536
* CVE-2023-6915
* CVE-2024-0340
* CVE-2024-0565
* CVE-2024-0641
* CVE-2024-0775
* CVE-2024-1085
* CVE-2024-1086
* CVE-2024-24860

CVSS scores:

* CVE-2021-33631 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-33631 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-46838 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46838 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-47233 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-47233 ( NVD ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-51042 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51042 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51043 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51043 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51780 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51780 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51782 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51782 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6040 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2023-6040 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6356 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6535 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6536 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6915 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6915 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0340 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-0340 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-0565 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0565 ( NVD ): 7.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-0641 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0641 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0775 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-0775 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-1085 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-1085 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-1086 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-1086 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-24860 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24860 ( NVD ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves 19 vulnerabilities and has 16 security fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various
security bugfixes.

The following security bugs were fixed:

* CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg()
(bsc#1218689).
* CVE-2024-24860: Fixed a denial of service caused by a race condition in
{min,max}_key_size_set() (bsc#1219608).
* CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the
nft_setelem_catchall_deactivate() function (bsc#1219429).
* CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables
component that could have been exploited to achieve local privilege
escalation (bsc#1219434).
* CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
* CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c,
because of a vcc_recvmsg race condition (bsc#1218730).
* CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length
transmit fragment (bsc#1218836).
* CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end()
(bsc#1219412).
* CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request
(bsc#1217988).
* CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete
(bsc#1217989).
* CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec
(bsc#1217987).
* CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect
the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
* CVE-2023-51043: Fixed use-after-free during a race condition between a
nonblocking atomic commit and a driver unload in
drivers/gpu/drm/drm_atomic.c (bsc#1219120).
* CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c
that could allow a local user to cause an information leak problem while
freeing the old quota file names before a potential failure (bsc#1219053).
* CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a
new netfilter table, lack of a safeguard against invalid nf_tables family
(pf) values within `nf_tables_newtable` function (bsc#1218752).
* CVE-2024-0641: Fixed a denial of service vulnerability in
tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
* CVE-2024-0565: Fixed an out-of-bounds memory read flaw in
receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
* CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in
lib/idr.c (bsc#1218804).
* CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c
because of a rose_accept race condition (bsc#1218757).

The following non-security bugs were fixed:

* Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
* bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
(git-fixes).
* bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
* bcache: add code comments for bch_btree_node_get() and
__bch_btree_node_alloc() (git-fixes).
* bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
* bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
* bcache: check return value from btree_node_alloc_replacement() (git-fixes).
* bcache: fixup btree_cache_wait list damage (git-fixes).
* bcache: fixup init dirty data errors (git-fixes).
* bcache: fixup lock c->root error (git-fixes).
* bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-
fixes).
* bcache: prevent potential division by zero error (git-fixes).
* bcache: remove redundant assignment to variable cur_idx (git-fixes).
* bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in
btree_gc_coalesce() (git-fixes).
* bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
* block: Fix kabi header include (bsc#1218929).
* block: free the extended dev_t minor later (bsc#1218930).
* clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217).
* clocksource: disable watchdog checks on TSC when TSC is watchdog
(bsc#1215885).
* dm cache policy smq: ensure IO does not prevent cleaner policy progress
(git-fixes).
* dm cache: add cond_resched() to various workqueue loops (git-fixes).
* dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-
fixes).
* dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
* dm crypt: avoid accessing uninitialized tasklet (git-fixes).
* dm flakey: do not corrupt the zero page (git-fixes).
* dm flakey: fix a crash with invalid table line (git-fixes).
* dm flakey: fix logic when corrupting a bio (git-fixes).
* dm init: add dm-mod.waitfor to wait for asynchronously probed block devices
(git-fixes).
* dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
(git-fixes).
* dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-
fixes).
* dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
* dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-
fixes).
* dm stats: check for and propagate alloc_percpu failure (git-fixes).
* dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-
fixes).
* dm thin metadata: check fail_io before using data_sm (git-fixes).
* dm thin: add cond_resched() to various workqueue loops (git-fixes).
* dm thin: fix deadlock when swapping to thin device (bsc#1177529).
* dm verity: do not perform FEC for failed readahead IO (git-fixes).
* dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
* dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes).
* dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
* dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
* dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata()
(git-fixes).
* dm-verity: align struct dm_verity_fec_io properly (git-fixes).
* dm: add cond_resched() to dm_wq_work() (git-fixes).
* dm: do not lock fs when the map is NULL during suspend or resume (git-
fixes).
* dm: do not lock fs when the map is NULL in process of resume (git-fixes).
* dm: remove flush_scheduled_work() during local_exit() (git-fixes).
* dm: send just one event on resize, not two (git-fixes).
* doc/README.KSYMS: Add to repo.
* hv_netvsc: rndis_filter needs to select NLS (git-fixes).
* intel_idle: add Emerald Rapids Xeon support (bsc#1216016).
* kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
* kernel-source: Fix description typo
* loop: suppress uevents while reconfiguring the device (git-fixes).
* nbd: Fix debugfs_create_dir error checking (git-fixes).
* nbd: fix incomplete validation of ioctl arg (git-fixes).
* nbd: use the correct block_device in nbd_bdev_reset (git-fixes).
* nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
* nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
* null_blk: Always check queue mode setting from configfs (git-fixes).
* powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-
IOV device (bsc#1212091 ltc#199106 git-fixes).
* rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-
fixes).
* rbd: decouple header read-in from updating rbd_dev->header (git-fixes).
* rbd: decouple parent info read-in from updating rbd_dev (git-fixes).
* rbd: get snapshot context after exclusive lock is ensured to be held (git-
fixes).
* rbd: harden get_lock_owner_info() a bit (git-fixes).
* rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes).
* rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes).
* rbd: move rbd_dev_refresh() definition (git-fixes).
* rbd: prevent busy loop when requesting exclusive lock (git-fixes).
* rbd: retrieve and check lock owner twice before blocklisting (git-fixes).
* rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes).
* sched/isolation: add cpu_is_isolated() API (bsc#1217895).
* scsi: ibmvfc: Implement channel queue depth and event buffer accounting
(bsc#1209834 ltc#202097).
* scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834
ltc#202097).
* trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
* vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2024-476=1

* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2024-476=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-476=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-476=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-476=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-476=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-476=1

## Package List:

* openSUSE Leap Micro 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.68.1
* openSUSE Leap Micro 5.3 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.68.1
* kernel-rt-debuginfo-5.14.21-150400.15.68.1
* openSUSE Leap Micro 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.68.1
* openSUSE Leap Micro 5.4 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.68.1
* kernel-rt-debuginfo-5.14.21-150400.15.68.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.68.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.68.1
* kernel-rt-debuginfo-5.14.21-150400.15.68.1
* SUSE Linux Enterprise Micro 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.68.1
* SUSE Linux Enterprise Micro 5.3 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.68.1
* kernel-rt-debuginfo-5.14.21-150400.15.68.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.68.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.68.1
* kernel-rt-debuginfo-5.14.21-150400.15.68.1
* SUSE Linux Enterprise Micro 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.68.1
* SUSE Linux Enterprise Micro 5.4 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.68.1
* kernel-rt-debuginfo-5.14.21-150400.15.68.1
* SUSE Linux Enterprise Live Patching 15-SP4 (x86_64)
* kernel-livepatch-SLE15-SP4-RT_Update_18-debugsource-1-150400.1.3.1
* kernel-livepatch-5_14_21-150400_15_68-rt-1-150400.1.3.1
* kernel-livepatch-5_14_21-150400_15_68-rt-debuginfo-1-150400.1.3.1

## References:

* https://www.suse.com/security/cve/CVE-2021-33631.html
* https://www.suse.com/security/cve/CVE-2023-46838.html
* https://www.suse.com/security/cve/CVE-2023-47233.html
* https://www.suse.com/security/cve/CVE-2023-51042.html
* https://www.suse.com/security/cve/CVE-2023-51043.html
* https://www.suse.com/security/cve/CVE-2023-51780.html
* https://www.suse.com/security/cve/CVE-2023-51782.html
* https://www.suse.com/security/cve/CVE-2023-6040.html
* https://www.suse.com/security/cve/CVE-2023-6356.html
* https://www.suse.com/security/cve/CVE-2023-6535.html
* https://www.suse.com/security/cve/CVE-2023-6536.html
* https://www.suse.com/security/cve/CVE-2023-6915.html
* https://www.suse.com/security/cve/CVE-2024-0340.html
* https://www.suse.com/security/cve/CVE-2024-0565.html
* https://www.suse.com/security/cve/CVE-2024-0641.html
* https://www.suse.com/security/cve/CVE-2024-0775.html
* https://www.suse.com/security/cve/CVE-2024-1085.html
* https://www.suse.com/security/cve/CVE-2024-1086.html
* https://www.suse.com/security/cve/CVE-2024-24860.html
* https://bugzilla.suse.com/show_bug.cgi?id=1108281
* https://bugzilla.suse.com/show_bug.cgi?id=1177529
* https://bugzilla.suse.com/show_bug.cgi?id=1209834
* https://bugzilla.suse.com/show_bug.cgi?id=1212091
* https://bugzilla.suse.com/show_bug.cgi?id=1215885
* https://bugzilla.suse.com/show_bug.cgi?id=1216016
* https://bugzilla.suse.com/show_bug.cgi?id=1216702
* https://bugzilla.suse.com/show_bug.cgi?id=1217217
* https://bugzilla.suse.com/show_bug.cgi?id=1217670
* https://bugzilla.suse.com/show_bug.cgi?id=1217895
* https://bugzilla.suse.com/show_bug.cgi?id=1217987
* https://bugzilla.suse.com/show_bug.cgi?id=1217988
* https://bugzilla.suse.com/show_bug.cgi?id=1217989
* https://bugzilla.suse.com/show_bug.cgi?id=1218689
* https://bugzilla.suse.com/show_bug.cgi?id=1218713
* https://bugzilla.suse.com/show_bug.cgi?id=1218730
* https://bugzilla.suse.com/show_bug.cgi?id=1218752
* https://bugzilla.suse.com/show_bug.cgi?id=1218757
* https://bugzilla.suse.com/show_bug.cgi?id=1218768
* https://bugzilla.suse.com/show_bug.cgi?id=1218804
* https://bugzilla.suse.com/show_bug.cgi?id=1218832
* https://bugzilla.suse.com/show_bug.cgi?id=1218836
* https://bugzilla.suse.com/show_bug.cgi?id=1218916
* https://bugzilla.suse.com/show_bug.cgi?id=1218929
* https://bugzilla.suse.com/show_bug.cgi?id=1218930
* https://bugzilla.suse.com/show_bug.cgi?id=1218968
* https://bugzilla.suse.com/show_bug.cgi?id=1219053
* https://bugzilla.suse.com/show_bug.cgi?id=1219120
* https://bugzilla.suse.com/show_bug.cgi?id=1219128
* https://bugzilla.suse.com/show_bug.cgi?id=1219349
* https://bugzilla.suse.com/show_bug.cgi?id=1219412
* https://bugzilla.suse.com/show_bug.cgi?id=1219429
* https://bugzilla.suse.com/show_bug.cgi?id=1219434
* https://bugzilla.suse.com/show_bug.cgi?id=1219490
* https://bugzilla.suse.com/show_bug.cgi?id=1219608



