SUSE-SU-2024:4179-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP3)
SUSE-SU-2024:4180-1: important: Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)
SUSE-SU-2024:4193-1: low: Security update for python3
SUSE-SU-2024:4194-1: important: Security update for python-python-multipart
SUSE-SU-2024:4212-1: important: Security update for obs-scm-bridge
SUSE-SU-2024:4215-1: moderate: Security update for php8
SUSE-SU-2024:4214-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5)
SUSE-SU-2024:4217-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)
SUSE-SU-2024:4216-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)
SUSE-SU-2024:4210-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)
openSUSE-SU-2024:14544-1: moderate: teleport-17.0.3-1.1 on GA media
openSUSE-SU-2024:14543-1: moderate: obs-scm-bridge-0.5.4-1.1 on GA media
openSUSE-SU-2024:14542-1: moderate: libmozjs-128-0-128.5.1-1.1 on GA media
SUSE-SU-2024:4206-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP5)
SUSE-SU-2024:4196-1: moderate: Security update for avahi
SUSE-SU-2024:4202-1: moderate: Security update for java-1_8_0-openjdk
SUSE-SU-2024:4204-1: important: Security update for docker-stable
SUSE-SU-2024:4207-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP5)
SUSE-SU-2024:4209-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP6)
SUSE-SU-2024:4208-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)
SUSE-SU-2024:4179-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP3)
# Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP3)
Announcement ID: SUSE-SU-2024:4179-1
Release Date: 2024-12-04T21:05:57Z
Rating: important
References:
* bsc#1225733
* bsc#1229553
Cross-References:
* CVE-2024-36904
* CVE-2024-43861
CVSS scores:
* CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves two vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.3.18-150300_59_144 fixes several issues.
The following security issues were fixed:
* CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
(bsc#1225733).
* CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-4179=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-4179=1
## Package List:
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_144-default-debuginfo-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_39-debugsource-14-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_144-preempt-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_144-preempt-debuginfo-14-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-36904.html
* https://www.suse.com/security/cve/CVE-2024-43861.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225733
* https://bugzilla.suse.com/show_bug.cgi?id=1229553
SUSE-SU-2024:4180-1: important: Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)
# Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)
Announcement ID: SUSE-SU-2024:4180-1
Release Date: 2024-12-04T21:06:22Z
Rating: important
References:
* bsc#1210619
* bsc#1223363
* bsc#1223683
* bsc#1225013
* bsc#1225202
* bsc#1225211
* bsc#1225302
* bsc#1225309
* bsc#1225310
* bsc#1225311
* bsc#1225312
* bsc#1225733
* bsc#1225819
* bsc#1226325
* bsc#1227471
* bsc#1227651
* bsc#1228573
* bsc#1229553
Cross-References:
* CVE-2021-47291
* CVE-2021-47378
* CVE-2021-47383
* CVE-2021-47402
* CVE-2021-47598
* CVE-2023-1829
* CVE-2023-52752
* CVE-2024-26828
* CVE-2024-26923
* CVE-2024-27398
* CVE-2024-35861
* CVE-2024-35862
* CVE-2024-35864
* CVE-2024-35950
* CVE-2024-36904
* CVE-2024-36964
* CVE-2024-41059
* CVE-2024-43861
CVSS scores:
* CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26828 ( NVD ): 6.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves 18 vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.3.18-150300_59_161 fixes several issues.
The following security issues were fixed:
* CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
(bsc#1225733).
* CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2021-47291: ipv6: fix another slab-out-of-bounds in
fib6_nh_flush_exceptions (bsc#1227651).
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301)
* CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free
(bsc#1225202).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit
(bsc#1225211).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2023-1829: Fixed a use-after-free vulnerability in the control index
filter (tcindex) (bsc#1210619).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-4180=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-4180=1
## Package List:
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_44-debugsource-8-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_161-default-8-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_161-default-debuginfo-8-150300.7.6.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_161-preempt-debuginfo-8-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_161-preempt-8-150300.7.6.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_161-default-8-150300.7.6.1
## References:
* https://www.suse.com/security/cve/CVE-2021-47291.html
* https://www.suse.com/security/cve/CVE-2021-47378.html
* https://www.suse.com/security/cve/CVE-2021-47383.html
* https://www.suse.com/security/cve/CVE-2021-47402.html
* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2023-1829.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36904.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://www.suse.com/security/cve/CVE-2024-43861.html
* https://bugzilla.suse.com/show_bug.cgi?id=1210619
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225202
* https://bugzilla.suse.com/show_bug.cgi?id=1225211
* https://bugzilla.suse.com/show_bug.cgi?id=1225302
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225733
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1227651
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1229553
SUSE-SU-2024:4193-1: low: Security update for python3
# Security update for python3
Announcement ID: SUSE-SU-2024:4193-1
Release Date: 2024-12-05T11:02:58Z
Rating: low
References:
* bsc#1231795
* bsc#1233307
Cross-References:
* CVE-2024-11168
CVSS scores:
* CVE-2024-11168 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X
* CVE-2024-11168 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-11168 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X
Affected Products:
* Basesystem Module 15-SP5
* Basesystem Module 15-SP6
* Development Tools Module 15-SP5
* Development Tools Module 15-SP6
* openSUSE Leap 15.3
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* openSUSE Leap Micro 5.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability and has one security fix can now be
installed.
## Description:
This update for python3 fixes the following issues:
* CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses
(bsc#1233307)
Other fixes: \- Remove -IVendor/ from python-config (bsc#1231795)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-4193=1
* openSUSE Leap Micro 5.5
zypper in -t patch openSUSE-Leap-Micro-5.5-2024-4193=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-4193=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-4193=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-4193=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-4193=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-4193=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-4193=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-4193=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-4193=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-4193=1
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-4193=1
* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-4193=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-4193=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-4193=1
## Package List:
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* python3-base-3.6.15-150300.10.78.1
* python3-dbm-3.6.15-150300.10.78.1
* python3-tk-debuginfo-3.6.15-150300.10.78.1
* python3-doc-devhelp-3.6.15-150300.10.78.1
* python3-testsuite-3.6.15-150300.10.78.1
* python3-debuginfo-3.6.15-150300.10.78.1
* python3-tk-3.6.15-150300.10.78.1
* libpython3_6m1_0-3.6.15-150300.10.78.1
* python3-curses-3.6.15-150300.10.78.1
* python3-curses-debuginfo-3.6.15-150300.10.78.1
* python3-idle-3.6.15-150300.10.78.1
* python3-testsuite-debuginfo-3.6.15-150300.10.78.1
* python3-dbm-debuginfo-3.6.15-150300.10.78.1
* python3-doc-3.6.15-150300.10.78.1
* python3-3.6.15-150300.10.78.1
* python3-tools-3.6.15-150300.10.78.1
* python3-devel-debuginfo-3.6.15-150300.10.78.1
* python3-debugsource-3.6.15-150300.10.78.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.78.1
* python3-base-debuginfo-3.6.15-150300.10.78.1
* python3-core-debugsource-3.6.15-150300.10.78.1
* python3-devel-3.6.15-150300.10.78.1
* openSUSE Leap 15.3 (x86_64)
* libpython3_6m1_0-32bit-3.6.15-150300.10.78.1
* libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.78.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* libpython3_6m1_0-64bit-3.6.15-150300.10.78.1
* libpython3_6m1_0-64bit-debuginfo-3.6.15-150300.10.78.1
* openSUSE Leap Micro 5.5 (aarch64 s390x x86_64)
* python3-base-3.6.15-150300.10.78.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.78.1
* python3-base-debuginfo-3.6.15-150300.10.78.1
* python3-debugsource-3.6.15-150300.10.78.1
* python3-core-debugsource-3.6.15-150300.10.78.1
* python3-debuginfo-3.6.15-150300.10.78.1
* libpython3_6m1_0-3.6.15-150300.10.78.1
* python3-3.6.15-150300.10.78.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* python3-base-3.6.15-150300.10.78.1
* python3-dbm-3.6.15-150300.10.78.1
* python3-tk-debuginfo-3.6.15-150300.10.78.1
* python3-doc-devhelp-3.6.15-150300.10.78.1
* python3-testsuite-3.6.15-150300.10.78.1
* python3-debuginfo-3.6.15-150300.10.78.1
* python3-tk-3.6.15-150300.10.78.1
* libpython3_6m1_0-3.6.15-150300.10.78.1
* python3-curses-3.6.15-150300.10.78.1
* python3-curses-debuginfo-3.6.15-150300.10.78.1
* python3-idle-3.6.15-150300.10.78.1
* python3-testsuite-debuginfo-3.6.15-150300.10.78.1
* python3-dbm-debuginfo-3.6.15-150300.10.78.1
* python3-doc-3.6.15-150300.10.78.1
* python3-3.6.15-150300.10.78.1
* python3-tools-3.6.15-150300.10.78.1
* python3-devel-debuginfo-3.6.15-150300.10.78.1
* python3-debugsource-3.6.15-150300.10.78.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.78.1
* python3-base-debuginfo-3.6.15-150300.10.78.1
* python3-core-debugsource-3.6.15-150300.10.78.1
* python3-devel-3.6.15-150300.10.78.1
* openSUSE Leap 15.5 (x86_64)
* libpython3_6m1_0-32bit-3.6.15-150300.10.78.1
* libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.78.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python3-base-3.6.15-150300.10.78.1
* python3-dbm-3.6.15-150300.10.78.1
* python3-tk-debuginfo-3.6.15-150300.10.78.1
* python3-doc-devhelp-3.6.15-150300.10.78.1
* python3-testsuite-3.6.15-150300.10.78.1
* python3-debuginfo-3.6.15-150300.10.78.1
* python3-tk-3.6.15-150300.10.78.1
