- bind
-
- Update to release 9.16.50
Bug Fixes:
* A regression in cache-cleaning code enabled memory use to grow
significantly more quickly than before, until the configured
max-cache-size limit was reached. This has been fixed.
* Using rndc flush inadvertently caused cache cleaning to become
less effective. This could ultimately lead to the configured
max-cache-size limit being exceeded and has now been fixed.
* The logic for cleaning up expired cached DNS records was
tweaked to be more aggressive. This change helps with enforcing
max-cache-ttl and max-ncache-ttl in a timely manner.
* It was possible to trigger a use-after-free assertion when the
overmem cache cleaning was initiated. This has been fixed.
New Features:
* Added RESOLVER.ARPA to the built in empty zones.
- Security Fixes:
* It is possible to craft excessively large numbers of resource
record types for a given owner name, which has the effect of
slowing down database processing. This has been addressed by
adding a configurable limit to the number of records that can
be stored per name and type in a cache or zone database. The
default is 100, which can be tuned with the new
max-types-per-name option. (CVE-2024-1737)
[bsc#1228256, bind-9.16-CVE-2024-1737.patch]
* Validating DNS messages signed using the SIG(0) protocol (RFC
2931) could cause excessive CPU load, leading to a
denial-of-service condition. Support for SIG(0) message
validation was removed from this version of named.
(CVE-2024-1975)
[bsc#1228257, bind-9.16-CVE-2024-1975.patch]
* When looking up the NS records of parent zones as part of
looking up DS records, it was possible for named to trigger an
assertion failure if serve-stale was enabled. This has been
fixed. (CVE-2024-4076)
[bsc#1228258, bind-9.16-CVE-2024-4076.patch]
- chrony
-
- Use make quickcheck instead of make check to avoid >1h build
times and failures due to timeouts. This was the default before
3.2 but it changed to make tests more reliable. Here a seed is
already set to get deterministic execution.
- Use shorter NTS-KE retry interval when network is down
(bsc#1213551, chrony-burst_total_samples_to_go.patch,
chrony-retry_interval_ke_start.patch).
- containerd
-
- Revert noarch for devel subpackage
Switching to noarch causes issues on SLES maintenance updates, reverting it
fixes our image builds
- Update to containerd v1.7.17. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.17>
- Switch back to using tar_scm service. Aside from obs_scm using more bandwidth
and storage than a locally-compressed tar.xz, it seems there's some weird
issue with paths in obscpio that break our SLE-12-only patch.
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.16. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.16>
CVE-2023-45288 bsc#1221400
- Use obs_scm service instead of tar_scm
- Removed patch 0002-shim-Create-pid-file-with-0644-permissions.patch
(merged upstream at
<https://github.com/containerd/containerd/pull/9571>)
- Update to containerd v1.7.15. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.15>
- Update to containerd v1.7.14. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.14>
- Update to containerd v1.7.13. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.13>
- Update to containerd v1.7.12. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.12>
- Update to containerd v1.7.11. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.11>
GHSA-jq35-85cj-fj4p bsc#1224323
- Use %patch -P N instead of deprecated %patchN.
- Enable manpage generation
- Make devel package noarch
- adjust rpmlint filters
- cups
-
- Require the exact matching version-release of all libcups*
sub-packages (bsc#1226192)
- docker
-
[NOTE: This update was only ever released in SLES and Leap.]
- Update to Docker 25.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2506>
- This update includes a fix for CVE-2024-41110. bsc#1228324
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
* 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. Backport of <https://github.com/moby/buildkit/pull/4896> and
<https://github.com/moby/buildkit/pull/5060>. bsc#1221916
+ 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. Backport of
<https://github.com/moby/moby/pull/48034>. bsc#1214855
+ 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
[NOTE: This update was only ever released in SLES and Leap.]
- Update to Docker 25.0.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2505> bsc#1223409
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Remove upstreamed patches:
- 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
- Update --add-runtime to point to correct binary path.
- dracut
-
- Update to version 055+suse.357.g905645c2:
* fix(dracut-install): continue parsing if ldd prints "cannot be preloaded" (bsc#1208690)
* fix(zfcp_rules): correct shellcheck regression when parsing ccw args (bsc#1220485)
* fix(dracut.sh): skip README for AMD microcode generation (bsc#1217083)
- iputils
-
- Backport upstream fix for bsc#1225963
b589819 ("arping: Fix exit code if receive more replies than sent")
0001-arping-Fix-exit-code-if-receive-more-replies-than-se.patch
- Update 0002-arping-Fix-unsolicited-ARP-regressions-on-c-1.patch
after upstream merged the fix, update git commit hashes.
- kernel-default
-
- hsr: Prevent use after free in prp_create_tagged_frame()
(CVE-2023-52846 bsc#1225098).