SUSE-SU-2024:0469-1: important: Security update for the Linux Kernel


# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2024:0469-1
Rating: important
References:

* bsc#1065729
* bsc#1108281
* bsc#1141539
* bsc#1174649
* bsc#1181674
* bsc#1193285
* bsc#1194869
* bsc#1209834
* bsc#1210443
* bsc#1211515
* bsc#1212091
* bsc#1214377
* bsc#1215275
* bsc#1215885
* bsc#1216441
* bsc#1216559
* bsc#1216702
* bsc#1217895
* bsc#1217987
* bsc#1217988
* bsc#1217989
* bsc#1218005
* bsc#1218447
* bsc#1218527
* bsc#1218659
* bsc#1218713
* bsc#1218723
* bsc#1218730
* bsc#1218738
* bsc#1218752
* bsc#1218757
* bsc#1218768
* bsc#1218778
* bsc#1218779
* bsc#1218804
* bsc#1218832
* bsc#1218836
* bsc#1218916
* bsc#1218948
* bsc#1218958
* bsc#1218968
* bsc#1218997
* bsc#1219006
* bsc#1219012
* bsc#1219013
* bsc#1219014
* bsc#1219053
* bsc#1219067
* bsc#1219120
* bsc#1219128
* bsc#1219136
* bsc#1219285
* bsc#1219349
* bsc#1219412
* bsc#1219429
* bsc#1219434
* bsc#1219490
* bsc#1219512
* bsc#1219568
* bsc#1219582
* jsc#PED-4729
* jsc#PED-6694
* jsc#PED-7322
* jsc#PED-7615
* jsc#PED-7616
* jsc#PED-7620
* jsc#PED-7622
* jsc#PED-7623

Cross-References:

* CVE-2021-33631
* CVE-2023-46838
* CVE-2023-47233
* CVE-2023-4921
* CVE-2023-51042
* CVE-2023-51043
* CVE-2023-51780
* CVE-2023-51782
* CVE-2023-6040
* CVE-2023-6356
* CVE-2023-6531
* CVE-2023-6535
* CVE-2023-6536
* CVE-2023-6915
* CVE-2024-0565
* CVE-2024-0641
* CVE-2024-0775
* CVE-2024-1085
* CVE-2024-1086

CVSS scores:

* CVE-2021-33631 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-33631 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-46838 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46838 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-47233 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-47233 ( NVD ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51042 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51042 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51043 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51043 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51780 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51780 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51782 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51782 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6040 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2023-6040 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6356 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6531 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6531 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6535 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6536 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6915 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6915 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0565 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0565 ( NVD ): 7.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-0641 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0641 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0775 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-0775 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-1085 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-1085 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-1086 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-1086 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Real Time Module 15-SP5

An update that solves 19 vulnerabilities, contains eight features and has 41
security fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various
security bugfixes.

The following security bugs were fixed:

* CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the
nft_setelem_catchall_deactivate() function (bsc#1219429).
* CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables
component that could have been exploited to achieve local privilege
escalation (bsc#1219434).
* CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
* CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c,
because of a vcc_recvmsg race condition (bsc#1218730).
* CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length
transmit fragment (bsc#1218836).
* CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end()
(bsc#1219412).
* CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request
(bsc#1217988).
* CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete
(bsc#1217989).
* CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec
(bsc#1217987).
* CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect
the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
* CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network
scheduler which could be exploited to achieve local privilege escalation
(bsc#1215275).
* CVE-2023-51043: Fixed use-after-free during a race condition between a
nonblocking atomic commit and a driver unload in
drivers/gpu/drm/drm_atomic.c (bsc#1219120).
* CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c
that could allow a local user to cause an information leak problem while
freeing the old quota file names before a potential failure (bsc#1219053).
* CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a
new netfilter table, lack of a safeguard against invalid nf_tables family
(pf) values within `nf_tables_newtable` function (bsc#1218752).
* CVE-2024-0641: Fixed a denial of service vulnerability in
tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
* CVE-2024-0565: Fixed an out-of-bounds memory read flaw in
receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
* CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in
lib/idr.c (bsc#1218804).
* CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c
because of a rose_accept race condition (bsc#1218757).
* CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix
garbage collector's deletion of SKB races with unix_stream_read_generic()on
the socket that the SKB is queued on (bsc#1218447).

The following non-security bugs were fixed:

* Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
* ACPI: LPIT: Avoid u32 multiplication overflow (git-fixes).
* ACPI: LPSS: Fix the fractional clock divider flags (git-fixes).
* ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (bsc#1214377)
* ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error
(git-fixes).
* ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241
(bsc#1214377)
* ACPI: property: Allow _DSD buffer data only for byte accessors (git-fixes).
* ACPI: resource: Add another DMI match for the TongFang GMxXGxx (git-fixes).
* ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (bsc#1214377)
* ACPI: video: check for error while searching for backlight device parent
(git-fixes).
* ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 (git-
fixes).
* ALSA: hda/cs8409: Suppress vmaster control for Dolphin models (git-fixes).
* ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models (git-fixes).
* ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5 (git-fixes).
* ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on HP ZBook
(git-fixes).
* ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx
(git-fixes).
* ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx (git-fixes).
* ALSA: hda: Refer to correct stream index at loops (git-fixes).
* ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format (git-
fixes).
* ALSA: oxygen: Fix right channel of capture volume mixer (git-fixes).
* ASoC: Intel: Skylake: Fix mem leak in few functions (git-fixes).
* ASoC: Intel: Skylake: mem leak in skl register function (git-fixes).
* ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 (git-
fixes).
* ASoC: Intel: glk_rt5682_max98357a: fix board id mismatch (git-fixes).
* ASoC: amd: Add Dell G15 5525 to quirks list (bsc#1219136).
* ASoC: amd: Add check for acp config flags (bsc#1219136).
* ASoC: amd: Add new dmi entries to config entry (bsc#1219136).
* ASoC: amd: Drop da7219_aad_jack_det() usage (bsc#1219136).
* ASoC: amd: Drop empty platform remove function (bsc#1219136).
* ASoC: amd: Update Pink Sardine platform ACP register header (bsc#1219136).
* ASoC: amd: acp-config: Add missing MODULE_DESCRIPTION (git-fixes).
* ASoC: amd: acp-da7219-max98357a: Map missing jack kcontrols (bsc#1219136).
* ASoC: amd: acp-rt5645: Map missing jack kcontrols (bsc#1219136).
* ASoC: amd: acp3x-rt5682-max9836: Configure jack as not detecting Line Out
(bsc#1219136).
* ASoC: amd: acp3x-rt5682-max9836: Map missing jack kcontrols (bsc#1219136).
* ASoC: amd: acp: Add TDM slots setting support for ACP I2S controller
(bsc#1219136).
* ASoC: amd: acp: Add TDM support for acp i2s stream (bsc#1219136).
* ASoC: amd: acp: Add i2s tdm support in machine driver (bsc#1219136).
* ASoC: amd: acp: Add kcontrols and widgets per-codec in common code
(bsc#1219136).
* ASoC: amd: acp: Add missing MODULE_DESCRIPTION in mach-common (git-fixes).
* ASoC: amd: acp: Add new cpu dai's in machine driver (bsc#1219136).
* ASoC: amd: acp: Add setbias level for rt5682s codec in machine driver
(bsc#1219136).
* ASoC: amd: acp: Enable i2s tdm support for skyrim platforms (bsc#1219136).
* ASoC: amd: acp: Fix possible UAF in acp_dma_open (bsc#1219136).
* ASoC: amd: acp: Initialize list to store acp_stream during pcm_open
(bsc#1219136).
* ASoC: amd: acp: Map missing jack kcontrols (bsc#1219136).
* ASoC: amd: acp: Modify dai_id macros to be more generic (bsc#1219136).
* ASoC: amd: acp: Refactor bit width calculation (bsc#1219136).
* ASoC: amd: acp: Refactor dai format implementation (bsc#1219136).
* ASoC: amd: acp: Refactor i2s clocks programming sequence (bsc#1219136).
* ASoC: amd: acp: add a label to make error path more clean (bsc#1219136).
* ASoC: amd: acp: add acp i2s master clock generation for rembrandt platform
(bsc#1219136).
* ASoC: amd: acp: add pm ops support for acp pci driver (bsc#1219136).
* ASoC: amd: acp: add pm ops support for rembrandt platform (bsc#1219136).
* ASoC: amd: acp: clean up some inconsistent indentings (bsc#1219136).
* ASoC: amd: acp: clear pdm dma interrupt mask (bsc#1219136).
* ASoC: amd: acp: delete unnecessary NULL check (bsc#1219136).
* ASoC: amd: acp: export config_acp_dma() and config_pte_for_stream() symbols
(bsc#1219136).
* ASoC: amd: acp: fix SND_SOC_AMD_ACP_PCI depdenencies (bsc#1219136).
* ASoC: amd: acp: move pdm macros to common header file (bsc#1219136).
* ASoC: amd: acp: refactor the acp init and de-init sequence (bsc#1219136).
* ASoC: amd: acp: rembrandt: Drop if blocks with always false condition
(bsc#1219136).
* ASoC: amd: acp: remove acp poweroff function (bsc#1219136).
* ASoC: amd: acp: remove the redundant acp enable/disable interrupts functions
(bsc#1219136).
* ASoC: amd: acp: remove unnecessary NULL checks (bsc#1219136).
* ASoC: amd: acp: store platform device reference created in pci probe call
(bsc#1219136).
* ASoC: amd: acp: store the pdm stream channel mask (bsc#1219136).
* ASoC: amd: acp: store xfer_resolution of the stream (bsc#1219136).
* ASoC: amd: acp: switch to use dev_err_probe() (bsc#1219136).
* ASoC: amd: acp: use devm_kcalloc() instead of devm_kzalloc() (bsc#1219136).
* ASoC: amd: acp: use function devm_kcalloc() instead of devm_kzalloc()
(bsc#1219136).
* ASoC: amd: add Pink Sardine ACP PCI driver (bsc#1219136).
* ASoC: amd: add Pink Sardine machine driver using dmic (bsc#1219136).
* ASoC: amd: add Pink Sardine platform ACP IP register header (bsc#1219136).
* ASoC: amd: add acp6.2 init/de-init functions (bsc#1219136).
* ASoC: amd: add acp6.2 irq handler (bsc#1219136).
* ASoC: amd: add acp6.2 pci driver pm ops (bsc#1219136).
* ASoC: amd: add acp6.2 pdm driver dma ops (bsc#1219136).
* ASoC: amd: add acp6.2 pdm driver pm ops (bsc#1219136).
* ASoC: amd: add acp6.2 pdm platform driver (bsc#1219136).
* ASoC: amd: add platform devices for acp6.2 pdm driver and dmic driver
(bsc#1219136).
* ASoC: amd: create platform device for acp6.2 machine driver (bsc#1219136).
* ASoC: amd: enable Pink Sardine acp6.2 drivers build (bsc#1219136).
* ASoC: amd: enable Pink sardine platform machine driver build (bsc#1219136).
* ASoC: amd: fix ACP version typo mistake (bsc#1219136).
* ASoC: amd: fix spelling mistake: "i.e" -> "i.e." (bsc#1219136).
* ASoC: amd: ps: Add a module parameter to influence pdm_gain (bsc#1219136).
* ASoC: amd: ps: Adjust the gain for PDM DMIC (bsc#1219136).
* ASoC: amd: ps: Fix uninitialized ret in create_acp64_platform_devs()
(bsc#1219136).
* ASoC: amd: ps: Move acp63_dev_data strcture from PCI driver (bsc#1219136).
* ASoC: amd: ps: Update copyright notice (bsc#1219136).
* ASoC: amd: ps: add mutex lock for accessing common registers (bsc#1219136).
* ASoC: amd: ps: fix for acp_lock access in pdm driver (bsc#1219136).
* ASoC: amd: ps: implement api to retrieve acp device config (bsc#1219136).
* ASoC: amd: ps: move irq handler registration (bsc#1219136).
* ASoC: amd: ps: refactor acp power on and reset functions (bsc#1219136).
* ASoC: amd: ps: refactor platform device creation logic (bsc#1219136).
* ASoC: amd: ps: remove the register read and write wrappers (bsc#1219136).
* ASoC: amd: ps: remove unused variable (bsc#1219136).
* ASoC: amd: ps: update dev index value in irq handler (bsc#1219136).
* ASoC: amd: ps: update macros with ps platform naming convention
(bsc#1219136).
* ASoC: amd: ps: update the acp clock source (bsc#1219136).
* ASoC: amd: ps: use acp_lock to protect common registers in pdm driver
(bsc#1219136).
* ASoC: amd: ps: use static function (bsc#1219136).
* ASoC: amd: renoir: Add a module parameter to influence pdm_gain
(bsc#1219136).
* ASoC: amd: renoir: Adjust the gain for PDM DMIC (bsc#1219136).
* ASoC: amd: update pm_runtime enable sequence (bsc#1219136).
* ASoC: amd: vangogh: Add check for acp config flags in vangogh platform
(bsc#1219136).
* ASoC: amd: vangogh: Make use of DRV_NAME (bsc#1219136).
* ASoC: amd: vangogh: Remove unnecessary init function (bsc#1219136).
* ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG (bsc#1219136).
* ASoC: amd: yc: Add ASUS M3402RA into DMI table (bsc#1219136).
* ASoC: amd: yc: Add ASUS M5402RA into DMI table (bsc#1219136).
* ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table (bsc#1219136).
* ASoC: amd: yc: Add Asus VivoBook Pro 14 OLED M6400RC to the quirks list for
acp6x (bsc#1219136).
* ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A42)
(bsc#1219136).
* ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43)
(bsc#1219136).
* ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming Laptop
15-fb0xxx (8A3E) (bsc#1219136).
* ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx
(8A22) (bsc#1219136).
* ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12 (bsc#1219136).
* ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13 (bsc#1219136).
* ASoC: amd: yc: Add DMI support for new acer/emdoor platforms (bsc#1219136).
* ASoC: amd: yc: Add HP 255 G10 into quirk table (bsc#1219136).
* ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table
(bsc#1219136).
* ASoC: amd: yc: Add MECHREVO Jiaolong Series MRID6 into DMI table
(bsc#1219136).
* ASoC: amd: yc: Add Razer Blade 14 2022 into DMI table (bsc#1219136).
* ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x
(bsc#1219136).
* ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x (bsc#1219136).
* ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x (bsc#1219136).
* ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table
(bsc#1219136).
* ASoC: amd: yc: Add Xiaomi Redmi Book Pro 15 2022 into DMI table
(bsc#1219136).
* ASoC: amd: yc: Add a module parameter to influence pdm_gain (bsc#1219136).
* ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16
Gen 4+ ARA to the Quirks List (bsc#1219136).
* ASoC: amd: yc: Adjust the gain for PDM DMIC (bsc#1219136).
* ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL (bsc#1219136).
* ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA (bsc#1219136).
* ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks
(bsc#1219136).
* ASoC: codecs: lpass-wsa-macro: fix compander volume hack (git-fixes).
* ASoC: codecs: wcd938x: fix headphones volume controls (git-fixes).
* ASoC: codecs: wcd938x: handle deferred probe (git-fixes).
* ASoC: cs35l33: Fix GPIO name and drop legacy include (git-fixes).
* ASoC: cs43130: Fix incorrect frame delay configuration (git-fixes).
* ASoC: cs43130: Fix the position of const qualifier (git-fixes).
* ASoC: da7219: Support low DC impedance headset (git-fixes).
* ASoC: nau8822: Fix incorrect type in assignment and cast to restricted
__be16 (git-fixes).
* ASoC: ops: add correct range check for limiting volume (git-fixes).
* ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[] (git-fixes).
* ASoC: rt5650: add mutex to avoid the jack detection failure (git-fixes).
* ASoC: sun4i-spdif: Fix requirements for H6 (git-fixes).
* ASoC: wm8974: Correct boost mixer inputs (git-fixes).
* Add DMI ID for MSI Bravo 15 B7ED (bsc#1219136).
* Bluetooth: Fix atomicity violation in {min,max}_key_size_set (git-fixes).
* Bluetooth: btmtkuart: fix recv_buf() return value (git-fixes).
* Documentation: Begin a RAS section (jsc#PED-7622).
* EDAC/amd64: Add context struct (jsc#PED-7615).
* EDAC/amd64: Add get_err_info() to pvt->ops (jsc#PED-7615).
* EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh
(jsc#PED-7616).
* EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (jsc#PED-7615).
* EDAC/amd64: Add support for family 0x19, models 0x90-9f devices
(jsc#PED-7622).
* EDAC/amd64: Allow for DF Indirect Broadcast reads (jsc#PED-7615).
* EDAC/amd64: Cache and use GPU node map (jsc#PED-7616).
* EDAC/amd64: Do not discover ECC symbol size for Family 17h and later
(jsc#PED-7615).
* EDAC/amd64: Do not set up EDAC PCI control on Family 17h+ (jsc#PED-7615).
