Auscert Security Bulletins Full Description

Security Bulletins Latest published security bulletins. See https://www.auscert.org.au/rss/ for feed information.

  • python-Django: CVSS (Max): 7.5
    on March 28, 2024 at 6:42 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1942 Security update for python-Django 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: python-Django Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2024-27351 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240902-1 Comment: CVSS (Max): 7.5 CVE-2024-27351 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for python-Django Announcement ID: SUSE-SU-2024:0902-1 Rating: important References: o bsc#1220358 Cross-References: o CVE-2024-27351 o CVE-2024-27351 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N CVSS scores: /S:U/C:N/I:N/A:H Affected o openSUSE Leap 15.5 Products: An update that solves one vulnerability can now be installed. Description: This update for python-Django fixes the following issues: o CVE-2024-27351: Fixed a regular expression DoS in django.utils.text.Truncator.words (bsc#1220358) Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-902=1 Package List: o openSUSE Leap 15.5 (noarch) python3-Django-2.0.7-150000.1.17.1 References: o https://www.suse.com/security/cve/CVE-2024-27351.html o https://bugzilla.suse.com/show_bug.cgi?id=1220358 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • python3: CVSS (Max): 8.4
    on March 28, 2024 at 6:42 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1941 Security update for python3 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: python3 Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-48566 CVE-2023-6597 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240901-1 Comment: CVSS (Max): 8.4 CVE-2023-6597 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for python3 Announcement ID: SUSE-SU-2024:0901-1 Rating: important o bsc#1214691 References: o bsc#1219666 o CVE-2022-48566 Cross-References: o CVE-2023-6597 o CVE-2022-48566 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R /S:U/C:H/I:L/A:N o CVE-2022-48566 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/ CVSS scores: S:U/C:H/I:N/A:N o CVE-2023-6597 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/ S:U/C:H/I:H/A:H o Basesystem Module 15-SP5 o Development Tools Module 15-SP5 o openSUSE Leap 15.3 o openSUSE Leap 15.5 o openSUSE Leap Micro 5.3 o openSUSE Leap Micro 5.4 o SUSE Enterprise Storage 7.1 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 o SUSE Linux Enterprise Desktop 15 SP5 o SUSE Linux Enterprise High Performance Computing 15 SP3 o SUSE Linux Enterprise High Performance Computing 15 SP4 o SUSE Linux Enterprise High Performance Computing 15 SP5 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 o SUSE Linux Enterprise High Performance Computing LTSS 15 Affected SP4 Products: o SUSE Linux Enterprise Micro 5.2 o SUSE Linux Enterprise Micro 5.3 o SUSE Linux Enterprise Micro 5.4 o SUSE Linux Enterprise Micro 5.5 o SUSE Linux Enterprise Micro for Rancher 5.2 o SUSE Linux Enterprise Micro for Rancher 5.3 o SUSE Linux Enterprise Micro for Rancher 5.4 o SUSE Linux Enterprise Real Time 15 SP5 o SUSE Linux Enterprise Server 15 SP3 o SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 o SUSE Linux Enterprise Server 15 SP4 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 o SUSE Linux Enterprise Server 15 SP5 o SUSE Linux Enterprise Server for SAP Applications 15 SP3 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 o SUSE Linux Enterprise Server for SAP Applications 15 SP5 o SUSE Manager Proxy 4.3 o SUSE Manager Retail Branch Server 4.3 o SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. Description: This update for python3 fixes the following issues: o CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). o CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2024-901=1 o openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-901=1 o SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-901=1 o SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-901=1 o SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-901=1 o SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-901=1 o SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-901=1 o Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-901=1 o Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-901=1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-901=1 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-901=1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-901=1 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-901=1 o SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-901=1 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-901=1 o SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-901=1 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-901=1 o SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-901=1 o SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2024-901=1 o SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-901=1 o SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-901=1 o SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-901=1 o SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-901=1 o openSUSE Leap 15.3 zypper in -t patch SUSE-2024-901=1 o openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2024-901=1 Package List: o openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) python3-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) python3-testsuite-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-testsuite-3.6.15-150300.10.57.1 python3-doc-devhelp-3.6.15-150300.10.57.1 python3-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-curses-debuginfo-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 python3-devel-debuginfo-3.6.15-150300.10.57.1 python3-dbm-3.6.15-150300.10.57.1 python3-tk-3.6.15-150300.10.57.1 python3-dbm-debuginfo-3.6.15-150300.10.57.1 python3-curses-3.6.15-150300.10.57.1 python3-tools-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 python3-idle-3.6.15-150300.10.57.1 python3-devel-3.6.15-150300.10.57.1 python3-tk-debuginfo-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 python3-doc-3.6.15-150300.10.57.1 o openSUSE Leap 15.5 (x86_64) libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-32bit-3.6.15-150300.10.57.1 o SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) python3-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) python3-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) python3-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) python3-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) python3-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) python3-3.6.15-150300.10.57.1 python3-devel-debuginfo-3.6.15-150300.10.57.1 python3-dbm-3.6.15-150300.10.57.1 python3-curses-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 python3-dbm-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-tk-3.6.15-150300.10.57.1 python3-idle-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-curses-debuginfo-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 python3-devel-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-tk-debuginfo-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) python3-core-debugsource-3.6.15-150300.10.57.1 python3-tools-3.6.15-150300.10.57.1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) python3-3.6.15-150300.10.57.1 python3-devel-debuginfo-3.6.15-150300.10.57.1 python3-tools-3.6.15-150300.10.57.1 python3-dbm-3.6.15-150300.10.57.1 python3-curses-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 python3-dbm-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-tk-3.6.15-150300.10.57.1 python3-idle-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-curses-debuginfo-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 python3-devel-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-tk-debuginfo-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) python3-3.6.15-150300.10.57.1 python3-devel-debuginfo-3.6.15-150300.10.57.1 python3-tools-3.6.15-150300.10.57.1 python3-dbm-3.6.15-150300.10.57.1 python3-curses-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 python3-dbm-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-tk-3.6.15-150300.10.57.1 python3-idle-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-curses-debuginfo-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 python3-devel-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-tk-debuginfo-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) python3-3.6.15-150300.10.57.1 python3-devel-debuginfo-3.6.15-150300.10.57.1 python3-tools-3.6.15-150300.10.57.1 python3-dbm-3.6.15-150300.10.57.1 python3-curses-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 python3-dbm-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-tk-3.6.15-150300.10.57.1 python3-idle-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-curses-debuginfo-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 python3-devel-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-tk-debuginfo-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) python3-3.6.15-150300.10.57.1 python3-devel-debuginfo-3.6.15-150300.10.57.1 python3-tools-3.6.15-150300.10.57.1 python3-dbm-3.6.15-150300.10.57.1 python3-curses-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 python3-dbm-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-tk-3.6.15-150300.10.57.1 python3-idle-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-curses-debuginfo-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 python3-devel-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-tk-debuginfo-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) python3-3.6.15-150300.10.57.1 python3-devel-debuginfo-3.6.15-150300.10.57.1 python3-tools-3.6.15-150300.10.57.1 python3-dbm-3.6.15-150300.10.57.1 python3-curses-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 python3-dbm-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-tk-3.6.15-150300.10.57.1 python3-idle-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-curses-debuginfo-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 python3-devel-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-tk-debuginfo-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) python3-3.6.15-150300.10.57.1 python3-devel-debuginfo-3.6.15-150300.10.57.1 python3-tools-3.6.15-150300.10.57.1 python3-dbm-3.6.15-150300.10.57.1 python3-curses-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 python3-dbm-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-tk-3.6.15-150300.10.57.1 python3-idle-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-curses-debuginfo-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 python3-devel-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-tk-debuginfo-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) python3-3.6.15-150300.10.57.1 python3-devel-debuginfo-3.6.15-150300.10.57.1 python3-tools-3.6.15-150300.10.57.1 python3-dbm-3.6.15-150300.10.57.1 python3-curses-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 python3-dbm-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-tk-3.6.15-150300.10.57.1 python3-idle-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-curses-debuginfo-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 python3-devel-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-tk-debuginfo-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) python3-3.6.15-150300.10.57.1 python3-devel-debuginfo-3.6.15-150300.10.57.1 python3-tools-3.6.15-150300.10.57.1 python3-dbm-3.6.15-150300.10.57.1 python3-curses-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 python3-dbm-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-tk-3.6.15-150300.10.57.1 python3-idle-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-curses-debuginfo-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 python3-devel-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-tk-debuginfo-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o SUSE Manager Proxy 4.3 (x86_64) python3-3.6.15-150300.10.57.1 python3-devel-debuginfo-3.6.15-150300.10.57.1 python3-dbm-3.6.15-150300.10.57.1 python3-curses-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 python3-dbm-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-tk-3.6.15-150300.10.57.1 python3-idle-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-curses-debuginfo-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 python3-devel-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-tk-debuginfo-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o SUSE Manager Retail Branch Server 4.3 (x86_64) python3-3.6.15-150300.10.57.1 python3-devel-debuginfo-3.6.15-150300.10.57.1 python3-dbm-3.6.15-150300.10.57.1 python3-curses-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 python3-dbm-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-tk-3.6.15-150300.10.57.1 python3-idle-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-curses-debuginfo-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 python3-devel-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-tk-debuginfo-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o SUSE Manager Server 4.3 (ppc64le s390x x86_64) python3-3.6.15-150300.10.57.1 python3-devel-debuginfo-3.6.15-150300.10.57.1 python3-dbm-3.6.15-150300.10.57.1 python3-curses-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 python3-dbm-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-tk-3.6.15-150300.10.57.1 python3-idle-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-curses-debuginfo-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 python3-devel-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-tk-debuginfo-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o SUSE Enterprise Storage 7.1 (aarch64 x86_64) python3-3.6.15-150300.10.57.1 python3-devel-debuginfo-3.6.15-150300.10.57.1 python3-tools-3.6.15-150300.10.57.1 python3-dbm-3.6.15-150300.10.57.1 python3-curses-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 python3-dbm-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-tk-3.6.15-150300.10.57.1 python3-idle-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-curses-debuginfo-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 python3-devel-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-tk-debuginfo-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) python3-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) python3-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 o openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) python3-testsuite-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-testsuite-3.6.15-150300.10.57.1 python3-doc-devhelp-3.6.15-150300.10.57.1 python3-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-curses-debuginfo-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 python3-devel-debuginfo-3.6.15-150300.10.57.1 python3-dbm-3.6.15-150300.10.57.1 python3-tk-3.6.15-150300.10.57.1 python3-dbm-debuginfo-3.6.15-150300.10.57.1 python3-curses-3.6.15-150300.10.57.1 python3-tools-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 python3-idle-3.6.15-150300.10.57.1 python3-devel-3.6.15-150300.10.57.1 python3-tk-debuginfo-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 python3-doc-3.6.15-150300.10.57.1 o openSUSE Leap 15.3 (x86_64) libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-32bit-3.6.15-150300.10.57.1 o openSUSE Leap 15.3 (aarch64_ilp32) libpython3_6m1_0-64bit-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-64bit-3.6.15-150300.10.57.1 o openSUSE Leap Micro 5.3 (aarch64 x86_64) python3-3.6.15-150300.10.57.1 python3-debugsource-3.6.15-150300.10.57.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.57.1 python3-base-3.6.15-150300.10.57.1 python3-core-debugsource-3.6.15-150300.10.57.1 python3-debuginfo-3.6.15-150300.10.57.1 libpython3_6m1_0-3.6.15-150300.10.57.1 python3-base-debuginfo-3.6.15-150300.10.57.1 References: o https://www.suse.com/security/cve/CVE-2022-48566.html o https://www.suse.com/security/cve/CVE-2023-6597.html o https://bugzilla.suse.com/show_bug.cgi?id=1214691 o https://bugzilla.suse.com/show_bug.cgi?id=1219666 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • Linux Kernel: CVSS (Max): 7.8
    on March 28, 2024 at 6:39 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1940 Security update for the Linux Kernel 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-52448 CVE-2023-52478 CVE-2023-52484 CVE-2023-52449 CVE-2023-52482 CVE-2023-52530 CVE-2023-52531 CVE-2023-52559 CVE-2023-6270 CVE-2024-1151 CVE-2024-23850 CVE-2023-52467 CVE-2024-23851 CVE-2024-26585 CVE-2024-26586 CVE-2024-26593 CVE-2024-26595 CVE-2024-26602 CVE-2024-26603 CVE-2024-26607 CVE-2024-26622 CVE-2023-28746 CVE-2023-52447 CVE-2021-46932 CVE-2024-0607 CVE-2023-52451 CVE-2022-48627 CVE-2023-6817 CVE-2024-23849 CVE-2023-52439 CVE-2023-52456 CVE-2024-26591 CVE-2023-52443 CVE-2023-52463 CVE-2023-52464 CVE-2023-5197 CVE-2023-52457 CVE-2024-26589 CVE-2019-25162 CVE-2021-46923 CVE-2021-46924 CVE-2024-26598 CVE-2021-46934 CVE-2021-47083 CVE-2023-52445 CVE-2023-52340 CVE-2023-52429 CVE-2023-52452 CVE-2023-52475 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240900-2 Comment: CVSS (Max): 7.8 CVE-2023-6817 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:0900-2 Rating: important o bsc#1211515 o bsc#1213456 o bsc#1214064 o bsc#1218195 o bsc#1218216 o bsc#1218562 o bsc#1218915 o bsc#1219073 o bsc#1219126 o bsc#1219127 o bsc#1219146 o bsc#1219295 o bsc#1219633 o bsc#1219653 o bsc#1219827 o bsc#1219835 o bsc#1220009 o bsc#1220140 o bsc#1220187 o bsc#1220238 o bsc#1220240 o bsc#1220241 o bsc#1220243 o bsc#1220250 o bsc#1220251 o bsc#1220253 o bsc#1220254 References: o bsc#1220255 o bsc#1220257 o bsc#1220326 o bsc#1220328 o bsc#1220330 o bsc#1220335 o bsc#1220344 o bsc#1220350 o bsc#1220364 o bsc#1220398 o bsc#1220409 o bsc#1220433 o bsc#1220444 o bsc#1220457 o bsc#1220459 o bsc#1220469 o bsc#1220649 o bsc#1220735 o bsc#1220736 o bsc#1220796 o bsc#1220797 o bsc#1220825 o bsc#1220845 o bsc#1220917 o bsc#1220930 o bsc#1220931 o bsc#1220933 o CVE-2019-25162 o CVE-2021-46923 o CVE-2021-46924 o CVE-2021-46932 o CVE-2021-46934 o CVE-2021-47083 o CVE-2022-48627 o CVE-2023-28746 o CVE-2023-5197 o CVE-2023-52340 o CVE-2023-52429 o CVE-2023-52439 o CVE-2023-52443 o CVE-2023-52445 o CVE-2023-52447 o CVE-2023-52448 o CVE-2023-52449 o CVE-2023-52451 o CVE-2023-52452 o CVE-2023-52456 o CVE-2023-52457 o CVE-2023-52463 o CVE-2023-52464 o CVE-2023-52467 Cross-References: o CVE-2023-52475 o CVE-2023-52478 o CVE-2023-52482 o CVE-2023-52484 o CVE-2023-52530 o CVE-2023-52531 o CVE-2023-52559 o CVE-2023-6270 o CVE-2023-6817 o CVE-2024-0607 o CVE-2024-1151 o CVE-2024-23849 o CVE-2024-23850 o CVE-2024-23851 o CVE-2024-26585 o CVE-2024-26586 o CVE-2024-26589 o CVE-2024-26591 o CVE-2024-26593 o CVE-2024-26595 o CVE-2024-26598 o CVE-2024-26602 o CVE-2024-26603 o CVE-2024-26607 o CVE-2024-26622 o CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:C/C:H/I:N/A:N o CVE-2023-5197 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:L/I:L/A:H o CVE-2023-5197 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:L/I:L/A:H o CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52439 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:H/I:H/A:H o CVE-2023-6270 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-6270 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-6817 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-6817 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ CVSS scores: S:U/C:H/I:H/A:H o CVE-2024-0607 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:H/A:L o CVE-2024-0607 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:L/I:L/A:H o CVE-2024-1151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-23849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:N/A:N o CVE-2024-23849 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-23850 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2024-23850 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-23851 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:N/I:N/A:H o CVE-2024-23851 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H Affected o SUSE Manager Proxy 4.3 Products: o SUSE Manager Server 4.3 An update that solves 49 vulnerabilities and has five security fixes can now be installed. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: o CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc# 1218562). o CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). o CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933). o CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). o CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc# 1220930). o CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736). o CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc #1220433). o CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc# 1220254). o CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). o CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797). o CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc #1220187). o CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). o CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc# 1218915). o CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). o CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc# 1220825). o CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). o CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257). o CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get () failed (bsc#1220350). o CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364). o CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). o CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). o CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457). o CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc# 1220251). o CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326). o CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335). o CVE-2023-52445: Fixed use after free on context disconnection (bsc# 1220241). o CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). o CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc# 1220240). o CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). o CVE-2024-26593: Fixed block process call transactions (bsc#1220009). o CVE-2024-26586: Fixed stack corruption (bsc#1220243). o CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). o CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330) o CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). o CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc# 1219835). o CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216). o CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc# 1219127). o CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/ dm-table.c (bsc#1219827). o CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc# 1219146). The following non-security bugs were fixed: o bpf: Fix verification of indirect var-off stack access (git-fixes). o bpf: Guard stack limits against 32bit overflow (git-fixes). o KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes). o KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes). o NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633). o nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515). o nvme: remove nvme_alloc_request and nvme_alloc_request_qid (bsc#1214064). o nvme: start keep-alive after admin queue setup (bsc#1211515). o x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes). o x86/bugs: Add asm helpers for executing VERW (git-fixes). o x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). o x86/entry_32: Add VERW just before userspace transition (git-fixes). o x86/entry_64: Add VERW just before userspace transition (git-fixes). Special Instructions and Notes: o Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-900=1 o SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-900=1 Package List: o SUSE Manager Proxy 4.3 (nosrc x86_64) kernel-default-5.14.21-150400.24.111.2 o SUSE Manager Proxy 4.3 (x86_64) kernel-syms-5.14.21-150400.24.111.1 kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1 kernel-default-debugsource-5.14.21-150400.24.111.2 kernel-default-debuginfo-5.14.21-150400.24.111.2 kernel-default-devel-debuginfo-5.14.21-150400.24.111.2 kernel-default-devel-5.14.21-150400.24.111.2 o SUSE Manager Proxy 4.3 (noarch) kernel-macros-5.14.21-150400.24.111.1 kernel-source-5.14.21-150400.24.111.1 kernel-devel-5.14.21-150400.24.111.1 o SUSE Manager Server 4.3 (nosrc ppc64le s390x x86_64) kernel-default-5.14.21-150400.24.111.2 o SUSE Manager Server 4.3 (ppc64le x86_64) kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1 o SUSE Manager Server 4.3 (ppc64le s390x x86_64) kernel-syms-5.14.21-150400.24.111.1 kernel-default-debugsource-5.14.21-150400.24.111.2 kernel-default-debuginfo-5.14.21-150400.24.111.2 kernel-default-devel-debuginfo-5.14.21-150400.24.111.2 kernel-default-devel-5.14.21-150400.24.111.2 o SUSE Manager Server 4.3 (noarch) kernel-macros-5.14.21-150400.24.111.1 kernel-source-5.14.21-150400.24.111.1 kernel-devel-5.14.21-150400.24.111.1 o SUSE Manager Server 4.3 (nosrc s390x) kernel-zfcpdump-5.14.21-150400.24.111.2 o SUSE Manager Server 4.3 (s390x) kernel-zfcpdump-debugsource-5.14.21-150400.24.111.2 kernel-zfcpdump-debuginfo-5.14.21-150400.24.111.2 References: o https://www.suse.com/security/cve/CVE-2019-25162.html o https://www.suse.com/security/cve/CVE-2021-46923.html o https://www.suse.com/security/cve/CVE-2021-46924.html o https://www.suse.com/security/cve/CVE-2021-46932.html o https://www.suse.com/security/cve/CVE-2021-46934.html o https://www.suse.com/security/cve/CVE-2021-47083.html o https://www.suse.com/security/cve/CVE-2022-48627.html o https://www.suse.com/security/cve/CVE-2023-28746.html o https://www.suse.com/security/cve/CVE-2023-5197.html o https://www.suse.com/security/cve/CVE-2023-52340.html o https://www.suse.com/security/cve/CVE-2023-52429.html o https://www.suse.com/security/cve/CVE-2023-52439.html o https://www.suse.com/security/cve/CVE-2023-52443.html o https://www.suse.com/security/cve/CVE-2023-52445.html o https://www.suse.com/security/cve/CVE-2023-52447.html o https://www.suse.com/security/cve/CVE-2023-52448.html o https://www.suse.com/security/cve/CVE-2023-52449.html o https://www.suse.com/security/cve/CVE-2023-52451.html o https://www.suse.com/security/cve/CVE-2023-52452.html o https://www.suse.com/security/cve/CVE-2023-52456.html o https://www.suse.com/security/cve/CVE-2023-52457.html o https://www.suse.com/security/cve/CVE-2023-52463.html o https://www.suse.com/security/cve/CVE-2023-52464.html o https://www.suse.com/security/cve/CVE-2023-52467.html o https://www.suse.com/security/cve/CVE-2023-52475.html o https://www.suse.com/security/cve/CVE-2023-52478.html o https://www.suse.com/security/cve/CVE-2023-52482.html o https://www.suse.com/security/cve/CVE-2023-52484.html o https://www.suse.com/security/cve/CVE-2023-52530.html o https://www.suse.com/security/cve/CVE-2023-52531.html o https://www.suse.com/security/cve/CVE-2023-52559.html o https://www.suse.com/security/cve/CVE-2023-6270.html o https://www.suse.com/security/cve/CVE-2023-6817.html o https://www.suse.com/security/cve/CVE-2024-0607.html o https://www.suse.com/security/cve/CVE-2024-1151.html o https://www.suse.com/security/cve/CVE-2024-23849.html o https://www.suse.com/security/cve/CVE-2024-23850.html o https://www.suse.com/security/cve/CVE-2024-23851.html o https://www.suse.com/security/cve/CVE-2024-26585.html o https://www.suse.com/security/cve/CVE-2024-26586.html o https://www.suse.com/security/cve/CVE-2024-26589.html o https://www.suse.com/security/cve/CVE-2024-26591.html o https://www.suse.com/security/cve/CVE-2024-26593.html o https://www.suse.com/security/cve/CVE-2024-26595.html o https://www.suse.com/security/cve/CVE-2024-26598.html o https://www.suse.com/security/cve/CVE-2024-26602.html o https://www.suse.com/security/cve/CVE-2024-26603.html o https://www.suse.com/security/cve/CVE-2024-26607.html o https://www.suse.com/security/cve/CVE-2024-26622.html o https://bugzilla.suse.com/show_bug.cgi?id=1211515 o https://bugzilla.suse.com/show_bug.cgi?id=1213456 o https://bugzilla.suse.com/show_bug.cgi?id=1214064 o https://bugzilla.suse.com/show_bug.cgi?id=1218195 o https://bugzilla.suse.com/show_bug.cgi?id=1218216 o https://bugzilla.suse.com/show_bug.cgi?id=1218562 o https://bugzilla.suse.com/show_bug.cgi?id=1218915 o https://bugzilla.suse.com/show_bug.cgi?id=1219073 o https://bugzilla.suse.com/show_bug.cgi?id=1219126 o https://bugzilla.suse.com/show_bug.cgi?id=1219127 o https://bugzilla.suse.com/show_bug.cgi?id=1219146 o https://bugzilla.suse.com/show_bug.cgi?id=1219295 o https://bugzilla.suse.com/show_bug.cgi?id=1219633 o https://bugzilla.suse.com/show_bug.cgi?id=1219653 o https://bugzilla.suse.com/show_bug.cgi?id=1219827 o https://bugzilla.suse.com/show_bug.cgi?id=1219835 o https://bugzilla.suse.com/show_bug.cgi?id=1220009 o https://bugzilla.suse.com/show_bug.cgi?id=1220140 o https://bugzilla.suse.com/show_bug.cgi?id=1220187 o https://bugzilla.suse.com/show_bug.cgi?id=1220238 o https://bugzilla.suse.com/show_bug.cgi?id=1220240 o https://bugzilla.suse.com/show_bug.cgi?id=1220241 o https://bugzilla.suse.com/show_bug.cgi?id=1220243 o https://bugzilla.suse.com/show_bug.cgi?id=1220250 o https://bugzilla.suse.com/show_bug.cgi?id=1220251 o https://bugzilla.suse.com/show_bug.cgi?id=1220253 o https://bugzilla.suse.com/show_bug.cgi?id=1220254 o https://bugzilla.suse.com/show_bug.cgi?id=1220255 o https://bugzilla.suse.com/show_bug.cgi?id=1220257 o https://bugzilla.suse.com/show_bug.cgi?id=1220326 o https://bugzilla.suse.com/show_bug.cgi?id=1220328 o https://bugzilla.suse.com/show_bug.cgi?id=1220330 o https://bugzilla.suse.com/show_bug.cgi?id=1220335 o https://bugzilla.suse.com/show_bug.cgi?id=1220344 o https://bugzilla.suse.com/show_bug.cgi?id=1220350 o https://bugzilla.suse.com/show_bug.cgi?id=1220364 o https://bugzilla.suse.com/show_bug.cgi?id=1220398 o https://bugzilla.suse.com/show_bug.cgi?id=1220409 o https://bugzilla.suse.com/show_bug.cgi?id=1220433 o https://bugzilla.suse.com/show_bug.cgi?id=1220444 o https://bugzilla.suse.com/show_bug.cgi?id=1220457 o https://bugzilla.suse.com/show_bug.cgi?id=1220459 o https://bugzilla.suse.com/show_bug.cgi?id=1220469 o https://bugzilla.suse.com/show_bug.cgi?id=1220649 o https://bugzilla.suse.com/show_bug.cgi?id=1220735 o https://bugzilla.suse.com/show_bug.cgi?id=1220736 o https://bugzilla.suse.com/show_bug.cgi?id=1220796 o https://bugzilla.suse.com/show_bug.cgi?id=1220797 o https://bugzilla.suse.com/show_bug.cgi?id=1220825 o https://bugzilla.suse.com/show_bug.cgi?id=1220845 o https://bugzilla.suse.com/show_bug.cgi?id=1220917 o https://bugzilla.suse.com/show_bug.cgi?id=1220930 o https://bugzilla.suse.com/show_bug.cgi?id=1220931 o https://bugzilla.suse.com/show_bug.cgi?id=1220933 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • Linux Kernel: CVSS (Max): 7.8
    on March 28, 2024 at 6:39 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1939 Security update for the Linux Kernel 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-52448 CVE-2023-52478 CVE-2023-52484 CVE-2023-52449 CVE-2023-52482 CVE-2023-52530 CVE-2023-52531 CVE-2023-52559 CVE-2023-6270 CVE-2024-1151 CVE-2024-23850 CVE-2023-52467 CVE-2024-23851 CVE-2024-26585 CVE-2024-26586 CVE-2024-26593 CVE-2024-26595 CVE-2024-26602 CVE-2024-26603 CVE-2024-26607 CVE-2024-26622 CVE-2023-28746 CVE-2023-52447 CVE-2021-46932 CVE-2024-0607 CVE-2023-52451 CVE-2022-48627 CVE-2023-6817 CVE-2024-23849 CVE-2023-52439 CVE-2023-52456 CVE-2024-26591 CVE-2023-52443 CVE-2023-52463 CVE-2023-52464 CVE-2023-5197 CVE-2023-52457 CVE-2024-26589 CVE-2019-25162 CVE-2021-46923 CVE-2021-46924 CVE-2024-26598 CVE-2021-46934 CVE-2021-47083 CVE-2023-52445 CVE-2023-52340 CVE-2023-52429 CVE-2023-52452 CVE-2023-52475 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240900-1 Comment: CVSS (Max): 7.8 CVE-2024-26622 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:0900-1 Rating: important o bsc#1211515 o bsc#1213456 o bsc#1214064 o bsc#1218195 o bsc#1218216 o bsc#1218562 o bsc#1218915 o bsc#1219073 o bsc#1219126 o bsc#1219127 o bsc#1219146 o bsc#1219295 o bsc#1219633 o bsc#1219653 o bsc#1219827 o bsc#1219835 o bsc#1220009 o bsc#1220140 o bsc#1220187 o bsc#1220238 o bsc#1220240 o bsc#1220241 o bsc#1220243 o bsc#1220250 o bsc#1220251 o bsc#1220253 o bsc#1220254 References: o bsc#1220255 o bsc#1220257 o bsc#1220326 o bsc#1220328 o bsc#1220330 o bsc#1220335 o bsc#1220344 o bsc#1220350 o bsc#1220364 o bsc#1220398 o bsc#1220409 o bsc#1220433 o bsc#1220444 o bsc#1220457 o bsc#1220459 o bsc#1220469 o bsc#1220649 o bsc#1220735 o bsc#1220736 o bsc#1220796 o bsc#1220797 o bsc#1220825 o bsc#1220845 o bsc#1220917 o bsc#1220930 o bsc#1220931 o bsc#1220933 o CVE-2019-25162 o CVE-2021-46923 o CVE-2021-46924 o CVE-2021-46932 o CVE-2021-46934 o CVE-2021-47083 o CVE-2022-48627 o CVE-2023-28746 o CVE-2023-5197 o CVE-2023-52340 o CVE-2023-52429 o CVE-2023-52439 o CVE-2023-52443 o CVE-2023-52445 o CVE-2023-52447 o CVE-2023-52448 o CVE-2023-52449 o CVE-2023-52451 o CVE-2023-52452 o CVE-2023-52456 o CVE-2023-52457 o CVE-2023-52463 o CVE-2023-52464 o CVE-2023-52467 Cross-References: o CVE-2023-52475 o CVE-2023-52478 o CVE-2023-52482 o CVE-2023-52484 o CVE-2023-52530 o CVE-2023-52531 o CVE-2023-52559 o CVE-2023-6270 o CVE-2023-6817 o CVE-2024-0607 o CVE-2024-1151 o CVE-2024-23849 o CVE-2024-23850 o CVE-2024-23851 o CVE-2024-26585 o CVE-2024-26586 o CVE-2024-26589 o CVE-2024-26591 o CVE-2024-26593 o CVE-2024-26595 o CVE-2024-26598 o CVE-2024-26602 o CVE-2024-26603 o CVE-2024-26607 o CVE-2024-26622 o CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:C/C:H/I:N/A:N o CVE-2023-5197 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:L/I:L/A:H o CVE-2023-5197 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:L/I:L/A:H o CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52439 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:H/I:H/A:H o CVE-2023-6270 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-6270 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-6817 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-6817 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ CVSS scores: S:U/C:H/I:H/A:H o CVE-2024-0607 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:H/A:L o CVE-2024-0607 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:L/I:L/A:H o CVE-2024-1151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-23849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:N/A:N o CVE-2024-23849 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-23850 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2024-23850 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-23851 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:N/I:N/A:H o CVE-2024-23851 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o openSUSE Leap 15.4 o openSUSE Leap Micro 5.3 o openSUSE Leap Micro 5.4 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 o SUSE Linux Enterprise High Availability Extension 15 SP4 o SUSE Linux Enterprise High Performance Computing 15 SP4 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 Affected o SUSE Linux Enterprise Live Patching 15-SP4 Products: o SUSE Linux Enterprise Micro 5.3 o SUSE Linux Enterprise Micro 5.4 o SUSE Linux Enterprise Micro for Rancher 5.3 o SUSE Linux Enterprise Micro for Rancher 5.4 o SUSE Linux Enterprise Real Time 15 SP4 o SUSE Linux Enterprise Server 15 SP4 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 o SUSE Manager Proxy 4.3 o SUSE Manager Retail Branch Server 4.3 o SUSE Manager Server 4.3 An update that solves 49 vulnerabilities and has five security fixes can now be installed. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: o CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc# 1218562). o CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). o CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933). o CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). o CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc# 1220930). o CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736). o CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc #1220433). o CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc# 1220254). o CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). o CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797). o CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc #1220187). o CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). o CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc# 1218915). o CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). o CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc# 1220825). o CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). o CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257). o CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get () failed (bsc#1220350). o CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364). o CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). o CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). o CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457). o CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc# 1220251). o CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326). o CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335). o CVE-2023-52445: Fixed use after free on context disconnection (bsc# 1220241). o CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). o CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc# 1220240). o CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). o CVE-2024-26593: Fixed block process call transactions (bsc#1220009). o CVE-2024-26586: Fixed stack corruption (bsc#1220243). o CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). o CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330) o CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). o CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc# 1219835). o CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216). o CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc# 1219127). o CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/ dm-table.c (bsc#1219827). o CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc# 1219146). The following non-security bugs were fixed: o bpf: Fix verification of indirect var-off stack access (git-fixes). o bpf: Guard stack limits against 32bit overflow (git-fixes). o KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes). o KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes). o NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633). o nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515). o nvme: remove nvme_alloc_request and nvme_alloc_request_qid (bsc#1214064). o nvme: start keep-alive after admin queue setup (bsc#1211515). o x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes). o x86/bugs: Add asm helpers for executing VERW (git-fixes). o x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). o x86/entry_32: Add VERW just before userspace transition (git-fixes). o x86/entry_64: Add VERW just before userspace transition (git-fixes). Special Instructions and Notes: o Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o openSUSE Leap 15.4 zypper in -t patch SUSE-2024-900=1 o openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2024-900=1 o openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2024-900=1 o SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-900=1 o SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-900=1 o SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-900=1 o SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-900=1 o SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-900=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. o SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2024-900=1 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-900=1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-900=1 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-900=1 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-900=1 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-900=1 o SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-900=1 o SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2024-900=1 o SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-900=1 Package List: o openSUSE Leap 15.4 (noarch nosrc) kernel-docs-5.14.21-150400.24.111.2 o openSUSE Leap 15.4 (noarch) kernel-source-vanilla-5.14.21-150400.24.111.1 kernel-devel-5.14.21-150400.24.111.1 kernel-source-5.14.21-150400.24.111.1 kernel-docs-html-5.14.21-150400.24.111.2 kernel-macros-5.14.21-150400.24.111.1 o openSUSE Leap 15.4 (nosrc ppc64le x86_64) kernel-debug-5.14.21-150400.24.111.2 o openSUSE Leap 15.4 (ppc64le x86_64) kernel-debug-devel-debuginfo-5.14.21-150400.24.111.2 kernel-debug-devel-5.14.21-150400.24.111.2 kernel-debug-debugsource-5.14.21-150400.24.111.2 kernel-debug-debuginfo-5.14.21-150400.24.111.2 kernel-debug-livepatch-devel-5.14.21-150400.24.111.2 o openSUSE Leap 15.4 (aarch64 ppc64le x86_64) kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.111.2 kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.111.2 kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1 kernel-kvmsmall-debugsource-5.14.21-150400.24.111.2 kernel-kvmsmall-devel-5.14.21-150400.24.111.2 kernel-kvmsmall-debuginfo-5.14.21-150400.24.111.2 kernel-default-base-rebuild-5.14.21-150400.24.111.2.150400.24.52.1 o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) kernel-default-livepatch-5.14.21-150400.24.111.2 kernel-syms-5.14.21-150400.24.111.1 kernel-default-optional-debuginfo-5.14.21-150400.24.111.2 kernel-default-extra-5.14.21-150400.24.111.2 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.111.2 cluster-md-kmp-default-5.14.21-150400.24.111.2 dlm-kmp-default-5.14.21-150400.24.111.2 dlm-kmp-default-debuginfo-5.14.21-150400.24.111.2 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.111.2 kselftests-kmp-default-debuginfo-5.14.21-150400.24.111.2 kernel-obs-build-5.14.21-150400.24.111.1 kernel-default-devel-debuginfo-5.14.21-150400.24.111.2 kernel-default-livepatch-devel-5.14.21-150400.24.111.2 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.111.2 gfs2-kmp-default-5.14.21-150400.24.111.2 kernel-default-optional-5.14.21-150400.24.111.2 kernel-obs-qa-5.14.21-150400.24.111.1 kernel-obs-build-debugsource-5.14.21-150400.24.111.1 kernel-default-debuginfo-5.14.21-150400.24.111.2 kernel-default-extra-debuginfo-5.14.21-150400.24.111.2 gfs2-kmp-default-debuginfo-5.14.21-150400.24.111.2 kernel-default-devel-5.14.21-150400.24.111.2 kselftests-kmp-default-5.14.21-150400.24.111.2 ocfs2-kmp-default-5.14.21-150400.24.111.2 kernel-default-debugsource-5.14.21-150400.24.111.2 reiserfs-kmp-default-5.14.21-150400.24.111.2 o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) kernel-default-5.14.21-150400.24.111.2 o openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) kernel-kvmsmall-5.14.21-150400.24.111.2 o openSUSE Leap 15.4 (ppc64le s390x x86_64) kernel-livepatch-5_14_21-150400_24_111-default-debuginfo-1-150400.9.3.1 kernel-livepatch-SLE15-SP4_Update_24-debugsource-1-150400.9.3.1 kernel-livepatch-5_14_21-150400_24_111-default-1-150400.9.3.1 o openSUSE Leap 15.4 (nosrc s390x) kernel-zfcpdump-5.14.21-150400.24.111.2 o openSUSE Leap 15.4 (s390x) kernel-zfcpdump-debugsource-5.14.21-150400.24.111.2 kernel-zfcpdump-debuginfo-5.14.21-150400.24.111.2 o openSUSE Leap 15.4 (nosrc) dtb-aarch64-5.14.21-150400.24.111.1 o openSUSE Leap 15.4 (aarch64) dtb-freescale-5.14.21-150400.24.111.1 dtb-socionext-5.14.21-150400.24.111.1 dtb-allwinner-5.14.21-150400.24.111.1 dtb-nvidia-5.14.21-150400.24.111.1 kernel-64kb-debuginfo-5.14.21-150400.24.111.2 dtb-amazon-5.14.21-150400.24.111.1 dtb-rockchip-5.14.21-150400.24.111.1 dtb-altera-5.14.21-150400.24.111.1 dlm-kmp-64kb-debuginfo-5.14.21-150400.24.111.2 kernel-64kb-debugsource-5.14.21-150400.24.111.2 kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.111.2 cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.111.2 dtb-apple-5.14.21-150400.24.111.1 kselftests-kmp-64kb-5.14.21-150400.24.111.2 ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.111.2 dtb-cavium-5.14.21-150400.24.111.1 reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.111.2 kernel-64kb-optional-5.14.21-150400.24.111.2 dtb-hisilicon-5.14.21-150400.24.111.1 dtb-mediatek-5.14.21-150400.24.111.1 kernel-64kb-extra-debuginfo-5.14.21-150400.24.111.2 dtb-amlogic-5.14.21-150400.24.111.1 dtb-sprd-5.14.21-150400.24.111.1 dtb-qcom-5.14.21-150400.24.111.1 ocfs2-kmp-64kb-5.14.21-150400.24.111.2 reiserfs-kmp-64kb-5.14.21-150400.24.111.2 dtb-xilinx-5.14.21-150400.24.111.1 dlm-kmp-64kb-5.14.21-150400.24.111.2 kernel-64kb-optional-debuginfo-5.14.21-150400.24.111.2 dtb-renesas-5.14.21-150400.24.111.