- commit 74c7662
- Update
patches.suse/powerpc-pseries-iommu-IOMMU-table-is-not-initialized.patch
(bsc#1220492 ltc#205270 CVE-2024-26745 bsc#1222678).
- commit bb42730
- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
(CVE-2024-36904 bsc#1225732).
- commit 975b193
- tcp: do not accept ACK of bytes we never sent (CVE-2023-52881
bsc#1225611).
- commit ab5f35b
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
(bsc#1222015 bsc#1226962).
- commit bcf126b
- random: treat bootloader trust toggle the same way as cpu
trust toggle (bsc#1226953).
- commit 9e8060b
- Update
patches.suse/smb-client-guarantee-refcounted-children-from-parent-session.patch
(bsc#1224679 CVE-2024-35869).
- commit ed4e9d0
- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in
BPF_LINK_CREATE (bsc#1226789 CVE-2024-38564).
- bpf: Add attach_type checks under
bpf_prog_attach_check_attach_type (bsc#1226789 CVE-2024-38564).
- commit fec2539
- scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758
CVE-2024-38559).
- scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786
CVE-2024-38560).
- commit 45c369f
- ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634, CVE-2024-38578).
- commit 7445d84
- RDMA/hns: Fix UAF for cq async event (bsc#1226595 CVE-2024-38545)
- commit 98b2f74
- nbd: fix uaf in nbd_open (bsc#1224935 CVE-2023-52837).
- commit fac144b
- of: module: prevent NULL pointer dereference in vsnprintf() (bsc#1226587 CVE-2024-38541)
- commit 0394d90
- of: module: add buffer overflow check in of_modalias() (bsc#1226587 CVE-2024-38541)
- commit e54e996
- net: preserve kabi for struct dst_ops (CVE-2024-36971
bsc#1226145).
- commit 74d650a
- net: fix __dst_negative_advice() race (CVE-2024-36971
bsc#1226145).
- commit 6d5c393
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high
(bsc#1219224).
- commit f18a759
- smb: client: guarantee refcounted children from parent session
(bsc#1224679, CVE-35869).
- commit b0f469c
- smb: client: ensure to try all targets when finding nested links
(bsc#1224020).
- commit df159e7
- smb: client: fix potential UAF in smb2_is_valid_lease_break()
(bsc#1224765, CVE-2024-35864).
- commit c296805
- smb: client: fix potential UAF in smb2_is_network_name_deleted()
(bsc#1224764, CVE-2024-35862).
- commit aa75c00
- smb: client: fix potential UAF in
cifs_signal_cifsd_for_reconnect() (bsc#1224766, CVE-2024-35861).
- commit f77cc8d
- smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225487, CVE-2023-52752).
- commit 39fb8f3
- blacklist.conf: Add a7fb0423c201 cgroup: Move rcu_head up near the top of cgroup_root
- commit 552377b
- gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225737 CVE-2024-36899).
- commit 9b295f5
- rpmsg: virtio: Free driver_override when rpmsg_remove()
(bsc#1224696 CVE-2023-52670).
- commit beb5bc4
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- commit 240d70b
- cgroup: Add annotation for holding namespace_sem in
current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in
proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe
(bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- commit 8c880e4
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN
changes (CVE-2024-35789 bsc#1224749).
- commit 2b6904d
- fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1225866 CVE-2024-36964).
- commit b5d7488
- pinctrl: core: delete incorrect free in pinctrl_enable()
(CVE-2024-36940 bsc#1225840).
- commit 9b799cc
- staging: rtl8192e: Fix use after free in
_rtl92e_pci_disconnect() (CVE-2021-47571 bsc#1225518).
- commit 9461ee5
- xfs: don't include bnobt blocks when reserving free block pool
(bsc#1226270).
- commit 1f7ae4f
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212)
Some builds don't just create an iso9660 image, but also mount it during
build.
- commit aaee141
- rpm/kernel-obs-build.spec.in: Add networking modules for docker
(bsc#1226211)
docker needs more networking modules, even legacy iptable_nat and _filter.
- commit 415e132
- net: vlan: fix underflow for the real_dev refcnt
(CVE-2021-47555 bsc#1225467).
- commit 345ef84
- Bluetooth: Add more enc key size check (bsc#1218148
CVE-2023-24023).
- commit 38891ed
- Bluetooth: Normalize HCI_OP_READ_ENC_KEY_SIZE cmdcmplt
(bsc#1218148 CVE-2023-24023).
- commit b7a79da
- blacklist.conf: Add 1971d13ffa84a "af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc()."
- commit afe27ac
- usb: gadget: f_fs: Fix race between aio_cancel() and AIO
request complete (CVE-2024-36894 bsc#1225749).