* EDAC/amd64: Document heterogeneous system enumeration (jsc#PED-7616).
* EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (jsc#PED-7615).
* EDAC/amd64: Fix indentation in umc_determine_edac_cap() (jsc#PED-7615).
* EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt
(jsc#PED-7615).
* EDAC/amd64: Remove PCI Function 0 (jsc#PED-7615).
* EDAC/amd64: Remove PCI Function 6 (jsc#PED-7615).
* EDAC/amd64: Remove early_channel_count() (jsc#PED-7615).
* EDAC/amd64: Remove module version string (jsc#PED-7615).
* EDAC/amd64: Remove scrub rate control for Family 17h and later
(jsc#PED-7615).
* EDAC/amd64: Rename debug_display_dimm_sizes() (jsc#PED-7615).
* EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (jsc#PED-7615).
* EDAC/amd64: Rework hw_info_{get,put} (jsc#PED-7615).
* EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false
positive (jsc#PED-7615).
* EDAC/amd64: Split determine_edac_cap() into dct/umc functions
(jsc#PED-7615).
* EDAC/amd64: Split determine_memory_type() into dct/umc functions
(jsc#PED-7615).
* EDAC/amd64: Split dump_misc_regs() into dct/umc functions (jsc#PED-7615).
* EDAC/amd64: Split ecc_enabled() into dct/umc functions (jsc#PED-7615).
* EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions
(jsc#PED-7615).
* EDAC/amd64: Split init_csrows() into dct/umc functions (jsc#PED-7615).
* EDAC/amd64: Split prep_chip_selects() into dct/umc functions (jsc#PED-7615).
* EDAC/amd64: Split read_base_mask() into dct/umc functions (jsc#PED-7615).
* EDAC/amd64: Split read_mc_regs() into dct/umc functions (jsc#PED-7615).
* EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions
(jsc#PED-7615).
* EDAC/mc: Add new HBM2 memory type (jsc#PED-7616).
* EDAC/mc: Add support for HBM3 memory type (jsc#PED-7622).
* EDAC/mce_amd: Remove SMCA Extended Error code descriptions (jsc#PED-7622).
* EDAC/thunderx: Fix possible out-of-bounds string access (git-fixes).
* Fix crash in vmw_context_cotables_unref when 3d support is enabled
(bsc#1218738)
* HID: i2c-hid-of: fix NULL-deref on failed power up (git-fixes).
* HID: wacom: Correct behavior when processing some confidence == false
touches (git-fixes).
* IB/iser: Prevent invalidating wrong MR (git-fixes)
* Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID
(git-fixes).
* Input: atkbd - skip ATKBD_CMD_GETID in translated mode (git-fixes).
* Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (git-
fixes).
* Input: atkbd - use ab83 as id when skipping the getid command (git-fixes).
* Input: bcm5974 - check endpoint type before starting traffic (git-fixes).
* Input: i8042 - add nomux quirk for Acer P459-G2-M (git-fixes).
* Input: xpad - add Razer Wolverine V2 support (git-fixes).
* KVM: SVM: Update EFER software model on CR0 trap for SEV-ES (git-fixes).
* KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes
bsc#1218997).
* KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
* Limit kernel-source build to architectures for which the kernel binary is
built (bsc#1108281).
* PCI/AER: Configure ECRC only if AER is native (bsc#1218778)
* PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() (git-fixes).
* PCI: Add ACS quirk for more Zhaoxin Root Ports (git-fixes).
* PCI: keystone: Fix race condition when initializing PHYs (git-fixes).
* PM: hibernate: Enforce ordering during image compression/decompression (git-
fixes).
* RDMA/hns: Fix inappropriate err code for unsupported operations (git-fixes)
* RDMA/hns: Fix unnecessary err return when using invalid congest control
algorithm (git-fixes)
* RDMA/hns: Remove unnecessary checks for NULL in mtr_alloc_bufs() (git-fixes)
* RDMA/irdma: Add wait for suspend on SQD (git-fixes)
* RDMA/irdma: Avoid free the non-cqp_request scratch (git-fixes)
* RDMA/irdma: Do not modify to SQD on error (git-fixes)
* RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info() (git-fixes)
* RDMA/irdma: Refactor error handling in create CQP (git-fixes)
* RDMA/rtrs-clt: Fix the max_send_wr setting (git-fixes)
* RDMA/rtrs-clt: Remove the warnings for req in_use check (git-fixes)
* RDMA/rtrs-clt: Start hb after path_up (git-fixes)
* RDMA/rtrs-srv: Check return values while processing info request (git-fixes)
* RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (git-
fixes)
* RDMA/rtrs-srv: Do not unconditionally enable irq (git-fixes)
* RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (git-
fixes)
* RDMA/usnic: Silence uninitialized symbol smatch warnings (git-fixes)
* USB: xhci: workaround for grace period (git-fixes).
* Update config files: enable ASoC AMD PS drivers (bsc#1219136)
* Update patch reference for ax88179 fix (bsc#1218948)
* acpi: property: Let args be NULL in __acpi_node_get_property_reference (git-
fixes).
* aio: fix mremap after fork null-deref (git-fixes).
* apparmor: avoid crash when parsed profile name is empty (git-fixes).
* arm64: Add CNT{P,V}CTSS_EL0 alternatives to cnt{p,v}ct_el0 (jsc#PED-4729)
* arm64: Add a capability for FEAT_ECV (jsc#PED-4729) Use cpu_hwcaps
PLACEHOLDER_4 for HAS_ECV.
* arm64: alternative: patch alternatives in the vDSO (jsc#PED-4729)
* arm64: dts: armada-3720-turris-mox: set irq type for RTC (git-fixes)
* arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (git-
fixes)
* arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (git-fixes)
* arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (git-fixes)
* arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (git-fixes)
* arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (git-fixes)
* arm64: module: move find_section to header (jsc#PED-4729)
* arm64: vdso: Fix "no previous prototype" warning (jsc#PED-4729)
* arm64: vdso: remove two .altinstructions related symbols (jsc#PED-4729)
* arm64: vdso: use SYS_CNTVCTSS_EL0 for gettimeofday (jsc#PED-4729)
* asix: Add check for usbnet_get_endpoints (git-fixes).
* attr: block mode changes of symlinks (git-fixes).
* badblocks: add helper routines for badblock ranges handling (bsc#1174649).
* badblocks: add more helper structure and routines in badblocks.h
(bsc#1174649).
* badblocks: avoid checking invalid range in badblocks_check() (bsc#1174649).
* badblocks: improve badblocks_check() for multiple ranges handling
(bsc#1174649).
* badblocks: improve badblocks_clear() for multiple ranges handling
(bsc#1174649).
* badblocks: improve badblocks_set() for multiple ranges handling
(bsc#1174649).
* badblocks: switch to the improved badblock handling code (bsc#1174649).
* bpf: Limit the number of kprobes when attaching program to multiple kprobes
(git-fixes).
* bus: mhi: host: Add alignment check for event ring read pointer (git-fixes).
* bus: mhi: host: Add spinlock to protect WP access when queueing TREs (git-
fixes).
* bus: mhi: host: Drop chan lock before queuing buffers (git-fixes).
* ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION (bsc#1219568).
* clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config (git-fixes).
* clk: qcom: videocc-sm8150: Add missing PLL config property (git-fixes).
* clk: rockchip: rk3128: Fix HCLK_OTG gate register (git-fixes).
* clk: samsung: Fix kernel-doc comments (git-fixes).
* clk: si5341: fix an error code problem in si5341_output_clk_set_rate (git-
fixes).
* clk: zynqmp: Add a check for NULL pointer (git-fixes).
* clk: zynqmp: make bestdiv unsigned (git-fixes).
* clocksource: Skip watchdog check for large watchdog intervals (git-fixes).
* clocksource: disable watchdog checks on TSC when TSC is watchdog
(bsc#1215885).
* coresight: etm4x: Add ACPI support in platform driver (bsc#1218779)
* coresight: etm4x: Allocate and device assign 'struct etmv4_drvdata'
(bsc#1218779)
* coresight: etm4x: Change etm4_platform_driver driver for MMIO devices
(bsc#1218779)
* coresight: etm4x: Drop iomem 'base' argument from etm4_probe() (bsc#1218779)
* coresight: etm4x: Drop pid argument from etm4_probe() (bsc#1218779)
* coresight: etm4x: Ensure valid drvdata and clock before clk_put()
(bsc#1218779)
* coresight: platform: acpi: Ignore the absence of graph (bsc#1218779)
* crypto: ccp - fix memleak in ccp_init_dm_workarea (git-fixes).
* crypto: s390/aes - Fix buffer overread in CTR mode (git-fixes).
* crypto: sa2ul - Return crypto_aead_setkey to transfer the error (git-fixes).
* crypto: sahara - do not resize req->src when doing hash operations (git-
fixes).
* crypto: sahara - fix ahash reqsize (git-fixes).
* crypto: sahara - fix ahash selftest failure (git-fixes).
* crypto: sahara - fix cbc selftest failure (git-fixes).
* crypto: sahara - fix processing hash requests with req->nbytes <
sg->length (git-fixes).
* crypto: sahara - fix processing requests with cryptlen < sg->length (git-
fixes).
* crypto: sahara - fix wait_for_completion_timeout() error handling (git-
fixes).
* crypto: sahara - handle zero-length aes requests (git-fixes).
* crypto: sahara - improve error handling in sahara_sha_process() (git-fixes).
* crypto: sahara - remove FLAGS_NEW_KEY logic (git-fixes).
* crypto: scomp - fix req->dst buffer overflow (git-fixes).
* dma-debug: fix kernel-doc warnings (git-fixes).
* dmaengine: fix NULL pointer in channel unregistration function (git-fixes).
* dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (git-
fixes).
* dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (git-fixes).
* dmaengine: idxd: Protect int_handle field in hw descriptor (git-fixes).
* dmaengine: ti: k3-udma: Report short packet errors (git-fixes).
* doc/README.KSYMS: Add to repo.
* drivers/amd/pm: fix a use-after-free in kv_parse_power_table (git-fixes).
* drivers: clk: zynqmp: calculate closest mux rate (git-fixes).
* drivers: clk: zynqmp: update divider round rate logic (git-fixes).
* drm/amd/display: Fix tiled display misalignment (git-fixes).
* drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A (git-
fixes).
* drm/amd/display: add nv12 bounding box (git-fixes).
* drm/amd/display: get dprefclk ss info from integration info table (git-
fixes).
* drm/amd/display: make flip_timestamp_in_us a 64-bit variable (git-fixes).
* drm/amd/display: pbn_div need be updated for hotplug event (git-fixes).
* drm/amd/display: update dcn315 lpddr pstate latency (git-fixes).
* drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init (git-fixes).
* drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table (git-
fixes).
* drm/amd/pm: fix a double-free in si_dpm_init (git-fixes).
* drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in
'get_platform_power_management_table()' (git-fixes).
* drm/amdgpu/debugfs: fix error code when smc register accessors are NULL
(git-fixes).
* drm/amdgpu/pm: Fix the power source flag error (git-fixes).
* drm/amdgpu: Add NULL checks for function pointers (git-fixes).
* drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (git-fixes).
* drm/amdgpu: Fix '*fw' from request_firmware() not released in
'amdgpu_ucode_request()' (git-fixes).
* drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer
(git-fixes).
* drm/amdgpu: Fix ecc irq enable/disable unpaired (git-fixes).
* drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()' (git-
fixes).
* drm/amdgpu: Fix with right return code '-EIO' in
'amdgpu_gmc_vram_checking()' (git-fixes).
* drm/amdgpu: Let KFD sync with VM fences (git-fixes).
* drm/amdgpu: Release 'adev->pm.fw' before return in
'amdgpu_device_need_post()' (git-fixes).
* drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap (git-
fixes).
* drm/amdgpu: skip gpu_info fw loading on navi12 (git-fixes).
* drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in
kfd_topology.c (git-fixes).
* drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()'
(git-fixes).
* drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' (git-
fixes).
* drm/amdkfd: Fix lock dependency warning (git-fixes).