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.111.2 dtb-marvell-5.14.21-150400.24.111.1 dtb-amd-5.14.21-150400.24.111.1 dtb-exynos-5.14.21-150400.24.111.1 dtb-arm-5.14.21-150400.24.111.1 dtb-broadcom-5.14.21-150400.24.111.1 gfs2-kmp-64kb-5.14.21-150400.24.111.2 gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.111.2 kernel-64kb-devel-5.14.21-150400.24.111.2 kernel-64kb-livepatch-devel-5.14.21-150400.24.111.2 dtb-apm-5.14.21-150400.24.111.1 cluster-md-kmp-64kb-5.14.21-150400.24.111.2 dtb-lg-5.14.21-150400.24.111.1 kernel-64kb-extra-5.14.21-150400.24.111.2 o openSUSE Leap 15.4 (aarch64 nosrc) kernel-64kb-5.14.21-150400.24.111.2 o openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64) kernel-default-5.14.21-150400.24.111.2 o openSUSE Leap Micro 5.3 (aarch64 x86_64) kernel-default-debuginfo-5.14.21-150400.24.111.2 kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1 kernel-default-debugsource-5.14.21-150400.24.111.2 o openSUSE Leap Micro 5.4 (aarch64 nosrc s390x x86_64) kernel-default-5.14.21-150400.24.111.2 o openSUSE Leap Micro 5.4 (aarch64 x86_64) kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1 o openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) kernel-default-debuginfo-5.14.21-150400.24.111.2 kernel-default-debugsource-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) kernel-default-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1 o SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) kernel-default-debuginfo-5.14.21-150400.24.111.2 kernel-default-debugsource-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) kernel-default-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1 o SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) kernel-default-debuginfo-5.14.21-150400.24.111.2 kernel-default-debugsource-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) kernel-default-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1 o SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) kernel-default-debuginfo-5.14.21-150400.24.111.2 kernel-default-debugsource-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) kernel-default-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1 o SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) kernel-default-debuginfo-5.14.21-150400.24.111.2 kernel-default-debugsource-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) kernel-default-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) kernel-default-livepatch-5.14.21-150400.24.111.2 kernel-default-debugsource-5.14.21-150400.24.111.2 kernel-livepatch-5_14_21-150400_24_111-default-1-150400.9.3.1 kernel-livepatch-SLE15-SP4_Update_24-debugsource-1-150400.9.3.1 kernel-default-debuginfo-5.14.21-150400.24.111.2 kernel-livepatch-5_14_21-150400_24_111-default-debuginfo-1-150400.9.3.1 kernel-default-livepatch-devel-5.14.21-150400.24.111.2 o SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) ocfs2-kmp-default-5.14.21-150400.24.111.2 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.111.2 cluster-md-kmp-default-5.14.21-150400.24.111.2 dlm-kmp-default-5.14.21-150400.24.111.2 gfs2-kmp-default-5.14.21-150400.24.111.2 kernel-default-debugsource-5.14.21-150400.24.111.2 dlm-kmp-default-debuginfo-5.14.21-150400.24.111.2 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.111.2 kernel-default-debuginfo-5.14.21-150400.24.111.2 gfs2-kmp-default-debuginfo-5.14.21-150400.24.111.2 o SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) kernel-default-5.14.21-150400.24.111.2 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc) kernel-64kb-5.14.21-150400.24.111.2 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64) kernel-64kb-devel-5.14.21-150400.24.111.2 kernel-64kb-debuginfo-5.14.21-150400.24.111.2 kernel-64kb-devel-debuginfo-5.14.21-150400.24.111.2 kernel-64kb-debugsource-5.14.21-150400.24.111.2 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc x86_64) kernel-default-5.14.21-150400.24.111.2 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) kernel-syms-5.14.21-150400.24.111.1 kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1 kernel-default-debugsource-5.14.21-150400.24.111.2 kernel-obs-build-debugsource-5.14.21-150400.24.111.1 kernel-default-debuginfo-5.14.21-150400.24.111.2 kernel-obs-build-5.14.21-150400.24.111.1 kernel-default-devel-debuginfo-5.14.21-150400.24.111.2 reiserfs-kmp-default-5.14.21-150400.24.111.2 kernel-default-devel-5.14.21-150400.24.111.2 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.111.2 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) kernel-macros-5.14.21-150400.24.111.1 kernel-source-5.14.21-150400.24.111.1 kernel-devel-5.14.21-150400.24.111.1 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch nosrc) kernel-docs-5.14.21-150400.24.111.2 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc) kernel-64kb-5.14.21-150400.24.111.2 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64) kernel-64kb-devel-5.14.21-150400.24.111.2 kernel-64kb-debuginfo-5.14.21-150400.24.111.2 kernel-64kb-devel-debuginfo-5.14.21-150400.24.111.2 kernel-64kb-debugsource-5.14.21-150400.24.111.2 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc x86_64) kernel-default-5.14.21-150400.24.111.2 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) kernel-syms-5.14.21-150400.24.111.1 kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1 kernel-default-debugsource-5.14.21-150400.24.111.2 kernel-obs-build-debugsource-5.14.21-150400.24.111.1 kernel-default-debuginfo-5.14.21-150400.24.111.2 kernel-obs-build-5.14.21-150400.24.111.1 kernel-default-devel-debuginfo-5.14.21-150400.24.111.2 reiserfs-kmp-default-5.14.21-150400.24.111.2 kernel-default-devel-5.14.21-150400.24.111.2 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.111.2 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) kernel-macros-5.14.21-150400.24.111.1 kernel-source-5.14.21-150400.24.111.1 kernel-devel-5.14.21-150400.24.111.1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch nosrc) kernel-docs-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (nosrc x86_64) kernel-default-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) kernel-syms-5.14.21-150400.24.111.1 kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1 kernel-default-debugsource-5.14.21-150400.24.111.2 kernel-obs-build-debugsource-5.14.21-150400.24.111.1 kernel-default-debuginfo-5.14.21-150400.24.111.2 kernel-default-extra-debuginfo-5.14.21-150400.24.111.2 kernel-obs-build-5.14.21-150400.24.111.1 kernel-default-devel-debuginfo-5.14.21-150400.24.111.2 kernel-default-extra-5.14.21-150400.24.111.2 kernel-default-devel-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) kernel-macros-5.14.21-150400.24.111.1 kernel-source-5.14.21-150400.24.111.1 kernel-devel-5.14.21-150400.24.111.1 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch nosrc) kernel-docs-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 nosrc) kernel-64kb-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64) kernel-64kb-devel-5.14.21-150400.24.111.2 kernel-64kb-debuginfo-5.14.21-150400.24.111.2 kernel-64kb-devel-debuginfo-5.14.21-150400.24.111.2 kernel-64kb-debugsource-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) kernel-default-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le x86_64) kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) kernel-syms-5.14.21-150400.24.111.1 kernel-default-debugsource-5.14.21-150400.24.111.2 kernel-obs-build-debugsource-5.14.21-150400.24.111.1 kernel-default-debuginfo-5.14.21-150400.24.111.2 kernel-obs-build-5.14.21-150400.24.111.1 kernel-default-devel-debuginfo-5.14.21-150400.24.111.2 reiserfs-kmp-default-5.14.21-150400.24.111.2 kernel-default-devel-5.14.21-150400.24.111.2 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) kernel-macros-5.14.21-150400.24.111.1 kernel-source-5.14.21-150400.24.111.1 kernel-devel-5.14.21-150400.24.111.1 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch nosrc) kernel-docs-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (nosrc s390x) kernel-zfcpdump-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (s390x) kernel-zfcpdump-debugsource-5.14.21-150400.24.111.2 kernel-zfcpdump-debuginfo-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le x86_64) kernel-default-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) kernel-syms-5.14.21-150400.24.111.1 kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1 kernel-default-debugsource-5.14.21-150400.24.111.2 kernel-obs-build-debugsource-5.14.21-150400.24.111.1 kernel-default-debuginfo-5.14.21-150400.24.111.2 kernel-obs-build-5.14.21-150400.24.111.1 kernel-default-devel-debuginfo-5.14.21-150400.24.111.2 reiserfs-kmp-default-5.14.21-150400.24.111.2 kernel-default-devel-5.14.21-150400.24.111.2 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.111.2 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) kernel-macros-5.14.21-150400.24.111.1 kernel-source-5.14.21-150400.24.111.1 kernel-devel-5.14.21-150400.24.111.1 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch nosrc) kernel-docs-5.14.21-150400.24.111.2 o SUSE Manager Proxy 4.3 (nosrc x86_64) kernel-default-5.14.21-150400.24.111.2 o SUSE Manager Proxy 4.3 (x86_64) kernel-syms-5.14.21-150400.24.111.1 kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1 kernel-default-debugsource-5.14.21-150400.24.111.2 kernel-default-debuginfo-5.14.21-150400.24.111.2 kernel-default-devel-debuginfo-5.14.21-150400.24.111.2 kernel-default-devel-5.14.21-150400.24.111.2 o SUSE Manager Proxy 4.3 (noarch) kernel-macros-5.14.21-150400.24.111.1 kernel-source-5.14.21-150400.24.111.1 kernel-devel-5.14.21-150400.24.111.1 o SUSE Manager Retail Branch Server 4.3 (nosrc x86_64) kernel-default-5.14.21-150400.24.111.2 o SUSE Manager Retail Branch Server 4.3 (x86_64) kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1 kernel-default-debugsource-5.14.21-150400.24.111.2 kernel-default-debuginfo-5.14.21-150400.24.111.2 kernel-default-devel-debuginfo-5.14.21-150400.24.111.2 kernel-default-devel-5.14.21-150400.24.111.2 o SUSE Manager Retail Branch Server 4.3 (noarch) kernel-macros-5.14.21-150400.24.111.1 kernel-devel-5.14.21-150400.24.111.1 o SUSE Manager Server 4.3 (nosrc ppc64le s390x x86_64) kernel-default-5.14.21-150400.24.111.2 o SUSE Manager Server 4.3 (ppc64le x86_64) kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1 o SUSE Manager Server 4.3 (ppc64le s390x x86_64) kernel-syms-5.14.21-150400.24.111.1 kernel-default-debugsource-5.14.21-150400.24.111.2 kernel-default-debuginfo-5.14.21-150400.24.111.2 kernel-default-devel-debuginfo-5.14.21-150400.24.111.2 kernel-default-devel-5.14.21-150400.24.111.2 o SUSE Manager Server 4.3 (noarch) kernel-macros-5.14.21-150400.24.111.1 kernel-source-5.14.21-150400.24.111.1 kernel-devel-5.14.21-150400.24.111.1 o SUSE Manager Server 4.3 (nosrc s390x) kernel-zfcpdump-5.14.21-150400.24.111.2 o SUSE Manager Server 4.3 (s390x) kernel-zfcpdump-debugsource-5.14.21-150400.24.111.2 kernel-zfcpdump-debuginfo-5.14.21-150400.24.111.2 References: o https://www.suse.com/security/cve/CVE-2019-25162.html o https://www.suse.com/security/cve/CVE-2021-46923.html o https://www.suse.com/security/cve/CVE-2021-46924.html o https://www.suse.com/security/cve/CVE-2021-46932.html o https://www.suse.com/security/cve/CVE-2021-46934.html o https://www.suse.com/security/cve/CVE-2021-47083.html o https://www.suse.com/security/cve/CVE-2022-48627.html o https://www.suse.com/security/cve/CVE-2023-28746.html o https://www.suse.com/security/cve/CVE-2023-5197.html o https://www.suse.com/security/cve/CVE-2023-52340.html o https://www.suse.com/security/cve/CVE-2023-52429.html o https://www.suse.com/security/cve/CVE-2023-52439.html o https://www.suse.com/security/cve/CVE-2023-52443.html o https://www.suse.com/security/cve/CVE-2023-52445.html o https://www.suse.com/security/cve/CVE-2023-52447.html o https://www.suse.com/security/cve/CVE-2023-52448.html o https://www.suse.com/security/cve/CVE-2023-52449.html o https://www.suse.com/security/cve/CVE-2023-52451.html o https://www.suse.com/security/cve/CVE-2023-52452.html o https://www.suse.com/security/cve/CVE-2023-52456.html o https://www.suse.com/security/cve/CVE-2023-52457.html o https://www.suse.com/security/cve/CVE-2023-52463.html o https://www.suse.com/security/cve/CVE-2023-52464.html o https://www.suse.com/security/cve/CVE-2023-52467.html o https://www.suse.com/security/cve/CVE-2023-52475.html o https://www.suse.com/security/cve/CVE-2023-52478.html o https://www.suse.com/security/cve/CVE-2023-52482.html o https://www.suse.com/security/cve/CVE-2023-52484.html o https://www.suse.com/security/cve/CVE-2023-52530.html o https://www.suse.com/security/cve/CVE-2023-52531.html o https://www.suse.com/security/cve/CVE-2023-52559.html o https://www.suse.com/security/cve/CVE-2023-6270.html o https://www.suse.com/security/cve/CVE-2023-6817.html o https://www.suse.com/security/cve/CVE-2024-0607.html o https://www.suse.com/security/cve/CVE-2024-1151.html o https://www.suse.com/security/cve/CVE-2024-23849.html o https://www.suse.com/security/cve/CVE-2024-23850.html o https://www.suse.com/security/cve/CVE-2024-23851.html o https://www.suse.com/security/cve/CVE-2024-26585.html o https://www.suse.com/security/cve/CVE-2024-26586.html o https://www.suse.com/security/cve/CVE-2024-26589.html o https://www.suse.com/security/cve/CVE-2024-26591.html o https://www.suse.com/security/cve/CVE-2024-26593.html o https://www.suse.com/security/cve/CVE-2024-26595.html o https://www.suse.com/security/cve/CVE-2024-26598.html o https://www.suse.com/security/cve/CVE-2024-26602.html o https://www.suse.com/security/cve/CVE-2024-26603.html o https://www.suse.com/security/cve/CVE-2024-26607.html o https://www.suse.com/security/cve/CVE-2024-26622.html o https://bugzilla.suse.com/show_bug.cgi?id=1211515 o https://bugzilla.suse.com/show_bug.cgi?id=1213456 o https://bugzilla.suse.com/show_bug.cgi?id=1214064 o https://bugzilla.suse.com/show_bug.cgi?id=1218195 o https://bugzilla.suse.com/show_bug.cgi?id=1218216 o https://bugzilla.suse.com/show_bug.cgi?id=1218562 o https://bugzilla.suse.com/show_bug.cgi?id=1218915 o https://bugzilla.suse.com/show_bug.cgi?id=1219073 o https://bugzilla.suse.com/show_bug.cgi?id=1219126 o https://bugzilla.suse.com/show_bug.cgi?id=1219127 o https://bugzilla.suse.com/show_bug.cgi?id=1219146 o https://bugzilla.suse.com/show_bug.cgi?id=1219295 o https://bugzilla.suse.com/show_bug.cgi?id=1219633 o https://bugzilla.suse.com/show_bug.cgi?id=1219653 o https://bugzilla.suse.com/show_bug.cgi?id=1219827 o https://bugzilla.suse.com/show_bug.cgi?id=1219835 o https://bugzilla.suse.com/show_bug.cgi?id=1220009 o https://bugzilla.suse.com/show_bug.cgi?id=1220140 o https://bugzilla.suse.com/show_bug.cgi?id=1220187 o https://bugzilla.suse.com/show_bug.cgi?id=1220238 o https://bugzilla.suse.com/show_bug.cgi?id=1220240 o https://bugzilla.suse.com/show_bug.cgi?id=1220241 o https://bugzilla.suse.com/show_bug.cgi?id=1220243 o https://bugzilla.suse.com/show_bug.cgi?id=1220250 o https://bugzilla.suse.com/show_bug.cgi?id=1220251 o https://bugzilla.suse.com/show_bug.cgi?id=1220253 o https://bugzilla.suse.com/show_bug.cgi?id=1220254 o https://bugzilla.suse.com/show_bug.cgi?id=1220255 o https://bugzilla.suse.com/show_bug.cgi?id=1220257 o https://bugzilla.suse.com/show_bug.cgi?id=1220326 o https://bugzilla.suse.com/show_bug.cgi?id=1220328 o https://bugzilla.suse.com/show_bug.cgi?id=1220330 o https://bugzilla.suse.com/show_bug.cgi?id=1220335 o https://bugzilla.suse.com/show_bug.cgi?id=1220344 o https://bugzilla.suse.com/show_bug.cgi?id=1220350 o https://bugzilla.suse.com/show_bug.cgi?id=1220364 o https://bugzilla.suse.com/show_bug.cgi?id=1220398 o https://bugzilla.suse.com/show_bug.cgi?id=1220409 o https://bugzilla.suse.com/show_bug.cgi?id=1220433 o https://bugzilla.suse.com/show_bug.cgi?id=1220444 o https://bugzilla.suse.com/show_bug.cgi?id=1220457 o https://bugzilla.suse.com/show_bug.cgi?id=1220459 o https://bugzilla.suse.com/show_bug.cgi?id=1220469 o https://bugzilla.suse.com/show_bug.cgi?id=1220649 o https://bugzilla.suse.com/show_bug.cgi?id=1220735 o https://bugzilla.suse.com/show_bug.cgi?id=1220736 o https://bugzilla.suse.com/show_bug.cgi?id=1220796 o https://bugzilla.suse.com/show_bug.cgi?id=1220797 o https://bugzilla.suse.com/show_bug.cgi?id=1220825 o https://bugzilla.suse.com/show_bug.cgi?id=1220845 o https://bugzilla.suse.com/show_bug.cgi?id=1220917 o https://bugzilla.suse.com/show_bug.cgi?id=1220930 o https://bugzilla.suse.com/show_bug.cgi?id=1220931 o https://bugzilla.suse.com/show_bug.cgi?id=1220933 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • gdb: CVSS (Max): 3.3
    on March 28, 2024 at 6:39 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1938 Security update for gdb 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: gdb Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-48064 CVE-2017-16829 CVE-2018-7208 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240899-1 Comment: CVSS (Max): 3.3 CVE-2018-7208 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L – ————————–BEGIN INCLUDED TEXT——————– Security update for gdb Announcement ID: SUSE-SU-2024:0899-1 Rating: moderate o bsc#1068950 o bsc#1081527 References: o bsc#1211052 o jsc#PED-6584 o CVE-2017-16829 Cross-References: o CVE-2018-7208 o CVE-2022-48064 o CVE-2017-16829 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R /S:U/C:N/I:N/A:L o CVE-2017-16829 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/ S:U/C:H/I:H/A:H o CVE-2018-7208 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/ S:U/C:N/I:N/A:L CVSS scores: o CVE-2018-7208 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/ S:U/C:H/I:H/A:H o CVE-2022-48064 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R /S:U/C:N/I:N/A:N o CVE-2022-48064 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/ S:U/C:N/I:N/A:H o SUSE Enterprise Storage 7.1 o SUSE Linux Enterprise High Performance Computing 15 SP2 o SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 o SUSE Linux Enterprise High Performance Computing 15 SP3 Affected o SUSE Linux Enterprise High Performance Computing LTSS 15 Products: SP3 o SUSE Linux Enterprise Server 15 SP2 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 o SUSE Linux Enterprise Server 15 SP3 o SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 o SUSE Linux Enterprise Server for SAP Applications 15 SP2 o SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves three vulnerabilities and contains one feature can now be installed. Description: This update for gdb fixes the following issues: o Drop libdebuginfod1 BuildRequires/Recommends. The former isn’t needed because there’s a build requirement on libdebuginfod-devel already, which will pull the shared library. And the latter, because it’s bogus since RPM auto generated dependency will take care of that requirement. gdb was released in 13.2: o This version of GDB includes the following changes and enhancements: o Support for the following new targets has been added in both GDB and GDBserver: * GNU/Linux/LoongArch (gdbserver) loongarch*-*-linux* * GNU/Linux/CSKY (gdbserver) csky*-*linux* o The Windows native target now supports target async. o Floating-point support has now been added on LoongArch GNU/Linux. o New commands: * set print nibbles [on|off] * show print nibbles * This controls whether the ‘print/t’ command will display binary values in groups of four bits, known as “nibbles”. The default is ‘off’. Various styling-related commands. See the gdb/NEWS file for more details. Various maintenance commands. These are normally aimed at GDB experts or developers. See the gdb/NEWS file for more details. o Python API improvements: * New Python API for instruction disassembly. * The new attribute ‘locations’ of gdb.Breakpoint returns a list of gdb.BreakpointLocation objects specifying the locations where the breakpoint is inserted into the debuggee. * New Python type gdb.BreakpointLocation. * New function gdb.format_address(ADDRESS, PROGSPACE, ARCHITECTURE) that formats ADDRESS as ‘address ‘ * New function gdb.current_language that returns the name of the current language. Unlike gdb.parameter(‘language’), this will never return ‘auto’. * New function gdb.print_options that returns a dictionary of the prevailing print options, in the form accepted by gdb.Value.format_string. * New method gdb.Frame.language that returns the name of the frame’s language. * gdb.Value.format_string now uses the format provided by ‘print’, if it is called during a ‘print’ or other similar operation. * gdb.Value.format_string now accepts the ‘summary’ keyword. This can be used to request a shorter representation of a value, the way that ‘set print frame-arguments scalars’ does. * The gdb.register_window_type method now restricts the set of acceptable window names. The first character of a window’s name must start with a character in the set [a-zA-Z], every subsequent character of a window’s name must be in the set [-_.a-zA-Z0-9]. GDB/MI changes: MI version 1 is deprecated, and will be removed in GDB 14. The async record stating the stopped reason ‘breakpoint-hit’ now contains an optional field locno. o Miscellaneous improvements: * gdb now supports zstd compressed debug sections (ELFCOMPRESS_ZSTD) for ELF. * New convenience variable $_inferior_thread_count contains the number of live threads in the current inferior. * New convenience variables $_hit_bpnum and $_hit_locno, set to the breakpoint number and the breakpoint location number of the breakpoint last hit. * The “info breakpoints” now displays enabled breakpoint locations of disabled breakpoints as in the “y-” state. * The format of ‘disassemble /r’ and ‘record instruction-history /r’ has changed to match the layout of GNU objdump when disassembling. * A new format “/b” has been introduce to provide the old behavior of “/r”. * The TUI no longer styles the source and assembly code highlighted by the current position indicator by default. You can however re-enable styling using the new “set style tui-current-position” command. * It is now possible to use the “document” command to document user-defined commands. * Support for memory tag data for AArch64 MTE. o Support Removal notices: * DBX mode has been removed. * Support for building against Python version 2 has been removed. It is now only possible to build GDB against Python 3. * Support for the following commands has been removed: * set debug aix-solib on|off * show debug aix-solib * set debug solib-frv on|off * show debug solib-frv * Use the “set/show debug solib” commands instead. See the NEWS file for a more complete and detailed list of what this release includes. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-899=1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-899=1 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-899=1 o SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-899=1 o SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-899=1 o SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-899=1 o SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-899=1 Package List: o SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) gdbserver-13.2-150100.8.39.1 gdbserver-debuginfo-13.2-150100.8.39.1 gdb-debuginfo-13.2-150100.8.39.1 gdb-debugsource-13.2-150100.8.39.1 gdb-13.2-150100.8.39.1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) gdbserver-13.2-150100.8.39.1 gdbserver-debuginfo-13.2-150100.8.39.1 gdb-debuginfo-13.2-150100.8.39.1 gdb-debugsource-13.2-150100.8.39.1 gdb-13.2-150100.8.39.1 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) gdbserver-13.2-150100.8.39.1 gdbserver-debuginfo-13.2-150100.8.39.1 gdb-debuginfo-13.2-150100.8.39.1 gdb-debugsource-13.2-150100.8.39.1 gdb-13.2-150100.8.39.1 o SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) gdbserver-13.2-150100.8.39.1 gdbserver-debuginfo-13.2-150100.8.39.1 gdb-debuginfo-13.2-150100.8.39.1 gdb-debugsource-13.2-150100.8.39.1 gdb-13.2-150100.8.39.1 o SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) gdbserver-13.2-150100.8.39.1 gdbserver-debuginfo-13.2-150100.8.39.1 gdb-debuginfo-13.2-150100.8.39.1 gdb-debugsource-13.2-150100.8.39.1 gdb-13.2-150100.8.39.1 o SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) gdbserver-13.2-150100.8.39.1 gdbserver-debuginfo-13.2-150100.8.39.1 gdb-debuginfo-13.2-150100.8.39.1 gdb-debugsource-13.2-150100.8.39.1 gdb-13.2-150100.8.39.1 o SUSE Enterprise Storage 7.1 (aarch64 x86_64) gdbserver-13.2-150100.8.39.1 gdbserver-debuginfo-13.2-150100.8.39.1 gdb-debuginfo-13.2-150100.8.39.1 gdb-debugsource-13.2-150100.8.39.1 gdb-13.2-150100.8.39.1 References: o https://www.suse.com/security/cve/CVE-2017-16829.html o https://www.suse.com/security/cve/CVE-2018-7208.html o https://www.suse.com/security/cve/CVE-2022-48064.html o https://bugzilla.suse.com/show_bug.cgi?id=1068950 o https://bugzilla.suse.com/show_bug.cgi?id=1081527 o https://bugzilla.suse.com/show_bug.cgi?id=1211052 o https://jira.suse.com/browse/PED-6584 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • gdb: CVSS (Max): 3.3
    on March 28, 2024 at 6:39 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1937 Security update for gdb 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: gdb Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-48064 CVE-2017-16829 CVE-2018-7208 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240898-1 Comment: CVSS (Max): 3.3 CVE-2018-7208 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L – ————————–BEGIN INCLUDED TEXT——————– Security update for gdb Announcement ID: SUSE-SU-2024:0898-1 Rating: moderate o bsc#1068950 o bsc#1081527 References: o bsc#1211052 o jsc#PED-6584 o CVE-2017-16829 Cross-References: o CVE-2018-7208 o CVE-2022-48064 o CVE-2017-16829 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R /S:U/C:N/I:N/A:L o CVE-2017-16829 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/ S:U/C:H/I:H/A:H o CVE-2018-7208 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/ S:U/C:N/I:N/A:L CVSS scores: o CVE-2018-7208 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/ S:U/C:H/I:H/A:H o CVE-2022-48064 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R /S:U/C:N/I:N/A:N o CVE-2022-48064 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/ S:U/C:N/I:N/A:H o Development Tools Module 15-SP5 o openSUSE Leap 15.4 o openSUSE Leap 15.5 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 o SUSE Linux Enterprise Desktop 15 SP5 o SUSE Linux Enterprise High Performance Computing 15 SP4 o SUSE Linux Enterprise High Performance Computing 15 SP5 Affected o SUSE Linux Enterprise High Performance Computing ESPOS 15 Products: SP4 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 o SUSE Linux Enterprise Real Time 15 SP5 o SUSE Linux Enterprise Server 15 SP4 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 o SUSE Linux Enterprise Server 15 SP5 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 o SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities and contains one feature can now be installed. Description: This update for gdb fixes the following issues: o Drop libdebuginfod1 BuildRequires/Recommends. The former isn’t needed because there’s a build requirement on libdebuginfod-devel already, which will pull the shared library. And the latter, because it’s bogus since RPM auto generated dependency will take care of that requirement. gdb was released in 13.2: o This version of GDB includes the following changes and enhancements: o Support for the following new targets has been added in both GDB and GDBserver: * GNU/Linux/LoongArch (gdbserver) loongarch*-*-linux* * GNU/Linux/CSKY (gdbserver) csky*-*linux* o The Windows native target now supports target async. o Floating-point support has now been added on LoongArch GNU/Linux. o New commands: * set print nibbles [on|off] * show print nibbles * This controls whether the ‘print/t’ command will display binary values in groups of four bits, known as “nibbles”. The default is ‘off’. Various styling-related commands. See the gdb/NEWS file for more details. Various maintenance commands. These are normally aimed at GDB experts or developers. See the gdb/NEWS file for more details. o Python API improvements: * New Python API for instruction disassembly. * The new attribute ‘locations’ of gdb.Breakpoint returns a list of gdb.BreakpointLocation objects specifying the locations where the breakpoint is inserted into the debuggee. * New Python type gdb.BreakpointLocation. * New function gdb.format_address(ADDRESS, PROGSPACE, ARCHITECTURE) that formats ADDRESS as ‘address ‘ * New function gdb.current_language that returns the name of the current language. Unlike gdb.parameter(‘language’), this will never return ‘auto’. * New function gdb.print_options that returns a dictionary of the prevailing print options, in the form accepted by gdb.Value.format_string. * New method gdb.Frame.language that returns the name of the frame’s language. * gdb.Value.format_string now uses the format provided by ‘print’, if it is called during a ‘print’ or other similar operation. * gdb.Value.format_string now accepts the ‘summary’ keyword. This can be used to request a shorter representation of a value, the way that ‘set print frame-arguments scalars’ does. * The gdb.register_window_type method now restricts the set of acceptable window names. The first character of a window’s name must start with a character in the set [a-zA-Z], every subsequent character of a window’s name must be in the set [-_.a-zA-Z0-9]. GDB/MI changes: MI version 1 is deprecated, and will be removed in GDB 14. The async record stating the stopped reason ‘breakpoint-hit’ now contains an optional field locno. o Miscellaneous improvements: * gdb now supports zstd compressed debug sections (ELFCOMPRESS_ZSTD) for ELF. * New convenience variable $_inferior_thread_count contains the number of live threads in the current inferior. * New convenience variables $_hit_bpnum and $_hit_locno, set to the breakpoint number and the breakpoint location number of the breakpoint last hit. * The “info breakpoints” now displays enabled breakpoint locations of disabled breakpoints as in the “y-” state. * The format of ‘disassemble /r’ and ‘record instruction-history /r’ has changed to match the layout of GNU objdump when disassembling. * A new format “/b” has been introduce to provide the old behavior of “/r”. * The TUI no longer styles the source and assembly code highlighted by the current position indicator by default. You can however re-enable styling using the new “set style tui-current-position” command. * It is now possible to use the “document” command to document user-defined commands. * Support for memory tag data for AArch64 MTE. o Support Removal notices: * DBX mode has been removed. * Support for building against Python version 2 has been removed. It is now only possible to build GDB against Python 3. * Support for the following commands has been removed: * set debug aix-solib on|off * show debug aix-solib * set debug solib-frv on|off * show debug solib-frv * Use the “set/show debug solib” commands instead. See the NEWS file for a more complete and detailed list of what this release includes. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o openSUSE Leap 15.4 zypper in -t patch SUSE-2024-898=1 o openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-898=1 o Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-898=1 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-898=1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-898=1 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-898=1 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-898=1 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-898=1 Package List: o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) gdb-debugsource-13.2-150400.15.14.1 gdbserver-debuginfo-13.2-150400.15.14.1 gdb-13.2-150400.15.14.1 gdb-debuginfo-13.2-150400.15.14.1 gdbserver-13.2-150400.15.14.1 o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586 nosrc) gdb-testresults-13.2-150400.15.14.4 o openSUSE Leap 15.4 (aarch64_ilp32) gdb-64bit-13.2-150400.15.14.1 gdbserver-64bit-debuginfo-13.2-150400.15.14.1 gdb-64bit-debuginfo-13.2-150400.15.14.1 gdbserver-64bit-13.2-150400.15.14.1 o openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) gdb-debugsource-13.2-150400.15.14.1 gdbserver-debuginfo-13.2-150400.15.14.1 gdb-13.2-150400.15.14.1 gdb-debuginfo-13.2-150400.15.14.1 gdbserver-13.2-150400.15.14.1 o openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) gdb-testresults-13.2-150400.15.14.4 o Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) gdb-debugsource-13.2-150400.15.14.1 gdbserver-debuginfo-13.2-150400.15.14.1 gdb-13.2-150400.15.14.1 gdb-debuginfo-13.2-150400.15.14.1 gdbserver-13.2-150400.15.14.1 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) gdb-debugsource-13.2-150400.15.14.1 gdbserver-debuginfo-13.2-150400.15.14.1 gdb-13.2-150400.15.14.1 gdb-debuginfo-13.2-150400.15.14.1 gdbserver-13.2-150400.15.14.1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) gdb-debugsource-13.2-150400.15.14.1 gdbserver-debuginfo-13.2-150400.15.14.1 gdb-13.2-150400.15.14.1 gdb-debuginfo-13.2-150400.15.14.1 gdbserver-13.2-150400.15.14.1 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) gdb-debugsource-13.2-150400.15.14.1 gdbserver-debuginfo-13.2-150400.15.14.1 gdb-13.2-150400.15.14.1 gdb-debuginfo-13.2-150400.15.14.1 gdbserver-13.2-150400.15.14.1 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) gdb-debugsource-13.2-150400.15.14.1 gdbserver-debuginfo-13.2-150400.15.14.1 gdb-13.2-150400.15.14.1 gdb-debuginfo-13.2-150400.15.14.1 gdbserver-13.2-150400.15.14.1 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) gdb-debugsource-13.2-150400.15.14.1 gdbserver-debuginfo-13.2-150400.15.14.1 gdb-13.2-150400.15.14.1 gdb-debuginfo-13.2-150400.15.14.1 gdbserver-13.2-150400.15.14.1 References: o https://www.suse.com/security/cve/CVE-2017-16829.html o https://www.suse.com/security/cve/CVE-2018-7208.html o https://www.suse.com/security/cve/CVE-2022-48064.html o https://bugzilla.suse.com/show_bug.cgi?id=1068950 o https://bugzilla.suse.com/show_bug.cgi?id=1081527 o https://bugzilla.suse.com/show_bug.cgi?id=1211052 o https://jira.suse.com/browse/PED-6584 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • MozillaThunderbird: CVSS (Max): 7.5
    on March 28, 2024 at 6:39 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1936 Security update for MozillaThunderbird 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: MozillaThunderbird Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2024-1936 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240893-1 Comment: CVSS (Max): 7.5 CVE-2024-1936 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for MozillaThunderbird Announcement ID: SUSE-SU-2024:0893-1 Rating: important References: o bsc#1221054 Cross-References: o CVE-2024-1936 o CVE-2024-1936 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/ CVSS scores: S:U/C:H/I:H/A:H o openSUSE Leap 15.5 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 o SUSE Linux Enterprise Desktop 15 SP5 o SUSE Linux Enterprise High Performance Computing 15 SP5 Affected o SUSE Linux Enterprise Micro 5.5 Products: o SUSE Linux Enterprise Real Time 15 SP5 o SUSE Linux Enterprise Server 15 SP5 o SUSE Linux Enterprise Server for SAP Applications 15 SP5 o SUSE Linux Enterprise Workstation Extension 15 SP5 o SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. Description: This update for MozillaThunderbird fixes the following issues: Security Vulnerabilities fixed in Thunderbird 115.8.1 (bsc#1221054): o CVE-2024-1936: Fixed leaking of encrypted email subjects to other conversations (MFSA 2024-11) (bsc#1221054). Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-893=1 o SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-893=1 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-893=1 o SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-893=1 Package List: o openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) MozillaThunderbird-translations-other-115.8.1-150200.8.151.1 MozillaThunderbird-115.8.1-150200.8.151.1 MozillaThunderbird-debugsource-115.8.1-150200.8.151.1 MozillaThunderbird-debuginfo-115.8.1-150200.8.151.1 MozillaThunderbird-translations-common-115.8.1-150200.8.151.1 o SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) MozillaThunderbird-translations-other-115.8.1-150200.8.151.1 MozillaThunderbird-115.8.1-150200.8.151.1 MozillaThunderbird-debugsource-115.8.1-150200.8.151.1 MozillaThunderbird-debuginfo-115.8.1-150200.8.151.1 MozillaThunderbird-translations-common-115.8.1-150200.8.151.1 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) MozillaThunderbird-translations-other-115.8.1-150200.8.151.1 MozillaThunderbird-115.8.1-150200.8.151.1 MozillaThunderbird-debugsource-115.8.1-150200.8.151.1 MozillaThunderbird-debuginfo-115.8.1-150200.8.151.1 MozillaThunderbird-translations-common-115.8.1-150200.8.151.1 o SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) MozillaThunderbird-translations-other-115.8.1-150200.8.151.1 MozillaThunderbird-115.8.1-150200.8.151.1 MozillaThunderbird-debugsource-115.8.1-150200.8.151.1 MozillaThunderbird-debuginfo-115.8.1-150200.8.151.1 MozillaThunderbird-translations-common-115.8.1-150200.8.151.1 References: o https://www.suse.com/security/cve/CVE-2024-1936.html o https://bugzilla.suse.com/show_bug.cgi?id=1221054 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • python36-pip: CVSS (Max): 3.3