* libpython3_6m1_0-3.6.15-150300.10.78.1
* python3-curses-3.6.15-150300.10.78.1
* python3-curses-debuginfo-3.6.15-150300.10.78.1
* python3-idle-3.6.15-150300.10.78.1
* python3-testsuite-debuginfo-3.6.15-150300.10.78.1
* python3-dbm-debuginfo-3.6.15-150300.10.78.1
* python3-doc-3.6.15-150300.10.78.1
* python3-3.6.15-150300.10.78.1
* python3-tools-3.6.15-150300.10.78.1
* python3-devel-debuginfo-3.6.15-150300.10.78.1
* python3-debugsource-3.6.15-150300.10.78.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.78.1
* python3-base-debuginfo-3.6.15-150300.10.78.1
* python3-core-debugsource-3.6.15-150300.10.78.1
* python3-devel-3.6.15-150300.10.78.1
* openSUSE Leap 15.6 (x86_64)
* libpython3_6m1_0-32bit-3.6.15-150300.10.78.1
* libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.78.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* python3-base-3.6.15-150300.10.78.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.78.1
* python3-base-debuginfo-3.6.15-150300.10.78.1
* python3-debugsource-3.6.15-150300.10.78.1
* python3-core-debugsource-3.6.15-150300.10.78.1
* python3-debuginfo-3.6.15-150300.10.78.1
* libpython3_6m1_0-3.6.15-150300.10.78.1
* python3-3.6.15-150300.10.78.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* python3-base-3.6.15-150300.10.78.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.78.1
* python3-base-debuginfo-3.6.15-150300.10.78.1
* python3-debugsource-3.6.15-150300.10.78.1
* python3-core-debugsource-3.6.15-150300.10.78.1
* python3-debuginfo-3.6.15-150300.10.78.1
* libpython3_6m1_0-3.6.15-150300.10.78.1
* python3-3.6.15-150300.10.78.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* python3-base-3.6.15-150300.10.78.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.78.1
* python3-base-debuginfo-3.6.15-150300.10.78.1
* python3-debugsource-3.6.15-150300.10.78.1
* python3-core-debugsource-3.6.15-150300.10.78.1
* python3-debuginfo-3.6.15-150300.10.78.1
* libpython3_6m1_0-3.6.15-150300.10.78.1
* python3-3.6.15-150300.10.78.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* python3-base-3.6.15-150300.10.78.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.78.1
* python3-base-debuginfo-3.6.15-150300.10.78.1
* python3-debugsource-3.6.15-150300.10.78.1
* python3-core-debugsource-3.6.15-150300.10.78.1
* python3-debuginfo-3.6.15-150300.10.78.1
* libpython3_6m1_0-3.6.15-150300.10.78.1
* python3-3.6.15-150300.10.78.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* python3-base-3.6.15-150300.10.78.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.78.1
* python3-base-debuginfo-3.6.15-150300.10.78.1
* python3-debugsource-3.6.15-150300.10.78.1
* python3-core-debugsource-3.6.15-150300.10.78.1
* python3-debuginfo-3.6.15-150300.10.78.1
* libpython3_6m1_0-3.6.15-150300.10.78.1
* python3-3.6.15-150300.10.78.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* python3-base-3.6.15-150300.10.78.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.78.1
* python3-curses-3.6.15-150300.10.78.1
* python3-curses-debuginfo-3.6.15-150300.10.78.1
* python3-dbm-3.6.15-150300.10.78.1
* python3-devel-debuginfo-3.6.15-150300.10.78.1
* python3-base-debuginfo-3.6.15-150300.10.78.1
* python3-idle-3.6.15-150300.10.78.1
* python3-tk-debuginfo-3.6.15-150300.10.78.1
* python3-dbm-debuginfo-3.6.15-150300.10.78.1
* python3-debugsource-3.6.15-150300.10.78.1
* python3-tk-3.6.15-150300.10.78.1
* python3-core-debugsource-3.6.15-150300.10.78.1
* python3-debuginfo-3.6.15-150300.10.78.1
* python3-devel-3.6.15-150300.10.78.1
* libpython3_6m1_0-3.6.15-150300.10.78.1
* python3-3.6.15-150300.10.78.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* python3-base-3.6.15-150300.10.78.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.78.1
* python3-curses-3.6.15-150300.10.78.1
* python3-curses-debuginfo-3.6.15-150300.10.78.1
* python3-dbm-3.6.15-150300.10.78.1
* python3-devel-debuginfo-3.6.15-150300.10.78.1
* python3-base-debuginfo-3.6.15-150300.10.78.1
* python3-idle-3.6.15-150300.10.78.1
* python3-tk-debuginfo-3.6.15-150300.10.78.1
* python3-dbm-debuginfo-3.6.15-150300.10.78.1
* python3-debugsource-3.6.15-150300.10.78.1
* python3-tk-3.6.15-150300.10.78.1
* python3-core-debugsource-3.6.15-150300.10.78.1
* python3-debuginfo-3.6.15-150300.10.78.1
* python3-devel-3.6.15-150300.10.78.1
* libpython3_6m1_0-3.6.15-150300.10.78.1
* python3-3.6.15-150300.10.78.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* python3-tools-3.6.15-150300.10.78.1
* python3-core-debugsource-3.6.15-150300.10.78.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* python3-tools-3.6.15-150300.10.78.1
* python3-core-debugsource-3.6.15-150300.10.78.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* python3-base-3.6.15-150300.10.78.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.78.1
* python3-base-debuginfo-3.6.15-150300.10.78.1
* python3-debugsource-3.6.15-150300.10.78.1
* python3-core-debugsource-3.6.15-150300.10.78.1
* python3-debuginfo-3.6.15-150300.10.78.1
* libpython3_6m1_0-3.6.15-150300.10.78.1
* python3-3.6.15-150300.10.78.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* python3-base-3.6.15-150300.10.78.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.78.1
* python3-base-debuginfo-3.6.15-150300.10.78.1
* python3-debugsource-3.6.15-150300.10.78.1
* python3-core-debugsource-3.6.15-150300.10.78.1
* python3-debuginfo-3.6.15-150300.10.78.1
* libpython3_6m1_0-3.6.15-150300.10.78.1
* python3-3.6.15-150300.10.78.1
## References:
* https://www.suse.com/security/cve/CVE-2024-11168.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231795
* https://bugzilla.suse.com/show_bug.cgi?id=1233307
SUSE-SU-2024:4194-1: important: Security update for python-python-multipart
# Security update for python-python-multipart
Announcement ID: SUSE-SU-2024:4194-1
Release Date: 2024-12-05T11:03:12Z
Rating: important
References:
* bsc#1234115
Cross-References:
* CVE-2024-53981
CVSS scores:
* CVE-2024-53981 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53981 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.6
An update that solves one vulnerability can now be installed.
## Description:
This update for python-python-multipart fixes the following issues:
* CVE-2024-53981: excessive logging for certain inputs when parsing form data.
(bsc#1234115)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-4194=1 SUSE-2024-4194=1
## Package List:
* openSUSE Leap 15.6 (noarch)
* python311-python-multipart-0.0.9-150600.3.3.1
## References:
* https://www.suse.com/security/cve/CVE-2024-53981.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234115
SUSE-SU-2024:4212-1: important: Security update for obs-scm-bridge
# Security update for obs-scm-bridge
Announcement ID: SUSE-SU-2024:4212-1
Release Date: 2024-12-05T16:05:03Z
Rating: important
References:
* bsc#1230469
Cross-References:
* CVE-2024-22038
CVSS scores:
* CVE-2024-22038 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-22038 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
* CVE-2024-22038 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-22038 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Affected Products:
* Development Tools Module 15-SP5
* Development Tools Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for obs-scm-bridge fixes the following issues:
Updated to version 0.5.4: \- CVE-2024-22038: Fixed DoS attacks, information
leaks with crafted Git repositories (bnc#1230469)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-4212=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-4212=1
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-4212=1
* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-4212=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-4212=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-4212=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-4212=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-4212=1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-4212=1
* SUSE Linux Enterprise Server 15 SP2 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-4212=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-4212=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4212=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-4212=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-4212=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-4212=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-4212=1
## Package List:
* openSUSE Leap 15.5 (noarch)
* obs-scm-bridge-0.5.4-150100.3.6.1
* openSUSE Leap 15.6 (noarch)
* obs-scm-bridge-0.5.4-150100.3.6.1
* Development Tools Module 15-SP5 (noarch)
* obs-scm-bridge-0.5.4-150100.3.6.1
* Development Tools Module 15-SP6 (noarch)
* obs-scm-bridge-0.5.4-150100.3.6.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS (noarch)
* obs-scm-bridge-0.5.4-150100.3.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* obs-scm-bridge-0.5.4-150100.3.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* obs-scm-bridge-0.5.4-150100.3.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* obs-scm-bridge-0.5.4-150100.3.6.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS (noarch)
* obs-scm-bridge-0.5.4-150100.3.6.1
* SUSE Linux Enterprise Server 15 SP2 LTSS (noarch)
* obs-scm-bridge-0.5.4-150100.3.6.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* obs-scm-bridge-0.5.4-150100.3.6.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* obs-scm-bridge-0.5.4-150100.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* obs-scm-bridge-0.5.4-150100.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* obs-scm-bridge-0.5.4-150100.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* obs-scm-bridge-0.5.4-150100.3.6.1
* SUSE Enterprise Storage 7.1 (noarch)
* obs-scm-bridge-0.5.4-150100.3.6.1
## References:
* https://www.suse.com/security/cve/CVE-2024-22038.html
* https://bugzilla.suse.com/show_bug.cgi?id=1230469
SUSE-SU-2024:4215-1: moderate: Security update for php8
# Security update for php8
Announcement ID: SUSE-SU-2024:4215-1
Release Date: 2024-12-05T17:31:56Z
Rating: moderate
References:
* bsc#1233651
* bsc#1233702
* bsc#1233703
Cross-References:
* CVE-2024-11233
* CVE-2024-11234
* CVE-2024-8929
CVSS scores:
* CVE-2024-11233 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-11233 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2024-11233 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2024-11233 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2024-11234 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-11234 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-11234 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-11234 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
* CVE-2024-8929 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-8929 ( NVD ): 5.8 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* Web and Scripting Module 15-SP5
An update that solves three vulnerabilities can now be installed.