* drm/amdkfd: Fix lock dependency warning with srcu (git-fixes).
* drm/amdkfd: Use resource_size() helper function (git-fixes).
* drm/amdkfd: fixes for HMM mem allocation (git-fixes).
* drm/bridge: Fix typo in post_disable() description (git-fixes).
* drm/bridge: anx7625: Ensure bridge is suspended in disable() (git-fixes).
* drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable (git-fixes).
* drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (git-fixes).
* drm/bridge: nxp-ptn3460: simplify some error checking (git-fixes).
* drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable()
(git-fixes).
* drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case
(git-fixes).
* drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer (git-
fixes).
* drm/bridge: tc358767: Fix return value on error case (git-fixes).
* drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function
(git-fixes).
* drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (git-fixes).
* drm/crtc: fix uninitialized variable use (git-fixes).
* drm/drv: propagate errors from drm_modeset_register_all() (git-fixes).
* drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (git-
fixes).
* drm/exynos: fix a potential error pointer dereference (git-fixes).
* drm/exynos: fix a wrong error checking (git-fixes).
* drm/exynos: fix accidental on-stack copy of exynos_drm_plane (git-fixes).
* drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (git-
fixes).
* drm/framebuffer: Fix use of uninitialized variable (git-fixes).
* drm/mediatek: Return error if MDP RDMA failed to enable the clock (git-
fixes).
* drm/msm/dpu: Drop enable and frame_count parameters from dpu_hw_setup_misr()
(git-fixes).
* drm/msm/dpu: Ratelimit framedone timeout msgs (git-fixes).
* drm/msm/dpu: Set input_sel bit for INTF (git-fixes).
* drm/msm/dpu: fix writeback programming for YUV cases (git-fixes).
* drm/msm/dpu: rename dpu_encoder_phys_wb_setup_cdp to match its functionality
(git-fixes).
* drm/msm/dsi: Enable runtime PM (git-fixes).
* drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks (git-
fixes).
* drm/msm/mdp4: flush vblank event on disable (git-fixes).
* drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer (git-
fixes).
* drm/panel-edp: Add override_edid_mode quirk for generic edp (git-fixes).
* drm/panel-elida-kd35t133: hold panel in reset for unprepare (git-fixes).
* drm/panel: nt35510: fix typo (git-fixes).
* drm/panfrost: Ignore core_mask for poweroff and disable PWRTRANS irq (git-
fixes).
* drm/panfrost: Really power off GPU cores in panfrost_gpu_power_off() (git-
fixes).
* drm/radeon/dpm: fix a memleak in sumo_parse_power_table (git-fixes).
* drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (git-
fixes).
* drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (git-
fixes).
* drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (git-
fixes).
* drm/radeon: check return value of radeon_ring_lock() (git-fixes).
* drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
(git-fixes).
* drm/tidss: Check for K2G in in dispc_softreset() (git-fixes).
* drm/tidss: Fix atomic_flush check (git-fixes).
* drm/tidss: Fix dss reset (git-fixes).
* drm/tidss: Move reset to the end of dispc_init() (git-fixes).
* drm/tidss: Return error value from from softreset (git-fixes).
* drm/tilcdc: Fix irq free on unload (git-fixes).
* drm: Do not unref the same fb many times by mistake due to deadlock handling
(git-fixes).
* drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (git-
fixes).
* drm: using mul_u32_u32() requires linux/math64.h (git-fixes).
* dt-bindings: gpio: Remove FSI domain ports on Tegra234 (jsc#PED-6694)
* efi/libstub: Disable PCI DMA before grabbing the EFI memory map (git-fixes).
* eventfd: prevent underflow for eventfd semaphores (git-fixes).
* exfat: fix reporting fs error when reading dir beyond EOF (git-fixes).
* exfat: support handle zero-size directory (git-fixes).
* exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree (git-fixes).
* fbdev: Only disable sysfb on the primary device (bsc#1216441)
* fbdev: Only disable sysfb on the primary device (bsc#1216441) Update an
existing patch to fix bsc#1216441.
* fbdev: flush deferred IO before closing (git-fixes).
* fbdev: flush deferred work in fb_deferred_io_fsync() (git-fixes).
* fbdev: imxfb: fix left margin setting (git-fixes).
* fbdev: mmp: Fix typo and wording in code comment (git-fixes).
* firewire: core: correct documentation of fw_csr_string() kernel API (git-
fixes).
* firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and
ASM108x/VT630x PCIe cards (git-fixes).
* firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (git-fixes).
* fjes: fix memleaks in fjes_hw_setup (git-fixes).
* fs/mount_setattr: always cleanup mount_kattr (git-fixes).
* fs: Fix error checking for d_hash_and_lookup() (git-fixes).
* fs: Move notify_change permission checks into may_setattr (git-fixes).
* fs: do not audit the capability check in simple_xattr_list() (git-fixes).
* fs: drop peer group ids under namespace lock (git-fixes).
* fs: indicate request originates from old mount API (git-fixes).
* fs: sendfile handles O_NONBLOCK of out_fd (git-fixes).
* fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659).
* gfs2: Always check inode size of inline inodes (git-fixes).
* gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (git-fixes).
* gfs2: Disable page faults during lockless buffered reads (git-fixes).
* gfs2: Eliminate ip->i_gh (git-fixes).
* gfs2: Eliminate vestigial HIF_FIRST (git-fixes).
* gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (git-fixes).
* gfs2: Introduce flag for glock holder auto-demotion (git-fixes).
* gfs2: Move the inode glock locking to gfs2_file_buffered_write (git-fixes).
* gfs2: Remove redundant check from gfs2_glock_dq (git-fixes).
* gfs2: Switch to wait_event in gfs2_logd (git-fixes).
* gfs2: assign rgrp glock before compute_bitstructs (git-fixes).
* gfs2: low-memory forced flush fixes (git-fixes).
* gfs2: release iopen glock early in evict (git-fixes).
* gpio: eic-sprd: Clear interrupt after set the interrupt type (git-fixes).
* gpu/drm/radeon: fix two memleaks in radeon_vm_init (git-fixes).
* hv_netvsc: rndis_filter needs to select NLS (git-fixes).
* hwmon: (corsair-psu) Fix probe when built-in (git-fixes).
* hwrng: core - Fix page fault dead lock on mmap-ed hwrng (git-fixes).
* i2c: rk3x: fix potential spinlock recursion on poll (git-fixes).
* i2c: s3c24xx: fix read transfers in polling mode (git-fixes).
* i2c: s3c24xx: fix transferring more than one message in polling mode (git-
fixes).
* iio: adc: ad7091r: Pass iio_dev to event handler (git-fixes).
* iio: adc: ad9467: add mutex to struct ad9467_state (git-fixes).
* iio: adc: ad9467: do not ignore error codes (git-fixes).
* iio: adc: ad9467: fix reset gpio handling (git-fixes).
* ipmi: Use regspacings passed as a module parameter (git-fixes).
* kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
* kabi/severities: ignore ASoC AMD acp driver symbols (bsc#1219136)
* kabi/severities: ignore _rtl92c_phy_calculate_bit_shift symbol It's an
internal function that shouldn't have been exported
* kdb: Fix a potential buffer overflow in kdb_local() (git-fixes).
* kernel-doc: handle a void function without producing a warning (git-fixes).
* kernel-source: Fix description typo
* kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR (git-
fixes).
* leds: aw2013: Select missing dependency REGMAP_I2C (git-fixes).
* leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (git-fixes).
* libapi: Add missing linux/types.h header to get the __u64 type on io.h (git-
fixes).
* md: fix bi_status reporting in md_end_clone_io (bsc#1210443).
* media: cx231xx: fix a memleak in cx231xx_init_isoc (git-fixes).
* media: dt-bindings: ov8856: decouple lanes and link frequency from driver
(git-fixes).
* media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path
of m88ds3103_probe() (git-fixes).
* media: imx355: Enable runtime PM before registering async sub-device (git-
fixes).
* media: ov9734: Enable runtime PM before registering async sub-device (git-
fixes).
* media: pvrusb2: fix use after free on context disconnection (git-fixes).
* media: rkisp1: Disable runtime PM in probe error path (git-fixes).
* media: rkisp1: Fix media device memory leak (git-fixes).
* media: rkisp1: Read the ID register at probe time instead of streamon (git-
fixes).
* media: videobuf2-dma-sg: fix vmap callback (git-fixes).
* mfd: intel-lpss: Fix the fractional clock divider flags (git-fixes).
* misc: fastrpc: Mark all sessions as invalid in cb_remove (git-fixes).
* mkspec: Include constraints for both multibuild and plain package always
There is no need to check for multibuild flag, the constraints can be always
generated for both cases.
* mkspec: Use variant in constraints template Constraints are not applied
consistently with kernel package variants. Add variant to the constraints
template as appropriate, and expand it in mkspec.
* mm: fs: initialize fsdata passed to write_begin/write_end interface (git-
fixes).
* mmc: core: Cancel delayed work before releasing host (git-fixes).
* modpost: move **attribute** ((format(printf, 2, 3))) to modpost.h (git-
fixes).
* mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (git-fixes).
* mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (git-
fixes).
* mtd: rawnand: pl353: Fix kernel doc (git-fixes).
* mtd: rawnand: rockchip: Add missing title to a kernel doc comment (git-
fixes).
* mtd: rawnand: rockchip: Rename a structure (git-fixes).
* net: phy: micrel: populate .soft_reset for KSZ9131 (git-fixes).
* net: usb: ax88179_178a: Bind only to vendor-specific interface
(bsc#1218948).
* net: usb: ax88179_178a: avoid two consecutive device resets (bsc#1218948).
* net: usb: ax88179_178a: move priv to driver_priv (git-fixes).
* net: usb: ax88179_178a: remove redundant init code (git-fixes).
* net: usb: ax88179_178a: restore state on resume (bsc#1218948).
* nfc: nci: free rx_data_reassembly skb on NCI device cleanup (git-fixes).
* nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
* nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
* nouveau/tu102: flush all pdbs on vmm flush (git-fixes).
* nouveau/vmm: do not set addr on the fail path to avoid warning (git-fixes).
* nsfs: add compat ioctl handler (git-fixes).
* nvme-loop: always quiesce and cancel commands before destroying admin q
(bsc#1211515).
* nvme-pci: add BOGUS_NID for Intel 0a54 device (git-fixes).
* nvme-pci: fix sleeping function called from interrupt context (git-fixes).
* nvme-rdma: Fix transfer length when write_generate/read_verify are 0 (git-
fixes).
* nvme-tcp: avoid open-coding nvme_tcp_teardown_admin_queue() (bsc#1211515).
* nvme: fix max_discard_sectors calculation (git-fixes).
* nvme: introduce helper function to get ctrl state (git-fixes).
* nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515).
* nvme: start keep-alive after admin queue setup (bsc#1211515).
* nvme: trace: avoid memcpy overflow warning (git-fixes).
* nvmet: re-fix tracing strncpy() warning (git-fixes).
* of: Fix double free in of_parse_phandle_with_args_map (git-fixes).
* of: unittest: Fix of_count_phandle_with_args() expected value message (git-
fixes).
* parport: parport_serial: Add Brainboxes BAR details (git-fixes).
* parport: parport_serial: Add Brainboxes device IDs and geometry (git-fixes).
* perf/x86/intel/uncore: Factor out topology_gidnid_map() (bsc#1218958).
* perf/x86/intel/uncore: Fix NULL pointer dereference issue in
upi_fill_topology() (bsc#1218958).
* perf/x86/uncore: Use u64 to replace unsigned for the uncore offsets array
(bsc#1219512).
* phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (git-fixes).
* phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (git-fixes).
* pinctrl: intel: Revert "Unexport intel_pinctrl_probe()" (git-fixes).
* platform/x86/amd/hsmp: Fix iomem handling (jsc#PED-7620).
* platform/x86/amd/hsmp: add support for metrics tbl (jsc#PED-7620).
* platform/x86/amd/hsmp: create plat specific struct (jsc#PED-7620).
* platform/x86/amd/hsmp: improve the error log (jsc#PED-7620).
* platform/x86: ISST: Reduce noise for missing numa information in logs
(bsc#1219285).
* platform/x86: use PLATFORM_DEVID_NONE instead of -1 (jsc#PED-7620).
* power: supply: bq256xx: fix some problem in bq256xx_hw_init (git-fixes).
* power: supply: cw2015: correct time_to_empty units in sysfs (git-fixes).
* powerpc/fadump: reset dump area size if fadump memory reserve fails
(bsc#1194869).
* powerpc/powernv: Add a null pointer check in opal_event_init()
(bsc#1065729).
* powerpc/powernv: Add a null pointer check in opal_powercap_init()
(bsc#1181674 ltc#189159 git-fixes).
* powerpc/powernv: Add a null pointer check to scom_debug_init_one()
(bsc#1194869).
* powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-
IOV device (bsc#1212091 ltc#199106 git-fixes).
* powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729).
* powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
(bsc#1194869).
* powerpc/pseries: fix potential memory leak in init_cpu_associativity()
(bsc#1194869).
* powerpc/xive: Fix endian conversion size (bsc#1194869).
* pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-
fixes).
* pwm: Fix out-of-bounds access in of_pwm_single_xlate() (git-fixes).
* pwm: jz4740: Do not use dev_err_probe() in .request() (git-fixes).
* pwm: stm32: Fix enable count for clk in .probe() (git-fixes).
* pwm: stm32: Use hweight32 in stm32_pwm_detect_channels (git-fixes).
* pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable (git-
fixes).
* r8152: add vendor/device ID pair for ASUS USB-C2500 (git-fixes).
* r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes).
* reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (git-
fixes).
* ring-buffer/Documentation: Add documentation on buffer_percent file (git-
fixes).
* ring-buffer: Do not record in NMI if the arch does not support cmpxchg in
NMI (git-fixes).
* s390/dasd: fix double module refcount decrement (bsc#1141539).
* s390/pci: fix max size calculation in zpci_memcpy_toio() (git-fixes
bsc#1219006).
* s390/vfio-ap: always filter entire AP matrix (git-fixes bsc#1219012).
* s390/vfio-ap: let on_scan_complete() callback filter matrix and update
guest's APCB (git-fixes bsc#1219014).
* s390/vfio-ap: loop over the shadow APCB when filtering guest's AP
configuration (git-fixes bsc#1219013).
* s390/vfio-ap: unpin pages on gisc registration failure (git-fixes
bsc#1218723).
* s390: vfio-ap: tighten the NIB validity check (git-fixes).
* sched/isolation: add cpu_is_isolated() API (bsc#1217895).
* scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (git-fixes).
* scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes).
* scsi: core: Always send batch on reset or error handling command (git-
fixes).
* scsi: fnic: Return error if vmalloc() failed (git-fixes).
* scsi: hisi_sas: Correct the number of global debugfs registers (git-fixes).
* scsi: hisi_sas: Fix normally completed I/O analysed as failed (git-fixes).
* scsi: hisi_sas: Fix warnings detected by sparse (git-fixes).
* scsi: hisi_sas: Modify v3 HW SATA completion error processing (git-fixes).
* scsi: hisi_sas: Modify v3 HW SSP underflow error processing (git-fixes).
* scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT (git-fixes).
* scsi: hisi_sas: Replace with standard error code return value (git-fixes).
* scsi: hisi_sas: Rollback some operations if FLR failed (git-fixes).
* scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs (git-
fixes).
* scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code
(git-fixes).
* scsi: ibmvfc: Implement channel queue depth and event buffer accounting
(bsc#1209834 ltc#202097).
* scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834
ltc#202097).
* scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param() (git-fixes).
* scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
(git-fixes).
* scsi: lpfc: Change VMID driver load time parameters to read only
(bsc#1219582).
* scsi: lpfc: Move determination of vmid_flag after VMID reinitialization
completes (bsc#1219582).
* scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC
(bsc#1219582).
* scsi: lpfc: Update lpfc version to 14.2.0.17 (bsc#1219582).
* scsi: megaraid_sas: Fix deadlock on firmware crashdump (git-fixes).
* scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for
selected registers (git-fixes).
* scsi: mpt3sas: Fix an outdated comment (git-fixes).
* scsi: mpt3sas: Fix in error path (git-fixes).
* scsi: mpt3sas: Fix loop logic (bsc#1219067).
* scsi: mpt3sas: Fix loop logic (git-fixes).
* scsi: pm80xx: Avoid leaking tags when processing
OPC_INB_SET_CONTROLLER_CONFIG command (git-fixes).
* scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command
(git-fixes).
* scsi: qla2xxx: Fix system crash due to bad pointer access (git-fixes).
* selftests/net: fix grep checking for fib_nexthop_multiprefix (git-fixes).
* serial: 8250: omap: Do not skip resource freeing if
pm_runtime_resume_and_get() failed (git-fixes).
* serial: core: Fix atomicity violation in uart_tiocmget (git-fixes).
* serial: imx: Correct clock error message in function probe() (git-fixes).
* serial: imx: fix tx statemachine deadlock (git-fixes).
* serial: max310x: fail probe if clock crystal is unstable (git-fixes).
* serial: max310x: improve crystal stable clock detection (git-fixes).
* serial: max310x: set default value when reading clock ready bit (git-fixes).
* serial: sc16is7xx: add check for unsupported SPI modes during probe (git-
fixes).
* serial: sc16is7xx: set safe default SPI clock frequency (git-fixes).
* serial: sccnxp: Improve error message if regulator_disable() fails (git-
fixes).
* shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs (git-
fixes).
* software node: Let args be NULL in software_node_get_reference_args (git-
fixes).
* spi: spi-zynqmp-gqspi: fix driver kconfig dependencies (git-fixes).
* swiotlb-xen: provide the "max_mapping_size" method (git-fixes).
* swiotlb: fix a braino in the alignment check fix (bsc#1216559).
* swiotlb: fix slot alignment checks (bsc#1216559).
* trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
* tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes).
* tracing/trigger: Fix to return error if failed to alloc snapshot (git-
fixes).
* tracing: Add size check when printing trace_marker output (git-fixes).
* tracing: Ensure visibility when inserting an element into tracing_map (git-
fixes).
* tracing: Fix uaf issue when open the hist or hist_debug file (git-fixes).
* tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing
(git-fixes).
* ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under @c->lp_mutex
(git-fixes).
* ubifs: ubifs_link: Fix wrong name len calculating when UBIFS is encrypted
(git-fixes).
* ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (git-
fixes).
* uio: Fix use-after-free in uio_open (git-fixes).
* usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled (git-
fixes).
* usb: cdns3: fix uvc failure work since sg support enabled (git-fixes).
* usb: chipidea: wait controller resume finished for wakeup irq (git-fixes).
* usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (git-fixes).
* usb: fsl-mph-dr-of: mark fsl_usb2_mpc5121_init() static (git-fixes).
* usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-
fixes).
* usb: mon: Fix atomicity violation in mon_bin_vma_fault (git-fixes).
* usb: otg numberpad exception (bsc#1218527).
* usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host()
(git-fixes).
* usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes).
* usb: ucsi: Add missing ppm_lock (git-fixes).
* usb: ucsi_acpi: Fix command completion handling (git-fixes).
* usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer (git-
fixes).
* usr/Kconfig: fix typos of "its" (git-fixes).
* vfs: make freeze_super abort when sync_filesystem returns error (git-fixes).
* vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE (git-fixes).
* virtio-mmio: fix memory leak of vm_dev (git-fixes).
* virtio_balloon: Fix endless deflation and inflation on arm64 (git-fixes).
* vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
* vsock/virtio: Fix unsigned integer wrap around in
virtio_transport_has_space() (git-fixes).
* watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO (git-fixes).
* watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (git-fixes).
* watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused
(git-fixes).
* watchdog: set cdev owner before adding (git-fixes).
* wifi: ath11k: Defer on rproc_get failure (git-fixes).
* wifi: cfg80211: lock wiphy mutex for rfkill poll (git-fixes).
* wifi: iwlwifi: mvm: send TX path flush in rfkill (git-fixes).
* wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request (git-
fixes).
* wifi: iwlwifi: pcie: avoid a NULL pointer dereference (git-fixes).
* wifi: libertas: stop selecting wext (git-fixes).
* wifi: mt76: fix broken precal loading from MTD for mt7915 (git-fixes).
* wifi: mt76: mt7921s: fix workqueue problem causes STA association fail (git-
fixes).
* wifi: mwifiex: configure BSSID consistently when starting AP (git-fixes).
* wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (git-fixes).
* wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (git-
fixes).
* wifi: rtlwifi: add calculate_bit_shift() (git-fixes).
* wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (git-fixes).
* wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (git-fixes).
* wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (git-fixes).
* wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (git-fixes).
* wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (git-fixes).
* wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (git-fixes).
* wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (git-fixes).
* wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (git-
fixes).
* wifi: rtw88: fix RX filter in FIF_ALLMULTI flag (git-fixes).
* x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (jsc#PED-7616).
* x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (jsc#PED-7622).
* x86/MCE/AMD: Split amd_mce_is_memory_error() (jsc#PED-7623).
* x86/amd_nb: Add AMD Family MI300 PCI IDs (jsc#PED-7622).
* x86/amd_nb: Add MI200 PCI IDs (jsc#PED-7616).
* x86/cpu: Merge Intel and AMD ppin_init() functions (jsc#PED-7615).
* x86/cpu: Read/save PPIN MSR during initialization (jsc#PED-7615).
* x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
* x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM (git-fixes).
* x86/hyperv: Use atomic_try_cmpxchg() to micro-optimize hv_nmi_unknown()
(git-fixes).
* x86/mce: Cleanup mce_usable_address() (jsc#PED-7623).
* x86/mce: Define amd_mce_usable_address() (jsc#PED-7623).
* xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled (git-fixes).
* xen/events: fix delayed eoi list handling (git-fixes).
* xhci: Add grace period after xHC start to prevent premature runtime suspend
(git-fixes).
* xhci: cleanup xhci_hub_control port references (git-fixes).
* xhci: pass port pointer as parameter to xhci_set_port_power() (git-fixes).
* xhci: track port suspend state correctly in unsuccessful resume cases (git-
fixes).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-469=1 openSUSE-SLE-15.5-2024-469=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-469=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-469=1