    on March 28, 2024 at 6:37 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1935 Security update for python36-pip 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: python36-pip Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-5752 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240892-1 Comment: CVSS (Max): 3.3 CVE-2023-5752 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N – ————————–BEGIN INCLUDED TEXT——————– Security update for python36-pip Announcement ID: SUSE-SU-2024:0892-1 Rating: low References: o bsc#1217353 Cross-References: o CVE-2023-5752 o CVE-2023-5752 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:L/A:N CVSS scores: o CVE-2023-5752 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:H/A:N Affected o SUSE Linux Enterprise High Performance Computing 12 SP5 Products: o SUSE Linux Enterprise Server 12 SP5 o SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. Description: This update for python36-pip fixes the following issues: o CVE-2023-5752: Fixed possible injection of arbitrary configuration through Mercurial parameter. (bsc#1217353) Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-892=1 o SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-892=1 o SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-892=1 Package List: o SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) python36-pip-20.2.4-8.15.1 o SUSE Linux Enterprise Server 12 SP5 (noarch) python36-pip-20.2.4-8.15.1 o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) python36-pip-20.2.4-8.15.1 References: o https://www.suse.com/security/cve/CVE-2023-5752.html o https://bugzilla.suse.com/show_bug.cgi?id=1217353 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • sudo: CVSS (Max): 7.0
    on March 28, 2024 at 6:37 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1934 Security update for sudo 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: sudo Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-42465 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240890-1 Comment: CVSS (Max): 7.0 CVE-2023-42465 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for sudo Announcement ID: SUSE-SU-2024:0890-1 Rating: important o bsc#1221134 References: o bsc#1221151 Cross-References: o CVE-2023-42465 o CVE-2023-42465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:H/I:H/A:H CVSS scores: o CVE-2023-42465 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o SUSE Linux Enterprise High Performance Computing 12 SP5 Affected o SUSE Linux Enterprise Server 12 SP5 Products: o SUSE Linux Enterprise Server for SAP Applications 12 SP5 o SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. Description: This update for sudo fixes the following issues: o CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc# 1221134). Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-890=1 o SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-890=1 o SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-890=1 o SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-890=1 Package List: o SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) sudo-devel-1.8.27-4.48.2 sudo-debuginfo-1.8.27-4.48.2 sudo-debugsource-1.8.27-4.48.2 o SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) sudo-1.8.27-4.48.2 sudo-debuginfo-1.8.27-4.48.2 sudo-debugsource-1.8.27-4.48.2 o SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) sudo-1.8.27-4.48.2 sudo-debuginfo-1.8.27-4.48.2 sudo-debugsource-1.8.27-4.48.2 o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) sudo-1.8.27-4.48.2 sudo-debuginfo-1.8.27-4.48.2 sudo-debugsource-1.8.27-4.48.2 References: o https://www.suse.com/security/cve/CVE-2023-42465.html o https://bugzilla.suse.com/show_bug.cgi?id=1221134 o https://bugzilla.suse.com/show_bug.cgi?id=1221151 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • sudo: CVSS (Max): 7.0
    on March 28, 2024 at 6:37 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1933 Security update for sudo 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: sudo Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-42465 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240889-1 Comment: CVSS (Max): 7.0 CVE-2023-42465 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for sudo Announcement ID: SUSE-SU-2024:0889-1 Rating: important o bsc#1221134 References: o bsc#1221151 Cross-References: o CVE-2023-42465 o CVE-2023-42465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:H/I:H/A:H CVSS scores: o CVE-2023-42465 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o SUSE Linux Enterprise High Performance Computing 15 SP2 o SUSE Linux Enterprise High Performance Computing 15 SP2 Affected LTSS 15-SP2 Products: o SUSE Linux Enterprise Server 15 SP2 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 o SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability and has one security fix can now be installed. Description: This update for sudo fixes the following issues: o CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc# 1221134). Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-889=1 o SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-889=1 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-889=1 Package List: o SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) sudo-debuginfo-1.8.27-150000.4.53.1 sudo-1.8.27-150000.4.53.1 sudo-debugsource-1.8.27-150000.4.53.1 sudo-devel-1.8.27-150000.4.53.1 o SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) sudo-debuginfo-1.8.27-150000.4.53.1 sudo-1.8.27-150000.4.53.1 sudo-debugsource-1.8.27-150000.4.53.1 sudo-devel-1.8.27-150000.4.53.1 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) sudo-debuginfo-1.8.27-150000.4.53.1 sudo-1.8.27-150000.4.53.1 sudo-debugsource-1.8.27-150000.4.53.1 sudo-devel-1.8.27-150000.4.53.1 References: o https://www.suse.com/security/cve/CVE-2023-42465.html o https://bugzilla.suse.com/show_bug.cgi?id=1221134 o https://bugzilla.suse.com/show_bug.cgi?id=1221151 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • spectre-meltdown-checker: CVSS (Max): 6.2
    on March 28, 2024 at 6:37 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1932 Security update for spectre-meltdown-checker 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: spectre-meltdown-checker Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-20593 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240885-1 Comment: CVSS (Max): 6.2 CVE-2023-20593 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N – ————————–BEGIN INCLUDED TEXT——————– Security update for spectre-meltdown-checker Announcement ID: SUSE-SU-2024:0885-1 Rating: moderate o jsc#PED-2362 References: o jsc#SLE-5514 Cross-References: o CVE-2023-20593 o CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N /S:U/C:H/I:N/A:N CVSS scores: o CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:N/A:N Affected o SUSE Linux Enterprise High Performance Computing 12 SP5 Products: o SUSE Linux Enterprise Server 12 SP5 o SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and contains two features can now be installed. Description: This update for spectre-meltdown-checker fixes the following issues: o updated to 0.46 This release mainly focuses on the detection of the new Zenbleed (CVE-2023-20593) vulnerability, among few other changes that were in line waiting for a release: o feat: detect the vulnerability and mitigation of Zenbleed (CVE-2023-20593) o feat: add the linux-firmware repository as another source for CPU microcode versions o feat: arm: add Neoverse-N2, Neoverse-V1 and Neoverse-V2 o fix: docker: adding missing utils (#433) o feat: add support for Guix System kernel o fix: rewrite SQL to be sqlite3 >= 3.41 compatible (#443) o fix: a /devnull file was mistakenly created on the filesystem o fix: fwdb: ignore MCEdb versions where an official Intel version exists (fixes #430) o updated to 0.45 o arm64: phytium: Add CPU Implementer Phytium o arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig o chore: ensure vars are set before being dereferenced (set -u compat) o chore: fix indentation o chore: fwdb: update to v220+i20220208 o chore: only attempt to load msr and cpuid module once o chore: read_cpuid: use named constants o chore: readme: framapic is gone, host the screenshots on GitHub o chore: replace ‘Vulnerable to’ by ‘Affected by’ in the hw section o chore: speculative execution -> transient execution o chore: update fwdb to v222+i20220208 o chore: update Intel Family 6 models o chore: wording: model not vulnerable -> model not affected o doc: add an FAQ entry about CVE support o doc: add an FAQ.md and update the README.md accordingly o doc: more FAQ and README o doc: readme: make the FAQ entry more visible o feat: add –allow-msr-write, no longer write by default (#385), detect when writing is denied o feat: add –cpu, apply changes to (read|write)_msr, update fwdb to v221+i20220208 o feat: add subleaf != 0 support for read_cpuid o feat: arm: add Cortex A77 and Neoverse-N1 (fixes #371) o feat: bsd: for unimplemented CVEs, at least report when CPU is not affected o feat: hw check: add IPRED, RRSBA, BHI features check o feat: implement detection for MCEPSC under BSD o feat: set default TMPDIR for Android (#415) o fix: extract_kernel: don’t overwrite kernel_err if already set o fix: has_vmm false positive with pcp o fix: is_ucode_blacklisted: fix some model names o fix: mcedb: v191 changed the MCE table format o fix: refuse to run under MacOS and ESXi o fix: retpoline: detection on 5.15.28+ (#420) o fix: variant4: added case where prctl ssbd status is tagged as ‘unknown’ Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-885=1 o SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-885=1 o SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-885=1 Package List: o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) spectre-meltdown-checker-0.46-3.9.1 o SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) spectre-meltdown-checker-0.46-3.9.1 o SUSE Linux Enterprise Server 12 SP5 (x86_64) spectre-meltdown-checker-0.46-3.9.1 References: o https://www.suse.com/security/cve/CVE-2023-20593.html o https://jira.suse.com/browse/PED-2362 o https://jira.suse.com/browse/SLE-5514 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • spectre-meltdown-checker: CVSS (Max): 6.2
    on March 28, 2024 at 6:37 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1931 Security update for spectre-meltdown-checker 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: spectre-meltdown-checker Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-20593 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240884-1 Comment: CVSS (Max): 6.2 CVE-2023-20593 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N – ————————–BEGIN INCLUDED TEXT——————– Security update for spectre-meltdown-checker Announcement ID: SUSE-SU-2024:0884-1 Rating: moderate o jsc#PED-2362 References: o jsc#SLE-5514 Cross-References: o CVE-2023-20593 o CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N /S:U/C:H/I:N/A:N CVSS scores: o CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:N/A:N o Basesystem Module 15-SP5 o openSUSE Leap 15.5 o SUSE Enterprise Storage 7.1 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 o SUSE Linux Enterprise Desktop 15 SP5 o SUSE Linux Enterprise High Performance Computing 15 SP2 o SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 o SUSE Linux Enterprise High Performance Computing 15 SP3 o SUSE Linux Enterprise High Performance Computing 15 SP4 o SUSE Linux Enterprise High Performance Computing 15 SP5 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 Affected o SUSE Linux Enterprise High Performance Computing LTSS 15 Products: SP4 o SUSE Linux Enterprise Real Time 15 SP5 o SUSE Linux Enterprise Server 15 SP2 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 o SUSE Linux Enterprise Server 15 SP3 o SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 o SUSE Linux Enterprise Server 15 SP4 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 o SUSE Linux Enterprise Server 15 SP5 o SUSE Linux Enterprise Server for SAP Applications 15 SP2 o SUSE Linux Enterprise Server for SAP Applications 15 SP3 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 o SUSE Linux Enterprise Server for SAP Applications 15 SP5 o SUSE Manager Proxy 4.3 o SUSE Manager Retail Branch Server 4.3 o SUSE Manager Server 4.3 An update that solves one vulnerability and contains two features can now be installed. Description: This update for spectre-meltdown-checker fixes the following issues: o updated to 0.46 This release mainly focuses on the detection of the new Zenbleed (CVE-2023-20593) vulnerability, among few other changes that were in line waiting for a release: o feat: detect the vulnerability and mitigation of Zenbleed (CVE-2023-20593) o feat: add the linux-firmware repository as another source for CPU microcode versions o feat: arm: add Neoverse-N2, Neoverse-V1 and Neoverse-V2 o fix: docker: adding missing utils (#433) o feat: add support for Guix System kernel o fix: rewrite SQL to be sqlite3 >= 3.41 compatible (#443) o fix: a /devnull file was mistakenly created on the filesystem o fix: fwdb: ignore MCEdb versions where an official Intel version exists (fixes #430) o updated to 0.45 o arm64: phytium: Add CPU Implementer Phytium o arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig o chore: ensure vars are set before being dereferenced (set -u compat) o chore: fix indentation o chore: fwdb: update to v220+i20220208 o chore: only attempt to load msr and cpuid module once o chore: read_cpuid: use named constants o chore: readme: framapic is gone, host the screenshots on GitHub o chore: replace ‘Vulnerable to’ by ‘Affected by’ in the hw section o chore: speculative execution -> transient execution o chore: update fwdb to v222+i20220208 o chore: update Intel Family 6 models o chore: wording: model not vulnerable -> model not affected o doc: add an FAQ entry about CVE support o doc: add an FAQ.md and update the README.md accordingly o doc: more FAQ and README o doc: readme: make the FAQ entry more visible o feat: add –allow-msr-write, no longer write by default (#385), detect when writing is denied o feat: add –cpu, apply changes to (read|write)_msr, update fwdb to v221+i20220208 o feat: add subleaf != 0 support for read_cpuid o feat: arm: add Cortex A77 and Neoverse-N1 (fixes #371) o feat: bsd: for unimplemented CVEs, at least report when CPU is not affected o feat: hw check: add IPRED, RRSBA, BHI features check o feat: implement detection for MCEPSC under BSD o feat: set default TMPDIR for Android (#415) o fix: extract_kernel: don’t overwrite kernel_err if already set o fix: has_vmm false positive with pcp o fix: is_ucode_blacklisted: fix some model names o fix: mcedb: v191 changed the MCE table format o fix: refuse to run under MacOS and ESXi o fix: retpoline: detection on 5.15.28+ (#420) o fix: variant4: added case where prctl ssbd status is tagged as ‘unknown’ Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-884=1 o SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2024-884=1 o SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-884=1 o SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-884=1 o openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-884=1 o Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-884=1 o SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-884=1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-884=1 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-884=1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-884=1 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-884=1 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-884=1 o SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-884=1 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-884=1 o SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-884=1 o SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-884=1 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-884=1 Package List: o SUSE Manager Proxy 4.3 (x86_64) spectre-meltdown-checker-0.46-150100.3.9.1 o SUSE Manager Retail Branch Server 4.3 (x86_64) spectre-meltdown-checker-0.46-150100.3.9.1 o SUSE Manager Server 4.3 (x86_64) spectre-meltdown-checker-0.46-150100.3.9.1 o SUSE Enterprise Storage 7.1 (x86_64) spectre-meltdown-checker-0.46-150100.3.9.1 o openSUSE Leap 15.5 (x86_64) spectre-meltdown-checker-0.46-150100.3.9.1 o Basesystem Module 15-SP5 (x86_64) spectre-meltdown-checker-0.46-150100.3.9.1 o SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) spectre-meltdown-checker-0.46-150100.3.9.1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) spectre-meltdown-checker-0.46-150100.3.9.1 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) spectre-meltdown-checker-0.46-150100.3.9.1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) spectre-meltdown-checker-0.46-150100.3.9.1 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) spectre-meltdown-checker-0.46-150100.3.9.1 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) spectre-meltdown-checker-0.46-150100.3.9.1 o SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) spectre-meltdown-checker-0.46-150100.3.9.1 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (x86_64) spectre-meltdown-checker-0.46-150100.3.9.1 o SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) spectre-meltdown-checker-0.46-150100.3.9.1 o SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) spectre-meltdown-checker-0.46-150100.3.9.1 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) spectre-meltdown-checker-0.46-150100.3.9.1 References: o https://www.suse.com/security/cve/CVE-2023-20593.html o https://jira.suse.com/browse/PED-2362 o https://jira.suse.com/browse/SLE-5514 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • hdf5: CVSS (Max): 8.6
    on March 28, 2024 at 6:37 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1930 Security update for hdf5 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: hdf5 Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2020-10812 CVE-2018-11202 CVE-2019-8396 CVE-2016-4332 CVE-2021-37501 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240882-1 Comment: CVSS (Max): 8.6 CVE-2016-4332 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) CVSS Source: SUSE, [NIST] Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for hdf5 Announcement ID: SUSE-SU-2024:0882-1 Rating: moderate o bsc#1011205 o bsc#1093641 o bsc#1125882 o bsc#1167400 References: o bsc#1207973 o bsc#1209548 o bsc#133222 o jsc#PED-7816 o CVE-2016-4332 o CVE-2018-11202 Cross-References: o CVE-2019-8396 o CVE-2020-10812 o CVE-2021-37501 o CVE-2016-4332 ( NVD ): 8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/ S:C/C:H/I:H/A:H o CVE-2018-11202 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R /S:U/C:N/I:N/A:L o CVE-2018-11202 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/ S:U/C:N/I:N/A:H o CVE-2019-8396 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/ S:U/C:N/I:N/A:L o CVE-2019-8396 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/ CVSS scores: S:U/C:N/I:N/A:H o CVE-2020-10812 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R /S:U/C:N/I:N/A:L o CVE-2020-10812 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/ S:U/C:N/I:N/A:H o CVE-2021-37501 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R /S:U/C:L/I:L/A:H o CVE-2021-37501 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:N/I:N/A:H o HPC Module 12 o SUSE Linux Enterprise High Performance Computing 12 SP2 o SUSE Linux Enterprise High Performance Computing 12 SP3 o SUSE Linux Enterprise High Performance Computing 12 SP4 o SUSE Linux Enterprise High Performance Computing 12 SP5 Affected o SUSE Linux Enterprise Server 12 SP2 Products: o SUSE Linux Enterprise Server 12 SP3 o SUSE Linux Enterprise Server 12 SP4 o SUSE Linux Enterprise Server 12 SP5 o SUSE Linux Enterprise Server for SAP Applications 12 SP2 o SUSE Linux Enterprise Server for SAP Applications 12 SP3 o SUSE Linux Enterprise Server for SAP Applications 12 SP4 o SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities, contains one feature and has two security fixes can now be installed. Description: This update for hdf5 fixes the following issues: Updated to version 1.10.11 o Changed the error handling for a not found path in the find plugin process. o Fixed CVE-2018-11202, a malformed file could result in chunk index memory leaks. o Fixed a file space allocation bug in the parallel library for chunked datasets. o Fixed an assertion failure in Parallel HDF5 when a file can’t be created due to an invalid library version bounds setting. o Fixed an assertion in a previous fix for CVE-2016-4332. o Fixed segfault on file close in h5debug which fails with a core dump on a file that has an illegal file size in its cache image. Fixes HDFFV-11052, CVE-2020-10812. o Fixed memory leaks that could occur when reading a dataset from a malformed file. o Fixed a bug in H5Ocopy that could generate invalid HDF5 files o Fixed potential heap buffer overflow in decoding of link info message. o Fixed potential buffer overrun issues in some object header decode routines. o Fixed a heap buffer overflow that occurs when reading from a dataset with a compact layout within a malformed HDF5 file. o Fixed CVE-2019-8396, malformed HDF5 files where content does not match expected size. o Fixed memory leak when running h5dump with proof of vulnerability file. o Added option –no-compact-subset to h5diff. Fixes since 1.10.10: o Fixed a memory corruption when reading from dataset using a hyperslab selection in file dataspace and a point selection memory dataspace. o Fix CVE-2021-37501 o Fixed an issue with variable length attributes. o Fixed an issue with hyperslab selections where an incorrect combined selection was produced. o Fixed an issue with attribute type conversion with compound datatypes. o Modified H5Fstart_swmr_write() to preserve DAPL properties. o Converted an assertion on (possibly corrupt) file contents to a normal error check. o Fixed memory leak with variable-length fill value in H5O_fill_convert(). o Fix h5repack to only print output when verbose option is selected. Fixes since 1.10.9: o Several improvements to parallel compression feature, including: Improved support for collective I/O (for both writes and reads). Reduction of copying of application data buffers passed to H5Dwrite. Addition of support for incremental file space allocation for filtered datasets created in parallel. Addition of support for HDF5’s “don’t filter partial edge chunks” flag Addition of proper support for HDF5 fill values with the feature. Addition of ‘H5_HAVE_PARALLEL_FILTERED_WRITES’ macro to H5pubconf.h so HDF5 applications can determine at compile-time whether the feature is available. Addition of simple examples o h5repack added an optional verbose value for reporting R/W timing. o Fixed a metadata cache bug when resizing a pinned/protected cache entry. o Fixed a problem with the H5_VERS_RELEASE check in the H5check_version function. o Unified handling of collective metadata reads to correctly fix old bugs. o Fixed several potential MPI deadlocks in library failure conditions. o Fixed an issue with collective metadata reads being permanently disabled after a dataset chunk lookup operation. o Remove timestamp/buildhost/kernel version from libhdf5.settings (bsc# 1209548). o set higher constraints for succesfull mpich tests (bsc#133222) Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o HPC Module 12 zypper in -t patch SUSE-SLE-Module-HPC-12-2024-882=1 Package List: o HPC Module 12 (noarch) hdf5-gnu-mvapich2-hpc-devel-1.10.11-3.21.1 hdf5-gnu-hpc-devel-1.10.11-3.21.1 hdf5-gnu-openmpi1-hpc-devel-1.10.11-3.21.1 o HPC Module 12 (aarch64 x86_64) hdf5_1_10_11-gnu-hpc-devel-1.10.11-3.21.1 libhdf5_hl_fortran-gnu-hpc-1.10.11-3.21.1 libhdf5_cpp_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1 hdf5_1_10_11-gnu-hpc-module-1.10.11-3.21.1 libhdf5_fortran_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1 libhdf5hl_fortran_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1 libhdf5_1_10_11-gnu-hpc-1.10.11-3.21.1 libhdf5_cpp_1_10_11-gnu-hpc-1.10.11-3.21.1 libhdf5_fortran_1_10_11-gnu-hpc-1.10.11-3.21.1 hdf5_1_10_11-gnu-mvapich2-hpc-module-1.10.11-3.21.1 hdf5_1_10_11-gnu-hpc-debugsource-1.10.11-3.21.1 hdf5_1_10_11-gnu-hpc-1.10.11-3.21.1 libhdf5hl_fortran_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1 libhdf5_fortran-gnu-openmpi1-hpc-1.10.11-3.21.1 libhdf5-gnu-hpc-1.10.11-3.21.1 hdf5_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1 libhdf5_fortran_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.11-3.21.1 libhdf5_hl_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1 libhdf5_hl_cpp-gnu-hpc-1.10.11-3.21.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.11-3.21.1 libhdf5_hl_cpp_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1 hdf5_1_10_11-gnu-mvapich2-hpc-devel-1.10.11-3.21.1 hdf5_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1 libhdf5_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1 hdf5_1_10_11-gnu-mvapich2-hpc-devel-static-1.10.11-3.21.1 libhdf5-gnu-mvapich2-hpc-1.10.11-3.21.1 hdf5_1_10_11-gnu-openmpi1-hpc-devel-1.10.11-3.21.1 libhdf5_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1 hdf5_1_10_11-gnu-mvapich2-hpc-debugsource-1.10.11-3.21.1 libhdf5_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1 libhdf5_hl-gnu-openmpi1-hpc-1.10.11-3.21.1 libhdf5_cpp_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1 libhdf5_hl_1_10_11-gnu-hpc-1.10.11-3.21.1 hdf5_1_10_11-gnu-openmpi1-hpc-module-1.10.11-3.21.1 libhdf5_hl_cpp_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1 libhdf5_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1 libhdf5_hl_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.11-3.21.1 hdf5_1_10_11-gnu-openmpi1-hpc-debugsource-1.10.11-3.21.1 libhdf5hl_fortran_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1 hdf5_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1 libhdf5_hl_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1 libhdf5_hl_cpp_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1 libhdf5hl_fortran_1_10_11-gnu-hpc-1.10.11-3.21.1 hdf5_1_10_11-gnu-hpc-devel-static-1.10.11-3.21.1 libhdf5hl_fortran_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1 libhdf5_hl_1_10_11-gnu-openmpi1-hpc-1.10.11-3.21.1 hdf5_1_10_11-gnu-openmpi1-hpc-devel-static-1.10.11-3.21.1 libhdf5_fortran-gnu-hpc-1.10.11-3.21.1 libhdf5_cpp-gnu-hpc-1.10.11-3.21.1 hdf5_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1 libhdf5_fortran_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1 libhdf5_hl-gnu-hpc-1.10.11-3.21.1 libhdf5_1_10_11-gnu-mvapich2-hpc-debuginfo-1.10.11-3.21.1 libhdf5_cpp_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1 libhdf5_hl_cpp_1_10_11-gnu-hpc-1.10.11-3.21.1 libhdf5_hl_fortran-gnu-openmpi1-hpc-1.10.11-3.21.1 hdf5_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1 libhdf5-gnu-openmpi1-hpc-1.10.11-3.21.1 libhdf5hl_fortran_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1 libhdf5_fortran_1_10_11-gnu-openmpi1-hpc-debuginfo-1.10.11-3.21.1 libhdf5_fortran_1_10_11-gnu-mvapich2-hpc-1.10.11-3.21.1 libhdf5_hl_1_10_11-gnu-hpc-debuginfo-1.10.11-3.21.1 References: o https://www.suse.com/security/cve/CVE-2016-4332.html o https://www.suse.com/security/cve/CVE-2018-11202.html o https://www.suse.com/security/cve/CVE-2019-8396.html o https://www.suse.com/security/cve/CVE-2020-10812.html o https://www.suse.com/security/cve/CVE-2021-37501.html o https://bugzilla.suse.com/show_bug.cgi?id=1011205 o https://bugzilla.suse.com/show_bug.cgi?id=1093641 o https://bugzilla.suse.com/show_bug.cgi?id=1125882 o https://bugzilla.suse.com/show_bug.cgi?id=1167400 o https://bugzilla.suse.com/show_bug.cgi?id=1207973 o https://bugzilla.suse.com/show_bug.cgi?id=1209548 o https://bugzilla.suse.com/show_bug.cgi?id=133222 o https://jira.suse.com/browse/PED-7816 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • sudo: CVSS (Max): 7.0
    on March 28, 2024 at 6:37 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1929 Security update for sudo 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: sudo Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-42465 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240877-1 Comment: CVSS (Max): 7.0 CVE-2023-42465 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for sudo Announcement ID: SUSE-SU-2024:0877-1 Rating: important o bsc#1221134 References: o bsc#1221151 Cross-References: o CVE-2023-42465 o CVE-2023-42465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:H/I:H/A:H CVSS scores: o CVE-2023-42465 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o openSUSE Leap 15.4 o openSUSE Leap Micro 5.3 o openSUSE Leap Micro 5.4 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 o SUSE Linux Enterprise High Performance Computing 15 SP4 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 o SUSE Linux Enterprise High Performance Computing LTSS 15 Affected SP4 Products: o SUSE Linux Enterprise Micro 5.3 o SUSE Linux Enterprise Micro 5.4 o SUSE Linux Enterprise Micro for Rancher 5.3 o SUSE Linux Enterprise Micro for Rancher 5.4 o SUSE Linux Enterprise Server 15 SP4 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 o SUSE Manager Proxy 4.3 o SUSE Manager Retail Branch Server 4.3 o SUSE Manager Server 4.3 An update that solves one vulnerability and has one security fix can now be installed. Description: This update for sudo fixes the following issues: o CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc# 1221134). Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o openSUSE Leap 15.4 zypper in -t patch SUSE-2024-877=1 o openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2024-877=1 o openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2024-877=1 o SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-877=1 o SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-877=1 o SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-877=1 o SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-877=1 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-877=1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-877=1 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-877=1 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-877=1 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-877=1 o SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-877=1 o SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2024-877=1 o SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-877=1 Package List: o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) sudo-plugin-python-debuginfo-1.9.9-150400.4.36.1 sudo-plugin-python-1.9.9-150400.4.36.1 sudo-debugsource-1.9.9-150400.4.36.1 sudo-debuginfo-1.9.9-150400.4.36.1 sudo-test-1.9.9-150400.4.36.1 sudo-1.9.9-150400.4.36.1 sudo-devel-1.9.9-150400.4.36.1 o openSUSE Leap Micro 5.3 (aarch64 x86_64) sudo-1.9.9-150400.4.36.1 sudo-debuginfo-1.9.9-150400.4.36.1 sudo-debugsource-1.9.9-150400.4.36.1 o openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) sudo-1.9.9-150400.4.36.1 sudo-debuginfo-1.9.9-150400.4.36.1 sudo-debugsource-1.9.9-150400.4.36.1 o SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) sudo-1.9.9-150400.4.36.1 sudo-debuginfo-1.9.9-150400.4.36.1 sudo-debugsource-1.9.9-150400.4.36.1 o SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) sudo-1.9.9-150400.4.36.1 sudo-debuginfo-1.9.9-150400.4.36.1 sudo-debugsource-1.9.9-150400.4.36.1 o SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) sudo-1.9.9-150400.4.36.1 sudo-debuginfo-1.9.9-150400.4.36.1 sudo-debugsource-1.9.9-150400.4.36.1 o SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) sudo-1.9.9-150400.4.36.1 sudo-debuginfo-1.9.9-150400.4.36.1 sudo-debugsource-1.9.9-150400.4.36.1 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) sudo-plugin-python-debuginfo-1.9.9-150400.4.36.1 sudo-plugin-python-1.9.9-150400.4.36.1 sudo-debugsource-1.9.9-150400.4.36.1 sudo-debuginfo-1.9.9-150400.4.36.1 sudo-1.9.9-150400.4.36.1 sudo-devel-1.9.9-150400.4.36.1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) sudo-plugin-python-debuginfo-1.9.9-150400.4.36.1 sudo-plugin-python-1.9.9-150400.4.36.1 sudo-debugsource-1.9.9-150400.4.36.1 sudo-debuginfo-1.9.9-150400.4.36.1 sudo-1.9.9-150400.4.36.1 sudo-devel-1.9.9-150400.4.36.1 o SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) sudo-plugin-python-debuginfo-1.9.9-150400.4.36.1 sudo-plugin-python-1.9.9-150400.4.36.1 sudo-debugsource-1.9.9-150400.4.36.1 sudo-debuginfo-1.9.9-150400.4.36.1 sudo-1.9.9-150400.4.36.1 sudo-devel-1.9.9-150400.4.36.1 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) sudo-plugin-python-debuginfo-1.9.9-150400.4.36.1 sudo-plugin-python-1.9.9-150400.4.36.1 sudo-debugsource-1.9.9-150400.4.36.1 sudo-debuginfo-1.9.9-150400.4.36.1 sudo-1.9.9-150400.4.36.1 sudo-devel-1.9.9-150400.4.36.1 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) sudo-plugin-python-debuginfo-1.9.9-150400.4.36.1 sudo-plugin-python-1.9.9-150400.4.36.1 sudo-debugsource-1.9.9-150400.4.36.1 sudo-debuginfo-1.9.9-150400.4.36.1 sudo-1.9.9-150400.4.36.1 sudo-devel-1.9.9-150400.4.36.1 o SUSE Manager Proxy 4.3 (x86_64) sudo-plugin-python-debuginfo-1.9.9-150400.4.36.1 sudo-plugin-python-1.9.9-150400.4.36.1 sudo-debugsource-1.9.9-150400.4.36.1 sudo-debuginfo-1.9.9-150400.4.36.1 sudo-1.9.9-150400.4.36.1 sudo-devel-1.9.9-150400.4.36.1 o SUSE Manager Retail Branch Server 4.3 (x86_64) sudo-plugin-python-debuginfo-1.9.9-150400.4.36.1 sudo-plugin-python-1.9.9-150400.4.36.1 sudo-debugsource-1.9.9-150400.4.36.1 sudo-debuginfo-1.9.9-150400.4.36.1 sudo-1.9.9-150400.4.36.1 sudo-devel-1.9.9-150400.4.36.1 o SUSE Manager Server 4.3 (ppc64le s390x x86_64) sudo-plugin-python-debuginfo-1.9.9-150400.4.36.1 sudo-plugin-python-1.9.9-150400.4.36.1 sudo-debugsource-1.9.9-150400.4.36.1 sudo-debuginfo-1.9.9-150400.4.36.1 sudo-1.9.9-150400.4.36.1 sudo-devel-1.9.9-150400.4.36.1 References: o https://www.suse.com/security/cve/CVE-2023-42465.html o https://bugzilla.suse.com/show_bug.cgi?id=1221134 o https://bugzilla.suse.com/show_bug.cgi?id=1221151 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • sudo: CVSS (Max): 7.0
    on March 28, 2024 at 6:37 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1928 Security update for sudo 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: sudo Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-42465 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240876-1 Comment: CVSS (Max): 7.0 CVE-2023-42465 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for sudo Announcement ID: SUSE-SU-2024:0876-1 Rating: important o bsc#1221134 References: o bsc#1221151 Cross-References: o CVE-2023-42465 o CVE-2023-42465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:H/I:H/A:H CVSS scores: o CVE-2023-42465 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o Basesystem Module 15-SP5 o openSUSE Leap 15.5 o SUSE Linux Enterprise Desktop 15 SP5 Affected o SUSE Linux Enterprise High Performance Computing 15 SP5 Products: o SUSE Linux Enterprise Micro 5.5 o SUSE Linux Enterprise Real Time 15 SP5 o SUSE Linux Enterprise Server 15 SP5 o SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has one security fix can now be installed. Description: This update for sudo fixes the following issues: o CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc# 1221134). Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o openSUSE Leap 15.5 zypper in -t patch SUSE-2024-876=1 openSUSE-SLE-15.5-2024-876=1 o SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-876=1 o Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-876=1 Package List: o openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) sudo-devel-1.9.12p1-150500.7.10.1 sudo-test-1.9.12p1-150500.7.10.1 sudo-plugin-python-1.9.12p1-150500.7.10.1 sudo-plugin-python-debuginfo-1.9.12p1-150500.7.10.1 sudo-debuginfo-1.9.12p1-150500.7.10.1 sudo-debugsource-1.9.12p1-150500.7.10.1 sudo-1.9.12p1-150500.7.10.1 o SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) sudo-debuginfo-1.9.12p1-150500.7.10.1 sudo-debugsource-1.9.12p1-150500.7.10.1 sudo-1.9.12p1-150500.7.10.1 o Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) sudo-devel-1.9.12p1-150500.7.10.1 sudo-plugin-python-1.9.12p1-150500.7.10.1 sudo-plugin-python-debuginfo-1.9.12p1-150500.7.10.1 sudo-debuginfo-1.9.12p1-150500.7.10.1 sudo-debugsource-1.9.12p1-150500.7.10.1 sudo-1.9.12p1-150500.7.10.1 References: o https://www.suse.com/security/cve/CVE-2023-42465.html o https://bugzilla.suse.com/show_bug.cgi?id=1221134 o https://bugzilla.suse.com/show_bug.cgi?id=1221151 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • python-Django: CVSS (Max): 7.5
    on March 28, 2024 at 6:36 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1927 Security update for python-Django 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: python-Django Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2024-27351 CVE-2024-24680 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240875-1 Comment: CVSS (Max): 7.5 CVE-2024-27351 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for python-Django Announcement ID: SUSE-SU-2024:0875-1 Rating: important o bsc#1219683 References: o bsc#1220358 o CVE-2024-24680 Cross-References: o CVE-2024-27351 o CVE-2024-24680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2024-24680 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ CVSS scores: S:U/C:N/I:N/A:H o CVE-2024-27351 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o HPE Helion OpenStack 8 Affected o SUSE Linux Enterprise High Performance Computing 12 SP3 Products: o SUSE Linux Enterprise Server 12 SP3 o SUSE OpenStack Cloud 8 o SUSE OpenStack Cloud Crowbar 8 An update that solves two vulnerabilities can now be installed. Description: This update for python-Django fixes the following issues: o CVE-2024-24680: Fixed a denial-of-service in intcomma template filter (bsc# 1219683). o CVE-2024-27351: Fixed potential regular expression denial-of-service in django.utils.text.Truncator.words() (bsc#1220358). Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2024-875=1 o SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2024-875=1 o SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2024-875=1 Package List: o HPE Helion OpenStack 8 (noarch) python-Django-1.11.29-3.59.3 venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.54.4 o SUSE OpenStack Cloud 8 (noarch) venv-openstack-horizon-x86_64-12.0.5~dev6-14.54.5 python-Django-1.11.29-3.59.3 o SUSE OpenStack Cloud Crowbar 8 (noarch) python-Django-1.11.29-3.59.3 References: o https://www.suse.com/security/cve/CVE-2024-24680.html o https://www.suse.com/security/cve/CVE-2024-27351.html o https://bugzilla.suse.com/show_bug.cgi?id=1219683 o https://bugzilla.suse.com/show_bug.cgi?id=1220358 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • Linux Kernel: CVSS (Max): 7.8