## Description:
This update for php8 fixes the following issues:
* CVE-2024-11233: buffer overread when processing input with the
convert.quoted-printable-decode filter. (bsc#1233702)
* CVE-2024-11234: possible CRLF injection in URIs when a proxy is configured
in a stream context. (bsc#1233703)
* CVE-2024-8929: data exposure on MySQL clients due to heap buffer overread in
mysqlnd. (bsc#1233651)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-4215=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-4215=1
* Web and Scripting Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2024-4215=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* php8-mbstring-debuginfo-8.0.30-150400.4.49.1
* php8-gmp-8.0.30-150400.4.49.1
* php8-gmp-debuginfo-8.0.30-150400.4.49.1
* php8-sqlite-8.0.30-150400.4.49.1
* php8-ctype-debuginfo-8.0.30-150400.4.49.1
* php8-gettext-debuginfo-8.0.30-150400.4.49.1
* php8-iconv-debuginfo-8.0.30-150400.4.49.1
* php8-dom-8.0.30-150400.4.49.1
* php8-mysql-debuginfo-8.0.30-150400.4.49.1
* php8-intl-debuginfo-8.0.30-150400.4.49.1
* php8-zip-8.0.30-150400.4.49.1
* php8-ftp-debuginfo-8.0.30-150400.4.49.1
* php8-soap-debuginfo-8.0.30-150400.4.49.1
* php8-ctype-8.0.30-150400.4.49.1
* php8-curl-debuginfo-8.0.30-150400.4.49.1
* php8-sysvmsg-debuginfo-8.0.30-150400.4.49.1
* php8-tidy-debuginfo-8.0.30-150400.4.49.1
* php8-fpm-debuginfo-8.0.30-150400.4.49.1
* php8-mbstring-8.0.30-150400.4.49.1
* php8-snmp-8.0.30-150400.4.49.1
* php8-fpm-8.0.30-150400.4.49.1
* php8-xmlreader-debuginfo-8.0.30-150400.4.49.1
* php8-sysvshm-8.0.30-150400.4.49.1
* php8-readline-8.0.30-150400.4.49.1
* php8-xmlreader-8.0.30-150400.4.49.1
* apache2-mod_php8-debuginfo-8.0.30-150400.4.49.1
* php8-sysvsem-8.0.30-150400.4.49.1
* php8-sodium-debuginfo-8.0.30-150400.4.49.1
* php8-exif-debuginfo-8.0.30-150400.4.49.1
* php8-fileinfo-debuginfo-8.0.30-150400.4.49.1
* apache2-mod_php8-debugsource-8.0.30-150400.4.49.1
* php8-xsl-8.0.30-150400.4.49.1
* php8-tidy-8.0.30-150400.4.49.1
* php8-opcache-debuginfo-8.0.30-150400.4.49.1
* php8-mysql-8.0.30-150400.4.49.1
* php8-intl-8.0.30-150400.4.49.1
* php8-odbc-8.0.30-150400.4.49.1
* php8-cli-8.0.30-150400.4.49.1
* php8-openssl-8.0.30-150400.4.49.1
* php8-embed-debugsource-8.0.30-150400.4.49.1
* php8-sockets-8.0.30-150400.4.49.1
* php8-gd-8.0.30-150400.4.49.1
* php8-sysvshm-debuginfo-8.0.30-150400.4.49.1
* php8-odbc-debuginfo-8.0.30-150400.4.49.1
* php8-bz2-8.0.30-150400.4.49.1
* php8-pdo-debuginfo-8.0.30-150400.4.49.1
* php8-zlib-8.0.30-150400.4.49.1
* php8-opcache-8.0.30-150400.4.49.1
* php8-exif-8.0.30-150400.4.49.1
* php8-snmp-debuginfo-8.0.30-150400.4.49.1
* php8-sqlite-debuginfo-8.0.30-150400.4.49.1
* php8-8.0.30-150400.4.49.1
* php8-fastcgi-debuginfo-8.0.30-150400.4.49.1
* php8-calendar-debuginfo-8.0.30-150400.4.49.1
* php8-bz2-debuginfo-8.0.30-150400.4.49.1
* php8-tokenizer-8.0.30-150400.4.49.1
* php8-gd-debuginfo-8.0.30-150400.4.49.1
* php8-ftp-8.0.30-150400.4.49.1
* php8-pdo-8.0.30-150400.4.49.1
* php8-embed-8.0.30-150400.4.49.1
* php8-debuginfo-8.0.30-150400.4.49.1
* php8-curl-8.0.30-150400.4.49.1
* php8-iconv-8.0.30-150400.4.49.1
* php8-phar-8.0.30-150400.4.49.1
* php8-fpm-debugsource-8.0.30-150400.4.49.1
* php8-test-8.0.30-150400.4.49.1
* php8-bcmath-8.0.30-150400.4.49.1
* php8-enchant-debuginfo-8.0.30-150400.4.49.1
* php8-ldap-debuginfo-8.0.30-150400.4.49.1
* php8-zip-debuginfo-8.0.30-150400.4.49.1
* php8-openssl-debuginfo-8.0.30-150400.4.49.1
* php8-gettext-8.0.30-150400.4.49.1
* php8-enchant-8.0.30-150400.4.49.1
* php8-debugsource-8.0.30-150400.4.49.1
* php8-sysvsem-debuginfo-8.0.30-150400.4.49.1
* php8-dba-debuginfo-8.0.30-150400.4.49.1
* php8-readline-debuginfo-8.0.30-150400.4.49.1
* php8-xsl-debuginfo-8.0.30-150400.4.49.1
* php8-fileinfo-8.0.30-150400.4.49.1
* php8-pcntl-8.0.30-150400.4.49.1
* php8-xmlwriter-8.0.30-150400.4.49.1
* php8-tokenizer-debuginfo-8.0.30-150400.4.49.1
* php8-sodium-8.0.30-150400.4.49.1
* php8-dom-debuginfo-8.0.30-150400.4.49.1
* php8-xmlwriter-debuginfo-8.0.30-150400.4.49.1
* php8-fastcgi-debugsource-8.0.30-150400.4.49.1
* php8-zlib-debuginfo-8.0.30-150400.4.49.1
* php8-fastcgi-8.0.30-150400.4.49.1
* php8-calendar-8.0.30-150400.4.49.1
* php8-ldap-8.0.30-150400.4.49.1
* php8-dba-8.0.30-150400.4.49.1
* php8-soap-8.0.30-150400.4.49.1
* php8-bcmath-debuginfo-8.0.30-150400.4.49.1
* php8-cli-debuginfo-8.0.30-150400.4.49.1
* php8-shmop-debuginfo-8.0.30-150400.4.49.1
* php8-devel-8.0.30-150400.4.49.1
* php8-pcntl-debuginfo-8.0.30-150400.4.49.1
* php8-posix-debuginfo-8.0.30-150400.4.49.1
* php8-sysvmsg-8.0.30-150400.4.49.1
* php8-posix-8.0.30-150400.4.49.1
* php8-pgsql-8.0.30-150400.4.49.1
* php8-pgsql-debuginfo-8.0.30-150400.4.49.1
* php8-sockets-debuginfo-8.0.30-150400.4.49.1
* php8-phar-debuginfo-8.0.30-150400.4.49.1
* php8-shmop-8.0.30-150400.4.49.1
* php8-embed-debuginfo-8.0.30-150400.4.49.1
* apache2-mod_php8-8.0.30-150400.4.49.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* php8-mbstring-debuginfo-8.0.30-150400.4.49.1
* php8-gmp-8.0.30-150400.4.49.1
* php8-gmp-debuginfo-8.0.30-150400.4.49.1
* php8-sqlite-8.0.30-150400.4.49.1
* php8-ctype-debuginfo-8.0.30-150400.4.49.1
* php8-gettext-debuginfo-8.0.30-150400.4.49.1
* php8-iconv-debuginfo-8.0.30-150400.4.49.1
* php8-dom-8.0.30-150400.4.49.1
* php8-mysql-debuginfo-8.0.30-150400.4.49.1
* php8-intl-debuginfo-8.0.30-150400.4.49.1
* php8-zip-8.0.30-150400.4.49.1
* php8-ftp-debuginfo-8.0.30-150400.4.49.1
* php8-soap-debuginfo-8.0.30-150400.4.49.1
* php8-ctype-8.0.30-150400.4.49.1
* php8-curl-debuginfo-8.0.30-150400.4.49.1
* php8-sysvmsg-debuginfo-8.0.30-150400.4.49.1
* php8-tidy-debuginfo-8.0.30-150400.4.49.1
* php8-fpm-debuginfo-8.0.30-150400.4.49.1
* php8-mbstring-8.0.30-150400.4.49.1
* php8-snmp-8.0.30-150400.4.49.1
* php8-fpm-8.0.30-150400.4.49.1
* php8-xmlreader-debuginfo-8.0.30-150400.4.49.1
* php8-sysvshm-8.0.30-150400.4.49.1
* php8-readline-8.0.30-150400.4.49.1
* php8-xmlreader-8.0.30-150400.4.49.1
* apache2-mod_php8-debuginfo-8.0.30-150400.4.49.1
* php8-sysvsem-8.0.30-150400.4.49.1
* php8-sodium-debuginfo-8.0.30-150400.4.49.1
* php8-exif-debuginfo-8.0.30-150400.4.49.1
* php8-fileinfo-debuginfo-8.0.30-150400.4.49.1
* apache2-mod_php8-debugsource-8.0.30-150400.4.49.1
* php8-xsl-8.0.30-150400.4.49.1
* php8-tidy-8.0.30-150400.4.49.1
* php8-opcache-debuginfo-8.0.30-150400.4.49.1
* php8-mysql-8.0.30-150400.4.49.1
* php8-intl-8.0.30-150400.4.49.1
* php8-odbc-8.0.30-150400.4.49.1
* php8-cli-8.0.30-150400.4.49.1
* php8-openssl-8.0.30-150400.4.49.1
* php8-embed-debugsource-8.0.30-150400.4.49.1
* php8-sockets-8.0.30-150400.4.49.1
* php8-gd-8.0.30-150400.4.49.1
* php8-sysvshm-debuginfo-8.0.30-150400.4.49.1
* php8-odbc-debuginfo-8.0.30-150400.4.49.1
* php8-bz2-8.0.30-150400.4.49.1
* php8-pdo-debuginfo-8.0.30-150400.4.49.1
* php8-zlib-8.0.30-150400.4.49.1
* php8-opcache-8.0.30-150400.4.49.1
* php8-exif-8.0.30-150400.4.49.1
* php8-snmp-debuginfo-8.0.30-150400.4.49.1
* php8-sqlite-debuginfo-8.0.30-150400.4.49.1
* php8-8.0.30-150400.4.49.1
* php8-fastcgi-debuginfo-8.0.30-150400.4.49.1
* php8-calendar-debuginfo-8.0.30-150400.4.49.1
* php8-bz2-debuginfo-8.0.30-150400.4.49.1
* php8-tokenizer-8.0.30-150400.4.49.1
* php8-gd-debuginfo-8.0.30-150400.4.49.1
* php8-ftp-8.0.30-150400.4.49.1
* php8-pdo-8.0.30-150400.4.49.1
* php8-embed-8.0.30-150400.4.49.1
* php8-debuginfo-8.0.30-150400.4.49.1
* php8-curl-8.0.30-150400.4.49.1