* SUSE Real Time Module 15-SP5
zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2024-469=1

## Package List:

* openSUSE Leap 15.5 (noarch)
* kernel-devel-rt-5.14.21-150500.13.35.1
* kernel-source-rt-5.14.21-150500.13.35.1
* openSUSE Leap 15.5 (x86_64)
* kernel-rt-devel-5.14.21-150500.13.35.1
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.35.1
* reiserfs-kmp-rt-5.14.21-150500.13.35.1
* kernel-livepatch-5_14_21-150500_13_35-rt-debuginfo-1-150500.11.5.1
* kselftests-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.35.1
* kernel-rt-livepatch-devel-5.14.21-150500.13.35.1
* cluster-md-kmp-rt-5.14.21-150500.13.35.1
* kernel-rt_debug-vdso-5.14.21-150500.13.35.1
* kernel-rt-debuginfo-5.14.21-150500.13.35.1
* dlm-kmp-rt-5.14.21-150500.13.35.1
* gfs2-kmp-rt-5.14.21-150500.13.35.1
* reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-rt-livepatch-5.14.21-150500.13.35.1
* kernel-rt-optional-debuginfo-5.14.21-150500.13.35.1
* kernel-rt-debugsource-5.14.21-150500.13.35.1
* kernel-rt-extra-debuginfo-5.14.21-150500.13.35.1
* kernel-livepatch-SLE15-SP5-RT_Update_10-debugsource-1-150500.11.5.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-rt_debug-debuginfo-5.14.21-150500.13.35.1
* kernel-rt_debug-debugsource-5.14.21-150500.13.35.1
* kernel-livepatch-5_14_21-150500_13_35-rt-1-150500.11.5.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.35.1
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kselftests-kmp-rt-5.14.21-150500.13.35.1
* kernel-rt-vdso-5.14.21-150500.13.35.1
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-rt_debug-livepatch-devel-5.14.21-150500.13.35.1
* kernel-rt_debug-devel-5.14.21-150500.13.35.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-syms-rt-5.14.21-150500.13.35.1
* kernel-rt-devel-debuginfo-5.14.21-150500.13.35.1
* kernel-rt-extra-5.14.21-150500.13.35.1
* kernel-rt-optional-5.14.21-150500.13.35.1
* ocfs2-kmp-rt-5.14.21-150500.13.35.1
* openSUSE Leap 15.5 (nosrc x86_64)
* kernel-rt_debug-5.14.21-150500.13.35.1
* kernel-rt-5.14.21-150500.13.35.1
* SUSE Linux Enterprise Micro 5.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.35.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* kernel-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-rt-debugsource-5.14.21-150500.13.35.1
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_35-rt-debuginfo-1-150500.11.5.1
* kernel-livepatch-5_14_21-150500_13_35-rt-1-150500.11.5.1
* kernel-livepatch-SLE15-SP5-RT_Update_10-debugsource-1-150500.11.5.1
* SUSE Real Time Module 15-SP5 (x86_64)
* kernel-rt-devel-5.14.21-150500.13.35.1
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.35.1
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.35.1
* cluster-md-kmp-rt-5.14.21-150500.13.35.1
* kernel-rt_debug-vdso-5.14.21-150500.13.35.1
* kernel-rt-debuginfo-5.14.21-150500.13.35.1
* dlm-kmp-rt-5.14.21-150500.13.35.1
* gfs2-kmp-rt-5.14.21-150500.13.35.1
* kernel-rt-debugsource-5.14.21-150500.13.35.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-rt_debug-debuginfo-5.14.21-150500.13.35.1
* kernel-rt_debug-debugsource-5.14.21-150500.13.35.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.35.1
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-rt-vdso-5.14.21-150500.13.35.1
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-rt_debug-devel-5.14.21-150500.13.35.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-syms-rt-5.14.21-150500.13.35.1
* kernel-rt-devel-debuginfo-5.14.21-150500.13.35.1
* ocfs2-kmp-rt-5.14.21-150500.13.35.1
* SUSE Real Time Module 15-SP5 (noarch)
* kernel-devel-rt-5.14.21-150500.13.35.1
* kernel-source-rt-5.14.21-150500.13.35.1
* SUSE Real Time Module 15-SP5 (nosrc x86_64)
* kernel-rt_debug-5.14.21-150500.13.35.1
* kernel-rt-5.14.21-150500.13.35.1

## References:

* https://www.suse.com/security/cve/CVE-2021-33631.html
* https://www.suse.com/security/cve/CVE-2023-46838.html
* https://www.suse.com/security/cve/CVE-2023-47233.html
* https://www.suse.com/security/cve/CVE-2023-4921.html
* https://www.suse.com/security/cve/CVE-2023-51042.html
* https://www.suse.com/security/cve/CVE-2023-51043.html
* https://www.suse.com/security/cve/CVE-2023-51780.html
* https://www.suse.com/security/cve/CVE-2023-51782.html
* https://www.suse.com/security/cve/CVE-2023-6040.html
* https://www.suse.com/security/cve/CVE-2023-6356.html
* https://www.suse.com/security/cve/CVE-2023-6531.html
* https://www.suse.com/security/cve/CVE-2023-6535.html
* https://www.suse.com/security/cve/CVE-2023-6536.html
* https://www.suse.com/security/cve/CVE-2023-6915.html
* https://www.suse.com/security/cve/CVE-2024-0565.html
* https://www.suse.com/security/cve/CVE-2024-0641.html
* https://www.suse.com/security/cve/CVE-2024-0775.html
* https://www.suse.com/security/cve/CVE-2024-1085.html
* https://www.suse.com/security/cve/CVE-2024-1086.html
* https://bugzilla.suse.com/show_bug.cgi?id=1065729
* https://bugzilla.suse.com/show_bug.cgi?id=1108281
* https://bugzilla.suse.com/show_bug.cgi?id=1141539
* https://bugzilla.suse.com/show_bug.cgi?id=1174649
* https://bugzilla.suse.com/show_bug.cgi?id=1181674
* https://bugzilla.suse.com/show_bug.cgi?id=1193285
* https://bugzilla.suse.com/show_bug.cgi?id=1194869
* https://bugzilla.suse.com/show_bug.cgi?id=1209834
* https://bugzilla.suse.com/show_bug.cgi?id=1210443
* https://bugzilla.suse.com/show_bug.cgi?id=1211515
* https://bugzilla.suse.com/show_bug.cgi?id=1212091
* https://bugzilla.suse.com/show_bug.cgi?id=1214377
* https://bugzilla.suse.com/show_bug.cgi?id=1215275
* https://bugzilla.suse.com/show_bug.cgi?id=1215885
* https://bugzilla.suse.com/show_bug.cgi?id=1216441
* https://bugzilla.suse.com/show_bug.cgi?id=1216559
* https://bugzilla.suse.com/show_bug.cgi?id=1216702
* https://bugzilla.suse.com/show_bug.cgi?id=1217895
* https://bugzilla.suse.com/show_bug.cgi?id=1217987
* https://bugzilla.suse.com/show_bug.cgi?id=1217988
* https://bugzilla.suse.com/show_bug.cgi?id=1217989
* https://bugzilla.suse.com/show_bug.cgi?id=1218005
* https://bugzilla.suse.com/show_bug.cgi?id=1218447
* https://bugzilla.suse.com/show_bug.cgi?id=1218527
* https://bugzilla.suse.com/show_bug.cgi?id=1218659
* https://bugzilla.suse.com/show_bug.cgi?id=1218713
* https://bugzilla.suse.com/show_bug.cgi?id=1218723
* https://bugzilla.suse.com/show_bug.cgi?id=1218730
* https://bugzilla.suse.com/show_bug.cgi?id=1218738
* https://bugzilla.suse.com/show_bug.cgi?id=1218752
* https://bugzilla.suse.com/show_bug.cgi?id=1218757
* https://bugzilla.suse.com/show_bug.cgi?id=1218768
* https://bugzilla.suse.com/show_bug.cgi?id=1218778
* https://bugzilla.suse.com/show_bug.cgi?id=1218779
* https://bugzilla.suse.com/show_bug.cgi?id=1218804
* https://bugzilla.suse.com/show_bug.cgi?id=1218832
* https://bugzilla.suse.com/show_bug.cgi?id=1218836
* https://bugzilla.suse.com/show_bug.cgi?id=1218916
* https://bugzilla.suse.com/show_bug.cgi?id=1218948
* https://bugzilla.suse.com/show_bug.cgi?id=1218958
* https://bugzilla.suse.com/show_bug.cgi?id=1218968
* https://bugzilla.suse.com/show_bug.cgi?id=1218997
* https://bugzilla.suse.com/show_bug.cgi?id=1219006
* https://bugzilla.suse.com/show_bug.cgi?id=1219012
* https://bugzilla.suse.com/show_bug.cgi?id=1219013
* https://bugzilla.suse.com/show_bug.cgi?id=1219014
* https://bugzilla.suse.com/show_bug.cgi?id=1219053
* https://bugzilla.suse.com/show_bug.cgi?id=1219067
* https://bugzilla.suse.com/show_bug.cgi?id=1219120
* https://bugzilla.suse.com/show_bug.cgi?id=1219128
* https://bugzilla.suse.com/show_bug.cgi?id=1219136
* https://bugzilla.suse.com/show_bug.cgi?id=1219285
* https://bugzilla.suse.com/show_bug.cgi?id=1219349
* https://bugzilla.suse.com/show_bug.cgi?id=1219412
* https://bugzilla.suse.com/show_bug.cgi?id=1219429
* https://bugzilla.suse.com/show_bug.cgi?id=1219434
* https://bugzilla.suse.com/show_bug.cgi?id=1219490
* https://bugzilla.suse.com/show_bug.cgi?id=1219512
* https://bugzilla.suse.com/show_bug.cgi?id=1219568
* https://bugzilla.suse.com/show_bug.cgi?id=1219582
* https://jira.suse.com/browse/PED-4729
* https://jira.suse.com/browse/PED-6694
* https://jira.suse.com/browse/PED-7322
* https://jira.suse.com/browse/PED-7615
* https://jira.suse.com/browse/PED-7616
* https://jira.suse.com/browse/PED-7620
* https://jira.suse.com/browse/PED-7622
* https://jira.suse.com/browse/PED-7623