    on March 28, 2024 at 6:34 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1926 Security update for the Linux Kernel 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-52448 CVE-2023-52478 CVE-2024-26591 CVE-2023-52449 CVE-2024-1151 CVE-2024-23850 CVE-2024-23851 CVE-2024-26585 CVE-2024-26586 CVE-2024-26593 CVE-2024-26595 CVE-2024-26598 CVE-2024-26602 CVE-2024-26603 CVE-2024-26622 CVE-2023-28746 CVE-2024-0607 CVE-2023-52451 CVE-2023-6817 CVE-2024-23849 CVE-2023-52439 CVE-2023-52456 CVE-2023-52443 CVE-2023-52463 CVE-2023-52464 CVE-2024-25744 CVE-2023-5197 CVE-2023-52457 CVE-2024-26589 CVE-2019-25162 CVE-2021-46923 CVE-2021-46924 CVE-2021-46932 CVE-2023-52447 CVE-2023-52445 CVE-2023-52340 CVE-2023-52429 CVE-2023-52452 CVE-2023-52475 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240910-1 Comment: CVSS (Max): 7.8 CVE-2024-26622 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:0910-1 Rating: important o bsc#1194869 o bsc#1206453 o bsc#1209412 o bsc#1213456 o bsc#1216776 o bsc#1217927 o bsc#1218195 o bsc#1218216 o bsc#1218450 o bsc#1218527 o bsc#1218663 o bsc#1218915 o bsc#1219126 o bsc#1219127 o bsc#1219141 o bsc#1219146 o bsc#1219295 o bsc#1219443 o bsc#1219653 o bsc#1219827 o bsc#1219835 o bsc#1219839 o bsc#1219840 o bsc#1219934 o bsc#1220003 o bsc#1220009 o bsc#1220021 o bsc#1220030 o bsc#1220106 o bsc#1220140 o bsc#1220187 References: o bsc#1220238 o bsc#1220240 o bsc#1220241 o bsc#1220243 o bsc#1220250 o bsc#1220251 o bsc#1220253 o bsc#1220254 o bsc#1220255 o bsc#1220257 o bsc#1220267 o bsc#1220277 o bsc#1220317 o bsc#1220326 o bsc#1220328 o bsc#1220330 o bsc#1220335 o bsc#1220344 o bsc#1220348 o bsc#1220350 o bsc#1220364 o bsc#1220392 o bsc#1220393 o bsc#1220398 o bsc#1220409 o bsc#1220444 o bsc#1220457 o bsc#1220459 o bsc#1220649 o bsc#1220796 o bsc#1220825 o jsc#PED-7618 o CVE-2019-25162 o CVE-2021-46923 o CVE-2021-46924 o CVE-2021-46932 o CVE-2023-28746 o CVE-2023-5197 o CVE-2023-52340 o CVE-2023-52429 o CVE-2023-52439 o CVE-2023-52443 o CVE-2023-52445 o CVE-2023-52447 o CVE-2023-52448 o CVE-2023-52449 o CVE-2023-52451 o CVE-2023-52452 o CVE-2023-52456 o CVE-2023-52457 o CVE-2023-52463 Cross-References: o CVE-2023-52464 o CVE-2023-52475 o CVE-2023-52478 o CVE-2023-6817 o CVE-2024-0607 o CVE-2024-1151 o CVE-2024-23849 o CVE-2024-23850 o CVE-2024-23851 o CVE-2024-25744 o CVE-2024-26585 o CVE-2024-26586 o CVE-2024-26589 o CVE-2024-26591 o CVE-2024-26593 o CVE-2024-26595 o CVE-2024-26598 o CVE-2024-26602 o CVE-2024-26603 o CVE-2024-26622 o CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:C/C:H/I:N/A:N o CVE-2023-5197 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:L/I:L/A:H o CVE-2023-5197 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:L/I:L/A:H o CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52439 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:H/I:H/A:H o CVE-2023-6817 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-6817 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2024-0607 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:H/A:L CVSS scores: o CVE-2024-0607 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:L/I:L/A:H o CVE-2024-1151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-23849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:N/A:N o CVE-2024-23849 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-23850 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2024-23850 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-23851 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:N/I:N/A:H o CVE-2024-23851 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-25744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:H/A:H o openSUSE Leap 15.5 o SUSE Linux Enterprise High Performance Computing 15 SP5 o SUSE Linux Enterprise Live Patching 15-SP5 Affected o SUSE Linux Enterprise Micro 5.5 Products: o SUSE Linux Enterprise Real Time 15 SP5 o SUSE Linux Enterprise Server 15 SP5 o SUSE Linux Enterprise Server for SAP Applications 15 SP5 o SUSE Real Time Module 15-SP5 An update that solves 39 vulnerabilities, contains one feature and has 23 security fixes can now be installed. Description: The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: o CVE-2019-25162: Fixed a potential use after free (bsc#1220409). o CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457). o CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc# 1220459) o CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) o CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). o CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216). o CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). o CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/ dm-table.c (bsc#1219827). o CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). o CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc# 1220240). o CVE-2023-52445: Fixed use after free on context disconnection (bsc# 1220241). o CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc# 1220251). o CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). o CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). o CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). o CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257). o CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364). o CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get () failed (bsc#1220350). o CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). o CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330) o CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc# 1220649) o CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) o CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). o CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc# 1218915). o CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc# 1219835). o CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc# 1219127). o CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). o CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc# 1219146). o CVE-2024-25744: Fixed Security issue with int 80 interrupt vector (bsc# 1217927). o CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc #1220187). o CVE-2024-26586: Fixed stack corruption (bsc#1220243). o CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). o CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc# 1220254). o CVE-2024-26593: Fixed block process call transactions (bsc#1220009). o CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). o CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326). o CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). o CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335). o CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc# 1220825). The following non-security bugs were fixed: o acpi: apei: set memory failure flags as mf_action_required on synchronous events (git-fixes). o acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes). o acpi: extlog: fix null pointer dereference check (git-fixes). o acpi: resource: add asus model s5402za to quirks (git-fixes). o acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes). o acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes). o acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes). o acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2 (git-fixes). o acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371 amd version) (git-fixes). o acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes). o add reference to recently released cve o afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-fixes). o afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (git-fixes). o afs: hide silly-rename files from userspace (git-fixes). o afs: increase buffer size in afs_update_volume_status() (git-fixes). o ahci: asm1166: correct count of reported ports (git-fixes). o alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes). o alsa: firewire-lib: fix to check cycle continuity (git-fixes). o alsa: hda/conexant: add quirk for sws js201d (git-fixes). o alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads (git-fixes). o alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes). o alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table (git-fixes). o alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes). o alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes). o alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes). o alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes). o alsa: hda/realtek: fix the external mic not being recognised for acer swift 1 sf114-32 (git-fixes). o alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes). o alsa: usb-audio: add delay quirk for motu m series 2nd revision (git-fixes). o alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes). o alsa: usb-audio: check presence of valid altsetting control (git-fixes). o alsa: usb-audio: ignore clock selector errors for single connection (git-fixes). o alsa: usb-audio: more relaxed check of midi jack names (git-fixes). o alsa: usb-audio: sort quirk table entries (git-fixes). o arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443) o arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443) o arm64: entry: simplify tramp_alias macro and tramp_exit routine (bsc# 1219443) o arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443) enable workaround. o arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443) enable workaround without kabi break. o arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes) enable ampere_erratum_ac03_cpu_38 workaround without kabi break o arm64: irq: set the correct node for shadow call stack (git-fixes) o arm64: irq: set the correct node for vmap stack (git-fixes) o arm64: rename arm64_workaround_2966298 (bsc#1219443) o arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata (git-fixes) o asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes). o asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes). o asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes). o asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes). o atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes). o bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes). o bluetooth: enforce validation on max value of connection interval (git-fixes). o bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes). o bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes). o bluetooth: hci_sync: check the correct flag before starting a scan (git-fixes). o bluetooth: hci_sync: fix accept_list when attempting to suspend (git-fixes). o bluetooth: l2cap: fix possible multiple reject send (git-fixes). o bluetooth: qca: fix wrong event type for patch config command (git-fixes). o bpf: fix verification of indirect var-off stack access (git-fixes). o bpf: guard stack limits against 32bit overflow (git-fixes). o bpf: minor logging improvement (bsc#1220257). o bus: moxtet: add spi device table (git-fixes). o cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267). o can: j1939: fix uaf in j1939_sk_match_filter during setsockopt (so_j1939_filter) (git-fixes). o crypto: api – disallow identical driver names (git-fixes). o crypto: ccp – fix null pointer dereference in __sev_platform_shutdown_locked (git-fixes). o crypto: octeontx2 – fix cptvf driver cleanup (git-fixes). o crypto: stm32/crc32 – fix parsing list of devices (git-fixes). o dmaengine: fsl-qdma: fix a memory leak related to the queue command dma (git-fixes). o dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read (git-fixes). o dmaengine: fsl-qdma: increase size of ‘irq_name’ (git-fixes). o dmaengine: fsl-qdma: init irq after reg initialization (git-fixes). o dmaengine: ptdma: use consistent dma masks (git-fixes). o dmaengine: shdma: increase size of ‘dev_id’ (git-fixes). o dmaengine: ti: edma: add some null pointer checks to the edma_probe (git-fixes). o driver core: fix device_link_flag_is_sync_state_only() (git-fixes). o drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes). o drm/amd/display: fix possible buffer overflow in ‘find_dcfclk_for_voltage() ‘ (git-fixes). o drm/amd/display: fix possible null dereference on device remove/driver unload (git-fixes). o drm/amd/display: increase frame-larger-than for all display_mode_vba files (git-fixes). o drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes). o drm/amd/display: preserve original aspect ratio in create stream (git-fixes). o drm/amdgpu/display: initialize gamma correction mode variable in dcn30_get_gamcor_current() (git-fixes). o drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes). o drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes). o drm/buddy: fix range bias (git-fixes). o drm/crtc: fix uninitialized variable use even harder (git-fixes). o drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes). o drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case (git-fixes). o drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-fixes). o drm/msms/dp: fixed link clock divider bits be over written in bpc unknown case (git-fixes). o drm/prime: support page array >= 4gb (git-fixes). o drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is set (git-fixes). o drm/ttm: fix an invalid freeing on already freed page in error path (git-fixes). o drop bcm5974 input patch causing a regression (bsc#1220030) o efi/capsule-loader: fix incorrect allocation size (git-fixes). o efi: do not add memblocks for soft-reserved memory (git-fixes). o efi: runtime: fix potential overflow of soft-reserved region size (git-fixes). o fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes). o fbdev: savage: error out if pixclock equals zero (git-fixes). o fbdev: sis: error out if pixclock equals zero (git-fixes). o firewire: core: send bus reset promptly on gap count error (git-fixes). o fs: dlm: fix build with config_ipv6 disabled (git-fixes). o fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes). o gpio: 74×164: enable output pins after registers are reset (git-fixes). o gpio: fix resource unwinding order in error path (git-fixes). o gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes). o gpiolib: fix the error path order in gpiochip_add_data_with_key() (git-fixes). o hid: apple: add 2021 magic keyboard fn key mapping (git-fixes). o hid: apple: add support for the 2021 magic keyboard (git-fixes). o hid: wacom: do not register input devices until after hid_hw_start (git-fixes). o hid: wacom: generic: avoid reporting a serial of ‘0’ to userspace (git-fixes). o hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes). o hwmon: (coretemp) enlarge per package core count limit (git-fixes). o hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes). o hwmon: (coretemp) fix out-of-bounds memory access (git-fixes). o i2c: i801: fix block process call transactions (git-fixes). o i2c: i801: remove i801_set_block_buffer_mode (git-fixes). o i2c: imx: add timer for handling the stop condition (git-fixes). o i2c: imx: when being a target, mark the last read as processed (git-fixes). o i3c: master: cdns: update maximum prescaler value for i2c clock (git-fixes). o ib/hfi1: fix a memleak in init_credit_return (git-fixes) o ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes) o iio: accel: bma400: fix a compilation problem (git-fixes). o iio: adc: ad7091r: set alert bit in config register (git-fixes). o iio: core: fix memleak in iio_device_register_sysfs (git-fixes). o iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp (git-fixes). o iio: magnetometer: rm3100: add boundary check for the value read from rm3100_reg_tmrc (git-fixes). o input: iqs269a – switch to define_simple_dev_pm_ops() and pm_sleep_ptr() (git-fixes). o input: xpad – add lenovo legion go controllers (git-fixes). o irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes). o jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes). o jfs: fix array-index-out-of-bounds in dinewext (git-fixes). o jfs: fix slab-out-of-bounds read in dtsearch (git-fixes). o jfs: fix uaf in jfs_evict_inode (git-fixes). o kbuild: fix changing elf file type for output of gen_btf for big endian (git-fixes). o kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839). o kvm: s390: fix setting of fpc register (git-fixes bsc#1220392). o kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393). o kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes). o kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes). o lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-fixes). o leds: trigger: panic: do not register panic notifier if creating the trigger failed (git-fixes). o lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423). o lib/stackdepot: add refcount for records (jsc-ped#7423). o lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423). o lib/stackdepot: move stack_record struct definition into the header (jsc-ped#7423). o libsubcmd: fix memory leak in uniq() (git-fixes). o media: ddbridge: fix an error code problem in ddb_probe (git-fixes). o media: ir_toy: fix a memleak in irtoy_tx (git-fixes). o media: rc: bpf attach/detach requires write permission (git-fixes). o media: rockchip: rga: fix swizzling for rgb formats (git-fixes). o media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes). o mfd: syscon: fix null pointer dereference in of_syscon_register() (git-fixes). o mm,page_owner: display all stacks and their count (jsc-ped#7423). o mm,page_owner: filter out stacks by a threshold (jsc-ped#7423). o mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423). o mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423). o mm,page_owner: update documentation regarding page_owner_stacks (jsc-ped# 7423). o mm/hwpoison: fix unpoison_memory() (bsc#1218663). o mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663). o mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc# 1218663). o mm: memory-failure: fix potential unexpected return value from unpoison_memory() (git-fixes). o mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes). o mmc: core: use mrq.sbc in close-ended ffu (git-fixes). o mmc: mmc_spi: remove custom dma mapped buffers (git-fixes). o mmc: sdhci-xenon: add timeout for phy init complete (git-fixes). o mmc: sdhci-xenon: fix phy init clock stability (git-fixes). o mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes). o modpost: trim leading spaces when processing source files list (git-fixes). o mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes). o net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes). o netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003). o nilfs2: fix data corruption in dsync block recovery for small block sizes (git-fixes). o nilfs2: replace warn_ons for invalid dat metadata block requests (git-fixes). o nouveau/svm: fix kvcalloc() argument order (git-fixes). o nouveau: fix function cast warnings (git-fixes). o ntfs: check overflow when iterating attr_records (git-fixes). o ntfs: fix use-after-free in ntfs_attr_find() (git-fixes). o nvme-fabrics: fix i/o connect error handling (git-fixes). o nvme-host: fix the updating of the firmware version (git-fixes). o pci/aer: decode requester id when no error info found (git-fixes). o pci: add no pm reset quirk for nvidia spectrum devices (git-fixes). o pci: add pci_header_type_mfd definition (bsc#1220021). o pci: fix 64gt/s effective data rate calculation (git-fixes). o pci: only override amd usb controller if required (git-fixes). o pci: switchtec: fix stdev_release() crash after surprise hot remove (git-fixes). o platform/x86: thinkpad_acpi: only update profile if successfully converted (git-fixes). o platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet (git-fixes). o platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi names (git-fixes). o pm: core: remove unnecessary (void *) conversions (git-fixes). o pm: runtime: have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (git-fixes). o pnp: acpi: fix fortify warning (git-fixes). o power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes). o powerpc/64: set task pt_regs->link to the lr value on scv entry (bsc# 1194869). o powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869). o powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser (bsc# 1220348). o powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt (bsc# 1194869). o powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features (bsc# 1220348). o powerpc/watchpoint: disable pagefaults when getting user instruction (bsc# 1194869). o powerpc/watchpoints: annotate atomic context in more places (bsc#1194869). o powerpc/watchpoints: disable preemption in thread_change_pc() (bsc# 1194869). o powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869). o powerpc: do not include lppaca.h in paca.h (bsc#1194869). o pstore/ram: fix crash when setting number of cpus to an odd number (git-fixes). o ras/amd/atl: add mi300 row retirement support (jsc#ped-7618). o ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes). o ras: introduce a fru memory poison manager (jsc#ped-7618). o rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes) o rdma/bnxt_re: return error for srq resize (git-fixes) o rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934). o rdma/core: get ib width and speed from netdev (bsc#1219934). o rdma/irdma: add ae for too many rnrs (git-fixes) o rdma/irdma: fix kasan issue with tasklet (git-fixes) o rdma/irdma: set the cq read threshold for gen 1 (git-fixes) o rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes) o rdma/qedr: fix qedr_create_user_qp error flow (git-fixes) o rdma/srpt: fix function pointer cast warnings (git-fixes) o rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes) o refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io. (bsc# 1216776, bsc#1220277) o regulator: core: only increment use_count when enable_count changes (git-fixes). o regulator: pwm-regulator: add validity checks in continuous .get_voltage (git-fixes). o revert “drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz” (git-fixes). o revert “drm/amd/pm: resolve reboot exception for si oland” (git-fixes). o revert “drm/amd: flush any delayed gfxoff on suspend entry” (git-fixes). o rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc# 1219653) they are put into -devel subpackage. and a proper link to /usr/ share/gdb/auto-load/ is created. o s390/qeth: fix potential loss of l3-ip@ in case of network issues (git-fixes bsc#1219840). o s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317). o sched/membarrier: reduce the ability to hammer on sys_membarrier (git-fixes). o scsi: core: move scsi_host_busy() out of host lock for waking up eh handler (git-fixes). o scsi: core: move scsi_host_busy() out of host lock if it is for per-command (git-fixes). o scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes bsc# 1219141). o scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes). o scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106). o scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106). o scsi: isci: fix an error code problem in isci_io_request_build() (git-fixes). o scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an abts (bsc#1220021). o scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric nodes (bsc#1220021). o scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021). o scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc# 1220021). o scsi: lpfc: change nlp state statistic counters into atomic_t (bsc# 1220021). o scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021). o scsi: lpfc: fix failure to delete vports when discovery is in progress (bsc #1220021). o scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021). o scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list() (bsc#1220021). o scsi: lpfc: move handling of reset congestion statistics events (bsc# 1220021). o scsi: lpfc: protect vport fc_nodes list with an explicit spin lock (bsc# 1220021). o scsi: lpfc: remove d_id swap log message from trace event logger (bsc# 1220021). o scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for ndlps (bsc#1220021). o scsi: lpfc: remove shost_lock protection for fc_host_port shost apis (bsc# 1220021). o scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021). o scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn notifications (bsc#1220021). o scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021). o scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021). o scsi: lpfc: use sg_dma_len() api to get struct scatterlist’s length (bsc# 1220021). o scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes). o scsi: revert “scsi: fcoe: fix potential deadlock on &fip->ctlr_lock” (git-fixes bsc#1219141). o serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes). o spi-mxs: fix chipselect glitch (git-fixes). o spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected (git-fixes). o spi: ppc4xx: drop write-only variable (git-fixes). o spi: sh-msiof: avoid integer overflow in constants (git-fixes). o staging: iio: ad5933: fix type mismatch regression (git-fixes). o supported.conf: remove external flag from ibm supported modules. (bsc# 1209412) o tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450). o tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes). o topology/sysfs: add format parameter to macro defining “show” functions for proc (jsc#ped-7618). o topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618). o tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes). o ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes). o usb: cdns3: fix memory double free when handle zero packet (git-fixes). o usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-fixes). o usb: cdns3: modify the return value of cdns_set_active () to void when config_pm_sleep is disabled (git-fixes). o usb: cdns3: put the cdns set active part outside the spin lock (git-fixes). o usb: cdns: readd old api (git-fixes). o usb: cdnsp: blocked some cdns3 specific code (git-fixes). o usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers (git-fixes). o usb: dwc3: gadget: do not disconnect if not started (git-fixes). o usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes). o usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes). o usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes). o usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api (git-fixes). o usb: dwc3: gadget: submit endxfer command if delayed during disconnect (git-fixes). o usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes). o usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes). o usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes). o usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes). o usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes). o usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). o usb: gadget: f_hid: fix report descriptor allocation (git-fixes). o usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes). o usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes). o usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes). o usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs (git-fixes). o usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes). o usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes). o usb: gadget: udc: handle gadget_connect failure during bind operation (git-fixes). o usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc# 1218527). o usb: hub: replace hardcoded quirk value with bit() macro (git-fixes). o usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-fixes). o usb: roles: fix null pointer issue when put module’s reference (git-fixes). o usb: serial: cp210x: add id for imst im871a-usb (git-fixes). o usb: serial: option: add fibocom fm101-gl variant (git-fixes). o usb: serial: qcserial: add new usb-id for dell wireless dw5826e (git-fixes). o watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786 (git-fixes). o wifi: ath11k: fix registration of 6ghz-only phy without the full channel range (git-fixes). o wifi: ath9k: fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (git-fixes). o wifi: cfg80211: fix missing interfaces when dumping (git-fixes). o wifi: cfg80211: fix rcu dereference in __cfg80211_bss_update (git-fixes). o wifi: cfg80211: free beacon_ies when overridden from hidden bss (git-fixes). o wifi: iwlwifi: fix some error codes (git-fixes). o wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes). o wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-fixes). o wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes). o wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes). o wifi: nl80211: reject iftype change with mesh id change (git-fixes). o wifi: rt2x00: restart beacon queue when hardware reset (git-fixes). o wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes). o wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes). o wifi: wext-core: fix -wstringop-overflow warning in ioctl_standard_iw_point () (git-fixes). o x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes). o x86/bugs: add asm helpers for executing verw (git-fixes). o x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add mds_user_clear to kabi severities since it’s strictly mitigation related so should be low risk. o x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618). o x86/entry_32: add verw just before userspace transition (git-fixes). o x86/entry_64: add verw just before userspace transition (git-fixes). o x86/mm: fix memory encryption features advertisement (bsc#1206453). o xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes). o xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes). Special Instructions and Notes: o Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o openSUSE Leap 15.5 zypper in -t patch SUSE-2024-910=1 openSUSE-SLE-15.5-2024-910=1 o SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-910=1 o SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-910=1 o SUSE Real Time Module 15-SP5 zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2024-910=1 Package List: o openSUSE Leap 15.5 (noarch) kernel-devel-rt-5.14.21-150500.13.38.1 kernel-source-rt-5.14.21-150500.13.38.1 o openSUSE Leap 15.5 (x86_64) kselftests-kmp-rt-5.14.21-150500.13.38.1 kernel-rt-extra-5.14.21-150500.13.38.1 kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.38.1 kernel-rt-livepatch-devel-5.14.21-150500.13.38.1 kernel-rt-vdso-5.14.21-150500.13.38.1 kernel-rt-vdso-debuginfo-5.14.21-150500.13.38.1 kselftests-kmp-rt-debuginfo-5.14.21-150500.13.38.1 kernel-syms-rt-5.14.21-150500.13.38.1 kernel-rt-debugsource-5.14.21-150500.13.38.1 kernel-livepatch-SLE15-SP5-RT_Update_11-debugsource-1-150500.11.3.1 dlm-kmp-rt-5.14.21-150500.13.38.1 kernel-rt_debug-vdso-5.14.21-150500.13.38.1 kernel-rt-livepatch-5.14.21-150500.13.38.1 gfs2-kmp-rt-debuginfo-5.14.21-150500.13.38.1 kernel-livepatch-5_14_21-150500_13_38-rt-debuginfo-1-150500.11.3.1 kernel-rt_debug-debuginfo-5.14.21-150500.13.38.1 dlm-kmp-rt-debuginfo-5.14.21-150500.13.38.1 ocfs2-kmp-rt-5.14.21-150500.13.38.1 kernel-rt-extra-debuginfo-5.14.21-150500.13.38.1 kernel-rt_debug-debugsource-5.14.21-150500.13.38.1 kernel-rt_debug-devel-5.14.21-150500.13.38.1 reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.38.1 kernel-rt-devel-debuginfo-5.14.21-150500.13.38.1 kernel-rt-devel-5.14.21-150500.13.38.1 cluster-md-kmp-rt-5.14.21-150500.13.38.1 cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.38.1 ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.38.1 kernel-rt-debuginfo-5.14.21-150500.13.38.1 kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.38.1 kernel-rt-optional-debuginfo-5.14.21-150500.13.38.1 kernel-livepatch-5_14_21-150500_13_38-rt-1-150500.11.3.1 kernel-rt-optional-5.14.21-150500.13.38.1 gfs2-kmp-rt-5.14.21-150500.13.38.1 reiserfs-kmp-rt-5.14.21-150500.13.38.1 kernel-rt_debug-livepatch-devel-5.14.21-150500.13.38.1 o openSUSE Leap 15.5 (nosrc x86_64) kernel-rt_debug-5.14.21-150500.13.38.1 kernel-rt-5.14.21-150500.13.38.1 o SUSE Linux Enterprise Micro 5.5 (nosrc x86_64) kernel-rt-5.14.21-150500.13.38.1 o SUSE Linux Enterprise Micro 5.5 (x86_64) kernel-rt-debuginfo-5.14.21-150500.13.38.1 kernel-rt-debugsource-5.14.21-150500.13.38.1 o SUSE Linux Enterprise Micro 5.5 (noarch) kernel-source-rt-5.14.21-150500.13.38.1 o SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) kernel-livepatch-5_14_21-150500_13_38-rt-debuginfo-1-150500.11.3.1 kernel-livepatch-SLE15-SP5-RT_Update_11-debugsource-1-150500.11.3.1 kernel-livepatch-5_14_21-150500_13_38-rt-1-150500.11.3.1 o SUSE Real Time Module 15-SP5 (x86_64) kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.38.1 kernel-rt-vdso-5.14.21-150500.13.38.1 kernel-rt-vdso-debuginfo-5.14.21-150500.13.38.1 kernel-syms-rt-5.14.21-150500.13.38.1 kernel-rt-debugsource-5.14.21-150500.13.38.1 dlm-kmp-rt-5.14.21-150500.13.38.1 kernel-rt_debug-vdso-5.14.21-150500.13.38.1 gfs2-kmp-rt-debuginfo-5.14.21-150500.13.38.1 kernel-rt_debug-debuginfo-5.14.21-150500.13.38.1 dlm-kmp-rt-debuginfo-5.14.21-150500.13.38.1 ocfs2-kmp-rt-5.14.21-150500.13.38.1 kernel-rt_debug-debugsource-5.14.21-150500.13.38.1 kernel-rt_debug-devel-5.14.21-150500.13.38.1 kernel-rt-devel-debuginfo-5.14.21-150500.13.38.1 kernel-rt-devel-5.14.21-150500.13.38.1 cluster-md-kmp-rt-5.14.21-150500.13.38.1 cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.38.1 ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.38.1 kernel-rt-debuginfo-5.14.21-150500.13.38.1 kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.38.1 gfs2-kmp-rt-5.14.21-150500.13.38.1 o SUSE Real Time Module 15-SP5 (noarch) kernel-devel-rt-5.14.21-150500.13.38.1 kernel-source-rt-5.14.21-150500.13.38.1 o SUSE Real Time Module 15-SP5 (nosrc x86_64) kernel-rt_debug-5.14.21-150500.13.38.1 kernel-rt-5.14.21-150500.13.38.1 References: o https://www.suse.com/security/cve/CVE-2019-25162.html o https://www.suse.com/security/cve/CVE-2021-46923.html o https://www.suse.com/security/cve/CVE-2021-46924.html o https://www.suse.com/security/cve/CVE-2021-46932.html o https://www.suse.com/security/cve/CVE-2023-28746.html o https://www.suse.com/security/cve/CVE-2023-5197.html o https://www.suse.com/security/cve/CVE-2023-52340.html o https://www.suse.com/security/cve/CVE-2023-52429.html o https://www.suse.com/security/cve/CVE-2023-52439.html o https://www.suse.com/security/cve/CVE-2023-52443.html o https://www.suse.com/security/cve/CVE-2023-52445.html o https://www.suse.com/security/cve/CVE-2023-52447.html o https://www.suse.com/security/cve/CVE-2023-52448.html o https://www.suse.com/security/cve/CVE-2023-52449.html o https://www.suse.com/security/cve/CVE-2023-52451.html o https://www.suse.com/security/cve/CVE-2023-52452.html o https://www.suse.com/security/cve/CVE-2023-52456.html o https://www.suse.com/security/cve/CVE-2023-52457.html o https://www.suse.com/security/cve/CVE-2023-52463.html o https://www.suse.com/security/cve/CVE-2023-52464.html o https://www.suse.com/security/cve/CVE-2023-52475.html o https://www.suse.com/security/cve/CVE-2023-52478.html o https://www.suse.com/security/cve/CVE-2023-6817.html o https://www.suse.com/security/cve/CVE-2024-0607.html o https://www.suse.com/security/cve/CVE-2024-1151.html o https://www.suse.com/security/cve/CVE-2024-23849.html o https://www.suse.com/security/cve/CVE-2024-23850.html o https://www.suse.com/security/cve/CVE-2024-23851.html o https://www.suse.com/security/cve/CVE-2024-25744.html o https://www.suse.com/security/cve/CVE-2024-26585.html o https://www.suse.com/security/cve/CVE-2024-26586.html o https://www.suse.com/security/cve/CVE-2024-26589.html o https://www.suse.com/security/cve/CVE-2024-26591.html o https://www.suse.com/security/cve/CVE-2024-26593.html o https://www.suse.com/security/cve/CVE-2024-26595.html o https://www.suse.com/security/cve/CVE-2024-26598.html o https://www.suse.com/security/cve/CVE-2024-26602.html o https://www.suse.com/security/cve/CVE-2024-26603.html o https://www.suse.com/security/cve/CVE-2024-26622.html o https://bugzilla.suse.com/show_bug.cgi?id=1194869 o https://bugzilla.suse.com/show_bug.cgi?id=1206453 o https://bugzilla.suse.com/show_bug.cgi?id=1209412 o https://bugzilla.suse.com/show_bug.cgi?id=1213456 o https://bugzilla.suse.com/show_bug.cgi?id=1216776 o https://bugzilla.suse.com/show_bug.cgi?id=1217927 o https://bugzilla.suse.com/show_bug.cgi?id=1218195 o https://bugzilla.suse.com/show_bug.cgi?id=1218216 o https://bugzilla.suse.com/show_bug.cgi?id=1218450 o https://bugzilla.suse.com/show_bug.cgi?id=1218527 o https://bugzilla.suse.com/show_bug.cgi?id=1218663 o https://bugzilla.suse.com/show_bug.cgi?id=1218915 o https://bugzilla.suse.com/show_bug.cgi?id=1219126 o https://bugzilla.suse.com/show_bug.cgi?id=1219127 o https://bugzilla.suse.com/show_bug.cgi?id=1219141 o https://bugzilla.suse.com/show_bug.cgi?id=1219146 o https://bugzilla.suse.com/show_bug.cgi?id=1219295 o https://bugzilla.suse.com/show_bug.cgi?id=1219443 o https://bugzilla.suse.com/show_bug.cgi?id=1219653 o https://bugzilla.suse.com/show_bug.cgi?id=1219827 o https://bugzilla.suse.com/show_bug.cgi?id=1219835 o https://bugzilla.suse.com/show_bug.cgi?id=1219839 o https://bugzilla.suse.com/show_bug.cgi?id=1219840 o https://bugzilla.suse.com/show_bug.cgi?id=1219934 o https://bugzilla.suse.com/show_bug.cgi?id=1220003 o https://bugzilla.suse.com/show_bug.cgi?id=1220009 o https://bugzilla.suse.com/show_bug.cgi?id=1220021 o https://bugzilla.suse.com/show_bug.cgi?id=1220030 o https://bugzilla.suse.com/show_bug.cgi?id=1220106 o https://bugzilla.suse.com/show_bug.cgi?id=1220140 o https://bugzilla.suse.com/show_bug.cgi?id=1220187 o https://bugzilla.suse.com/show_bug.cgi?id=1220238 o https://bugzilla.suse.com/show_bug.cgi?id=1220240 o https://bugzilla.suse.com/show_bug.cgi?id=1220241 o https://bugzilla.suse.com/show_bug.cgi?id=1220243 o https://bugzilla.suse.com/show_bug.cgi?id=1220250 o https://bugzilla.suse.com/show_bug.cgi?id=1220251 o https://bugzilla.suse.com/show_bug.cgi?id=1220253 o https://bugzilla.suse.com/show_bug.cgi?id=1220254 o https://bugzilla.suse.com/show_bug.cgi?id=1220255 o https://bugzilla.suse.com/show_bug.cgi?id=1220257 o https://bugzilla.suse.com/show_bug.cgi?id=1220267 o https://bugzilla.suse.com/show_bug.cgi?id=1220277 o https://bugzilla.suse.com/show_bug.cgi?id=1220317 o https://bugzilla.suse.com/show_bug.cgi?id=1220326 o https://bugzilla.suse.com/show_bug.cgi?id=1220328 o https://bugzilla.suse.com/show_bug.cgi?id=1220330 o https://bugzilla.suse.com/show_bug.cgi?id=1220335 o https://bugzilla.suse.com/show_bug.cgi?id=1220344 o https://bugzilla.suse.com/show_bug.cgi?id=1220348 o https://bugzilla.suse.com/show_bug.cgi?id=1220350 o https://bugzilla.suse.com/show_bug.cgi?id=1220364 o https://bugzilla.suse.com/show_bug.cgi?id=1220392 o https://bugzilla.suse.com/show_bug.cgi?id=1220393 o https://bugzilla.suse.com/show_bug.cgi?id=1220398 o https://bugzilla.suse.com/show_bug.cgi?id=1220409 o https://bugzilla.suse.com/show_bug.cgi?id=1220444 o https://bugzilla.suse.com/show_bug.cgi?id=1220457 o https://bugzilla.suse.com/show_bug.cgi?id=1220459 o https://bugzilla.suse.com/show_bug.cgi?id=1220649 o https://bugzilla.suse.com/show_bug.cgi?id=1220796 o https://bugzilla.suse.com/show_bug.cgi?id=1220825 o https://jira.suse.com/browse/PED-7618 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • ucode-intel: CVSS (Max): 6.5
    on March 28, 2024 at 6:34 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1925 Security update for ucode-intel 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: ucode-intel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-43490 CVE-2023-38575 CVE-2023-39368 CVE-2023-22655 CVE-2023-28746 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240917-1 Comment: CVSS (Max): 6.5 CVE-2023-39368 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for ucode-intel Announcement ID: SUSE-SU-2024:0917-1 Rating: moderate References: o bsc#1221323 o CVE-2023-22655 o CVE-2023-28746 Cross-References: o CVE-2023-38575 o CVE-2023-39368 o CVE-2023-43490 o CVE-2023-22655 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N /S:C/C:L/I:H/A:N o CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:C/C:H/I:N/A:N o CVE-2023-38575 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N CVSS scores: /S:U/C:H/I:N/A:N o CVE-2023-39368 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R /S:U/C:N/I:N/A:H o CVE-2023-43490 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N /S:C/C:H/I:N/A:N Affected o SUSE Linux Enterprise High Performance Computing 12 SP5 Products: o SUSE Linux Enterprise Server 12 SP5 o SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. Description: This update for ucode-intel fixes the following issues: o Updated to Intel CPU Microcode 20240312 release. (bsc#1221323) o CVE-2023-39368: Protection mechanism failure of bus lock regulator for some Intel Processors may allow an unauthenticated user to potentially enable denial of service via network access o CVE-2023-38575: Non-transparent sharing of return predictor targets between contexts in some Intel Processors may allow an authorized user to potentially enable information disclosure via local access. o CVE-2023-28746: Information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors may allow an authenticated user to potentially enable information disclosure via local access. o CVE-2023-22655 Protection mechanism failure in some 3rd and 4th Generation Intel Xeon Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. o CVE-2023-43490: Incorrect calculation in microcode keying mechanism for some Intel Xeon D Processors with Intel SGX may allow a privileged user to potentially enable information disclosure via local access. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-917=1 o SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-917=1 o SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-917=1 Package List: o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) ucode-intel-debuginfo-20240312-134.1 ucode-intel-debugsource-20240312-134.1 ucode-intel-20240312-134.1 o SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) ucode-intel-debuginfo-20240312-134.1 ucode-intel-debugsource-20240312-134.1 ucode-intel-20240312-134.1 o SUSE Linux Enterprise Server 12 SP5 (x86_64) ucode-intel-debuginfo-20240312-134.1 ucode-intel-debugsource-20240312-134.1 ucode-intel-20240312-134.1 References: o https://www.suse.com/security/cve/CVE-2023-22655.html o https://www.suse.com/security/cve/CVE-2023-28746.html o https://www.suse.com/security/cve/CVE-2023-38575.html o https://www.suse.com/security/cve/CVE-2023-39368.html o https://www.suse.com/security/cve/CVE-2023-43490.html o https://bugzilla.suse.com/show_bug.cgi?id=1221323 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • Linux Kernel: CVSS (Max): 8.4