- commit 5501fb7
- net: preserve kabi for sk_buff (CVE-2024-26921 bsc#1223138).
- commit 68cb9bf
- inet: inet_defrag: prevent sk release while still in use
(CVE-2024-26921 bsc#1223138).
- commit fb20c1d
- Update references
- commit 006ab15
- drm/client: Fully protect modes with dev->mode_config.mutex (CVE-2024-35950 bsc#1224703).
- commit 75706b6
- bpf: Protect against int overflow for stack access size
(bsc#1224488 CVE-2024-35905).
- commit 1edb341
- cifs: fix underflow in parse_server_interfaces() (bsc#1223084,
CVE-2024-26828).
- commit cade548
- smb: client: fix potential UAF in is_valid_oplock_break()
(bsc#1224763, CVE-2024-35863).
- commit bfa9e6b
- smb: client: fix potential UAF in cifs_stats_proc_show()
(bsc#1224664, CVE-2024-35867).
- commit 45bad5a
- smb: client: fix potential UAF in cifs_stats_proc_write()
(bsc#1224678, CVE-2024-35868).
- commit 3ae3416
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
(bsc#1223532, CVE-2024-26928).
- commit e95e3a6
- Update
patches.suse/ALSA-hda-Do-not-unset-preset-when-cleaning-up-codec.patch
(git-fixes CVE-2023-52736 bsc#1225486).
- Update
patches.suse/ALSA-hda-Fix-possible-null-ptr-deref-when-assigning-.patch
(git-fixes CVE-2023-52806 bsc#1225554).
- Update
patches.suse/Bluetooth-btusb-Add-date-evt_skb-is-NULL-check.patch
(git-fixes CVE-2023-52833 bsc#1225595).
- Update
patches.suse/Fix-page-corruption-caused-by-racy-check-in-__free_pages.patch
(bsc#1208149 CVE-2023-52739 bsc#1225118).
- Update
patches.suse/IB-IPoIB-Fix-legacy-IPoIB-due-to-wrong-number-of-que.patch
(git-fixes CVE-2023-52745 bsc#1225032).
- Update
patches.suse/IB-hfi1-Restore-allocated-resources-on-failed-copyou.patch
(git-fixes CVE-2023-52747 bsc#1224931).
- Update
patches.suse/Input-synaptics-rmi4-fix-use-after-free-in-rmi_unreg.patch
(git-fixes CVE-2023-52840 bsc#1224928).
- Update
patches.suse/RDMA-irdma-Fix-potential-NULL-ptr-dereference.patch
(git-fixes CVE-2023-52744 bsc#1225121).
- Update
patches.suse/atl1c-Work-around-the-DMA-RX-overflow-issue.patch
(git-fixes CVE-2023-52834 bsc#1225599).
- Update
patches.suse/can-dev-can_put_echo_skb-don-t-crash-kernel-if-can_p.patch
(git-fixes CVE-2023-52878 bsc#1225000).
- Update
patches.suse/cifs-Fix-use-after-free-in-rdata-read_into_pages-.patch
(git-fixes CVE-2023-52741 bsc#1225479).
- Update
patches.suse/clk-mediatek-clk-mt2701-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52875 bsc#1225096).
- Update
patches.suse/clk-mediatek-clk-mt6765-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52870 bsc#1224937).
- Update
patches.suse/clk-mediatek-clk-mt6779-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52873 bsc#1225589).
- Update
patches.suse/clk-mediatek-clk-mt6797-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52865 bsc#1225086).
- Update
patches.suse/clk-mediatek-clk-mt7629-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52858 bsc#1225566).
- Update
patches.suse/clk-mediatek-clk-mt7629-eth-Add-check-for-mtk_alloc_.patch
(git-fixes CVE-2023-52876 bsc#1225036).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch
(git-fixes CVE-2023-52819 bsc#1225532).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch
(git-fixes CVE-2023-52818 bsc#1225530).
- Update
patches.suse/drm-amd-display-Avoid-NULL-dereference-of-timing-gen.patch
(git-fixes CVE-2023-52753 bsc#1225478).
- Update
patches.suse/drm-amdgpu-Fix-a-null-pointer-access-when-the-smc_rr.patch
(git-fixes CVE-2023-52817 bsc#1225569).
- Update
patches.suse/drm-amdgpu-Fix-potential-null-pointer-derefernce.patch
(git-fixes CVE-2023-52814 bsc#1225565).
- Update
patches.suse/drm-amdgpu-fence-Fix-oops-due-to-non-matching-drm_sc.patch
(git-fixes CVE-2023-52738 bsc#1225005).
- Update
patches.suse/drm-amdkfd-Fix-a-race-condition-of-vram-buffer-unref.patch
(git-fixes CVE-2023-52825 bsc#1225076).