* php8-iconv-8.0.30-150400.4.49.1
* php8-fpm-debugsource-8.0.30-150400.4.49.1
* php8-phar-8.0.30-150400.4.49.1
* php8-test-8.0.30-150400.4.49.1
* php8-bcmath-8.0.30-150400.4.49.1
* php8-enchant-debuginfo-8.0.30-150400.4.49.1
* php8-ldap-debuginfo-8.0.30-150400.4.49.1
* php8-zip-debuginfo-8.0.30-150400.4.49.1
* php8-openssl-debuginfo-8.0.30-150400.4.49.1
* php8-gettext-8.0.30-150400.4.49.1
* php8-enchant-8.0.30-150400.4.49.1
* php8-debugsource-8.0.30-150400.4.49.1
* php8-sysvsem-debuginfo-8.0.30-150400.4.49.1
* php8-dba-debuginfo-8.0.30-150400.4.49.1
* php8-readline-debuginfo-8.0.30-150400.4.49.1
* php8-xsl-debuginfo-8.0.30-150400.4.49.1
* php8-fileinfo-8.0.30-150400.4.49.1
* php8-pcntl-8.0.30-150400.4.49.1
* php8-xmlwriter-8.0.30-150400.4.49.1
* php8-tokenizer-debuginfo-8.0.30-150400.4.49.1
* php8-sodium-8.0.30-150400.4.49.1
* php8-dom-debuginfo-8.0.30-150400.4.49.1
* php8-xmlwriter-debuginfo-8.0.30-150400.4.49.1
* php8-fastcgi-debugsource-8.0.30-150400.4.49.1
* php8-zlib-debuginfo-8.0.30-150400.4.49.1
* php8-fastcgi-8.0.30-150400.4.49.1
* php8-calendar-8.0.30-150400.4.49.1
* php8-ldap-8.0.30-150400.4.49.1
* php8-dba-8.0.30-150400.4.49.1
* php8-soap-8.0.30-150400.4.49.1
* php8-bcmath-debuginfo-8.0.30-150400.4.49.1
* php8-cli-debuginfo-8.0.30-150400.4.49.1
* php8-shmop-debuginfo-8.0.30-150400.4.49.1
* php8-devel-8.0.30-150400.4.49.1
* php8-pcntl-debuginfo-8.0.30-150400.4.49.1
* php8-posix-debuginfo-8.0.30-150400.4.49.1
* php8-sysvmsg-8.0.30-150400.4.49.1
* php8-posix-8.0.30-150400.4.49.1
* php8-sockets-debuginfo-8.0.30-150400.4.49.1
* php8-pgsql-8.0.30-150400.4.49.1
* php8-pgsql-debuginfo-8.0.30-150400.4.49.1
* php8-phar-debuginfo-8.0.30-150400.4.49.1
* php8-shmop-8.0.30-150400.4.49.1
* php8-embed-debuginfo-8.0.30-150400.4.49.1
* apache2-mod_php8-8.0.30-150400.4.49.1
* Web and Scripting Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* php8-mbstring-debuginfo-8.0.30-150400.4.49.1
* php8-gmp-8.0.30-150400.4.49.1
* php8-gmp-debuginfo-8.0.30-150400.4.49.1
* php8-sqlite-8.0.30-150400.4.49.1
* php8-ctype-debuginfo-8.0.30-150400.4.49.1
* php8-gettext-debuginfo-8.0.30-150400.4.49.1
* php8-iconv-debuginfo-8.0.30-150400.4.49.1
* php8-dom-8.0.30-150400.4.49.1
* php8-mysql-debuginfo-8.0.30-150400.4.49.1
* php8-intl-debuginfo-8.0.30-150400.4.49.1
* php8-zip-8.0.30-150400.4.49.1
* php8-ftp-debuginfo-8.0.30-150400.4.49.1
* php8-soap-debuginfo-8.0.30-150400.4.49.1
* php8-ctype-8.0.30-150400.4.49.1
* php8-curl-debuginfo-8.0.30-150400.4.49.1
* php8-sysvmsg-debuginfo-8.0.30-150400.4.49.1
* php8-tidy-debuginfo-8.0.30-150400.4.49.1
* php8-fpm-debuginfo-8.0.30-150400.4.49.1
* php8-mbstring-8.0.30-150400.4.49.1
* php8-snmp-8.0.30-150400.4.49.1
* php8-fpm-8.0.30-150400.4.49.1
* php8-xmlreader-debuginfo-8.0.30-150400.4.49.1
* php8-sysvshm-8.0.30-150400.4.49.1
* php8-readline-8.0.30-150400.4.49.1
* php8-xmlreader-8.0.30-150400.4.49.1
* apache2-mod_php8-debuginfo-8.0.30-150400.4.49.1
* php8-sysvsem-8.0.30-150400.4.49.1
* php8-sodium-debuginfo-8.0.30-150400.4.49.1
* php8-exif-debuginfo-8.0.30-150400.4.49.1
* php8-fileinfo-debuginfo-8.0.30-150400.4.49.1
* apache2-mod_php8-debugsource-8.0.30-150400.4.49.1
* php8-xsl-8.0.30-150400.4.49.1
* php8-tidy-8.0.30-150400.4.49.1
* php8-opcache-debuginfo-8.0.30-150400.4.49.1
* php8-mysql-8.0.30-150400.4.49.1
* php8-intl-8.0.30-150400.4.49.1
* php8-odbc-8.0.30-150400.4.49.1
* php8-cli-8.0.30-150400.4.49.1
* php8-openssl-8.0.30-150400.4.49.1
* php8-embed-debugsource-8.0.30-150400.4.49.1
* php8-sockets-8.0.30-150400.4.49.1
* php8-gd-8.0.30-150400.4.49.1
* php8-sysvshm-debuginfo-8.0.30-150400.4.49.1
* php8-odbc-debuginfo-8.0.30-150400.4.49.1
* php8-bz2-8.0.30-150400.4.49.1
* php8-pdo-debuginfo-8.0.30-150400.4.49.1
* php8-zlib-8.0.30-150400.4.49.1
* php8-opcache-8.0.30-150400.4.49.1
* php8-exif-8.0.30-150400.4.49.1
* php8-snmp-debuginfo-8.0.30-150400.4.49.1
* php8-sqlite-debuginfo-8.0.30-150400.4.49.1
* php8-8.0.30-150400.4.49.1
* php8-fastcgi-debuginfo-8.0.30-150400.4.49.1
* php8-calendar-debuginfo-8.0.30-150400.4.49.1
* php8-bz2-debuginfo-8.0.30-150400.4.49.1
* php8-tokenizer-8.0.30-150400.4.49.1
* php8-gd-debuginfo-8.0.30-150400.4.49.1
* php8-ftp-8.0.30-150400.4.49.1
* php8-pdo-8.0.30-150400.4.49.1
* php8-embed-8.0.30-150400.4.49.1
* php8-debuginfo-8.0.30-150400.4.49.1
* php8-curl-8.0.30-150400.4.49.1
* php8-iconv-8.0.30-150400.4.49.1
* php8-fpm-debugsource-8.0.30-150400.4.49.1
* php8-phar-8.0.30-150400.4.49.1
* php8-test-8.0.30-150400.4.49.1
* php8-bcmath-8.0.30-150400.4.49.1
* php8-enchant-debuginfo-8.0.30-150400.4.49.1
* php8-ldap-debuginfo-8.0.30-150400.4.49.1
* php8-zip-debuginfo-8.0.30-150400.4.49.1
* php8-openssl-debuginfo-8.0.30-150400.4.49.1
* php8-gettext-8.0.30-150400.4.49.1
* php8-enchant-8.0.30-150400.4.49.1
* php8-debugsource-8.0.30-150400.4.49.1
* php8-sysvsem-debuginfo-8.0.30-150400.4.49.1
* php8-dba-debuginfo-8.0.30-150400.4.49.1
* php8-readline-debuginfo-8.0.30-150400.4.49.1
* php8-xsl-debuginfo-8.0.30-150400.4.49.1
* php8-fileinfo-8.0.30-150400.4.49.1
* php8-pcntl-8.0.30-150400.4.49.1
* php8-xmlwriter-8.0.30-150400.4.49.1
* php8-tokenizer-debuginfo-8.0.30-150400.4.49.1
* php8-sodium-8.0.30-150400.4.49.1
* php8-dom-debuginfo-8.0.30-150400.4.49.1
* php8-xmlwriter-debuginfo-8.0.30-150400.4.49.1
* php8-fastcgi-debugsource-8.0.30-150400.4.49.1
* php8-zlib-debuginfo-8.0.30-150400.4.49.1
* php8-fastcgi-8.0.30-150400.4.49.1
* php8-calendar-8.0.30-150400.4.49.1
* php8-ldap-8.0.30-150400.4.49.1
* php8-dba-8.0.30-150400.4.49.1
* php8-soap-8.0.30-150400.4.49.1
* php8-bcmath-debuginfo-8.0.30-150400.4.49.1
* php8-cli-debuginfo-8.0.30-150400.4.49.1
* php8-shmop-debuginfo-8.0.30-150400.4.49.1
* php8-devel-8.0.30-150400.4.49.1
* php8-pcntl-debuginfo-8.0.30-150400.4.49.1
* php8-posix-debuginfo-8.0.30-150400.4.49.1
* php8-sysvmsg-8.0.30-150400.4.49.1
* php8-posix-8.0.30-150400.4.49.1
* php8-sockets-debuginfo-8.0.30-150400.4.49.1
* php8-pgsql-8.0.30-150400.4.49.1
* php8-pgsql-debuginfo-8.0.30-150400.4.49.1
* php8-phar-debuginfo-8.0.30-150400.4.49.1
* php8-shmop-8.0.30-150400.4.49.1
* php8-embed-debuginfo-8.0.30-150400.4.49.1
* apache2-mod_php8-8.0.30-150400.4.49.1
## References:
* https://www.suse.com/security/cve/CVE-2024-11233.html
* https://www.suse.com/security/cve/CVE-2024-11234.html
* https://www.suse.com/security/cve/CVE-2024-8929.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233651
* https://bugzilla.suse.com/show_bug.cgi?id=1233702
* https://bugzilla.suse.com/show_bug.cgi?id=1233703
SUSE-SU-2024:4214-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5)
Announcement ID: SUSE-SU-2024:4214-1
Release Date: 2024-12-05T17:03:54Z
Rating: important
References:
* bsc#1220145
* bsc#1220832
* bsc#1221302
* bsc#1222685
* bsc#1223059
* bsc#1223363
* bsc#1223514
* bsc#1223521
* bsc#1223681
* bsc#1223683
* bsc#1225011
* bsc#1225012
* bsc#1225013
* bsc#1225099
* bsc#1225309
* bsc#1225310
* bsc#1225311
* bsc#1225312
* bsc#1225313
* bsc#1225429
* bsc#1225733
* bsc#1225739
* bsc#1225819
* bsc#1226325
* bsc#1226327
* bsc#1227471
* bsc#1228573
* bsc#1228786
* bsc#1229273
* bsc#1229553
Cross-References:
* CVE-2021-47517
* CVE-2021-47598
* CVE-2022-48651
* CVE-2022-48662
* CVE-2023-52502
* CVE-2023-52752
* CVE-2023-52846
* CVE-2023-6546
* CVE-2024-23307
* CVE-2024-26610
* CVE-2024-26828
* CVE-2024-26852
* CVE-2024-26923
* CVE-2024-26930
* CVE-2024-27398
* CVE-2024-35817