    on March 28, 2024 at 6:34 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1924 Security update for the Linux Kernel 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-52478 CVE-2023-52482 CVE-2022-20154 CVE-2023-52449 CVE-2023-52530 CVE-2023-52531 CVE-2024-1151 CVE-2024-23851 CVE-2024-26585 CVE-2024-26600 CVE-2024-26595 CVE-2024-26622 CVE-2020-36777 CVE-2020-36784 CVE-2021-46906 CVE-2021-46915 CVE-2021-46921 CVE-2021-46929 CVE-2021-46953 CVE-2021-46974 CVE-2021-46991 CVE-2021-46992 CVE-2021-47013 CVE-2021-47054 CVE-2021-47076 CVE-2021-47077 CVE-2021-47078 CVE-2023-28746 CVE-2023-52502 CVE-2023-52532 CVE-2023-52574 CVE-2024-0607 CVE-2022-48627 CVE-2023-46343 CVE-2023-52429 CVE-2024-23849 CVE-2023-35827 CVE-2023-52443 CVE-2021-33200 CVE-2023-52464 CVE-2023-52597 CVE-2019-25162 CVE-2021-46924 CVE-2021-46932 CVE-2023-52445 CVE-2023-52340 CVE-2023-52451 CVE-2023-52605 CVE-2023-52475 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240925-1 Comment: CVSS (Max): 8.4 CVE-2021-33200 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: [SUSE], NIST Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:0925-1 Rating: important o bsc#1050549 o bsc#1186484 o bsc#1200599 o bsc#1212514 o bsc#1213456 o bsc#1218450 o bsc#1218527 o bsc#1218915 o bsc#1219127 o bsc#1219146 o bsc#1219295 o bsc#1219653 o bsc#1219827 o bsc#1219835 o bsc#1220187 o bsc#1220238 o bsc#1220240 o bsc#1220241 o bsc#1220250 o bsc#1220330 o bsc#1220340 o bsc#1220344 o bsc#1220409 o bsc#1220421 o bsc#1220436 o bsc#1220444 o bsc#1220459 o bsc#1220468 References: o bsc#1220482 o bsc#1220526 o bsc#1220570 o bsc#1220575 o bsc#1220599 o bsc#1220607 o bsc#1220613 o bsc#1220638 o bsc#1220641 o bsc#1220649 o bsc#1220700 o bsc#1220735 o bsc#1220767 o bsc#1220796 o bsc#1220825 o bsc#1220831 o bsc#1220845 o bsc#1220860 o bsc#1220861 o bsc#1220863 o bsc#1220870 o bsc#1220930 o bsc#1220931 o bsc#1220932 o bsc#1220957 o bsc#1221039 o bsc#1221040 o bsc#1221287 o CVE-2019-25162 o CVE-2020-36777 o CVE-2020-36784 o CVE-2021-33200 o CVE-2021-46906 o CVE-2021-46915 o CVE-2021-46921 o CVE-2021-46924 o CVE-2021-46929 o CVE-2021-46932 o CVE-2021-46953 o CVE-2021-46974 o CVE-2021-46991 o CVE-2021-46992 o CVE-2021-47013 o CVE-2021-47054 o CVE-2021-47076 o CVE-2021-47077 o CVE-2021-47078 o CVE-2022-20154 o CVE-2022-48627 o CVE-2023-28746 o CVE-2023-35827 o CVE-2023-46343 Cross-References: o CVE-2023-52340 o CVE-2023-52429 o CVE-2023-52443 o CVE-2023-52445 o CVE-2023-52449 o CVE-2023-52451 o CVE-2023-52464 o CVE-2023-52475 o CVE-2023-52478 o CVE-2023-52482 o CVE-2023-52502 o CVE-2023-52530 o CVE-2023-52531 o CVE-2023-52532 o CVE-2023-52574 o CVE-2023-52597 o CVE-2023-52605 o CVE-2024-0607 o CVE-2024-1151 o CVE-2024-23849 o CVE-2024-23851 o CVE-2024-26585 o CVE-2024-26595 o CVE-2024-26600: o CVE-2024-26622 o CVE-2019-25162 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N /S:U/C:H/I:H/A:H o CVE-2020-36777 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:L/I:N/A:N o CVE-2020-36784 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:L/I:N/A:N o CVE-2021-33200 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N /S:U/C:H/I:H/A:H o CVE-2021-33200 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2021-46906 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:N/A:N o CVE-2021-46915 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2021-46921 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:H/I:N/A:N o CVE-2021-46924 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N /S:U/C:L/I:N/A:N o CVE-2021-46929 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:L/I:L/A:L o CVE-2021-46932 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:N/I:N/A:L o CVE-2021-46953 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2021-46974 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:L/A:N o CVE-2021-46991 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:N/A:N o CVE-2021-46992 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:L/I:L/A:L o CVE-2021-47013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2021-47054 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:N/I:N/A:L o CVE-2021-47076 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2021-47077 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2021-47078 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:L/I:L/A:L o CVE-2022-20154 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:H/I:H/A:H o CVE-2022-20154 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/ S:U/C:H/I:H/A:H o CVE-2022-48627 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:L/A:L o CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:C/C:H/I:N/A:N o CVE-2023-35827 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-46343 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2023-46343 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52429 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H CVSS scores: o CVE-2023-52443 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52443 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-52445 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N /S:U/C:H/I:H/A:H o CVE-2023-52445 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-52449 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52449 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-52451 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:L/I:N/A:H o CVE-2023-52451 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-52464 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:N/A:N o CVE-2023-52475 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N /S:U/C:H/I:H/A:H o CVE-2023-52478 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:L/I:L/A:H o CVE-2023-52482 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:C/C:H/I:N/A:N o CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:H/I:H/A:H o CVE-2023-52530 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52531 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52532 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52574 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52597 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N /S:U/C:N/I:L/A:H o CVE-2023-52605 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:N/I:N/A:H o CVE-2024-0607 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:H/A:L o CVE-2024-0607 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:L/I:L/A:H o CVE-2024-1151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-23849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:N/A:N o CVE-2024-23849 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-23851 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:N/I:N/A:H o CVE-2024-23851 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:H/I:H/A:H o CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-26595 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:H/A:H o SUSE Linux Enterprise High Availability Extension 12 SP5 o SUSE Linux Enterprise High Performance Computing 12 SP5 Affected o SUSE Linux Enterprise Live Patching 12-SP5 Products: o SUSE Linux Enterprise Server 12 SP5 o SUSE Linux Enterprise Server for SAP Applications 12 SP5 o SUSE Linux Enterprise Software Development Kit 12 SP5 o SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves 49 vulnerabilities and has seven security fixes can now be installed. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: o CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863) o CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860) o CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039) o CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040). o CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870). o CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735). o CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845). o CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). o CVE-2021-47077: Fixed a NULL pointer dereference when in shost_data (bsc# 1220861). o CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work (bsc# 1212514). o CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932). o CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc# 1220930). o CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931). o CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get and nfc_llcp_sock_get_sn (bsc#1220831). o CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc #1220187). o CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). o CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval (bsc#1218915). o CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control (bsc#1220825). o CVE-2021-46921: Fixed ordering in queued_write_lock_slowpath (bsc#1220468). o CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) o CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). o CVE-2021-46953: Fixed a corruption in interrupt mappings on watchdow probe failure (bsc#1220599). o CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). o CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc# 1220649) o CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) o CVE-2019-25162: Fixed a potential use after free (bsc#1220409). o CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc# 1220570). o CVE-2021-47054: Fixed a bug to put child node before return (bsc#1220767). o CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc# 1220459) o CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436). o CVE-2021-46906: Fixed an info leak in hid_submit_ctrl (bsc#1220421). o CVE-2023-52445: Fixed use after free on context disconnection (bsc# 1220241). o CVE-2020-36777: Fixed a memory leak in dvb_media_device_free (bsc#1220526). o CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc# 1220240). o CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge (CVE-2023-46343). o CVE-2021-46992: Fixed a bug to avoid overflows in nft_hash_buckets (bsc# 1220638). o CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc# 1220641). o CVE-2021-46991: Fixed a use-after-free in i40e_client_subtask (bsc# 1220575). o CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). o CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc# 1219835). o CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330) o CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc# 1219127). o CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). The following non-security bugs were fixed: o ASN.1: Fix check for strdup() success (git-fixes). o audit: fix possible soft lockup in __audit_inode_child() (git-fixes). o Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). o Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). o Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). o Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). o bnx2x: Fix PF-VF communication over multi-cos queues (git-fixes). o e1000: fix memory leaks (git-fixes). o gve: Fix skb truesize underestimation (git-fixes). o igb: clean up in all error paths when enabling SR-IOV (git-fixes). o igb: Fix constant media auto sense switching when no cable is connected (git-fixes). o ipv6: Fix handling of LLA with VRF and sockets bound to VRF (git-fixes). o ipv6: fix typos in __ip6_finish_output() (git-fixes). o ixgbe: protect TX timestamping from API misuse (git-fixes). o kcm: Call strp_stop before strp_done in kcm_attach (git-fixes). o kcm: fix strp_init() order and cleanup (git-fixes). o KVM: s390: vsie: fix race during shadow creation (git-fixes bsc#1220613). o KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes). o KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes). o KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes). o KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (git-fixes). o KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes). o KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). o locking/barriers: Introduce smp_cond_load_relaxed() and atomic_cond_read_relaxed() (bsc#1220468 bsc#1050549). o md: bypass block throttle for superblock update (git-fixes). o media: coda: constify platform_device_id (git-fixes). o media: coda: explicitly request exclusive reset control (git-fixes). o media: coda: reduce iram size to leave space for suspend to ram (git-fixes). o media: coda: reuse coda_s_fmt_vid_cap to propagate format in coda_s_fmt_vid_out (git-fixes). o media: coda: set min_buffers_needed (git-fixes). o media: coda: wake up capture queue on encoder stop after output streamoff (git-fixes). o media: dvb-usb: Add memory free on error path in dw2102_probe() (git-fixes). o media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes). o media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git-fixes). o media: dw2102: Fix memleak on sequence of probes (git-fixes). o media: dw2102: Fix use after free (git-fixes). o media: dw2102: make dvb_usb_device_description structures const (git-fixes). o media: m920x: do not use stack on USB reads (git-fixes). o media: rc: do not remove first bit if leader pulse is present (git-fixes). o media: rc: ir-rc6-decoder: enable toggle bit for Kathrein RCU-676 remote (git-fixes). o media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes). o media: uvcvideo: Set capability in s_param (git-fixes). o net: bonding: debug: avoid printing debug logs when bond is not notifying peers (git-fixes). o net: fec: add missed clk_disable_unprepare in remove (git-fixes). o net: fec: Better handle pm_runtime_get() failing in .remove() (git-fixes). o net: fec: fix clock count mis-match (git-fixes). o net: fec: fix use-after-free in fec_drv_remove (git-fixes). o net: hisilicon: Fix dma_map_single failed on arm64 (git-fixes). o net: hisilicon: fix hip04-xmit never return TX_BUSY (git-fixes). o net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write() (git-fixes). o net: hisilicon: make hip04_tx_reclaim non-reentrant (git-fixes). o net: hns3: add compatible handling for MAC VLAN switch parameter configuration (git-fixes). o net: hns3: not allow SSU loopback while execute ethtool -t dev (git-fixes). o net: lpc-enet: fix printk format strings (git-fixes). o net: nfc: llcp: Add lock when modifying device list (git-fixes). o net: phy: dp83867: enable robust auto-mdix (git-fixes). o net: phy: initialise phydev speed and duplex sanely (git-fixes). o net: sfp: add mutex to prevent concurrent state checks (git-fixes). o net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context (git-fixes). o net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes). o net/mlx5e: ethtool, Avoid setting speed to 56GBASE when autoneg off (git-fixes). o net/sched: tcindex: search key must be 16 bits (git-fixes). o nfsd: Do not refuse to serve out of cache (bsc#1220957). o PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes). o Revert “md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d” (git-fixes). o Revert “wcn36xx: Disable bmps when encryption is disabled” (git-fixes). o s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220607). o stmmac: fix potential division by 0 (git-fixes). o tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450). o usb: host: fotg210: fix the actual_length of an iso packet (git-fixes). o usb: host: fotg210: fix the endpoint’s transactional opportunities calculation (git-fixes). o usb: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT (bsc# 1218527). o usb: musb: dsps: Fix the probe error path (git-fixes). o usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes). o usb: musb: tusb6010: check return value after calling platform_get_resource () (git-fixes). o usb: typec: tcpci: clear the fault status bit (git-fixes). o wcn36xx: Fix (QoS) null data frame bitrate/modulation (git-fixes). o wcn36xx: Fix discarded frames due to wrong sequence number (git-fixes). o wcn36xx: fix RX BD rate mapping for 5GHz legacy rates (git-fixes). o x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes). o x86/bugs: Add asm helpers for executing VERW (bsc#1213456). o x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). Also add mds_user_clear to kABI severity as it’s used purely for mitigation so it’s low risk. o x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes). o x86/entry_32: Add VERW just before userspace transition (git-fixes). o x86/entry_64: Add VERW just before userspace transition (git-fixes). Special Instructions and Notes: o Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2024-925=1 SUSE-SLE-SERVER-12-SP5-2024-925=1 o SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2024-925=1 o SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2024-925=1 o SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-925=1 o SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-925=1 o SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-925=1 o SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2024-925=1 Package List: o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) gfs2-kmp-default-4.12.14-122.201.1 dlm-kmp-default-debuginfo-4.12.14-122.201.1 kernel-default-base-4.12.14-122.201.1 kernel-default-debuginfo-4.12.14-122.201.1 gfs2-kmp-default-debuginfo-4.12.14-122.201.1 dlm-kmp-default-4.12.14-122.201.1 cluster-md-kmp-default-debuginfo-4.12.14-122.201.1 kernel-default-devel-4.12.14-122.201.1 kernel-default-base-debuginfo-4.12.14-122.201.1 ocfs2-kmp-default-debuginfo-4.12.14-122.201.1 kernel-default-debugsource-4.12.14-122.201.1 kernel-syms-4.12.14-122.201.1 cluster-md-kmp-default-4.12.14-122.201.1 ocfs2-kmp-default-4.12.14-122.201.1 o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) kernel-default-4.12.14-122.201.1 o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) kernel-macros-4.12.14-122.201.1 kernel-devel-4.12.14-122.201.1 kernel-source-4.12.14-122.201.1 o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) kernel-default-devel-debuginfo-4.12.14-122.201.1 o SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) gfs2-kmp-default-4.12.14-122.201.1 dlm-kmp-default-debuginfo-4.12.14-122.201.1 kernel-default-debuginfo-4.12.14-122.201.1 gfs2-kmp-default-debuginfo-4.12.14-122.201.1 dlm-kmp-default-4.12.14-122.201.1 cluster-md-kmp-default-debuginfo-4.12.14-122.201.1 ocfs2-kmp-default-debuginfo-4.12.14-122.201.1 kernel-default-debugsource-4.12.14-122.201.1 cluster-md-kmp-default-4.12.14-122.201.1 ocfs2-kmp-default-4.12.14-122.201.1 o SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc) kernel-default-4.12.14-122.201.1 o SUSE Linux Enterprise Live Patching 12-SP5 (nosrc) kernel-default-4.12.14-122.201.1 o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) kernel-default-kgraft-devel-4.12.14-122.201.1 kernel-default-kgraft-4.12.14-122.201.1 kernel-default-debuginfo-4.12.14-122.201.1 kernel-default-debugsource-4.12.14-122.201.1 kgraft-patch-4_12_14-122_201-default-1-8.7.1 o SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc) kernel-docs-4.12.14-122.201.1 o SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) kernel-obs-build-debugsource-4.12.14-122.201.2 kernel-obs-build-4.12.14-122.201.2 o SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc x86_64) kernel-default-4.12.14-122.201.1 o SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) kernel-default-base-4.12.14-122.201.1 kernel-default-debuginfo-4.12.14-122.201.1 kernel-default-devel-4.12.14-122.201.1 kernel-default-base-debuginfo-4.12.14-122.201.1 kernel-default-debugsource-4.12.14-122.201.1 kernel-syms-4.12.14-122.201.1 o SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) kernel-macros-4.12.14-122.201.1 kernel-devel-4.12.14-122.201.1 kernel-source-4.12.14-122.201.1 o SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) kernel-default-devel-debuginfo-4.12.14-122.201.1 o SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc) kernel-default-4.12.14-122.201.1 o SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) kernel-default-base-4.12.14-122.201.1 kernel-default-debuginfo-4.12.14-122.201.1 kernel-default-devel-4.12.14-122.201.1 kernel-default-base-debuginfo-4.12.14-122.201.1 kernel-default-debugsource-4.12.14-122.201.1 kernel-syms-4.12.14-122.201.1 o SUSE Linux Enterprise Server 12 SP5 (noarch) kernel-macros-4.12.14-122.201.1 kernel-devel-4.12.14-122.201.1 kernel-source-4.12.14-122.201.1 o SUSE Linux Enterprise Server 12 SP5 (s390x) kernel-default-man-4.12.14-122.201.1 o SUSE Linux Enterprise Server 12 SP5 (x86_64) kernel-default-devel-debuginfo-4.12.14-122.201.1 o SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc) kernel-default-4.12.14-122.201.1 o SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) kernel-default-debugsource-4.12.14-122.201.1 kernel-default-extra-4.12.14-122.201.1 kernel-default-extra-debuginfo-4.12.14-122.201.1 kernel-default-debuginfo-4.12.14-122.201.1 References: o https://www.suse.com/security/cve/CVE-2019-25162.html o https://www.suse.com/security/cve/CVE-2020-36777.html o https://www.suse.com/security/cve/CVE-2020-36784.html o https://www.suse.com/security/cve/CVE-2021-33200.html o https://www.suse.com/security/cve/CVE-2021-46906.html o https://www.suse.com/security/cve/CVE-2021-46915.html o https://www.suse.com/security/cve/CVE-2021-46921.html o https://www.suse.com/security/cve/CVE-2021-46924.html o https://www.suse.com/security/cve/CVE-2021-46929.html o https://www.suse.com/security/cve/CVE-2021-46932.html o https://www.suse.com/security/cve/CVE-2021-46953.html o https://www.suse.com/security/cve/CVE-2021-46974.html o https://www.suse.com/security/cve/CVE-2021-46991.html o https://www.suse.com/security/cve/CVE-2021-46992.html o https://www.suse.com/security/cve/CVE-2021-47013.html o https://www.suse.com/security/cve/CVE-2021-47054.html o https://www.suse.com/security/cve/CVE-2021-47076.html o https://www.suse.com/security/cve/CVE-2021-47077.html o https://www.suse.com/security/cve/CVE-2021-47078.html o https://www.suse.com/security/cve/CVE-2022-20154.html o https://www.suse.com/security/cve/CVE-2022-48627.html o https://www.suse.com/security/cve/CVE-2023-28746.html o https://www.suse.com/security/cve/CVE-2023-35827.html o https://www.suse.com/security/cve/CVE-2023-46343.html o https://www.suse.com/security/cve/CVE-2023-52340.html o https://www.suse.com/security/cve/CVE-2023-52429.html o https://www.suse.com/security/cve/CVE-2023-52443.html o https://www.suse.com/security/cve/CVE-2023-52445.html o https://www.suse.com/security/cve/CVE-2023-52449.html o https://www.suse.com/security/cve/CVE-2023-52451.html o https://www.suse.com/security/cve/CVE-2023-52464.html o https://www.suse.com/security/cve/CVE-2023-52475.html o https://www.suse.com/security/cve/CVE-2023-52478.html o https://www.suse.com/security/cve/CVE-2023-52482.html o https://www.suse.com/security/cve/CVE-2023-52502.html o https://www.suse.com/security/cve/CVE-2023-52530.html o https://www.suse.com/security/cve/CVE-2023-52531.html o https://www.suse.com/security/cve/CVE-2023-52532.html o https://www.suse.com/security/cve/CVE-2023-52574.html o https://www.suse.com/security/cve/CVE-2023-52597.html o https://www.suse.com/security/cve/CVE-2023-52605.html o https://www.suse.com/security/cve/CVE-2024-0607.html o https://www.suse.com/security/cve/CVE-2024-1151.html o https://www.suse.com/security/cve/CVE-2024-23849.html o https://www.suse.com/security/cve/CVE-2024-23851.html o https://www.suse.com/security/cve/CVE-2024-26585.html o https://www.suse.com/security/cve/CVE-2024-26595.html o https://www.suse.com/security/cve/CVE-2024-26600:.html o https://www.suse.com/security/cve/CVE-2024-26622.html o https://bugzilla.suse.com/show_bug.cgi?id=1050549 o https://bugzilla.suse.com/show_bug.cgi?id=1186484 o https://bugzilla.suse.com/show_bug.cgi?id=1200599 o https://bugzilla.suse.com/show_bug.cgi?id=1212514 o https://bugzilla.suse.com/show_bug.cgi?id=1213456 o https://bugzilla.suse.com/show_bug.cgi?id=1218450 o https://bugzilla.suse.com/show_bug.cgi?id=1218527 o https://bugzilla.suse.com/show_bug.cgi?id=1218915 o https://bugzilla.suse.com/show_bug.cgi?id=1219127 o https://bugzilla.suse.com/show_bug.cgi?id=1219146 o https://bugzilla.suse.com/show_bug.cgi?id=1219295 o https://bugzilla.suse.com/show_bug.cgi?id=1219653 o https://bugzilla.suse.com/show_bug.cgi?id=1219827 o https://bugzilla.suse.com/show_bug.cgi?id=1219835 o https://bugzilla.suse.com/show_bug.cgi?id=1220187 o https://bugzilla.suse.com/show_bug.cgi?id=1220238 o https://bugzilla.suse.com/show_bug.cgi?id=1220240 o https://bugzilla.suse.com/show_bug.cgi?id=1220241 o https://bugzilla.suse.com/show_bug.cgi?id=1220250 o https://bugzilla.suse.com/show_bug.cgi?id=1220330 o https://bugzilla.suse.com/show_bug.cgi?id=1220340 o https://bugzilla.suse.com/show_bug.cgi?id=1220344 o https://bugzilla.suse.com/show_bug.cgi?id=1220409 o https://bugzilla.suse.com/show_bug.cgi?id=1220421 o https://bugzilla.suse.com/show_bug.cgi?id=1220436 o https://bugzilla.suse.com/show_bug.cgi?id=1220444 o https://bugzilla.suse.com/show_bug.cgi?id=1220459 o https://bugzilla.suse.com/show_bug.cgi?id=1220468 o https://bugzilla.suse.com/show_bug.cgi?id=1220482 o https://bugzilla.suse.com/show_bug.cgi?id=1220526 o https://bugzilla.suse.com/show_bug.cgi?id=1220570 o https://bugzilla.suse.com/show_bug.cgi?id=1220575 o https://bugzilla.suse.com/show_bug.cgi?id=1220599 o https://bugzilla.suse.com/show_bug.cgi?id=1220607 o https://bugzilla.suse.com/show_bug.cgi?id=1220613 o https://bugzilla.suse.com/show_bug.cgi?id=1220638 o https://bugzilla.suse.com/show_bug.cgi?id=1220641 o https://bugzilla.suse.com/show_bug.cgi?id=1220649 o https://bugzilla.suse.com/show_bug.cgi?id=1220700 o https://bugzilla.suse.com/show_bug.cgi?id=1220735 o https://bugzilla.suse.com/show_bug.cgi?id=1220767 o https://bugzilla.suse.com/show_bug.cgi?id=1220796 o https://bugzilla.suse.com/show_bug.cgi?id=1220825 o https://bugzilla.suse.com/show_bug.cgi?id=1220831 o https://bugzilla.suse.com/show_bug.cgi?id=1220845 o https://bugzilla.suse.com/show_bug.cgi?id=1220860 o https://bugzilla.suse.com/show_bug.cgi?id=1220861 o https://bugzilla.suse.com/show_bug.cgi?id=1220863 o https://bugzilla.suse.com/show_bug.cgi?id=1220870 o https://bugzilla.suse.com/show_bug.cgi?id=1220930 o https://bugzilla.suse.com/show_bug.cgi?id=1220931 o https://bugzilla.suse.com/show_bug.cgi?id=1220932 o https://bugzilla.suse.com/show_bug.cgi?id=1220957 o https://bugzilla.suse.com/show_bug.cgi?id=1221039 o https://bugzilla.suse.com/show_bug.cgi?id=1221040 o https://bugzilla.suse.com/show_bug.cgi?id=1221287 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • Linux Kernel: CVSS (Max): 7.8
    on March 28, 2024 at 6:34 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1923 Security update for the Linux Kernel 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-52448 CVE-2023-52478 CVE-2022-20154 CVE-2023-52449 CVE-2023-52482 CVE-2023-52530 CVE-2023-52531 CVE-2024-1151 CVE-2024-23851 CVE-2024-26585 CVE-2024-26586 CVE-2024-26593 CVE-2024-26595 CVE-2024-26602 CVE-2024-26607 CVE-2024-26622 CVE-2020-36777 CVE-2020-36784 CVE-2021-46906 CVE-2021-46915 CVE-2021-46929 CVE-2021-46953 CVE-2021-46974 CVE-2023-28746 CVE-2021-47013 CVE-2021-47054 CVE-2021-47076 CVE-2021-47078 CVE-2023-52502 CVE-2023-52532 CVE-2023-52574 CVE-2021-46904 CVE-2021-46905 CVE-2021-46964 CVE-2021-46966 CVE-2021-46989 CVE-2021-47005 CVE-2021-47012 CVE-2021-47060 CVE-2021-47061 CVE-2021-47069 CVE-2023-52569 CVE-2024-0607 CVE-2022-48627 CVE-2023-51042 CVE-2024-0340 CVE-2023-46343 CVE-2023-52429 CVE-2024-23849 CVE-2023-35827 CVE-2023-52439 CVE-2023-52443 CVE-2023-52463 CVE-2023-52597 CVE-2024-26589 CVE-2019-25162 CVE-2021-46924 CVE-2021-46932 CVE-2021-46934 CVE-2021-47083 CVE-2023-52445 CVE-2023-52340 CVE-2023-52451 CVE-2023-52605 CVE-2023-52475 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240926-1 Comment: CVSS (Max): 7.8 CVE-2024-26622 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: Red Hat, NIST, [SUSE] Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:0926-1 Rating: important o bsc#1155518 o bsc#1184436 o bsc#1185988 o bsc#1186286 o bsc#1200599 o bsc#1212514 o bsc#1213456 o bsc#1218689 o bsc#1218915 o bsc#1219127 o bsc#1219128 o bsc#1219146 o bsc#1219295 o bsc#1219653 o bsc#1219827 o bsc#1219835 o bsc#1220009 o bsc#1220140 o bsc#1220187 o bsc#1220238 o bsc#1220240 o bsc#1220241 o bsc#1220243 o bsc#1220250 o bsc#1220253 o bsc#1220255 o bsc#1220328 o bsc#1220330 o bsc#1220344 o bsc#1220398 o bsc#1220409 o bsc#1220416 o bsc#1220418 o bsc#1220421 o bsc#1220436 References: o bsc#1220444 o bsc#1220459 o bsc#1220469 o bsc#1220482 o bsc#1220526 o bsc#1220538 o bsc#1220570 o bsc#1220572 o bsc#1220599 o bsc#1220627 o bsc#1220641 o bsc#1220649 o bsc#1220660 o bsc#1220700 o bsc#1220735 o bsc#1220736 o bsc#1220737 o bsc#1220742 o bsc#1220745 o bsc#1220767 o bsc#1220796 o bsc#1220825 o bsc#1220826 o bsc#1220831 o bsc#1220845 o bsc#1220860 o bsc#1220863 o bsc#1220870 o bsc#1220917 o bsc#1220918 o bsc#1220930 o bsc#1220931 o bsc#1220932 o bsc#1221039 o bsc#1221040 o bsc#1221287 o CVE-2019-25162 o CVE-2020-36777 o CVE-2020-36784 o CVE-2021-46904 o CVE-2021-46905 o CVE-2021-46906 o CVE-2021-46915 o CVE-2021-46924 o CVE-2021-46929 o CVE-2021-46932 o CVE-2021-46934 o CVE-2021-46953 o CVE-2021-46964 o CVE-2021-46966 o CVE-2021-46974 o CVE-2021-46989 o CVE-2021-47005 o CVE-2021-47012 o CVE-2021-47013 o CVE-2021-47054 o CVE-2021-47060 o CVE-2021-47061 o CVE-2021-47069 o CVE-2021-47076 o CVE-2021-47078 o CVE-2021-47083 o CVE-2022-20154 o CVE-2022-48627 o CVE-2023-28746 o CVE-2023-35827 o CVE-2023-46343 o CVE-2023-51042 Cross-References: o CVE-2023-52340 o CVE-2023-52429 o CVE-2023-52439 o CVE-2023-52443 o CVE-2023-52445 o CVE-2023-52448 o CVE-2023-52449 o CVE-2023-52451 o CVE-2023-52463 o CVE-2023-52475 o CVE-2023-52478 o CVE-2023-52482 o CVE-2023-52502 o CVE-2023-52530 o CVE-2023-52531 o CVE-2023-52532 o CVE-2023-52569 o CVE-2023-52574 o CVE-2023-52597 o CVE-2023-52605 o CVE-2024-0340 o CVE-2024-0607 o CVE-2024-1151 o CVE-2024-23849 o CVE-2024-23851 o CVE-2024-26585 o CVE-2024-26586 o CVE-2024-26589 o CVE-2024-26593 o CVE-2024-26595 o CVE-2024-26602 o CVE-2024-26607 o CVE-2024-26622 o CVE-2019-25162 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N /S:U/C:H/I:H/A:H o CVE-2020-36777 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:L/I:N/A:N o CVE-2020-36784 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:L/I:N/A:N o CVE-2021-46904 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2021-46905 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:L o CVE-2021-46906 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:N/A:N o CVE-2021-46915 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2021-46924 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N /S:U/C:L/I:N/A:N o CVE-2021-46929 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:L/I:L/A:L o CVE-2021-46932 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:N/I:N/A:L o CVE-2021-46934 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:L/I:N/A:N o CVE-2021-46953 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2021-46974 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:L/A:N o CVE-2021-47005 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:N/I:N/A:H o CVE-2021-47012 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:H/I:H/A:H o CVE-2021-47013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2021-47054 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:N/I:N/A:L o CVE-2021-47060 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:H/I:H/A:H o CVE-2021-47061 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:H/I:H/A:H o CVE-2021-47069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2021-47076 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2021-47078 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:L/I:L/A:L o CVE-2021-47083 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:H/A:L o CVE-2022-20154 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:H/I:H/A:H o CVE-2022-20154 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/ S:U/C:H/I:H/A:H o CVE-2022-48627 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:L/A:L o CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:C/C:H/I:N/A:N o CVE-2023-35827 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-46343 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2023-46343 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-51042 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:H/I:H/A:H o CVE-2023-51042 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52429 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-52439 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:H/I:H/A:H o CVE-2023-52439 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-52443 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52443 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-52445 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N CVSS scores: /S:U/C:H/I:H/A:H o CVE-2023-52445 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-52448 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52448 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-52449 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52449 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-52451 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:L/I:N/A:H o CVE-2023-52451 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-52463 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52475 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N /S:U/C:H/I:H/A:H o CVE-2023-52478 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:L/I:L/A:H o CVE-2023-52482 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:C/C:H/I:N/A:N o CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:H/I:H/A:H o CVE-2023-52530 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52531 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52532 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52569 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52574 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52597 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N /S:U/C:N/I:L/A:H o CVE-2023-52605 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:N/I:N/A:H o CVE-2024-0340 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:L/I:N/A:N o CVE-2024-0340 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:N/A:N o CVE-2024-0607 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:H/A:L o CVE-2024-0607 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:L/I:L/A:H o CVE-2024-1151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-23849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:N/A:N o CVE-2024-23849 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-23851 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:N/I:N/A:H o CVE-2024-23851 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:H/I:H/A:H o CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-26586 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:H/I:H/A:H o CVE-2024-26586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2024-26589 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:H/I:N/A:N o CVE-2024-26589 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2024-26593 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:H/I:N/A:N o CVE-2024-26595 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2024-26602 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:H/I:N/A:N o CVE-2024-26607 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:H/A:H o SUSE Linux Enterprise High Availability Extension 15 SP2 o SUSE Linux Enterprise High Performance Computing 15 SP2 o SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 o SUSE Linux Enterprise Live Patching 15-SP2 Affected o SUSE Linux Enterprise Server 15 SP2 Products: o SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 o SUSE Linux Enterprise Server for SAP Applications 15 SP2 o SUSE Manager Proxy 4.1 o SUSE Manager Retail Branch Server 4.1 o SUSE Manager Server 4.1 An update that solves 65 vulnerabilities and has six security fixes can now be installed. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: o CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863) o CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860) o CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039) o CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). o CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831). o CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918). o CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735). o CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040). o CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845). o CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870). o CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc# 1220469). o CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc #1212514). o CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932). o CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc# 1220930). o CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931). o CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc# 1220917). o CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736). o CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). o CVE-2021-47005: Fixed a NULL pointer dereference for ->get_features() (bsc# 1220660). o CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc #1220187). o CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). o CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc# 1218915). o CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1220742). o CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc# 1220825). o CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). o CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) o CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). o CVE-2021-47012: Fixed a use after free in siw_alloc_mr (bsc#1220627). o CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). o CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc# 1220649) o CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) o CVE-2021-46989: Fixed a bug by preventing corruption in shrinking truncate in hfsplus (bsc#1220737). o CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436). o CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc# 1220459) o CVE-2019-25162: Fixed a potential use after free (bsc#1220409). o CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc# 1220570). o CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure after sync’ing SRCU (bsc#1220745). o CVE-2023-52445: Fixed use after free on context disconnection (bsc# 1220241). o CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343). o CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). o CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc# 1220240). o CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). o CVE-2024-26593: Fixed block process call transactions (bsc#1220009). o CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc# 1220641). o CVE-2024-26586: Fixed stack corruption (bsc#1220243). o CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). o CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). o CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc# 1219835). o CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc# 1219127). o CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg () (bsc#1218689). o CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). The following non-security bugs were fixed: o EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330) o KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes). o KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (git-fixes). o KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes). o KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes). o KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes). o KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (git-fixes). o KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes). o KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). o x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes). o x86/bugs: Add asm helpers for executing VERW (git-fixes). o x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). o x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes). o x86/entry_32: Add VERW just before userspace transition (git-fixes). o x86/entry_64: Add VERW just before userspace transition (git-fixes). Special Instructions and Notes: o Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-926=1 o SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2024-926=1 o SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-926=1 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-926=1 o SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-926=1 Package List: o SUSE Linux Enterprise Live Patching 15-SP2 (nosrc) kernel-default-5.3.18-150200.24.183.1 o SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) kernel-default-livepatch-devel-5.3.18-150200.24.183.1 kernel-livepatch-SLE15-SP2_Update_46-debugsource-1-150200.5.3.2 kernel-default-debuginfo-5.3.18-150200.24.183.1 kernel-default-livepatch-5.3.18-150200.24.183.1 kernel-livepatch-5_3_18-150200_24_183-default-debuginfo-1-150200.5.3.2 kernel-livepatch-5_3_18-150200_24_183-default-1-150200.5.3.2 kernel-default-debugsource-5.3.18-150200.24.183.1 o SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) cluster-md-kmp-default-5.3.18-150200.24.183.1 gfs2-kmp-default-5.3.18-150200.24.183.1 ocfs2-kmp-default-debuginfo-5.3.18-150200.24.183.1 cluster-md-kmp-default-debuginfo-5.3.18-150200.24.183.1 dlm-kmp-default-debuginfo-5.3.18-150200.24.183.1 kernel-default-debuginfo-5.3.18-150200.24.183.1 gfs2-kmp-default-debuginfo-5.3.18-150200.24.183.1 kernel-default-debugsource-5.3.18-150200.24.183.1 ocfs2-kmp-default-5.3.18-150200.24.183.1 dlm-kmp-default-5.3.18-150200.24.183.1 o SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc) kernel-default-5.3.18-150200.24.183.1 o SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) kernel-preempt-5.3.18-150200.24.183.1 kernel-default-5.3.18-150200.24.183.1 o SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) kernel-default-devel-5.3.18-150200.24.183.1 kernel-preempt-devel-5.3.18-150200.24.183.1 kernel-preempt-debuginfo-5.3.18-150200.24.183.1 kernel-syms-5.3.18-150200.24.183.1 kernel-default-base-5.3.18-150200.24.183.1.150200.9.93.2 kernel-obs-build-5.3.18-150200.24.183.1 kernel-obs-build-debugsource-5.3.18-150200.24.183.1 kernel-default-debuginfo-5.3.18-150200.24.183.1 kernel-preempt-debugsource-5.3.18-150200.24.183.1 kernel-default-devel-debuginfo-5.3.18-150200.24.183.