SUSE-SU-2024:0473-1: important: Security update for tomcat10


# Security update for tomcat10

Announcement ID: SUSE-SU-2024:0473-1
Rating: important
References:

* bsc#1219208

Cross-References:

* CVE-2024-22029

CVSS scores:

* CVE-2024-22029 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* Web and Scripting Module 15-SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for tomcat10 fixes the following issues:

* CVE-2024-22029: Fixed escalation to root from tomcat user via %post script.
(bsc#1219208)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-473=1

* Web and Scripting Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2024-473=1

## Package List:

* openSUSE Leap 15.5 (noarch)
* tomcat10-admin-webapps-10.1.18-150200.5.11.1
* tomcat10-el-5_0-api-10.1.18-150200.5.11.1
* tomcat10-docs-webapp-10.1.18-150200.5.11.1
* tomcat10-jsp-3_1-api-10.1.18-150200.5.11.1
* tomcat10-10.1.18-150200.5.11.1
* tomcat10-lib-10.1.18-150200.5.11.1
* tomcat10-webapps-10.1.18-150200.5.11.1
* tomcat10-embed-10.1.18-150200.5.11.1
* tomcat10-servlet-6_0-api-10.1.18-150200.5.11.1
* tomcat10-jsvc-10.1.18-150200.5.11.1
* Web and Scripting Module 15-SP5 (noarch)
* tomcat10-admin-webapps-10.1.18-150200.5.11.1
* tomcat10-el-5_0-api-10.1.18-150200.5.11.1
* tomcat10-jsp-3_1-api-10.1.18-150200.5.11.1
* tomcat10-lib-10.1.18-150200.5.11.1
* tomcat10-10.1.18-150200.5.11.1
* tomcat10-webapps-10.1.18-150200.5.11.1
* tomcat10-servlet-6_0-api-10.1.18-150200.5.11.1

## References:

* https://www.suse.com/security/cve/CVE-2024-22029.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219208



SUSE-SU-2024:0459-1: important: Security update for runc


# Security update for runc

Announcement ID: SUSE-SU-2024:0459-1
Rating: important
References:

* bsc#1218894

Cross-References:

* CVE-2024-21626

CVSS scores:

* CVE-2024-21626 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2024-21626 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products:

* Containers Module 15-SP4
* Containers Module 15-SP5
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for runc fixes the following issues:

* Update to runc v1.1.12 (bsc#1218894)

The following CVE was already fixed with the previous release.

* CVE-2024-21626: Fixed container breakout.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2024-459=1

* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2024-459=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-459=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-459=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-459=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-459=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-459=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-459=1

* Containers Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2024-459=1

* Containers Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-459=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-459=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-459=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-459=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-459=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-459=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-459=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-459=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-459=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-459=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-459=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-459=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-459=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-459=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-459=1

## Package List:

* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* Containers Module 15-SP4 (aarch64 ppc64le s390x)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* runc-1.1.12-150000.61.2
* runc-debuginfo-1.1.12-150000.61.2

## References:

* https://www.suse.com/security/cve/CVE-2024-21626.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218894



SUSE-SU-2024:0435-1: moderate: Security update for netpbm


# Security update for netpbm

Announcement ID: SUSE-SU-2024:0435-1
Rating: moderate
References:

* bsc#1022790
* bsc#1022791

Cross-References:

* CVE-2017-5849

CVSS scores:

* CVE-2017-5849 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
* CVE-2017-5849 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP5
* Desktop Applications Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for netpbm fixes the following issues:

* CVE-2017-5849: Fixed out-of-bound read and write issue that can occur in
function putgreytile() and put1bitbwtile() (bsc#1022790, bsc#1022791).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-435=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-435=1

* Desktop Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-435=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* netpbm-10.80.1-150000.3.14.1
* netpbm-debugsource-10.80.1-150000.3.14.1
* libnetpbm11-10.80.1-150000.3.14.1
* libnetpbm11-debuginfo-10.80.1-150000.3.14.1
* libnetpbm-devel-10.80.1-150000.3.14.1
* netpbm-vulnerable-debuginfo-10.80.1-150000.3.14.1
* netpbm-debuginfo-10.80.1-150000.3.14.1
* netpbm-vulnerable-10.80.1-150000.3.14.1
* openSUSE Leap 15.5 (x86_64)
* libnetpbm11-32bit-10.80.1-150000.3.14.1
* libnetpbm11-32bit-debuginfo-10.80.1-150000.3.14.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* netpbm-10.80.1-150000.3.14.1
* netpbm-debugsource-10.80.1-150000.3.14.1
* libnetpbm11-10.80.1-150000.3.14.1
* libnetpbm11-debuginfo-10.80.1-150000.3.14.1
* netpbm-debuginfo-10.80.1-150000.3.14.1
* Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* netpbm-debugsource-10.80.1-150000.3.14.1
* netpbm-debuginfo-10.80.1-150000.3.14.1
* libnetpbm-devel-10.80.1-150000.3.14.1

## References:

* https://www.suse.com/security/cve/CVE-2017-5849.html
* https://bugzilla.suse.com/show_bug.cgi?id=1022790
* https://bugzilla.suse.com/show_bug.cgi?id=1022791



SUSE-SU-2024:0428-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP4)

Announcement ID: SUSE-SU-2024:0428-1
Rating: important
References:

* bsc#1217522
* bsc#1218255

Cross-References:

* CVE-2023-6176
* CVE-2023-6932

CVSS scores:

* CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6176 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6932 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6932 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_97 fixes several issues.

The following security issues were fixed:

* CVE-2023-6932: Fixed a use-after-free vulnerability in the ipv4 igmp
component that could lead to local privilege escalation (bsc#1218255).
* CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm
scatterwalk functionality (bsc#1217522).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-428=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-428=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_97-default-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_20-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_97-default-debuginfo-2-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_97-default-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_20-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_97-default-debuginfo-2-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-6176.html
* https://www.suse.com/security/cve/CVE-2023-6932.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217522
* https://bugzilla.suse.com/show_bug.cgi?id=1218255



SUSE-SU-2024:0429-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP4)

Announcement ID: SUSE-SU-2024:0429-1
Rating: important
References:

* bsc#1218255

Cross-References:

* CVE-2023-6932

CVSS scores:

* CVE-2023-6932 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6932 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves one vulnerability can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_100 fixes one issue.

The following security issue was fixed:

* CVE-2023-6932: Fixed a use-after-free vulnerability in the ipv4 igmp
component that could lead to local privilege escalation (bsc#1218255).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-429=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-429=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_100-default-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_21-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_100-default-debuginfo-2-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_100-default-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_21-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_100-default-debuginfo-2-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-6932.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218255



SUSE-SU-2024:0421-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP4)

Announcement ID: SUSE-SU-2024:0421-1
Rating: important
References:

* bsc#1216044
* bsc#1217522
* bsc#1218255

Cross-References:

* CVE-2023-5178
* CVE-2023-6176
* CVE-2023-6932

CVSS scores:

* CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5178 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6176 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6932 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6932 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_41 fixes several issues.

The following security issues were fixed:

* CVE-2023-6932: Fixed a use-after-free vulnerability in the ipv4 igmp
component that could lead to local privilege escalation (bsc#1218255).
* CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm
scatterwalk functionality (bsc#1217522).
* CVE-2023-5178: Fixed a use-after-free vulnerability in queue intialization
setup (bsc#1215768).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-420=1 SUSE-2024-421=1 SUSE-2024-422=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-422=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2024-420=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2024-421=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-419=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-419=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_81-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_41-default-12-150400.2.2
* kernel-livepatch-SLE15-SP4_Update_18-debugsource-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_16-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_88-default-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_7-debugsource-12-150400.2.2
* kernel-livepatch-5_14_21-150400_24_81-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_41-default-debuginfo-12-150400.2.2
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_81-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_41-default-12-150400.2.2
* kernel-livepatch-SLE15-SP4_Update_18-debugsource-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_16-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_88-default-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_7-debugsource-12-150400.2.2
* kernel-livepatch-5_14_21-150400_24_81-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_41-default-debuginfo-12-150400.2.2
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_7-default-debuginfo-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_7-default-6-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_1-debugsource-6-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_7-default-debuginfo-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_7-default-6-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_1-debugsource-6-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-5178.html
* https://www.suse.com/security/cve/CVE-2023-6176.html
* https://www.suse.com/security/cve/CVE-2023-6932.html
* https://bugzilla.suse.com/show_bug.cgi?id=1216044
* https://bugzilla.suse.com/show_bug.cgi?id=1217522
* https://bugzilla.suse.com/show_bug.cgi?id=1218255



SUSE-SU-2024:0411-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP3)

Announcement ID: SUSE-SU-2024:0411-1
Rating: important
References:

* bsc#1217522
* bsc#1218255

Cross-References:

* CVE-2023-6176
* CVE-2023-6932

CVSS scores:

* CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6176 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6932 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6932 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_130 fixes several issues.

The following security issues were fixed:

* CVE-2023-6932: Fixed a use-after-free vulnerability in the ipv4 igmp
component that could lead to local privilege escalation (bsc#1218255).
* CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm
scatterwalk functionality (bsc#1217522).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-411=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2024-416=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-416=1 SUSE-2024-411=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_115-default-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_130-default-5-150300.2.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_130-default-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_115-default-debuginfo-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_115-default-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_130-default-debuginfo-5-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_30-debugsource-10-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_35-debugsource-5-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_130-preempt-debuginfo-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_130-preempt-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_115-preempt-debuginfo-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_115-preempt-10-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-6176.html
* https://www.suse.com/security/cve/CVE-2023-6932.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217522
* https://bugzilla.suse.com/show_bug.cgi?id=1218255