* CVE-2024-35861
* CVE-2024-35862
* CVE-2024-35863
* CVE-2024-35864
* CVE-2024-35867
* CVE-2024-35905
* CVE-2024-35949
* CVE-2024-35950
* CVE-2024-36899
* CVE-2024-36904
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059
* CVE-2024-43861
CVSS scores:
* CVE-2021-47517 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52502 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26828 ( NVD ): 6.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26852 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35949 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves 30 vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_52 fixes several issues.
The following security issues were fixed:
* CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool
(bsc#1225429).
* CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
(bsc#1225733).
* CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
* CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327).
* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks
(bsc#1229273).
* CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break()
(bsc#1225011).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1231353).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2022-48662: Fixed a general protection fault (GPF) in
i915_perf_open_ioctl (bsc#1223521).
* CVE-2022-48662: Update for 'really move i915_gem_context.link under ref
protection' (bsc#1223521)
* CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
and ARM md, raid, raid5 modules (bsc#1220145).
* CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify()
(bsc#1223059).
* CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
* CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
skb->mac_header (bsc#1223514).
* CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and
nfc_llcp_sock_get_sn() (bsc#1220832).
* CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via
the GSMIOC_SETCONF ioctl that could lead to local privilege escalation
(bsc#1222685).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-4214=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-4214=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_52-default-debuginfo-9-150500.11.6.1
* kernel-livepatch-SLE15-SP5_Update_11-debugsource-9-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_52-default-9-150500.11.6.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_52-default-debuginfo-9-150500.11.6.1
* kernel-livepatch-SLE15-SP5_Update_11-debugsource-9-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_52-default-9-150500.11.6.1
## References:
* https://www.suse.com/security/cve/CVE-2021-47517.html
* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2022-48651.html
* https://www.suse.com/security/cve/CVE-2022-48662.html
* https://www.suse.com/security/cve/CVE-2023-52502.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2023-6546.html
* https://www.suse.com/security/cve/CVE-2024-23307.html
* https://www.suse.com/security/cve/CVE-2024-26610.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-26930.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35817.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35863.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35867.html
* https://www.suse.com/security/cve/CVE-2024-35905.html
* https://www.suse.com/security/cve/CVE-2024-35949.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36904.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://www.suse.com/security/cve/CVE-2024-43861.html
* https://bugzilla.suse.com/show_bug.cgi?id=1220145
* https://bugzilla.suse.com/show_bug.cgi?id=1220832
* https://bugzilla.suse.com/show_bug.cgi?id=1221302
* https://bugzilla.suse.com/show_bug.cgi?id=1222685
* https://bugzilla.suse.com/show_bug.cgi?id=1223059
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223514
* https://bugzilla.suse.com/show_bug.cgi?id=1223521
* https://bugzilla.suse.com/show_bug.cgi?id=1223681
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225011
* https://bugzilla.suse.com/show_bug.cgi?id=1225012
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225313
* https://bugzilla.suse.com/show_bug.cgi?id=1225429
* https://bugzilla.suse.com/show_bug.cgi?id=1225733
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1226327
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786
* https://bugzilla.suse.com/show_bug.cgi?id=1229273
* https://bugzilla.suse.com/show_bug.cgi?id=1229553
SUSE-SU-2024:4217-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)
Announcement ID: SUSE-SU-2024:4217-1
Release Date: 2024-12-05T18:03:45Z
Rating: important
References:
* bsc#1225733
* bsc#1229273
* bsc#1229553
Cross-References:
* CVE-2024-35949
* CVE-2024-36904
* CVE-2024-43861
CVSS scores:
* CVE-2024-35949 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves three vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_21 fixes several issues.
The following security issues were fixed:
* CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
(bsc#1225733).
* CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
* CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks
(bsc#1229273).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-4217=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-4217=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_0-debugsource-7-150600.4.13.1
* kernel-livepatch-6_4_0-150600_21-default-7-150600.4.13.1
* kernel-livepatch-6_4_0-150600_21-default-debuginfo-7-150600.4.13.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_0-debugsource-7-150600.4.13.1
* kernel-livepatch-6_4_0-150600_21-default-7-150600.4.13.1
* kernel-livepatch-6_4_0-150600_21-default-debuginfo-7-150600.4.13.1
## References:
* https://www.suse.com/security/cve/CVE-2024-35949.html
* https://www.suse.com/security/cve/CVE-2024-36904.html
* https://www.suse.com/security/cve/CVE-2024-43861.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225733
* https://bugzilla.suse.com/show_bug.cgi?id=1229273
* https://bugzilla.suse.com/show_bug.cgi?id=1229553
SUSE-SU-2024:4216-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)
Announcement ID: SUSE-SU-2024:4216-1
Release Date: 2024-12-05T17:33:37Z
Rating: important
References:
* bsc#1221302
* bsc#1223059
* bsc#1223363
* bsc#1223514
* bsc#1223521
* bsc#1223683
* bsc#1225011
* bsc#1225012
* bsc#1225013
* bsc#1225099
* bsc#1225309
* bsc#1225310
* bsc#1225311
* bsc#1225312
* bsc#1225429
* bsc#1225733
* bsc#1225739
* bsc#1225819
* bsc#1226325
* bsc#1226327
* bsc#1227471
* bsc#1228573
* bsc#1228786
* bsc#1229273
* bsc#1229553
Cross-References:
* CVE-2021-47517
* CVE-2021-47598
* CVE-2022-48651
* CVE-2022-48662
* CVE-2023-52752
* CVE-2023-52846
* CVE-2024-26610
* CVE-2024-26828
* CVE-2024-26852
* CVE-2024-26923
* CVE-2024-27398
* CVE-2024-35861
* CVE-2024-35862
* CVE-2024-35863
* CVE-2024-35864
* CVE-2024-35867
* CVE-2024-35905
* CVE-2024-35949
* CVE-2024-35950
* CVE-2024-36899
* CVE-2024-36904
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059
* CVE-2024-43861
CVSS scores:
* CVE-2021-47517 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26828 ( NVD ): 6.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26852 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35949 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves 25 vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_59 fixes several issues.