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.183.1 kernel-default-debugsource-5.3.18-150200.24.183.1 o SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) kernel-devel-5.3.18-150200.24.183.1 kernel-macros-5.3.18-150200.24.183.1 kernel-source-5.3.18-150200.24.183.1 o SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc) kernel-docs-5.3.18-150200.24.183.1 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc) kernel-default-5.3.18-150200.24.183.1 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) kernel-default-devel-5.3.18-150200.24.183.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.183.1 kernel-syms-5.3.18-150200.24.183.1 kernel-default-base-5.3.18-150200.24.183.1.150200.9.93.2 kernel-obs-build-5.3.18-150200.24.183.1 kernel-obs-build-debugsource-5.3.18-150200.24.183.1 kernel-default-debuginfo-5.3.18-150200.24.183.1 kernel-default-devel-debuginfo-5.3.18-150200.24.183.1 reiserfs-kmp-default-5.3.18-150200.24.183.1 kernel-default-debugsource-5.3.18-150200.24.183.1 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) kernel-devel-5.3.18-150200.24.183.1 kernel-macros-5.3.18-150200.24.183.1 kernel-source-5.3.18-150200.24.183.1 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc) kernel-docs-5.3.18-150200.24.183.1 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) kernel-preempt-5.3.18-150200.24.183.1 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) kernel-preempt-devel-5.3.18-150200.24.183.1 kernel-preempt-debugsource-5.3.18-150200.24.183.1 kernel-preempt-debuginfo-5.3.18-150200.24.183.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.183.1 o SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) kernel-default-5.3.18-150200.24.183.1 o SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) kernel-default-devel-5.3.18-150200.24.183.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.183.1 kernel-syms-5.3.18-150200.24.183.1 kernel-default-base-5.3.18-150200.24.183.1.150200.9.93.2 kernel-obs-build-5.3.18-150200.24.183.1 kernel-obs-build-debugsource-5.3.18-150200.24.183.1 kernel-default-debuginfo-5.3.18-150200.24.183.1 kernel-default-devel-debuginfo-5.3.18-150200.24.183.1 reiserfs-kmp-default-5.3.18-150200.24.183.1 kernel-default-debugsource-5.3.18-150200.24.183.1 o SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) kernel-devel-5.3.18-150200.24.183.1 kernel-macros-5.3.18-150200.24.183.1 kernel-source-5.3.18-150200.24.183.1 o SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc) kernel-docs-5.3.18-150200.24.183.1 o SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64) kernel-preempt-5.3.18-150200.24.183.1 o SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) kernel-preempt-devel-5.3.18-150200.24.183.1 kernel-preempt-debugsource-5.3.18-150200.24.183.1 kernel-preempt-debuginfo-5.3.18-150200.24.183.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.183.1 References: o https://www.suse.com/security/cve/CVE-2019-25162.html o https://www.suse.com/security/cve/CVE-2020-36777.html o https://www.suse.com/security/cve/CVE-2020-36784.html o https://www.suse.com/security/cve/CVE-2021-46904.html o https://www.suse.com/security/cve/CVE-2021-46905.html o https://www.suse.com/security/cve/CVE-2021-46906.html o https://www.suse.com/security/cve/CVE-2021-46915.html o https://www.suse.com/security/cve/CVE-2021-46924.html o https://www.suse.com/security/cve/CVE-2021-46929.html o https://www.suse.com/security/cve/CVE-2021-46932.html o https://www.suse.com/security/cve/CVE-2021-46934.html o https://www.suse.com/security/cve/CVE-2021-46953.html o https://www.suse.com/security/cve/CVE-2021-46964.html o https://www.suse.com/security/cve/CVE-2021-46966.html o https://www.suse.com/security/cve/CVE-2021-46974.html o https://www.suse.com/security/cve/CVE-2021-46989.html o https://www.suse.com/security/cve/CVE-2021-47005.html o https://www.suse.com/security/cve/CVE-2021-47012.html o https://www.suse.com/security/cve/CVE-2021-47013.html o https://www.suse.com/security/cve/CVE-2021-47054.html o https://www.suse.com/security/cve/CVE-2021-47060.html o https://www.suse.com/security/cve/CVE-2021-47061.html o https://www.suse.com/security/cve/CVE-2021-47069.html o https://www.suse.com/security/cve/CVE-2021-47076.html o https://www.suse.com/security/cve/CVE-2021-47078.html o https://www.suse.com/security/cve/CVE-2021-47083.html o https://www.suse.com/security/cve/CVE-2022-20154.html o https://www.suse.com/security/cve/CVE-2022-48627.html o https://www.suse.com/security/cve/CVE-2023-28746.html o https://www.suse.com/security/cve/CVE-2023-35827.html o https://www.suse.com/security/cve/CVE-2023-46343.html o https://www.suse.com/security/cve/CVE-2023-51042.html o https://www.suse.com/security/cve/CVE-2023-52340.html o https://www.suse.com/security/cve/CVE-2023-52429.html o https://www.suse.com/security/cve/CVE-2023-52439.html o https://www.suse.com/security/cve/CVE-2023-52443.html o https://www.suse.com/security/cve/CVE-2023-52445.html o https://www.suse.com/security/cve/CVE-2023-52448.html o https://www.suse.com/security/cve/CVE-2023-52449.html o https://www.suse.com/security/cve/CVE-2023-52451.html o https://www.suse.com/security/cve/CVE-2023-52463.html o https://www.suse.com/security/cve/CVE-2023-52475.html o https://www.suse.com/security/cve/CVE-2023-52478.html o https://www.suse.com/security/cve/CVE-2023-52482.html o https://www.suse.com/security/cve/CVE-2023-52502.html o https://www.suse.com/security/cve/CVE-2023-52530.html o https://www.suse.com/security/cve/CVE-2023-52531.html o https://www.suse.com/security/cve/CVE-2023-52532.html o https://www.suse.com/security/cve/CVE-2023-52569.html o https://www.suse.com/security/cve/CVE-2023-52574.html o https://www.suse.com/security/cve/CVE-2023-52597.html o https://www.suse.com/security/cve/CVE-2023-52605.html o https://www.suse.com/security/cve/CVE-2024-0340.html o https://www.suse.com/security/cve/CVE-2024-0607.html o https://www.suse.com/security/cve/CVE-2024-1151.html o https://www.suse.com/security/cve/CVE-2024-23849.html o https://www.suse.com/security/cve/CVE-2024-23851.html o https://www.suse.com/security/cve/CVE-2024-26585.html o https://www.suse.com/security/cve/CVE-2024-26586.html o https://www.suse.com/security/cve/CVE-2024-26589.html o https://www.suse.com/security/cve/CVE-2024-26593.html o https://www.suse.com/security/cve/CVE-2024-26595.html o https://www.suse.com/security/cve/CVE-2024-26602.html o https://www.suse.com/security/cve/CVE-2024-26607.html o https://www.suse.com/security/cve/CVE-2024-26622.html o https://bugzilla.suse.com/show_bug.cgi?id=1155518 o https://bugzilla.suse.com/show_bug.cgi?id=1184436 o https://bugzilla.suse.com/show_bug.cgi?id=1185988 o https://bugzilla.suse.com/show_bug.cgi?id=1186286 o https://bugzilla.suse.com/show_bug.cgi?id=1200599 o https://bugzilla.suse.com/show_bug.cgi?id=1212514 o https://bugzilla.suse.com/show_bug.cgi?id=1213456 o https://bugzilla.suse.com/show_bug.cgi?id=1218689 o https://bugzilla.suse.com/show_bug.cgi?id=1218915 o https://bugzilla.suse.com/show_bug.cgi?id=1219127 o https://bugzilla.suse.com/show_bug.cgi?id=1219128 o https://bugzilla.suse.com/show_bug.cgi?id=1219146 o https://bugzilla.suse.com/show_bug.cgi?id=1219295 o https://bugzilla.suse.com/show_bug.cgi?id=1219653 o https://bugzilla.suse.com/show_bug.cgi?id=1219827 o https://bugzilla.suse.com/show_bug.cgi?id=1219835 o https://bugzilla.suse.com/show_bug.cgi?id=1220009 o https://bugzilla.suse.com/show_bug.cgi?id=1220140 o https://bugzilla.suse.com/show_bug.cgi?id=1220187 o https://bugzilla.suse.com/show_bug.cgi?id=1220238 o https://bugzilla.suse.com/show_bug.cgi?id=1220240 o https://bugzilla.suse.com/show_bug.cgi?id=1220241 o https://bugzilla.suse.com/show_bug.cgi?id=1220243 o https://bugzilla.suse.com/show_bug.cgi?id=1220250 o https://bugzilla.suse.com/show_bug.cgi?id=1220253 o https://bugzilla.suse.com/show_bug.cgi?id=1220255 o https://bugzilla.suse.com/show_bug.cgi?id=1220328 o https://bugzilla.suse.com/show_bug.cgi?id=1220330 o https://bugzilla.suse.com/show_bug.cgi?id=1220344 o https://bugzilla.suse.com/show_bug.cgi?id=1220398 o https://bugzilla.suse.com/show_bug.cgi?id=1220409 o https://bugzilla.suse.com/show_bug.cgi?id=1220416 o https://bugzilla.suse.com/show_bug.cgi?id=1220418 o https://bugzilla.suse.com/show_bug.cgi?id=1220421 o https://bugzilla.suse.com/show_bug.cgi?id=1220436 o https://bugzilla.suse.com/show_bug.cgi?id=1220444 o https://bugzilla.suse.com/show_bug.cgi?id=1220459 o https://bugzilla.suse.com/show_bug.cgi?id=1220469 o https://bugzilla.suse.com/show_bug.cgi?id=1220482 o https://bugzilla.suse.com/show_bug.cgi?id=1220526 o https://bugzilla.suse.com/show_bug.cgi?id=1220538 o https://bugzilla.suse.com/show_bug.cgi?id=1220570 o https://bugzilla.suse.com/show_bug.cgi?id=1220572 o https://bugzilla.suse.com/show_bug.cgi?id=1220599 o https://bugzilla.suse.com/show_bug.cgi?id=1220627 o https://bugzilla.suse.com/show_bug.cgi?id=1220641 o https://bugzilla.suse.com/show_bug.cgi?id=1220649 o https://bugzilla.suse.com/show_bug.cgi?id=1220660 o https://bugzilla.suse.com/show_bug.cgi?id=1220700 o https://bugzilla.suse.com/show_bug.cgi?id=1220735 o https://bugzilla.suse.com/show_bug.cgi?id=1220736 o https://bugzilla.suse.com/show_bug.cgi?id=1220737 o https://bugzilla.suse.com/show_bug.cgi?id=1220742 o https://bugzilla.suse.com/show_bug.cgi?id=1220745 o https://bugzilla.suse.com/show_bug.cgi?id=1220767 o https://bugzilla.suse.com/show_bug.cgi?id=1220796 o https://bugzilla.suse.com/show_bug.cgi?id=1220825 o https://bugzilla.suse.com/show_bug.cgi?id=1220826 o https://bugzilla.suse.com/show_bug.cgi?id=1220831 o https://bugzilla.suse.com/show_bug.cgi?id=1220845 o https://bugzilla.suse.com/show_bug.cgi?id=1220860 o https://bugzilla.suse.com/show_bug.cgi?id=1220863 o https://bugzilla.suse.com/show_bug.cgi?id=1220870 o https://bugzilla.suse.com/show_bug.cgi?id=1220917 o https://bugzilla.suse.com/show_bug.cgi?id=1220918 o https://bugzilla.suse.com/show_bug.cgi?id=1220930 o https://bugzilla.suse.com/show_bug.cgi?id=1220931 o https://bugzilla.suse.com/show_bug.cgi?id=1220932 o https://bugzilla.suse.com/show_bug.cgi?id=1221039 o https://bugzilla.suse.com/show_bug.cgi?id=1221040 o https://bugzilla.suse.com/show_bug.cgi?id=1221287 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • 389-ds: CVSS (Max): 5.5
    on March 28, 2024 at 6:34 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1922 Security update for 389-ds 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: 389-ds Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2024-1062 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240908-1 Comment: CVSS (Max): 5.5 CVE-2024-1062 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for 389-ds Announcement ID: SUSE-SU-2024:0908-1 Rating: moderate References: o bsc#1219836 Cross-References: o CVE-2024-1062 o CVE-2024-1062 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ CVSS scores: S:U/C:N/I:N/A:H o openSUSE Leap 15.5 o Server Applications Module 15-SP5 Affected o SUSE Linux Enterprise High Performance Computing 15 SP5 Products: o SUSE Linux Enterprise Real Time 15 SP5 o SUSE Linux Enterprise Server 15 SP5 o SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. Description: This update for 389-ds fixes the following issues: o CVE-2024-1062: Fixed possible denial of service when audit logging is enabled (bsc#1219836). Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o openSUSE Leap 15.5 zypper in -t patch SUSE-2024-908=1 openSUSE-SLE-15.5-2024-908=1 o Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-908=1 Package List: o openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) 389-ds-snmp-2.2.8~git65.347aae6-150500.3.17.1 389-ds-snmp-debuginfo-2.2.8~git65.347aae6-150500.3.17.1 389-ds-debuginfo-2.2.8~git65.347aae6-150500.3.17.1 libsvrcore0-debuginfo-2.2.8~git65.347aae6-150500.3.17.1 389-ds-2.2.8~git65.347aae6-150500.3.17.1 libsvrcore0-2.2.8~git65.347aae6-150500.3.17.1 lib389-2.2.8~git65.347aae6-150500.3.17.1 389-ds-devel-2.2.8~git65.347aae6-150500.3.17.1 389-ds-debugsource-2.2.8~git65.347aae6-150500.3.17.1 o Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) 389-ds-debuginfo-2.2.8~git65.347aae6-150500.3.17.1 libsvrcore0-debuginfo-2.2.8~git65.347aae6-150500.3.17.1 389-ds-2.2.8~git65.347aae6-150500.3.17.1 libsvrcore0-2.2.8~git65.347aae6-150500.3.17.1 lib389-2.2.8~git65.347aae6-150500.3.17.1 389-ds-devel-2.2.8~git65.347aae6-150500.3.17.1 389-ds-debugsource-2.2.8~git65.347aae6-150500.3.17.1 References: o https://www.suse.com/security/cve/CVE-2024-1062.html o https://bugzilla.suse.com/show_bug.cgi?id=1219836 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • tiff: CVSS (Max): 9.8
    on March 28, 2024 at 6:28 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1921 Security update for tiff 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: tiff Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2015-8668 CVE-2023-41175 CVE-2023-40745 CVE-2023-38288 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240915-1 Comment: CVSS (Max): 9.8 CVE-2015-8668 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE, [NIST] Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for tiff Announcement ID: SUSE-SU-2024:0915-1 Rating: moderate o bsc#1213590 o bsc#1214686 References: o bsc#1214687 o bsc#1221187 o bsc#960589 o CVE-2015-8668 o CVE-2023-38288 Cross-References: o CVE-2023-40745 o CVE-2023-41175 o CVE-2015-8668 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-38288 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R /S:U/C:N/I:N/A:L o CVE-2023-40745 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R /S:U/C:N/I:N/A:H CVSS scores: o CVE-2023-40745 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/ S:U/C:N/I:N/A:H o CVE-2023-41175 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R /S:U/C:N/I:N/A:H o CVE-2023-41175 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/ S:U/C:N/I:N/A:H o SUSE Linux Enterprise High Performance Computing 12 SP5 Affected o SUSE Linux Enterprise Server 12 SP5 Products: o SUSE Linux Enterprise Server for SAP Applications 12 SP5 o SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves four vulnerabilities and has one security fix can now be installed. Description: This update for tiff fixes the following issues: o CVE-2023-41175: Fixed potential integer overflow in raw2tiff.c (bsc# 1214686). o CVE-2023-38288: Fixed potential integer overflow in raw2tiff.c (bsc# 1213590). o CVE-2023-40745: Fixed integer overflow in tiffcp.c (bsc#1214687). o CVE-2015-8668: Fixed Heap-based buffer overflow in bmp2tiff / PackBitsEncode (bsc#960589). Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-915=1 o SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-915=1 o SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-915=1 o SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-915=1 Package List: o SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) libtiff-devel-4.0.9-44.80.1 tiff-debuginfo-4.0.9-44.80.1 tiff-debugsource-4.0.9-44.80.1 o SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) libtiff5-debuginfo-4.0.9-44.80.1 libtiff5-4.0.9-44.80.1 tiff-4.0.9-44.80.1 tiff-debuginfo-4.0.9-44.80.1 tiff-debugsource-4.0.9-44.80.1 o SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) libtiff5-debuginfo-32bit-4.0.9-44.80.1 libtiff5-32bit-4.0.9-44.80.1 o SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) libtiff5-debuginfo-4.0.9-44.80.1 libtiff5-4.0.9-44.80.1 tiff-4.0.9-44.80.1 tiff-debuginfo-4.0.9-44.80.1 tiff-debugsource-4.0.9-44.80.1 o SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) libtiff5-debuginfo-32bit-4.0.9-44.80.1 libtiff5-32bit-4.0.9-44.80.1 o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) libtiff5-debuginfo-4.0.9-44.80.1 libtiff5-4.0.9-44.80.1 tiff-4.0.9-44.80.1 tiff-debuginfo-4.0.9-44.80.1 tiff-debugsource-4.0.9-44.80.1 o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) libtiff5-debuginfo-32bit-4.0.9-44.80.1 libtiff5-32bit-4.0.9-44.80.1 References: o https://www.suse.com/security/cve/CVE-2015-8668.html o https://www.suse.com/security/cve/CVE-2023-38288.html o https://www.suse.com/security/cve/CVE-2023-40745.html o https://www.suse.com/security/cve/CVE-2023-41175.html o https://bugzilla.suse.com/show_bug.cgi?id=1213590 o https://bugzilla.suse.com/show_bug.cgi?id=1214686 o https://bugzilla.suse.com/show_bug.cgi?id=1214687 o https://bugzilla.suse.com/show_bug.cgi?id=1221187 o https://bugzilla.suse.com/show_bug.cgi?id=960589 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • shadow: CVSS (Max): 5.5
    on March 28, 2024 at 6:28 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1920 Security update for shadow 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: shadow Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-29383 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240939-1 Comment: CVSS (Max): 5.5 CVE-2023-29383 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for shadow Announcement ID: SUSE-SU-2024:0939-1 Rating: moderate o bsc#1144060 o bsc#1176006 o bsc#1188307 o bsc#1203823 References: o bsc#1205502 o bsc#1206627 o bsc#1210507 o bsc#1213189 Cross-References: o CVE-2023-29383 o CVE-2023-29383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H CVSS scores: o CVE-2023-29383 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:L/A:N Affected o openSUSE Leap Micro 5.4 Products: o SUSE Linux Enterprise Micro 5.4 o SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability and has seven security fixes can now be installed. Description: This update for shadow fixes the following issues: o CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc# 1210507). The following non-security bugs were fixed: o bsc#1176006: Fix chage date miscalculation o bsc#1188307: Fix passwd segfault o bsc#1203823: Remove pam_keyinit from PAM config files o bsc#1213189: Change lock mechanism to file locking to prevent lock files after power interruptions o bsc#1206627: Add –prefix support to passwd, chpasswd and chage o bsc#1205502: useradd audit event user id field cannot be interpretedd Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2024-939=1 o SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-939=1 o SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-939=1 Package List: o openSUSE Leap Micro 5.4 (noarch) login_defs-4.8.1-150400.3.6.1 o openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) shadow-debuginfo-4.8.1-150400.3.6.1 shadow-4.8.1-150400.3.6.1 shadow-debugsource-4.8.1-150400.3.6.1 o SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) login_defs-4.8.1-150400.3.6.1 o SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) shadow-debuginfo-4.8.1-150400.3.6.1 shadow-4.8.1-150400.3.6.1 shadow-debugsource-4.8.1-150400.3.6.1 o SUSE Linux Enterprise Micro 5.4 (noarch) login_defs-4.8.1-150400.3.6.1 o SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) shadow-debuginfo-4.8.1-150400.3.6.1 shadow-4.8.1-150400.3.6.1 shadow-debugsource-4.8.1-150400.3.6.1 References: o https://www.suse.com/security/cve/CVE-2023-29383.html o https://bugzilla.suse.com/show_bug.cgi?id=1144060 o https://bugzilla.suse.com/show_bug.cgi?id=1176006 o https://bugzilla.suse.com/show_bug.cgi?id=1188307 o https://bugzilla.suse.com/show_bug.cgi?id=1203823 o https://bugzilla.suse.com/show_bug.cgi?id=1205502 o https://bugzilla.suse.com/show_bug.cgi?id=1206627 o https://bugzilla.suse.com/show_bug.cgi?id=1210507 o https://bugzilla.suse.com/show_bug.cgi?id=1213189 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • openvswitch: CVSS (Max): 7.5
    on March 28, 2024 at 6:22 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1919 Security update for openvswitch 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: openvswitch Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-3966 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240912-1 Comment: CVSS (Max): 7.5 CVE-2023-3966 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for openvswitch Announcement ID: SUSE-SU-2024:0912-1 Rating: important References: o bsc#1219465 Cross-References: o CVE-2023-3966 o CVE-2023-3966 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ CVSS scores: S:U/C:N/I:N/A:H o SUSE Linux Enterprise High Performance Computing 15 SP2 o SUSE Linux Enterprise High Performance Computing 15 SP2 Affected LTSS 15-SP2 Products: o SUSE Linux Enterprise Server 15 SP2 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 o SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. Description: This update for openvswitch fixes the following issues: o CVE-2023-3966: Fixed invalid memory access in Geneve with HW offload (bsc# 1219465). Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-912=1 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-912=1 o SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-912=1 Package List: o SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) openvswitch-vtep-2.13.2-150200.9.34.1 libopenvswitch-2_13-0-2.13.2-150200.9.34.1 openvswitch-pki-2.13.2-150200.9.34.1 openvswitch-test-2.13.2-150200.9.34.1 libovn-20_03-0-debuginfo-20.03.1-150200.9.34.1 openvswitch-debuginfo-2.13.2-150200.9.34.1 python3-ovs-2.13.2-150200.9.34.1 libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.34.1 ovn-devel-20.03.1-150200.9.34.1 ovn-vtep-20.03.1-150200.9.34.1 openvswitch-2.13.2-150200.9.34.1 ovn-docker-20.03.1-150200.9.34.1 ovn-20.03.1-150200.9.34.1 libovn-20_03-0-20.03.1-150200.9.34.1 openvswitch-devel-2.13.2-150200.9.34.1 ovn-central-20.03.1-150200.9.34.1 openvswitch-ipsec-2.13.2-150200.9.34.1 openvswitch-vtep-debuginfo-2.13.2-150200.9.34.1 ovn-host-20.03.1-150200.9.34.1 openvswitch-test-debuginfo-2.13.2-150200.9.34.1 openvswitch-debugsource-2.13.2-150200.9.34.1 o SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) openvswitch-vtep-2.13.2-150200.9.34.1 libopenvswitch-2_13-0-2.13.2-150200.9.34.1 openvswitch-pki-2.13.2-150200.9.34.1 openvswitch-test-2.13.2-150200.9.34.1 libovn-20_03-0-debuginfo-20.03.1-150200.9.34.1 openvswitch-debuginfo-2.13.2-150200.9.34.1 python3-ovs-2.13.2-150200.9.34.1 libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.34.1 ovn-devel-20.03.1-150200.9.34.1 ovn-vtep-20.03.1-150200.9.34.1 openvswitch-2.13.2-150200.9.34.1 ovn-docker-20.03.1-150200.9.34.1 ovn-20.03.1-150200.9.34.1 libovn-20_03-0-20.03.1-150200.9.34.1 openvswitch-devel-2.13.2-150200.9.34.1 ovn-central-20.03.1-150200.9.34.1 openvswitch-ipsec-2.13.2-150200.9.34.1 openvswitch-vtep-debuginfo-2.13.2-150200.9.34.1 ovn-host-20.03.1-150200.9.34.1 openvswitch-test-debuginfo-2.13.2-150200.9.34.1 openvswitch-debugsource-2.13.2-150200.9.34.1 o SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) openvswitch-vtep-2.13.2-150200.9.34.1 libopenvswitch-2_13-0-2.13.2-150200.9.34.1 openvswitch-pki-2.13.2-150200.9.34.1 openvswitch-test-2.13.2-150200.9.34.1 libovn-20_03-0-debuginfo-20.03.1-150200.9.34.1 openvswitch-debuginfo-2.13.2-150200.9.34.1 python3-ovs-2.13.2-150200.9.34.1 libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.34.1 ovn-devel-20.03.1-150200.9.34.1 ovn-vtep-20.03.1-150200.9.34.1 openvswitch-2.13.2-150200.9.34.1 ovn-docker-20.03.1-150200.9.34.1 ovn-20.03.1-150200.9.34.1 libovn-20_03-0-20.03.1-150200.9.34.1 openvswitch-devel-2.13.2-150200.9.34.1 ovn-central-20.03.1-150200.9.34.1 openvswitch-ipsec-2.13.2-150200.9.34.1 openvswitch-vtep-debuginfo-2.13.2-150200.9.34.1 ovn-host-20.03.1-150200.9.34.1 openvswitch-test-debuginfo-2.13.2-150200.9.34.1 openvswitch-debugsource-2.13.2-150200.9.34.1 References: o https://www.suse.com/security/cve/CVE-2023-3966.html o https://bugzilla.suse.com/show_bug.cgi?id=1219465 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • openvswitch: CVSS (Max): 7.5
    on March 28, 2024 at 6:22 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1918 Security update for openvswitch 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: openvswitch Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-3966 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240922-1 Comment: CVSS (Max): 7.5 CVE-2023-3966 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for openvswitch Announcement ID: SUSE-SU-2024:0922-1 Rating: important References: o bsc#1219465 Cross-References: o CVE-2023-3966 o CVE-2023-3966 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ CVSS scores: S:U/C:N/I:N/A:H o openSUSE Leap 15.3 o SUSE Enterprise Storage 7.1 o SUSE Linux Enterprise High Performance Computing 15 SP3 Affected o SUSE Linux Enterprise High Performance Computing LTSS 15 Products: SP3 o SUSE Linux Enterprise Server 15 SP3 o SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 o SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. Description: This update for openvswitch fixes the following issues: o CVE-2023-3966: Fixed invalid memory access in Geneve with HW offload (bsc# 1219465). Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o openSUSE Leap 15.3 zypper in -t patch SUSE-2024-922=1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-922=1 o SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-922=1 o SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-922=1 o SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-922=1 Package List: o openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.20.1 openvswitch-2.14.2-150300.19.20.1 ovn-host-20.06.2-150300.19.20.1 openvswitch-debugsource-2.14.2-150300.19.20.1 ovn-central-20.06.2-150300.19.20.1 python3-ovs-2.14.2-150300.19.20.1 ovn-docker-20.06.2-150300.19.20.1 libovn-20_06-0-20.06.2-150300.19.20.1 openvswitch-test-2.14.2-150300.19.20.1 openvswitch-pki-2.14.2-150300.19.20.1 ovn-20.06.2-150300.19.20.1 openvswitch-devel-2.14.2-150300.19.20.1 ovn-vtep-20.06.2-150300.19.20.1 libovn-20_06-0-debuginfo-20.06.2-150300.19.20.1 openvswitch-test-debuginfo-2.14.2-150300.19.20.1 ovn-central-debuginfo-20.06.2-150300.19.20.1 ovn-host-debuginfo-20.06.2-150300.19.20.1 openvswitch-vtep-2.14.2-150300.19.20.1 openvswitch-ipsec-2.14.2-150300.19.20.1 ovn-debuginfo-20.06.2-150300.19.20.1 ovn-vtep-debuginfo-20.06.2-150300.19.20.1 openvswitch-debuginfo-2.14.2-150300.19.20.1 libopenvswitch-2_14-0-2.14.2-150300.19.20.1 openvswitch-vtep-debuginfo-2.14.2-150300.19.20.1 ovn-devel-20.06.2-150300.19.20.1 o openSUSE Leap 15.3 (noarch) ovn-doc-20.06.2-150300.19.20.1 openvswitch-doc-2.14.2-150300.19.20.1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.20.1 openvswitch-2.14.2-150300.19.20.1 ovn-host-20.06.2-150300.19.20.1 openvswitch-debugsource-2.14.2-150300.19.20.1 ovn-central-20.06.2-150300.19.20.1 python3-ovs-2.14.2-150300.19.20.1 ovn-docker-20.06.2-150300.19.20.1 libovn-20_06-0-20.06.2-150300.19.20.1 openvswitch-test-2.14.2-150300.19.20.1 openvswitch-pki-2.14.2-150300.19.20.1 ovn-20.06.2-150300.19.20.1 openvswitch-devel-2.14.2-150300.19.20.1 ovn-vtep-20.06.2-150300.19.20.1 libovn-20_06-0-debuginfo-20.06.2-150300.19.20.1 openvswitch-test-debuginfo-2.14.2-150300.19.20.1 ovn-central-debuginfo-20.06.2-150300.19.20.1 ovn-host-debuginfo-20.06.2-150300.19.20.1 openvswitch-vtep-2.14.2-150300.19.20.1 openvswitch-ipsec-2.14.2-150300.19.20.1 ovn-debuginfo-20.06.2-150300.19.20.1 ovn-vtep-debuginfo-20.06.2-150300.19.20.1 openvswitch-debuginfo-2.14.2-150300.19.20.1 libopenvswitch-2_14-0-2.14.2-150300.19.20.1 openvswitch-vtep-debuginfo-2.14.2-150300.19.20.1 ovn-devel-20.06.2-150300.19.20.1 o SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.20.1 openvswitch-2.14.2-150300.19.20.1 ovn-host-20.06.2-150300.19.20.1 openvswitch-debugsource-2.14.2-150300.19.20.1 ovn-central-20.06.2-150300.19.20.1 python3-ovs-2.14.2-150300.19.20.1 ovn-docker-20.06.2-150300.19.20.1 libovn-20_06-0-20.06.2-150300.19.20.1 openvswitch-test-2.14.2-150300.19.20.1 openvswitch-pki-2.14.2-150300.19.20.1 ovn-20.06.2-150300.19.20.1 openvswitch-devel-2.14.2-150300.19.20.1 ovn-vtep-20.06.2-150300.19.20.1 libovn-20_06-0-debuginfo-20.06.2-150300.19.20.1 openvswitch-test-debuginfo-2.14.2-150300.19.20.1 ovn-central-debuginfo-20.06.2-150300.19.20.1 ovn-host-debuginfo-20.06.2-150300.19.20.1 openvswitch-vtep-2.14.2-150300.19.20.1 openvswitch-ipsec-2.14.2-150300.19.20.1 ovn-debuginfo-20.06.2-150300.19.20.1 ovn-vtep-debuginfo-20.06.2-150300.19.20.1 openvswitch-debuginfo-2.14.2-150300.19.20.1 libopenvswitch-2_14-0-2.14.2-150300.19.20.1 openvswitch-vtep-debuginfo-2.14.2-150300.19.20.1 ovn-devel-20.06.2-150300.19.20.1 o SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.20.1 openvswitch-2.14.2-150300.19.20.1 ovn-host-20.06.2-150300.19.20.1 openvswitch-debugsource-2.14.2-150300.19.20.1 ovn-central-20.06.2-150300.19.20.1 python3-ovs-2.14.2-150300.19.20.1 ovn-docker-20.06.2-150300.19.20.1 libovn-20_06-0-20.06.2-150300.19.20.1 openvswitch-test-2.14.2-150300.19.20.1 openvswitch-pki-2.14.2-150300.19.20.1 ovn-20.06.2-150300.19.20.1 openvswitch-devel-2.14.2-150300.19.20.1 ovn-vtep-20.06.2-150300.19.20.1 libovn-20_06-0-debuginfo-20.06.2-150300.19.20.1 openvswitch-test-debuginfo-2.14.2-150300.19.20.1 ovn-central-debuginfo-20.06.2-150300.19.20.1 ovn-host-debuginfo-20.06.2-150300.19.20.1 openvswitch-vtep-2.14.2-150300.19.20.1 openvswitch-ipsec-2.14.2-150300.19.20.1 ovn-debuginfo-20.06.2-150300.19.20.1 ovn-vtep-debuginfo-20.06.2-150300.19.20.1 openvswitch-debuginfo-2.14.2-150300.19.20.1 libopenvswitch-2_14-0-2.14.2-150300.19.20.1 openvswitch-vtep-debuginfo-2.14.2-150300.19.20.1 ovn-devel-20.06.2-150300.19.20.1 o SUSE Enterprise Storage 7.1 (aarch64 x86_64) libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.20.1 openvswitch-2.14.2-150300.19.20.1 ovn-host-20.06.2-150300.19.20.1 openvswitch-debugsource-2.14.2-150300.19.20.1 ovn-central-20.06.2-150300.19.20.1 python3-ovs-2.14.2-150300.19.20.1 ovn-docker-20.06.2-150300.19.20.1 libovn-20_06-0-20.06.2-150300.19.20.1 openvswitch-test-2.14.2-150300.19.20.1 openvswitch-pki-2.14.2-150300.19.20.1 ovn-20.06.2-150300.19.20.1 openvswitch-devel-2.14.2-150300.19.20.1 ovn-vtep-20.06.2-150300.19.20.1 libovn-20_06-0-debuginfo-20.06.2-150300.19.20.1 openvswitch-test-debuginfo-2.14.2-150300.19.20.1 ovn-central-debuginfo-20.06.2-150300.19.20.1 ovn-host-debuginfo-20.06.2-150300.19.20.1 openvswitch-vtep-2.14.2-150300.19.20.1 openvswitch-ipsec-2.14.2-150300.19.20.1 ovn-debuginfo-20.06.2-150300.19.20.1 ovn-vtep-debuginfo-20.06.2-150300.19.20.1 openvswitch-debuginfo-2.14.2-150300.19.20.1 libopenvswitch-2_14-0-2.14.2-150300.19.20.1 openvswitch-vtep-debuginfo-2.14.2-150300.19.20.1 ovn-devel-20.06.2-150300.19.20.1 References: o https://www.suse.com/security/cve/CVE-2023-3966.html o https://bugzilla.suse.com/show_bug.cgi?id=1219465 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • openvswitch: CVSS (Max): 7.5
    on March 28, 2024 at 6:22 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1917 Security update for openvswitch 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: openvswitch Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-3966 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240937-1 Comment: CVSS (Max): 7.5 CVE-2023-3966 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A: – ————————–BEGIN INCLUDED TEXT——————– Security update for openvswitch Announcement ID: SUSE-SU-2024:0937-1 Rating: important References: o bsc#1219465 Cross-References: o CVE-2023-3966 o CVE-2023-3966 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ CVSS scores: S:U/C:N/I:N/A:H o Legacy Module 15-SP5 o openSUSE Leap 15.4 o openSUSE Leap 15.5 o SUSE Linux Enterprise Desktop 15 SP5 o SUSE Linux Enterprise High Performance Computing 15 SP4 o SUSE Linux Enterprise High Performance Computing 15 SP5 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 o SUSE Linux Enterprise High Performance Computing LTSS 15 Affected SP4 Products: o SUSE Linux Enterprise Micro 5.5 o SUSE Linux Enterprise Real Time 15 SP5 o SUSE Linux Enterprise Server 15 SP4 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 o SUSE Linux Enterprise Server 15 SP5 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 o SUSE Linux Enterprise Server for SAP Applications 15 SP5 o SUSE Manager Proxy 4.3 o SUSE Manager Retail Branch Server 4.3 o SUSE Manager Server 4.3 o SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. Description: This update for openvswitch fixes the following issues: o CVE-2023-3966: Fixed invalid memory access in Geneve with HW offload (bsc# 1219465). Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o openSUSE Leap 15.4 zypper in -t patch SUSE-2024-937=1 o openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-937=1 o Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-937=1 o SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-937=1 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-937=1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-937=1 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-937=1 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-937=1 o SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-937=1 o SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2024-937=1 o SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-937=1 Package List: o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) openvswitch-devel-2.14.2-150400.24.23.1 libovn-20_06-0-20.06.2-150400.24.23.1 python3-ovs-2.14.2-150400.24.23.1 openvswitch-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-2.14.2-150400.24.23.1 openvswitch-vtep-2.14.2-150400.24.23.1 openvswitch-vtep-debuginfo-2.14.2-150400.24.23.1 openvswitch-debuginfo-2.14.2-150400.24.23.1 ovn-central-20.06.2-150400.24.23.1 ovn-devel-20.06.2-150400.24.23.1 ovn-vtep-20.06.2-150400.24.23.1 libovn-20_06-0-debuginfo-20.06.2-150400.24.23.1 openvswitch-debugsource-2.14.2-150400.24.23.1 ovn-vtep-debuginfo-20.06.2-150400.24.23.1 ovn-20.06.2-150400.24.23.1 ovn-host-20.06.2-150400.24.23.1 ovn-debuginfo-20.06.2-150400.24.23.1 openvswitch-ipsec-2.14.2-150400.24.23.1 ovn-host-debuginfo-20.06.2-150400.24.23.1 openvswitch-test-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.23.1 ovn-central-debuginfo-20.06.2-150400.24.23.1 ovn-docker-20.06.2-150400.24.23.1 openvswitch-pki-2.14.2-150400.24.23.1 openvswitch-test-debuginfo-2.14.2-150400.24.23.1 o openSUSE Leap 15.4 (noarch) ovn-doc-20.06.2-150400.24.23.1 openvswitch-doc-2.14.2-150400.24.23.1 o openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) openvswitch-devel-2.14.2-150400.24.23.1 libovn-20_06-0-20.06.2-150400.24.23.1 python3-ovs-2.14.2-150400.24.23.1 openvswitch-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-2.14.2-150400.24.23.1 openvswitch-vtep-2.14.2-150400.24.23.1 openvswitch-vtep-debuginfo-2.14.2-150400.24.23.1 openvswitch-debuginfo-2.14.2-150400.24.23.1 ovn-central-20.06.2-150400.24.23.1 ovn-devel-20.06.2-150400.24.23.1 ovn-vtep-20.06.2-150400.24.23.1 libovn-20_06-0-debuginfo-20.06.2-150400.24.23.1 openvswitch-debugsource-2.14.2-150400.24.23.1 ovn-vtep-debuginfo-20.06.2-150400.24.23.1 ovn-20.06.2-150400.24.23.1 ovn-host-20.06.2-150400.24.23.1 ovn-debuginfo-20.06.2-150400.24.23.1 openvswitch-ipsec-2.14.2-150400.24.23.1 ovn-host-debuginfo-20.06.2-150400.24.23.1 openvswitch-test-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.23.1 ovn-central-debuginfo-20.06.2-150400.24.23.1 ovn-docker-20.06.2-150400.24.23.1 openvswitch-pki-2.14.2-150400.24.23.1 openvswitch-test-debuginfo-2.14.2-150400.24.23.1 o openSUSE Leap 15.5 (noarch) ovn-doc-20.06.2-150400.24.23.1 openvswitch-doc-2.14.2-150400.24.23.1 o Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) openvswitch-devel-2.14.2-150400.24.23.1 libovn-20_06-0-20.06.2-150400.24.23.1 python3-ovs-2.14.2-150400.24.23.1 openvswitch-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-2.14.2-150400.24.23.1 openvswitch-vtep-2.14.2-150400.24.23.1 openvswitch-vtep-debuginfo-2.14.2-150400.24.23.1 openvswitch-debuginfo-2.14.2-150400.24.23.1 ovn-central-20.06.2-150400.24.23.1 ovn-devel-20.06.2-150400.24.23.1 ovn-vtep-20.06.2-150400.24.23.1 libovn-20_06-0-debuginfo-20.06.2-150400.24.23.1 openvswitch-debugsource-2.14.2-150400.24.23.1 ovn-vtep-debuginfo-20.06.2-150400.24.23.1 ovn-20.06.2-150400.24.23.1 ovn-host-20.06.2-150400.24.23.1 ovn-debuginfo-20.06.2-150400.24.23.1 openvswitch-ipsec-2.14.2-150400.24.23.1 ovn-host-debuginfo-20.06.2-150400.24.23.1 openvswitch-test-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.23.1 ovn-central-debuginfo-20.06.2-150400.24.23.1 ovn-docker-20.06.2-150400.24.23.1 openvswitch-pki-2.14.2-150400.24.23.1 openvswitch-test-debuginfo-2.14.2-150400.24.23.1 o SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) openvswitch-debugsource-2.14.2-150400.24.23.1 openvswitch-debuginfo-2.14.2-150400.24.23.1 python3-ovs-2.14.2-150400.24.23.1 o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) openvswitch-devel-2.14.2-150400.24.23.1 libovn-20_06-0-20.06.2-150400.24.23.1 python3-ovs-2.14.2-150400.24.23.1 openvswitch-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-2.14.2-150400.24.23.1 openvswitch-vtep-2.14.2-150400.24.23.1 openvswitch-vtep-debuginfo-2.14.2-150400.24.23.1 openvswitch-debuginfo-2.14.2-150400.24.23.1 ovn-central-20.06.2-150400.24.23.1 ovn-devel-20.06.2-150400.24.23.1 ovn-vtep-20.06.2-150400.24.23.1 libovn-20_06-0-debuginfo-20.06.2-150400.24.23.1 openvswitch-debugsource-2.14.2-150400.24.23.1 ovn-vtep-debuginfo-20.06.2-150400.24.23.1 ovn-20.06.2-150400.24.23.1 ovn-host-20.06.2-150400.24.23.1 ovn-debuginfo-20.06.2-150400.24.23.1 openvswitch-ipsec-2.14.2-150400.24.23.1 ovn-host-debuginfo-20.06.2-150400.24.23.1 openvswitch-test-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.23.1 ovn-central-debuginfo-20.06.2-150400.24.23.1 ovn-docker-20.06.2-150400.24.23.1 openvswitch-pki-2.14.2-150400.24.23.1 openvswitch-test-debuginfo-2.14.2-150400.24.23.1 o SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) openvswitch-devel-2.14.2-150400.24.23.1 libovn-20_06-0-20.06.2-150400.24.23.1 python3-ovs-2.14.2-150400.24.23.1 openvswitch-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-2.14.2-150400.24.23.1 openvswitch-vtep-2.14.2-150400.24.23.1 openvswitch-vtep-debuginfo-2.14.2-150400.24.23.1 openvswitch-debuginfo-2.14.2-150400.24.23.1 ovn-central-20.06.2-150400.24.23.1 ovn-devel-20.06.2-150400.24.23.1 ovn-vtep-20.06.2-150400.24.23.1 libovn-20_06-0-debuginfo-20.06.2-150400.24.23.1 openvswitch-debugsource-2.14.2-150400.24.23.1 ovn-vtep-debuginfo-20.06.2-150400.24.23.1 ovn-20.06.2-150400.24.23.1 ovn-host-20.06.2-150400.24.23.1 ovn-debuginfo-20.06.2-150400.24.23.1 openvswitch-ipsec-2.14.2-150400.24.23.1 ovn-host-debuginfo-20.06.2-150400.24.23.1 openvswitch-test-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.23.1 ovn-central-debuginfo-20.06.2-150400.24.23.1 ovn-docker-20.06.2-150400.24.23.1 openvswitch-pki-2.14.2-150400.24.23.1 openvswitch-test-debuginfo-2.14.2-150400.24.23.1 o SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) openvswitch-devel-2.14.2-150400.24.23.1 libovn-20_06-0-20.06.2-150400.24.23.1 python3-ovs-2.14.2-150400.24.23.1 openvswitch-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-2.14.2-150400.24.23.1 openvswitch-vtep-2.14.2-150400.24.23.1 openvswitch-vtep-debuginfo-2.14.2-150400.24.23.1 openvswitch-debuginfo-2.14.2-150400.24.23.1 ovn-central-20.06.2-150400.24.23.1 ovn-devel-20.06.2-150400.24.23.1 ovn-vtep-20.06.2-150400.24.23.1 libovn-20_06-0-debuginfo-20.06.2-150400.24.23.1 openvswitch-debugsource-2.14.2-150400.24.23.1 ovn-vtep-debuginfo-20.06.2-150400.24.23.1 ovn-20.06.2-150400.24.23.1 ovn-host-20.06.2-150400.24.23.1 ovn-debuginfo-20.06.2-150400.24.23.1 openvswitch-ipsec-2.14.2-150400.24.23.1 ovn-host-debuginfo-20.06.2-150400.24.23.1 openvswitch-test-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.23.1 ovn-central-debuginfo-20.06.2-150400.24.23.1 ovn-docker-20.06.2-150400.24.23.1 openvswitch-pki-2.14.2-150400.24.23.1 openvswitch-test-debuginfo-2.14.2-150400.24.23.1 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) openvswitch-devel-2.14.2-150400.24.23.1 libovn-20_06-0-20.06.2-150400.24.23.1 python3-ovs-2.14.2-150400.24.23.1 openvswitch-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-2.14.2-150400.24.23.1 openvswitch-vtep-2.14.2-150400.24.23.1 openvswitch-vtep-debuginfo-2.14.2-150400.24.23.1 openvswitch-debuginfo-2.14.2-150400.24.23.1 ovn-central-20.06.2-150400.24.23.1 ovn-devel-20.06.2-150400.24.23.1 ovn-vtep-20.06.2-150400.24.23.1 libovn-20_06-0-debuginfo-20.06.2-150400.24.23.1 openvswitch-debugsource-2.14.2-150400.24.23.1 ovn-vtep-debuginfo-20.06.2-150400.24.23.1 ovn-20.06.2-150400.24.23.1 ovn-host-20.06.2-150400.24.23.1 ovn-debuginfo-20.06.2-150400.24.23.1 openvswitch-ipsec-2.14.2-150400.24.23.1 ovn-host-debuginfo-20.06.2-150400.24.23.1 openvswitch-test-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.23.1 ovn-central-debuginfo-20.06.2-150400.24.23.1 ovn-docker-20.06.2-150400.24.23.1 openvswitch-pki-2.14.2-150400.24.23.1 openvswitch-test-debuginfo-2.14.2-150400.24.23.1 o SUSE Manager Proxy 4.3 (x86_64) openvswitch-devel-2.14.2-150400.24.23.1 libovn-20_06-0-20.06.2-150400.24.23.1 python3-ovs-2.14.2-150400.24.23.1 openvswitch-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-2.14.2-150400.24.23.1 openvswitch-vtep-2.14.2-150400.24.23.1 openvswitch-vtep-debuginfo-2.14.2-150400.24.23.1 openvswitch-debuginfo-2.14.2-150400.24.23.1 ovn-central-20.06.2-150400.24.23.1 ovn-devel-20.06.2-150400.24.23.1 ovn-vtep-20.06.2-150400.24.23.1 libovn-20_06-0-debuginfo-20.06.2-150400.24.23.1 openvswitch-debugsource-2.14.2-150400.24.23.1 ovn-vtep-debuginfo-20.06.2-150400.24.23.1 ovn-20.06.2-150400.24.23.1 ovn-host-20.06.2-150400.24.23.1 ovn-debuginfo-20.06.2-150400.24.23.1 openvswitch-ipsec-2.14.2-150400.24.23.1 ovn-host-debuginfo-20.06.2-150400.24.23.1 openvswitch-test-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.23.1 ovn-central-debuginfo-20.06.2-150400.24.23.1 ovn-docker-20.06.2-150400.24.23.1 openvswitch-pki-2.14.2-150400.24.23.1 openvswitch-test-debuginfo-2.14.2-150400.24.23.1 o SUSE Manager Retail Branch Server 4.3 (x86_64) openvswitch-devel-2.14.2-150400.24.23.1 libovn-20_06-0-20.06.2-150400.24.23.1 python3-ovs-2.14.2-150400.24.23.1 openvswitch-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-2.14.2-150400.24.23.1 openvswitch-vtep-2.14.2-150400.24.23.1 openvswitch-vtep-debuginfo-2.14.2-150400.24.23.1 openvswitch-debuginfo-2.14.2-150400.24.23.1 ovn-central-20.06.2-150400.24.23.1 ovn-devel-20.06.2-150400.24.23.1 ovn-vtep-20.06.2-150400.24.23.1 libovn-20_06-0-debuginfo-20.06.2-150400.24.23.1 openvswitch-debugsource-2.14.2-150400.24.23.1 ovn-vtep-debuginfo-20.06.2-150400.24.23.1 ovn-20.06.2-150400.24.23.1 ovn-host-20.06.2-150400.24.23.1 ovn-debuginfo-20.06.2-150400.24.23.1 openvswitch-ipsec-2.14.2-150400.24.23.1 ovn-host-debuginfo-20.06.2-150400.24.23.1 openvswitch-test-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.23.1 ovn-central-debuginfo-20.06.2-150400.24.23.1 ovn-docker-20.06.2-150400.24.23.1 openvswitch-pki-2.14.2-150400.24.23.1 openvswitch-test-debuginfo-2.14.2-150400.24.23.1 o SUSE Manager Server 4.3 (ppc64le s390x x86_64) openvswitch-devel-2.14.2-150400.24.23.1 libovn-20_06-0-20.06.2-150400.24.23.1 python3-ovs-2.14.2-150400.24.23.1 openvswitch-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-2.14.2-150400.24.23.1 openvswitch-vtep-2.14.2-150400.24.23.1 openvswitch-vtep-debuginfo-2.14.2-150400.24.23.1 openvswitch-debuginfo-2.14.2-150400.24.23.1 ovn-central-20.06.2-150400.24.23.1 ovn-devel-20.06.2-150400.24.23.1 ovn-vtep-20.06.2-150400.24.23.1 libovn-20_06-0-debuginfo-20.06.2-150400.24.23.1 openvswitch-debugsource-2.14.2-150400.24.23.1 ovn-vtep-debuginfo-20.06.2-150400.24.23.1 ovn-20.06.2-150400.24.23.1 ovn-host-20.06.2-150400.24.23.1 ovn-debuginfo-20.06.2-150400.24.23.1 openvswitch-ipsec-2.14.2-150400.24.23.1 ovn-host-debuginfo-20.06.2-150400.24.23.1 openvswitch-test-2.14.2-150400.24.23.1 libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.23.1 ovn-central-debuginfo-20.06.2-150400.24.23.1 ovn-docker-20.06.2-150400.24.23.1 openvswitch-pki-2.14.2-150400.24.23.1 openvswitch-test-debuginfo-2.14.2-150400.24.23.1 References: o https://www.suse.com/security/cve/CVE-2023-3966.html o https://bugzilla.suse.com/show_bug.cgi?id=1219465 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • go1.22: CVSS (Max): 7.5