The following security issues were fixed:
* CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool
(bsc#1225429).
* CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
(bsc#1225733).
* CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
* CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327).
* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks
(bsc#1229273).
* CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break()
(bsc#1225011).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1231353).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2022-48662: Fixed a general protection fault (GPF) in
i915_perf_open_ioctl (bsc#1223521).
* CVE-2022-48662: Update for 'really move i915_gem_context.link under ref
protection' (bsc#1223521)
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify()
(bsc#1223059).
* CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
* CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
skb->mac_header (bsc#1223514).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-4216=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-4216=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_59-default-debuginfo-9-150500.11.10.1
* kernel-livepatch-5_14_21-150500_55_59-default-9-150500.11.10.1
* kernel-livepatch-SLE15-SP5_Update_12-debugsource-9-150500.11.10.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_59-default-debuginfo-9-150500.11.10.1
* kernel-livepatch-5_14_21-150500_55_59-default-9-150500.11.10.1
* kernel-livepatch-SLE15-SP5_Update_12-debugsource-9-150500.11.10.1
## References:
* https://www.suse.com/security/cve/CVE-2021-47517.html
* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2022-48651.html
* https://www.suse.com/security/cve/CVE-2022-48662.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2024-26610.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35863.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35867.html
* https://www.suse.com/security/cve/CVE-2024-35905.html
* https://www.suse.com/security/cve/CVE-2024-35949.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36904.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://www.suse.com/security/cve/CVE-2024-43861.html
* https://bugzilla.suse.com/show_bug.cgi?id=1221302
* https://bugzilla.suse.com/show_bug.cgi?id=1223059
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223514
* https://bugzilla.suse.com/show_bug.cgi?id=1223521
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225011
* https://bugzilla.suse.com/show_bug.cgi?id=1225012
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225429
* https://bugzilla.suse.com/show_bug.cgi?id=1225733
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1226327
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786
* https://bugzilla.suse.com/show_bug.cgi?id=1229273
* https://bugzilla.suse.com/show_bug.cgi?id=1229553
SUSE-SU-2024:4210-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)
Announcement ID: SUSE-SU-2024:4210-1
Release Date: 2024-12-05T15:34:15Z
Rating: important
References:
* bsc#1225819
* bsc#1228349
* bsc#1228786
* bsc#1229273
* bsc#1229553
Cross-References:
* CVE-2023-52752
* CVE-2024-35949
* CVE-2024-40909
* CVE-2024-40954
* CVE-2024-43861
CVSS scores:
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35949 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40909 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves five vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_17 fixes several issues.
The following security issues were fixed:
* CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
* CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks
(bsc#1229273).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free()
(bsc#1228349).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-4210=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-4210=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-5-150600.13.6.1
* kernel-livepatch-6_4_0-150600_23_17-default-5-150600.13.6.1
* kernel-livepatch-SLE15-SP6_Update_3-debugsource-5-150600.13.6.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-5-150600.13.6.1
* kernel-livepatch-6_4_0-150600_23_17-default-5-150600.13.6.1
* kernel-livepatch-SLE15-SP6_Update_3-debugsource-5-150600.13.6.1
## References:
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2024-35949.html
* https://www.suse.com/security/cve/CVE-2024-40909.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-43861.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1228349
* https://bugzilla.suse.com/show_bug.cgi?id=1228786
* https://bugzilla.suse.com/show_bug.cgi?id=1229273
* https://bugzilla.suse.com/show_bug.cgi?id=1229553
openSUSE-SU-2024:14544-1: moderate: teleport-17.0.3-1.1 on GA media
# teleport-17.0.3-1.1 on GA media
Announcement ID: openSUSE-SU-2024:14544-1
Rating: moderate
Cross-References:
* CVE-2024-53259
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the teleport-17.0.3-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* teleport 17.0.3-1.1
* teleport-bash-completion 17.0.3-1.1
* teleport-fdpass-teleport 17.0.3-1.1
* teleport-tbot 17.0.3-1.1
* teleport-tbot-bash-completion 17.0.3-1.1
* teleport-tbot-zsh-completion 17.0.3-1.1
* teleport-tctl 17.0.3-1.1
* teleport-tctl-bash-completion 17.0.3-1.1
* teleport-tctl-zsh-completion 17.0.3-1.1
* teleport-tsh 17.0.3-1.1
* teleport-tsh-bash-completion 17.0.3-1.1
* teleport-tsh-zsh-completion 17.0.3-1.1
* teleport-zsh-completion 17.0.3-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-53259.html
openSUSE-SU-2024:14543-1: moderate: obs-scm-bridge-0.5.4-1.1 on GA media
# obs-scm-bridge-0.5.4-1.1 on GA media
Announcement ID: openSUSE-SU-2024:14543-1
Rating: moderate
Cross-References:
* CVE-2024-22038
CVSS scores:
* CVE-2024-22038 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
* CVE-2024-22038 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the obs-scm-bridge-0.5.4-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* obs-scm-bridge 0.5.4-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-22038.html
openSUSE-SU-2024:14542-1: moderate: libmozjs-128-0-128.5.1-1.1 on GA media
# libmozjs-128-0-128.5.1-1.1 on GA media
Announcement ID: openSUSE-SU-2024:14542-1
Rating: moderate
Cross-References:
* CVE-2024-11691
* CVE-2024-11692
* CVE-2024-11694
* CVE-2024-11695
* CVE-2024-11696
* CVE-2024-11697
Affected Products:
* openSUSE Tumbleweed
An update that solves 6 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the libmozjs-128-0-128.5.1-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* libmozjs-128-0 128.5.1-1.1
* mozjs128 128.5.1-1.1
* mozjs128-devel 128.5.1-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-11691.html
* https://www.suse.com/security/cve/CVE-2024-11692.html
* https://www.suse.com/security/cve/CVE-2024-11694.html
* https://www.suse.com/security/cve/CVE-2024-11695.html
* https://www.suse.com/security/cve/CVE-2024-11696.html
* https://www.suse.com/security/cve/CVE-2024-11697.html
SUSE-SU-2024:4206-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP5)
Announcement ID: SUSE-SU-2024:4206-1
Release Date: 2024-12-05T15:33:35Z
Rating: important
References:
* bsc#1225429
* bsc#1225733
* bsc#1229273
* bsc#1229553
Cross-References:
* CVE-2021-47517
* CVE-2024-35949
* CVE-2024-36904
* CVE-2024-43861
CVSS scores:
* CVE-2021-47517 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
* CVE-2024-35949 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves four vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_44 fixes several issues.
The following security issues were fixed:
* CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool
(bsc#1225429).
* CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
(bsc#1225733).
* CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
* CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks
(bsc#1229273).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-4206=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-4206=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_44-default-debuginfo-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_44-default-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_9-debugsource-13-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_44-default-debuginfo-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_44-default-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_9-debugsource-13-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2021-47517.html
* https://www.suse.com/security/cve/CVE-2024-35949.html
* https://www.suse.com/security/cve/CVE-2024-36904.html
* https://www.suse.com/security/cve/CVE-2024-43861.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225429
* https://bugzilla.suse.com/show_bug.cgi?id=1225733
* https://bugzilla.suse.com/show_bug.cgi?id=1229273
* https://bugzilla.suse.com/show_bug.cgi?id=1229553
SUSE-SU-2024:4196-1: moderate: Security update for avahi
# Security update for avahi
Announcement ID: SUSE-SU-2024:4196-1
Release Date: 2024-12-05T12:56:23Z
Rating: moderate
References:
* bsc#1233420
Cross-References:
* CVE-2024-52616
CVSS scores:
* CVE-2024-52616 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-52616 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-52616 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products:
* Basesystem Module 15-SP6
* Desktop Applications Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for avahi fixes the following issues:
* CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs
(bsc#1233420)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-4196=1 openSUSE-SLE-15.6-2024-4196=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-4196=1
* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-4196=1
* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4196=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libavahi-libevent1-0.8-150600.15.6.1
* libavahi-glib1-debuginfo-0.8-150600.15.6.1
* libavahi-gobject-devel-0.8-150600.15.6.1
* avahi-autoipd-debuginfo-0.8-150600.15.6.1
* avahi-compat-mDNSResponder-devel-0.8-150600.15.6.1
* libavahi-core7-0.8-150600.15.6.1
* avahi-qt5-debugsource-0.8-150600.15.6.1
* avahi-compat-howl-devel-0.8-150600.15.6.1
* libavahi-gobject0-0.8-150600.15.6.1
* avahi-0.8-150600.15.6.1
* avahi-utils-debuginfo-0.8-150600.15.6.1
* avahi-debuginfo-0.8-150600.15.6.1
* libdns_sd-debuginfo-0.8-150600.15.6.1
* libavahi-common3-0.8-150600.15.6.1
* libavahi-client3-0.8-150600.15.6.1
* python3-avahi-0.8-150600.15.6.1
* libavahi-glib1-0.8-150600.15.6.1
* libavahi-ui-gtk3-0-0.8-150600.15.6.1
* avahi-utils-gtk-0.8-150600.15.6.1
* avahi-debugsource-0.8-150600.15.6.1
* avahi-glib2-debugsource-0.8-150600.15.6.1
* libavahi-client3-debuginfo-0.8-150600.15.6.1
* avahi-autoipd-0.8-150600.15.6.1
* libavahi-ui-gtk3-0-debuginfo-0.8-150600.15.6.1
* avahi-utils-0.8-150600.15.6.1
* libdns_sd-0.8-150600.15.6.1
* python3-avahi-gtk-0.8-150600.15.6.1
* libavahi-libevent1-debuginfo-0.8-150600.15.6.1
* libhowl0-0.8-150600.15.6.1
* libavahi-qt5-1-debuginfo-0.8-150600.15.6.1
* libavahi-qt5-devel-0.8-150600.15.6.1
* libavahi-common3-debuginfo-0.8-150600.15.6.1
* libavahi-devel-0.8-150600.15.6.1
* libavahi-qt5-1-0.8-150600.15.6.1
* avahi-utils-gtk-debuginfo-0.8-150600.15.6.1
* libavahi-gobject0-debuginfo-0.8-150600.15.6.1
* libhowl0-debuginfo-0.8-150600.15.6.1
* typelib-1_0-Avahi-0_6-0.8-150600.15.6.1
* libavahi-glib-devel-0.8-150600.15.6.1
* libavahi-core7-debuginfo-0.8-150600.15.6.1
* openSUSE Leap 15.6 (x86_64)
* libavahi-glib1-32bit-0.8-150600.15.6.1
* libavahi-common3-32bit-debuginfo-0.8-150600.15.6.1
* libavahi-client3-32bit-0.8-150600.15.6.1
* avahi-32bit-debuginfo-0.8-150600.15.6.1
* libdns_sd-32bit-debuginfo-0.8-150600.15.6.1
* libavahi-client3-32bit-debuginfo-0.8-150600.15.6.1
* libavahi-common3-32bit-0.8-150600.15.6.1
* libdns_sd-32bit-0.8-150600.15.6.1
* libavahi-glib1-32bit-debuginfo-0.8-150600.15.6.1
* openSUSE Leap 15.6 (noarch)
* avahi-lang-0.8-150600.15.6.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libavahi-common3-64bit-debuginfo-0.8-150600.15.6.1
* libavahi-client3-64bit-debuginfo-0.8-150600.15.6.1
* libavahi-glib1-64bit-0.8-150600.15.6.1
* avahi-64bit-debuginfo-0.8-150600.15.6.1
* libdns_sd-64bit-0.8-150600.15.6.1
* libavahi-glib1-64bit-debuginfo-0.8-150600.15.6.1
* libdns_sd-64bit-debuginfo-0.8-150600.15.6.1
* libavahi-common3-64bit-0.8-150600.15.6.1
* libavahi-client3-64bit-0.8-150600.15.6.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libavahi-libevent1-0.8-150600.15.6.1
* libavahi-glib1-debuginfo-0.8-150600.15.6.1
* avahi-compat-mDNSResponder-devel-0.8-150600.15.6.1
* libavahi-core7-0.8-150600.15.6.1
* avahi-compat-howl-devel-0.8-150600.15.6.1
* libavahi-gobject0-0.8-150600.15.6.1
* avahi-0.8-150600.15.6.1
* avahi-utils-debuginfo-0.8-150600.15.6.1
* avahi-debuginfo-0.8-150600.15.6.1
* libdns_sd-debuginfo-0.8-150600.15.6.1
* libavahi-common3-0.8-150600.15.6.1
* libavahi-client3-0.8-150600.15.6.1
* libavahi-glib1-0.8-150600.15.6.1
* libavahi-ui-gtk3-0-0.8-150600.15.6.1
* avahi-debugsource-0.8-150600.15.6.1
* avahi-glib2-debugsource-0.8-150600.15.6.1
* libavahi-client3-debuginfo-0.8-150600.15.6.1
* libavahi-ui-gtk3-0-debuginfo-0.8-150600.15.6.1
* avahi-utils-0.8-150600.15.6.1
* libdns_sd-0.8-150600.15.6.1
* libavahi-libevent1-debuginfo-0.8-150600.15.6.1
* libhowl0-0.8-150600.15.6.1
* libavahi-common3-debuginfo-0.8-150600.15.6.1
* libavahi-devel-0.8-150600.15.6.1
* libavahi-gobject0-debuginfo-0.8-150600.15.6.1
* libhowl0-debuginfo-0.8-150600.15.6.1
* typelib-1_0-Avahi-0_6-0.8-150600.15.6.1
* libavahi-glib-devel-0.8-150600.15.6.1
* libavahi-core7-debuginfo-0.8-150600.15.6.1
* Basesystem Module 15-SP6 (noarch)
* avahi-lang-0.8-150600.15.6.1
* Basesystem Module 15-SP6 (x86_64)
* libavahi-common3-32bit-debuginfo-0.8-150600.15.6.1
* libavahi-client3-32bit-0.8-150600.15.6.1
* avahi-32bit-debuginfo-0.8-150600.15.6.1
* libavahi-client3-32bit-debuginfo-0.8-150600.15.6.1
* libavahi-common3-32bit-0.8-150600.15.6.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* avahi-utils-gtk-0.8-150600.15.6.1
* avahi-debugsource-0.8-150600.15.6.1
* avahi-glib2-debugsource-0.8-150600.15.6.1
* avahi-autoipd-0.8-150600.15.6.1
* avahi-debuginfo-0.8-150600.15.6.1
* libavahi-gobject-devel-0.8-150600.15.6.1
* avahi-autoipd-debuginfo-0.8-150600.15.6.1
* avahi-utils-gtk-debuginfo-0.8-150600.15.6.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* avahi-debuginfo-0.8-150600.15.6.1
* python3-avahi-0.8-150600.15.6.1
* avahi-debugsource-0.8-150600.15.6.1
## References:
* https://www.suse.com/security/cve/CVE-2024-52616.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233420
SUSE-SU-2024:4202-1: moderate: Security update for java-1_8_0-openjdk
# Security update for java-1_8_0-openjdk
Announcement ID: SUSE-SU-2024:4202-1
Release Date: 2024-12-05T14:03:50Z
Rating: moderate
References:
* bsc#1231702
* bsc#1231711
* bsc#1231716
* bsc#1231719
Cross-References:
* CVE-2024-21208
* CVE-2024-21210
* CVE-2024-21217
* CVE-2024-21235
CVSS scores:
* CVE-2024-21208 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-21208 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-21208 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-21210 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-21210 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-21210 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-21217 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-21217 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-21217 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-21235 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-21235 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-21235 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products:
* Legacy Module 15-SP5
* Legacy Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves four vulnerabilities can now be installed.
## Description:
This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u432 (icedtea-3.33.0): \- CVE-2024-21208: Fixed partial
DoS in component Networking (bsc#1231702,JDK-8328286) \- CVE-2024-21210: Fixed
unauthorized update, insert or delete access to some of Oracle Java SE
accessible data in component Hotspot (bsc#1231711,JDK-8328544) \-
CVE-2024-21217: Fixed partial DoS in component Serialization
(bsc#1231716,JDK-8331446) \- CVE-2024-21235: Fixed unauthorized read/write
access to data in component Hotspot (bsc#1231719,JDK-8332644)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-4202=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-4202=1
* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-4202=1
* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2024-4202=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-4202=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-4202=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-4202=1
* SUSE Linux Enterprise Server 15 SP2 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-4202=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-4202=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4202=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-4202=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-4202=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-4202=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-4202=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-src-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-accessibility-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1
* openSUSE Leap 15.5 (noarch)
* java-1_8_0-openjdk-javadoc-1.8.0.432-150000.3.100.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-src-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-accessibility-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1
* openSUSE Leap 15.6 (noarch)
* java-1_8_0-openjdk-javadoc-1.8.0.432-150000.3.100.1
* Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1
* Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1
* SUSE Linux Enterprise Server 15 SP2 LTSS (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1
## References:
* https://www.suse.com/security/cve/CVE-2024-21208.html
* https://www.suse.com/security/cve/CVE-2024-21210.html
* https://www.suse.com/security/cve/CVE-2024-21217.html
* https://www.suse.com/security/cve/CVE-2024-21235.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231702
* https://bugzilla.suse.com/show_bug.cgi?id=1231711
* https://bugzilla.suse.com/show_bug.cgi?id=1231716
* https://bugzilla.suse.com/show_bug.cgi?id=1231719
SUSE-SU-2024:4204-1: important: Security update for docker-stable
# Security update for docker-stable
Announcement ID: SUSE-SU-2024:4204-1
Release Date: 2024-12-05T14:57:55Z
Rating: important
References:
* bsc#1214855
* bsc#1221916
* bsc#1228324
* bsc#1230331
* bsc#1230333
* bsc#1231348
Cross-References:
* CVE-2024-41110
CVSS scores:
* CVE-2024-41110 ( SUSE ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products:
* Containers Module 15-SP5
* Containers Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability and has five security fixes can now be
installed.
## Description:
This update for docker-stable fixes the following issues:
* CVE-2024-41110: Fixed Authz zero length regression (bsc#1228324).
Bug fixes:
* Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker (bsc#1231348).
* Import specfile changes for docker-buildx as well as the changes to help
reduce specfile differences between docker-stable and docker (bsc#1230331,
bsc#1230333).
* Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks (bsc#1221916).
* Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files (bsc#1214855).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-4204=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-4204=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-4204=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-4204=1
* Containers Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-4204=1
* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2024-4204=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-4204=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-4204=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-4204=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-4204=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4204=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-4204=1
## Package List:
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* docker-stable-debuginfo-24.0.9_ce-150000.1.5.1
* docker-stable-24.0.9_ce-150000.1.5.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.5.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* docker-stable-debuginfo-24.0.9_ce-150000.1.5.1
* docker-stable-24.0.9_ce-150000.1.5.1
* SUSE Enterprise Storage 7.1 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.5.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* docker-stable-debuginfo-24.0.9_ce-150000.1.5.1
* docker-stable-24.0.9_ce-150000.1.5.1
* openSUSE Leap 15.5 (noarch)
* docker-stable-fish-completion-24.0.9_ce-150000.1.5.1
* docker-stable-zsh-completion-24.0.9_ce-150000.1.5.1
* docker-stable-rootless-extras-24.0.9_ce-150000.1.5.1
* docker-stable-bash-completion-24.0.9_ce-150000.1.5.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* docker-stable-debuginfo-24.0.9_ce-150000.1.5.1
* docker-stable-24.0.9_ce-150000.1.5.1
* openSUSE Leap 15.6 (noarch)
* docker-stable-fish-completion-24.0.9_ce-150000.1.5.1
* docker-stable-zsh-completion-24.0.9_ce-150000.1.5.1
* docker-stable-rootless-extras-24.0.9_ce-150000.1.5.1
* docker-stable-bash-completion-24.0.9_ce-150000.1.5.1
* Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* docker-stable-debuginfo-24.0.9_ce-150000.1.5.1
* docker-stable-24.0.9_ce-150000.1.5.1
* Containers Module 15-SP5 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.5.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* docker-stable-debuginfo-24.0.9_ce-150000.1.5.1
* docker-stable-24.0.9_ce-150000.1.5.1
* Containers Module 15-SP6 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.5.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* docker-stable-debuginfo-24.0.9_ce-150000.1.5.1
* docker-stable-24.0.9_ce-150000.1.5.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.5.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* docker-stable-debuginfo-24.0.9_ce-150000.1.5.1
* docker-stable-24.0.9_ce-150000.1.5.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.5.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* docker-stable-debuginfo-24.0.9_ce-150000.1.5.1
* docker-stable-24.0.9_ce-150000.1.5.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.5.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* docker-stable-debuginfo-24.0.9_ce-150000.1.5.1
* docker-stable-24.0.9_ce-150000.1.5.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.5.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* docker-stable-debuginfo-24.0.9_ce-150000.1.5.1
* docker-stable-24.0.9_ce-150000.1.5.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.5.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* docker-stable-debuginfo-24.0.9_ce-150000.1.5.1
* docker-stable-24.0.9_ce-150000.1.5.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.5.1
## References:
* https://www.suse.com/security/cve/CVE-2024-41110.html
* https://bugzilla.suse.com/show_bug.cgi?id=1214855
* https://bugzilla.suse.com/show_bug.cgi?id=1221916
* https://bugzilla.suse.com/show_bug.cgi?id=1228324
* https://bugzilla.suse.com/show_bug.cgi?id=1230331
* https://bugzilla.suse.com/show_bug.cgi?id=1230333
* https://bugzilla.suse.com/show_bug.cgi?id=1231348
SUSE-SU-2024:4207-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP5)
Announcement ID: SUSE-SU-2024:4207-1
Release Date: 2024-12-05T15:33:46Z
Rating: important
References:
* bsc#1223363
* bsc#1223683
* bsc#1225011
* bsc#1225012
* bsc#1225013
* bsc#1225099
* bsc#1225309
* bsc#1225311
* bsc#1225312
* bsc#1225429
* bsc#1225733
* bsc#1225739
* bsc#1225819
* bsc#1226325
* bsc#1226327
* bsc#1227471
* bsc#1228573
* bsc#1228786
* bsc#1229273
* bsc#1229553
Cross-References:
* CVE-2021-47517
* CVE-2021-47598
* CVE-2023-52752
* CVE-2023-52846
* CVE-2024-26828
* CVE-2024-26923
* CVE-2024-27398
* CVE-2024-35861
* CVE-2024-35862
* CVE-2024-35863
* CVE-2024-35864
* CVE-2024-35867
* CVE-2024-35905
* CVE-2024-35949
* CVE-2024-36899
* CVE-2024-36904
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059
* CVE-2024-43861
CVSS scores:
* CVE-2021-47517 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26828 ( NVD ): 6.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35949 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves 20 vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_65 fixes several issues.
The following security issues were fixed:
* CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool
(bsc#1225429).
* CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
(bsc#1225733).
* CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
* CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327).
* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks
(bsc#1229273).
* CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break()
(bsc#1225011).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1231353).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-4207=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-4207=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_65-default-debuginfo-7-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_65-default-7-150500.11.6.1
* kernel-livepatch-SLE15-SP5_Update_14-debugsource-7-150500.11.6.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_65-default-debuginfo-7-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_65-default-7-150500.11.6.1
* kernel-livepatch-SLE15-SP5_Update_14-debugsource-7-150500.11.6.1
## References:
* https://www.suse.com/security/cve/CVE-2021-47517.html
* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35863.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35867.html
* https://www.suse.com/security/cve/CVE-2024-35905.html
* https://www.suse.com/security/cve/CVE-2024-35949.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36904.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://www.suse.com/security/cve/CVE-2024-43861.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225011
* https://bugzilla.suse.com/show_bug.cgi?id=1225012
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225429
* https://bugzilla.suse.com/show_bug.cgi?id=1225733
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1226327
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786
* https://bugzilla.suse.com/show_bug.cgi?id=1229273
* https://bugzilla.suse.com/show_bug.cgi?id=1229553
SUSE-SU-2024:4209-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP6)
Announcement ID: SUSE-SU-2024:4209-1
Release Date: 2024-12-05T15:34:05Z
Rating: important
References:
* bsc#1225819
* bsc#1228349
* bsc#1228786
* bsc#1229273
* bsc#1229553
* bsc#1231419
Cross-References:
* CVE-2023-52752
* CVE-2024-35949
* CVE-2024-40909
* CVE-2024-40954
* CVE-2024-42133
* CVE-2024-43861
CVSS scores:
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35949 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40909 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-42133 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-42133 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves six vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_14 fixes several issues.
The following security issues were fixed:
* CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
* CVE-2024-42133: Bluetooth: Ignore too large handle values in BIG
(bsc#1228511).
* CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks
(bsc#1229273).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free()
(bsc#1228349).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-4209=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-4209=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_14-default-5-150600.13.6.1
* kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-5-150600.13.6.1
* kernel-livepatch-SLE15-SP6_Update_2-debugsource-5-150600.13.6.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_14-default-5-150600.13.6.1
* kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-5-150600.13.6.1
* kernel-livepatch-SLE15-SP6_Update_2-debugsource-5-150600.13.6.1
## References:
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2024-35949.html
* https://www.suse.com/security/cve/CVE-2024-40909.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-42133.html
* https://www.suse.com/security/cve/CVE-2024-43861.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1228349
* https://bugzilla.suse.com/show_bug.cgi?id=1228786
* https://bugzilla.suse.com/show_bug.cgi?id=1229273
* https://bugzilla.suse.com/show_bug.cgi?id=1229553
* https://bugzilla.suse.com/show_bug.cgi?id=1231419
SUSE-SU-2024:4208-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)
Announcement ID: SUSE-SU-2024:4208-1
Release Date: 2024-12-05T15:33:56Z
Rating: important
References:
* bsc#1225733
* bsc#1225739
* bsc#1225819
* bsc#1228786
* bsc#1229273
* bsc#1229553
* bsc#1231419
Cross-References:
* CVE-2023-52752
* CVE-2024-35949
* CVE-2024-36899
* CVE-2024-36904
* CVE-2024-40954
* CVE-2024-42133
* CVE-2024-43861
CVSS scores:
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35949 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-42133 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-42133 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves seven vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_7 fixes several issues.
The following security issues were fixed:
* CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
(bsc#1225733).
* CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
* CVE-2024-42133: Bluetooth: Ignore too large handle values in BIG
(bsc#1228511).
* CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks
(bsc#1229273).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1231353).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-4208=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-4208=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1
* kernel-livepatch-SLE15-SP6_Update_1-debugsource-5-150600.13.6.1
* kernel-livepatch-6_4_0-150600_23_7-default-debuginfo-5-150600.13.6.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1
* kernel-livepatch-SLE15-SP6_Update_1-debugsource-5-150600.13.6.1
* kernel-livepatch-6_4_0-150600_23_7-default-debuginfo-5-150600.13.6.1
## References:
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2024-35949.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36904.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-42133.html
* https://www.suse.com/security/cve/CVE-2024-43861.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225733
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1228786
* https://bugzilla.suse.com/show_bug.cgi?id=1229273
* https://bugzilla.suse.com/show_bug.cgi?id=1229553
* https://bugzilla.suse.com/show_bug.cgi?id=1231419