    on March 28, 2024 at 6:21 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1916 Security update for go1.22 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: go1.22 Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2024-24783 CVE-2024-24784 CVE-2024-24785 CVE-2023-45289 CVE-2023-45290 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240936-1 Comment: CVSS (Max): 7.5 CVE-2024-24785 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N – ————————–BEGIN INCLUDED TEXT——————– Security update for go1.22 Announcement ID: SUSE-SU-2024:0936-1 Rating: important o bsc#1218424 o bsc#1219988 o bsc#1220999 References: o bsc#1221000 o bsc#1221001 o bsc#1221002 o bsc#1221003 o CVE-2023-45289 o CVE-2023-45290 Cross-References: o CVE-2024-24783 o CVE-2024-24784 o CVE-2024-24785 o CVE-2023-45289 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:H/I:N/A:N o CVE-2023-45290 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2024-24783 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N CVSS scores: /S:U/C:N/I:N/A:H o CVE-2024-24784 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:H/A:N o CVE-2024-24785 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:H/A:N o SUSE Linux Enterprise High Performance Computing 12 SP5 Affected o SUSE Linux Enterprise Server 12 SP5 Products: o SUSE Linux Enterprise Server for SAP Applications 12 SP5 o SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves five vulnerabilities and has two security fixes can now be installed. Description: This update for go1.22 fixes the following issues: o go1.22.1 (released 2024-03-05) includes security fixes to the crypto/x509, html/template, net/http, net/http/cookiejar, and net/mail packages, as well as bug fixes to the compiler, the go command, the runtime, the trace command, and the go/types and net/http packages. (bsc#1218424) CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785 o go#65831 go#65390 bsc#1220999 security: fix CVE-2024-24783 crypto/x509: Verify panics on certificates with an unknown public key algorithm o go#65849 go#65083 bsc#1221002 security: fix CVE-2024-24784 net/mail: comments in display names are incorrectly handled o go#65850 go#65383 bsc#1221001 security: fix CVE-2023-45290 net/http: memory exhaustion in Request.ParseMultipartForm o go#65859 go#65065 bsc#1221000 security: fix CVE-2023-45289 net/http, net/ http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect o go#65969 go#65697 bsc#1221003 security: fix CVE-2024-24785 html/template: errors returned from MarshalJSON methods may break template escaping o go#65352 cmd/go: go generate fails silently when run on a package in a nested workspace module o go#65471 internal/testenv: TestHasGoBuild failures on the LUCI noopt builders o go#65474 internal/testenv: support LUCI mobile builders in testenv tests o go#65577 cmd/trace/v2: goroutine analysis page doesn’t identify goroutines consistently o go#65618 cmd/compile: Go 1.22 build fails with 1.21 PGO profile on internal /saferio change o go#65619 cmd/compile: Go 1.22 changes support for modules that declare go 1.0 o go#65641 cmd/cgo/internal/testsanitizers,x/build: LUCI clang15 builders failing o go#65644 runtime: crash in race detector when execution tracer reads from CPU profile buffer o go#65728 go/types: nil pointer dereference in Alias.Underlying() o go#65759 net/http: context cancellation can leave HTTP client with deadlocked HTTP/1.1 connections in Go1.22 o go#65760 runtime: Go 1.22.0 fails to build from source on armv7 Alpine Linux o go#65818 runtime: go1.22.0 test with -race will SIGSEGV or SIGBUS or Bad Pointer o go#65852 cmd/go: “missing ziphash” error with go.work o go#65883 runtime: scheduler sometimes starves a runnable goroutine on wasm platforms o Packaging improvements: o bsc#1219988 ensure VERSION file is present in GOROOT as required by go tool dist and go tool distpack o go1.22 (released 2024-02-06) is a major release of Go. go1.22.x minor releases will be provided through February 2024. https://github.com/golang/ go/wiki/Go-Release-Cycle go1.22 arrives six months after go1.21. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. (bsc#1218424) o Language change: go1.22 makes two changes to for loops. Previously, the variables declared by a for loop were created once and updated by each iteration. In go1.22, each iteration of the loop creates new variables, to avoid accidental sharing bugs. The transition support tooling described in the proposal continues to work in the same way it did in Go 1.21. o Language change: For loops may now range over integers o Language change: go1.22 includes a preview of a language change we are considering for a future version of Go: range-over-function iterators. Building with GOEXPERIMENT=rangefunc enables this feature. o go command: Commands in workspaces can now use a vendor directory containing the dependencies of the workspace. The directory is created by go work vendor, and used by build commands when the -mod flag is set to vendor, which is the default when a workspace vendor directory is present. Note that the vendor directory’s contents for a workspace are different from those of a single module: if the directory at the root of a workspace also contains one of the modules in the workspace, its vendor directory can contain the dependencies of either the workspace or of the module, but not both. o go get is no longer supported outside of a module in the legacy GOPATH mode (that is, with GO111MODULE=off). Other build commands, such as go build and go test, will continue to work indefinitely for legacy GOPATH programs. o go mod init no longer attempts to import module requirements from configuration files for other vendoring tools (such as Gopkg.lock). o go test -cover now prints coverage summaries for covered packages that do not have their own test files. Prior to Go 1.22 a go test -cover run for such a package would report: mymod/mypack [no test files] and now with go1.22, functions in the package are treated as uncovered: mymod/mypack coverage: 0.0% of statements Note that if a package contains no executable code at all, we can’t report a meaningful coverage percentage; for such packages the go tool will continue to report that there are no test files. o trace: The trace tool’s web UI has been gently refreshed as part of the work to support the new tracer, resolving several issues and improving the readability of various sub-pages. The web UI now supports exploring traces in a thread-oriented view. The trace viewer also now displays the full duration of all system calls. These improvements only apply for viewing traces produced by programs built with go1.22 or newer. A future release will bring some of these improvements to traces produced by older version of Go. o vet: References to loop variables The behavior of the vet tool has changed to match the new semantics (see above) of loop variables in go1.22. When analyzing a file that requires go1.22 or newer (due to its go.mod file or a per-file build constraint), vetcode> no longer reports references to loop variables from within a function literal that might outlive the iteration of the loop. In Go 1.22, loop variables are created anew for each iteration, so such references are no longer at risk of using a variable after it has been updated by the loop. o vet: New warnings for missing values after append The vet tool now reports calls to append that pass no values to be appended to the slice, such as slice = append(slice). Such a statement has no effect, and experience has shown that is nearly always a mistake. o vet: New warnings for deferring time.Since The vet tool now reports a non-deferred call to time.Since(t) within a defer statement. This is equivalent to calling time.Now().Sub(t) before the defer statement, not when the deferred function is called. In nearly all cases, the correct code requires deferring the time.Since call. o vet: New warnings for mismatched key-value pairs in log/slog calls The vet tool now reports invalid arguments in calls to functions and methods in the structured logging package, log/slog, that accept alternating key/value pairs. It reports calls where an argument in a key position is neither a string nor a slog.Attr, and where a final key is missing its value. o runtime: The runtime now keeps type-based garbage collection metadata nearer to each heap object, improving the CPU performance (latency or throughput) of Go programs by 1-3%. This change also reduces the memory overhead of the majority Go programs by approximately 1% by deduplicating redundant metadata. Some programs may see a smaller improvement because this change adjusts the size class boundaries of the memory allocator, so some objects may be moved up a size class. A consequence of this change is that some objects’ addresses that were previously always aligned to a 16 byte (or higher) boundary will now only be aligned to an 8 byte boundary. Some programs that use assembly instructions that require memory addresses to be more than 8-byte aligned and rely on the memory allocator’s previous alignment behavior may break, but we expect such programs to be rare. Such programs may be built with GOEXPERIMENT=noallocheaders to revert to the old metadata layout and restore the previous alignment behavior, but package owners should update their assembly code to avoid the alignment assumption, as this workaround will be removed in a future release. o runtime: On the windows/amd64 port, programs linking or loading Go libraries built with -buildmode=c-archive or -buildmode=c-shared can now use the SetUnhandledExceptionFilter Win32 function to catch exceptions not handled by the Go runtime. Note that this was already supported on the windows/386 port. o compiler: Profile-guided Optimization (PGO) builds can now devirtualize a higher proportion of calls than previously possible. Most programs from a representative set of Go programs now see between 2 and 14% improvement from enabling PGO. o compiler: The compiler now interleaves devirtualization and inlining, so interface method calls are better optimized. o compiler: go1.22 also includes a preview of an enhanced implementation of the compiler’s inlining phase that uses heuristics to boost inlinability at call sites deemed “important” (for example, in loops) and discourage inlining at call sites deemed “unimportant” (for example, on panic paths). Building with GOEXPERIMENT=newinliner enables the new call-site heuristics; see issue #61502 for more info and to provide feedback. o linker: The linker’s -s and -w flags are now behave more consistently across all platforms. The -w flag suppresses DWARF debug information generation. The -s flag suppresses symbol table generation. The -s flag also implies the -w flag, which can be negated with -w=0. That is, -s -w=0 will generate a binary with DWARF debug information generation but without the symbol table. o linker: On ELF platforms, the -B linker flag now accepts a special form: with -B gobuildid, the linker will generate a GNU build ID (the ELF NT_GNU_BUILD_ID note) derived from the Go build ID. o linker: On Windows, when building with -linkmode=internal, the linker now preserves SEH information from C object files by copying the .pdata and .xdata sections into the final binary. This helps with debugging and profiling binaries using native tools, such as WinDbg. Note that until now, C functions’ SEH exception handlers were not being honored, so this change may cause some programs to behave differently. -linkmode=external is not affected by this change, as external linkers already preserve SEH information. o bootstrap: As mentioned in the Go 1.20 release notes, go1.22 now requires the final point release of Go 1.20 or later for bootstrap. We expect that Go 1.24 will require the final point release of go1.22 or later for bootstrap. o core library: New math/rand/v2 package: go1.22 includes the first “v2” package in the standard library, math/rand/v2. The changes compared to math /rand are detailed in proposal go#61716. The most important changes are: The Read method, deprecated in math/rand, was not carried forward for math/rand/v2. (It remains available in math/rand.) The vast majority of calls to Read should use crypto/rand’s Read instead. Otherwise a custom Read can be constructed using the Uint64 method. The global generator accessed by top-level functions is unconditionally randomly seeded. Because the API guarantees no fixed sequence of results, optimizations like per-thread random generator states are now possible. The Source interface now has a single Uint64 method; there is no Source64 interface. Many methods now use faster algorithms that were not possible to adopt in math/rand because they changed the output streams. The Intn, Int31, Int31n, Int63, and Int64n top-level functions and methods from math/rand are spelled more idiomatically in math/rand/v2: IntN, Int32, Int32N, Int64, and Int64N. There are also new top-level functions and methods Uint32, Uint32N, Uint64, Uint64N, Uint, and UintN. The new generic function N is like Int64N or Uint64N but works for any integer type. For example a random duration from 0 up to 5 minutes is rand.N(5*time.Minute). The Mitchell & Reeds LFSR generator provided by math/rand’s Source has been replaced by two more modern pseudo-random generator sources: ChaCha8 PCG. ChaCha8 is a new, cryptographically strong random number generator roughly similar to PCG in efficiency. ChaCha8 is the algorithm used for the top-level functions in math/rand/v2. As of go1.22, math/rand’s top-level functions (when not explicitly seeded) and the Go runtime also use ChaCha8 for randomness. We plan to include an API migration tool in a future release, likely Go 1.23. o core library: New go/version package: The new go/version package implements functions for validating and comparing Go version strings. o core library: Enhanced routing patterns: HTTP routing in the standard library is now more expressive. The patterns used by net/http.ServeMux have been enhanced to accept methods and wildcards. This change breaks backwards compatibility in small ways, some obvious-patterns with “{” and “}” behave differently- and some less so-treatment of escaped paths has been improved. The change is controlled by a GODEBUG field named httpmuxgo121. Set httpmuxgo121=1 to restore the old behavior. o Minor changes to the library As always, there are various minor changes and updates to the library, made with the Go 1 promise of compatibility in mind. There are also various performance improvements, not enumerated here. o archive/tar: The new method Writer.AddFS adds all of the files from an fs.FS to the archive. o archive/zip: The new method Writer.AddFS adds all of the files from an fs.FS to the archive. o bufio: When a SplitFunc returns ErrFinalToken with a nil token, Scanner will now stop immediately. Previously, it would report a final empty token before stopping, which was usually not desired. Callers that do want to report a final empty token can do so by returning []byte{} rather than nil. o cmp: The new function Or returns the first in a sequence of values that is not the zero value. o crypto/tls: ConnectionState.ExportKeyingMaterial will now return an error unless TLS 1.3 is in use, or the extended_master_secret extension is supported by both the server and client. crypto/tls has supported this extension since Go 1.20. This can be disabled with the tlsunsafeekm=1 GODEBUG setting. o crypto/tls: By default, the minimum version offered by crypto/tls servers is now TLS 1.2 if not specified with config.MinimumVersion, matching the behavior of crypto/tls clients. This change can be reverted with the tls10server=1 GODEBUG setting. o crypto/tls: By default, cipher suites without ECDHE support are no longer offered by either clients or servers during pre-TLS 1.3 handshakes. This change can be reverted with the tlsrsakex=1 GODEBUG setting. o crypto/x509: The new CertPool.AddCertWithConstraint method can be used to add customized constraints to root certificates to be applied during chain building. o crypto/x509: On Android, root certificates will now be loaded from /data/ misc/keychain/certs-added as well as /system/etc/security/cacerts. o crypto/x509: A new type, OID, supports ASN.1 Object Identifiers with individual components larger than 31 bits. A new field which uses this type, Policies, is added to the Certificate struct, and is now populated during parsing. Any OIDs which cannot be represented using a asn1.ObjectIdentifier will appear in Policies, but not in the old PolicyIdentifiers field. When calling CreateCertificate, the Policies field is ignored, and policies are taken from the PolicyIdentifiers field. Using the x509usepolicies=1 GODEBUG setting inverts this, populating certificate policies from the Policies field, and ignoring the PolicyIdentifiers field. We may change the default value of x509usepolicies in Go 1.23, making Policies the default field for marshaling. o database/sql: The new Null[T] type provide a way to scan nullable columns for any column types. o debug/elf: Constant R_MIPS_PC32 is defined for use with MIPS64 systems. Additional R_LARCH_* constants are defined for use with LoongArch systems. o encoding: The new methods AppendEncode and AppendDecode added to each of the Encoding types in the packages encoding/base32, encoding/base64, and encoding/hex simplify encoding and decoding from and to byte slices by taking care of byte slice buffer management. o encoding: The methods base32.Encoding.WithPadding and base64.Encoding.WithPadding now panic if the padding argument is a negative value other than NoPadding. o encoding/json: Marshaling and encoding functionality now escapes ‘\b’ and ‘ \f’ characters as \b and \f instead of \u0008 and \u000c. o go/ast: The following declarations related to syntactic identifier resolution are now deprecated: Ident.Obj, Object, Scope, File.Scope, File.Unresolved, Importer, Package, NewPackage. In general, identifiers cannot be accurately resolved without type information. Consider, for example, the identifier K in T{K: “”}: it could be the name of a local variable if T is a map type, or the name of a field if T is a struct type. New programs should use the go/types package to resolve identifiers; see Object, Info.Uses, and Info.Defs for details. o go/ast: The new ast.Unparen function removes any enclosing parentheses from an expression. o go/types: The new Alias type represents type aliases. Previously, type aliases were not represented explicitly, so a reference to a type alias was equivalent to spelling out the aliased type, and the name of the alias was lost. The new representation retains the intermediate Alias. This enables improved error reporting (the name of a type alias can be reported), and allows for better handling of cyclic type declarations involving type aliases. In a future release, Alias types will also carry type parameter information. The new function Unalias returns the actual type denoted by an Alias type (or any other Type for that matter). o go/types: Because Alias types may break existing type switches that do not know to check for them, this functionality is controlled by a GODEBUG field named gotypesalias. With gotypesalias=0, everything behaves as before, and Alias types are never created. With gotypesalias=1, Alias types are created and clients must expect them. The default is gotypesalias=0. In a future release, the default will be changed to gotypesalias=1. Clients of go/types are urged to adjust their code as soon as possible to work with gotypesalias=1 to eliminate problems early. o go/types: The Info struct now exports the FileVersions map which provides per-file Go version information. o go/types: The new helper method PkgNameOf returns the local package name for the given import declaration. o go/types: The implementation of SizesFor has been adjusted to compute the same type sizes as the compiler when the compiler argument for SizesFor is “gc”. The default Sizes implementation used by the type checker is now types.SizesFor(“gc”, “amd64”). o go/types: The start position (Pos) of the lexical environment block (Scope) that represents a function body has changed: it used to start at the opening curly brace of the function body, but now starts at the function’s func token. o html/template: Javascript template literals may now contain Go template actions, and parsing a template containing one will no longer return ErrJSTemplate. Similarly the GODEBUG setting jstmpllitinterp no longer has any effect. o io: The new SectionReader.Outer method returns the ReaderAt, offset, and size passed to NewSectionReader. o log/slog: The new SetLogLoggerLevel function controls the level for the bridge between the slog and log packages. It sets the minimum level for calls to the top-level slog logging functions, and it sets the level for calls to log.Logger that go through slog . o math/big: The new method Rat.FloatPrec computes the number of fractional decimal digits required to represent a rational number accurately as a floating-point number, and whether accurate decimal representation is possible in the first place. o net: When io.Copy copies from a TCPConn to a UnixConn, it will now use Linux’s splice(2) system call if possible, using the new method TCPConn.WriteTo. o net: The Go DNS Resolver, used when building with “-tags=netgo”, now searches for a matching name in the Windows hosts file, located at %SystemRoot%\System32\drivers\etc\hosts, before making a DNS query. o net/http: The new functions ServeFileFS, FileServerFS, and NewFileTransportFS are versions of the existing ServeFile, FileServer, and NewFileTransport, operating on an fs.FS. o net/http: The HTTP server and client now reject requests and responses containing an invalid empty Content-Length header. The previous behavior may be restored by setting GODEBUG field httplaxcontentlength=1. o net/http: The new method Request.PathValue returns path wildcard values from a request and the new method Request.SetPathValue sets path wildcard values on a request. o net/http/cgi: When executing a CGI process, the PATH_INFO variable is now always set to the empty string or a value starting with a / character, as required by RFC 3875. It was previously possible for some combinations of Handler.Root and request URL to violate this requirement. o net/netip: The new AddrPort.Compare method compares two AddrPorts. o os: On Windows, the Stat function now follows all reparse points that link to another named entity in the system. It was previously only following IO_REPARSE_TAG_SYMLINK and IO_REPARSE_TAG_MOUNT_POINT reparse points. o os: On Windows, passing O_SYNC to OpenFile now causes write operations to go directly to disk, equivalent to O_SYNC on Unix platforms. o os: On Windows, the ReadDir, File.ReadDir, File.Readdir, and File.Readdirnames functions now read directory entries in batches to reduce the number of system calls, improving performance up to 30%. o os: When io.Copy copies from a File to a net.UnixConn, it will now use Linux’s sendfile(2) system call if possible, using the new method File.WriteTo. o os/exec: On Windows, LookPath now ignores empty entries in %PATH%, and returns ErrNotFound (instead of ErrNotExist) if no executable file extension is found to resolve an otherwise-unambiguous name. o os/exec: On Windows, Command and Cmd.Start no longer call LookPath if the path to the executable is already absolute and has an executable file extension. In addition, Cmd.Start no longer writes the resolved extension back to the Path field, so it is now safe to call the String method concurrently with a call to Start. o reflect: The Value.IsZero method will now return true for a floating-point or complex negative zero, and will return true for a struct value if a blank field (a field named _) somehow has a non-zero value. These changes make IsZero consistent with comparing a value to zero using the language == operator. o reflect: The PtrTo function is deprecated, in favor of PointerTo. o reflect: The new function TypeFor returns the Type that represents the type argument T. Previously, to get the reflect.Type value for a type, one had to use reflect.TypeOf((*T)(nil)).Elem(). This may now be written as reflect.TypeFor T . o runtime/metrics: Four new histogram metrics /sched/pauses/stopping/ gc:seconds, /sched/pauses/stopping/other:seconds, /sched/pauses/total/ gc:seconds, and /sched/pauses/total/other:seconds provide additional details about stop-the-world pauses. The “stopping” metrics report the time taken from deciding to stop the world until all goroutines are stopped. The “total” metrics report the time taken from deciding to stop the world until it is started again. o runtime/metrics: The /gc/pauses:seconds metric is deprecated, as it is equivalent to the new /sched/pauses/total/gc:seconds metric. o runtime/metrics: /sync/mutex/wait/total:seconds now includes contention on runtime-internal locks in addition to sync.Mutex and sync.RWMutex. o runtime/pprof: Mutex profiles now scale contention by the number of goroutines blocked on the mutex. This provides a more accurate representation of the degree to which a mutex is a bottleneck in a Go program. For instance, if 100 goroutines are blocked on a mutex for 10 milliseconds, a mutex profile will now record 1 second of delay instead of 10 milliseconds of delay. o runtime/pprof: Mutex profiles also now include contention on runtime-internal locks in addition to sync.Mutex and sync.RWMutex. Contention on runtime-internal locks is always reported at runtime._LostContendedRuntimeLock. A future release will add complete stack traces in these cases. o runtime/pprof: CPU profiles on Darwin platforms now contain the process’s memory map, enabling the disassembly view in the pprof tool. o runtime/trace: The execution tracer has been completely overhauled in this release, resolving several long-standing issues and paving the way for new use-cases for execution traces. o runtime/trace: Execution traces now use the operating system’s clock on most platforms (Windows excluded) so it is possible to correlate them with traces produced by lower-level components. Execution traces no longer depend on the reliability of the platform’s clock to produce a correct trace. Execution traces are now partitioned regularly on-the-fly and as a result may be processed in a streamable way. Execution traces now contain complete durations for all system calls. Execution traces now contain information about the operating system threads that goroutines executed on. The latency impact of starting and stopping execution traces has been dramatically reduced. Execution traces may now begin or end during the garbage collection mark phase. o runtime/trace: To allow Go developers to take advantage of these improvements, an experimental trace reading package is available at golang.org/x/exp/trace. Note that this package only works on traces produced by programs built with go1.22 at the moment. Please try out the package and provide feedback on the corresponding proposal issue. o runtime/trace: If you experience any issues with the new execution tracer implementation, you may switch back to the old implementation by building your Go program with GOEXPERIMENT=noexectracer2. If you do, please file an issue, otherwise this option will be removed in a future release. o slices: The new function Concat concatenates multiple slices. o slices: Functions that shrink the size of a slice (Delete, DeleteFunc, Compact, CompactFunc, and Replace) now zero the elements between the new length and the old length. o slices: Insert now always panics if the argument i is out of range. Previously it did not panic in this situation if there were no elements to be inserted. o syscall: The syscall package has been frozen since Go 1.4 and was marked as deprecated in Go 1.11, causing many editors to warn about any use of the package. However, some non-deprecated functionality requires use of the syscall package, such as the os/exec.Cmd.SysProcAttr field. To avoid unnecessary complaints on such code, the syscall package is no longer marked as deprecated. The package remains frozen to most new functionality, and new code remains encouraged to use golang.org/x/sys/unix or golang.org/ x/sys/windows where possible. o syscall: On Linux, the new SysProcAttr.PidFD field allows obtaining a PID FD when starting a child process via StartProcess or os/exec. o syscall: On Windows, passing O_SYNC to Open now causes write operations to go directly to disk, equivalent to O_SYNC on Unix platforms. o testing/slogtest: The new Run function uses sub-tests to run test cases, providing finer-grained control. o Ports: Darwin: On macOS on 64-bit x86 architecture (the darwin/amd64 port), the Go toolchain now generates position-independent executables (PIE) by default. Non-PIE binaries can be generated by specifying the -buildmode=exe build flag. On 64-bit ARM-based macOS (the darwin/arm64 port), the Go toolchain already generates PIE by default. go1.22 is the last release that will run on macOS 10.15 Catalina. Go 1.23 will require macOS 11 Big Sur or later. o Ports: Arm: The GOARM environment variable now allows you to select whether to use software or hardware floating point. Previously, valid GOARM values were 5, 6, or 7. Now those same values can be optionally followed by ,softfloat or ,hardfloat to select the floating-point implementation. This new option defaults to softfloat for version 5 and hardfloat for versions 6 and 7. o Ports: Loong64: The loong64 port now supports passing function arguments and results using registers. The linux/loong64 port now supports the address sanitizer, memory sanitizer, new-style linker relocations, and the plugin build mode. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-936=1 Package List: o SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) go1.22-doc-1.22.1-1.3.1 go1.22-1.22.1-1.3.1 References: o https://www.suse.com/security/cve/CVE-2023-45289.html o https://www.suse.com/security/cve/CVE-2023-45290.html o https://www.suse.com/security/cve/CVE-2024-24783.html o https://www.suse.com/security/cve/CVE-2024-24784.html o https://www.suse.com/security/cve/CVE-2024-24785.html o https://bugzilla.suse.com/show_bug.cgi?id=1218424 o https://bugzilla.suse.com/show_bug.cgi?id=1219988 o https://bugzilla.suse.com/show_bug.cgi?id=1220999 o https://bugzilla.suse.com/show_bug.cgi?id=1221000 o https://bugzilla.suse.com/show_bug.cgi?id=1221001 o https://bugzilla.suse.com/show_bug.cgi?id=1221002 o https://bugzilla.suse.com/show_bug.cgi?id=1221003 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • ghostscript: CVSS (Max): 8.1
    on March 28, 2024 at 6:20 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1915 Security update for ghostscript 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: ghostscript Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2020-36773 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240920-1 Comment: CVSS (Max): 8.1 CVE-2020-36773 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for ghostscript Announcement ID: SUSE-SU-2024:0920-1 Rating: moderate o bsc#1219357 References: o bsc#1219554 Cross-References: o CVE-2020-36773 o CVE-2020-36773 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R /S:U/C:N/I:H/A:H CVSS scores: o CVE-2020-36773 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:H/A:H o Basesystem Module 15-SP5 o openSUSE Leap 15.5 Affected o SUSE Linux Enterprise Desktop 15 SP5 Products: o SUSE Linux Enterprise High Performance Computing 15 SP5 o SUSE Linux Enterprise Real Time 15 SP5 o SUSE Linux Enterprise Server 15 SP5 o SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has one security fix can now be installed. Description: This update for ghostscript fixes the following issues: o Fixed segfaults in gs_heap_free_object() – ref:_00D1igLOd._500Tr4BRgx:ref (bsc#1219357). Previously fixed security issue: o CVE-2020-36773: Fixed out-of-bounds write and use-after-free in devices/ vector/gdevtxtw.c (for txtwrite) (bsc#1219554). Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-920=1 o Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-920=1 Package List: o openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) ghostscript-x11-debuginfo-9.52-150000.185.1 ghostscript-9.52-150000.185.1 ghostscript-debugsource-9.52-150000.185.1 ghostscript-devel-9.52-150000.185.1 ghostscript-debuginfo-9.52-150000.185.1 ghostscript-x11-9.52-150000.185.1 o Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) ghostscript-x11-debuginfo-9.52-150000.185.1 ghostscript-9.52-150000.185.1 ghostscript-debugsource-9.52-150000.185.1 ghostscript-devel-9.52-150000.185.1 ghostscript-debuginfo-9.52-150000.185.1 ghostscript-x11-9.52-150000.185.1 References: o https://www.suse.com/security/cve/CVE-2020-36773.html o https://bugzilla.suse.com/show_bug.cgi?id=1219357 o https://bugzilla.suse.com/show_bug.cgi?id=1219554 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • ghostscript: CVSS (Max): 8.1
    on March 28, 2024 at 6:20 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1914 Security update for ghostscript 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: ghostscript Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2020-36773 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240921-1 Comment: CVSS (Max): 8.1 CVE-2020-36773 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for ghostscript Announcement ID: SUSE-SU-2024:0921-1 Rating: moderate o bsc#1219357 References: o bsc#1219554 Cross-References: o CVE-2020-36773 o CVE-2020-36773 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R /S:U/C:N/I:H/A:H CVSS scores: o CVE-2020-36773 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:H/A:H o SUSE Linux Enterprise High Performance Computing 12 SP5 Affected o SUSE Linux Enterprise Server 12 SP5 Products: o SUSE Linux Enterprise Server for SAP Applications 12 SP5 o SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. Description: This update for ghostscript fixes the following issues: o Fixed segfaults in gs_heap_free_object() – ref:_00D1igLOd._500Tr4BRgx:ref (bsc#1219357). Previously fixed security issue: o CVE-2020-36773: Fixed out-of-bounds write and use-after-free in devices/ vector/gdevtxtw.c (for txtwrite) (bsc#1219554). Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-921=1 o SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-921=1 o SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-921=1 o SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-921=1 Package List: o SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) ghostscript-debuginfo-9.52-23.71.1 ghostscript-debugsource-9.52-23.71.1 ghostscript-devel-9.52-23.71.1 o SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) ghostscript-x11-9.52-23.71.1 ghostscript-x11-debuginfo-9.52-23.71.1 ghostscript-devel-9.52-23.71.1 ghostscript-debuginfo-9.52-23.71.1 ghostscript-9.52-23.71.1 ghostscript-debugsource-9.52-23.71.1 o SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) ghostscript-x11-9.52-23.71.1 ghostscript-x11-debuginfo-9.52-23.71.1 ghostscript-devel-9.52-23.71.1 ghostscript-debuginfo-9.52-23.71.1 ghostscript-9.52-23.71.1 ghostscript-debugsource-9.52-23.71.1 o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) ghostscript-x11-9.52-23.71.1 ghostscript-x11-debuginfo-9.52-23.71.1 ghostscript-devel-9.52-23.71.1 ghostscript-debuginfo-9.52-23.71.1 ghostscript-9.52-23.71.1 ghostscript-debugsource-9.52-23.71.1 References: o https://www.suse.com/security/cve/CVE-2020-36773.html o https://bugzilla.suse.com/show_bug.cgi?id=1219357 o https://bugzilla.suse.com/show_bug.cgi?id=1219554 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

  • rubygem-rack-1_4: CVSS (Max): 7.5
    on March 28, 2024 at 6:19 am

    =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1913 Security update for rubygem-rack-1_4 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary ——————————— Product: rubygem-rack-1_4 Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2024-26146 CVE-2024-25126 CVE-2024-26141 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240946-1 Comment: CVSS (Max): 7.5 CVE-2024-26141 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H – ————————–BEGIN INCLUDED TEXT——————– Security update for rubygem-rack-1_4 Announcement ID: SUSE-SU-2024:0946-1 Rating: important o bsc#1220239 References: o bsc#1220242 o bsc#1220248 o CVE-2024-25126 Cross-References: o CVE-2024-26141 o CVE-2024-26146 o CVE-2024-25126 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2024-26141 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N CVSS scores: /S:U/C:N/I:N/A:H o CVE-2024-26146 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:L o Containers Module 12 o SUSE Linux Enterprise High Performance Computing 12 SP2 o SUSE Linux Enterprise High Performance Computing 12 SP3 o SUSE Linux Enterprise High Performance Computing 12 SP4 o SUSE Linux Enterprise High Performance Computing 12 SP5 o SUSE Linux Enterprise Server 12 o SUSE Linux Enterprise Server 12 SP1 Affected o SUSE Linux Enterprise Server 12 SP2 Products: o SUSE Linux Enterprise Server 12 SP3 o SUSE Linux Enterprise Server 12 SP4 o SUSE Linux Enterprise Server 12 SP5 o SUSE Linux Enterprise Server for SAP Applications 12 o SUSE Linux Enterprise Server for SAP Applications 12 SP1 o SUSE Linux Enterprise Server for SAP Applications 12 SP2 o SUSE Linux Enterprise Server for SAP Applications 12 SP3 o SUSE Linux Enterprise Server for SAP Applications 12 SP4 o SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. Description: This update for rubygem-rack-1_4 fixes the following issues: o CVE-2024-25126: Fixed a Denial of Service Vulnerability in Rack Content-Type Parsing (bsc#1220239) o CVE-2024-26141: Fixed a Denial of Service Vulnerability in Range request header parsing (bsc#1220242) o CVE-2024-26146: Fixed a Denial of Service vulnerability in Rack headers parsing routine (bsc#1220248) Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: o Containers Module 12 zypper in -t patch SUSE-SLE-Module-Containers-12-2024-946=1 Package List: o Containers Module 12 (x86_64) ruby2.1-rubygem-rack-1_4-1.4.5-9.3.1 References: o https://www.suse.com/security/cve/CVE-2024-25126.html o https://www.suse.com/security/cve/CVE-2024-26141.html o https://www.suse.com/security/cve/CVE-2024-26146.html o https://bugzilla.suse.com/show_bug.cgi?id=1220239 o https://bugzilla.suse.com/show_bug.cgi?id=1220242 o https://bugzilla.suse.com/show_bug.cgi?id=1220248 – ————————–END INCLUDED TEXT———————- You have received this e-mail bulletin as a result of your organisation’s registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT’s members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation’s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author’s website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================

Websitecyber related posts:

How Scammers Con People

The so-called 'romance scam' that every day sees unsuspecting online daters conned out of tens of thousands of pounds by scammers.

Latitude Financial Refuses to Pay

Finance company Latitude Financial says it will not give in to ransom demands by cyber criminals behind one of Australia's largest cyber-attacks.

Gift Card Skimming Scam Uncovered

This scam, known as gift card skimming, has been gaining popularity among thieves, and one Target store in Sacramento County was recently targeted.

The Age of Cyber Warfare

We take a look at Cyber Warfare. In the warfare of today and the future, it's the push of a button rather than the pull of a trigger.

Security Advisories Aruba

Security Advisories Aruba, Aruba People move. Networks must follow.

ASD Releases Coin With Secret Code

Australian Signals Directorate releases coin with secret code to mark cyber-spy agency's 75th anniversary.

Family Scammed for Over $40,000

As the fallout continues following the Optus data breach, one Melbourne family has been scammed and they have lost more than $40,000.

City of Detroit Cyber Attack

Current and former City of Detroit employees were shocked to receive letters informing them of a cyber attack that occurred in August of last year.

China all-out Cyber Attack

Cybersecurity and power grid vulnerabilities are becoming a real threat, and that China is preparing all-out cyber attack on America in a Taiwan conflict.

Nigerian Fraud Syndicates

All those e-mails, faxes and letters offering you a fortune and those get rich quick schemes are the Nigerian fraud scams and they are big business.

openSUSE Security

openSUSE Security is the community's central source for information on Linux and open source security. We follow the open source trends as they affect the commu...

Mobile Threats

The latest Mobile Threats from Securelist
Share Websitecyber