- Update
patches.suse/drm-amdkfd-Fix-shift-out-of-bounds-issue.patch
(git-fixes CVE-2023-52816 bsc#1225529).
- Update
patches.suse/drm-bridge-lt8912b-Fix-crash-on-bridge-detach.patch
(git-fixes CVE-2023-52856 bsc#1224932).
- Update
patches.suse/drm-panel-fix-a-possible-null-pointer-dereference.patch
(git-fixes CVE-2023-52821 bsc#1225022).
- Update
patches.suse/drm-panel-panel-tpo-tpg110-fix-a-possible-null-point.patch
(git-fixes CVE-2023-52826 bsc#1225077).
- Update patches.suse/drm-radeon-possible-buffer-overflow.patch
(git-fixes CVE-2023-52867 bsc#1225009).
- Update
patches.suse/fbdev-imsttfb-fix-a-resource-leak-in-probe.patch
(git-fixes CVE-2023-52838 bsc#1225031).
- Update
patches.suse/fs-jfs-Add-check-for-negative-db_l2nbperpage.patch
(git-fixes CVE-2023-52810 bsc#1225557).
- Update
patches.suse/fs-jfs-Add-validity-check-for-db_maxag-and-db_agpref.patch
(git-fixes CVE-2023-52804 bsc#1225550).
- Update patches.suse/gfs2-ignore-negated-quota-changes.patch
(git-fixes CVE-2023-52759 bsc#1225560).
- Update
patches.suse/hid-cp2112-Fix-duplicate-workqueue-initialization.patch
(git-fixes CVE-2023-52853 bsc#1224988).
- Update
patches.suse/i2c-core-Run-atomic-i2c-xfer-when-preemptible.patch
(git-fixes CVE-2023-52791 bsc#1225108).
- Update
patches.suse/i3c-master-mipi-i3c-hci-Fix-a-kernel-panic-for-acces.patch
(git-fixes CVE-2023-52763 bsc#1225570).
- Update
patches.suse/i915-perf-Fix-NULL-deref-bugs-with-drm_dbg-calls.patch
(git-fixes CVE-2023-52788 bsc#1225106).
- Update
patches.suse/ice-Do-not-use-WQ_MEM_RECLAIM-flag-for-workqueue.patch
(git-fixes CVE-2023-52743 bsc#1225003).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-dbFindLeaf.patch
(git-fixes CVE-2023-52799 bsc#1225472).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-diAlloc.patch
(git-fixes CVE-2023-52805 bsc#1225553).
- Update
patches.suse/media-bttv-fix-use-after-free-error-due-to-btv-timeo.patch
(git-fixes CVE-2023-52847 bsc#1225588).
- Update
patches.suse/media-gspca-cpia1-shift-out-of-bounds-in-set_flicker.patch
(git-fixes CVE-2023-52764 bsc#1225571).
- Update
patches.suse/media-imon-fix-access-to-invalid-resource-for-the-se.patch
(git-fixes CVE-2023-52754 bsc#1225490).
- Update
patches.suse/media-vidtv-mux-Add-check-and-kfree-for-kstrdup.patch
(git-fixes CVE-2023-52841 bsc#1225592).
- Update patches.suse/media-vidtv-psi-Add-check-for-kstrdup.patch
(git-fixes CVE-2023-52844 bsc#1225590).
- Update
patches.suse/mmc-mmc_spi-fix-error-handling-in-mmc_spi_probe.patch
(git-fixes CVE-2023-52708 bsc#1225483).
- Update
patches.suse/mmc-sdio-fix-possible-resource-leaks-in-some-error-p.patch
(git-fixes CVE-2023-52730 bsc#1224956).
- Update
patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch
(git-fixes CVE-2023-52742 bsc#1225482).
- Update
patches.suse/net-openvswitch-fix-possible-memory-leak-in-ovs_mete.patch
(git-fixes CVE-2023-52702 bsc#1224945).
- Update
patches.suse/net-usb-kalmia-Don-t-pass-act_len-in-usb_bulk_msg-er.patch
(git-fixes CVE-2023-52703 bsc#1225549).
- Update
patches.suse/padata-Fix-refcnt-handling-in-padata_free_shell.patch
(git-fixes CVE-2023-52854 bsc#1225584).
- Update
patches.suse/platform-x86-wmi-Fix-opening-of-char-device.patch
(git-fixes CVE-2023-52864 bsc#1225132).
- Update
patches.suse/powerpc-64s-interrupt-Fix-interrupt-exit-race-with-s.patch
(bsc#1194869 CVE-2023-52740 bsc#1225471).
- Update
patches.suse/powerpc-powernv-Add-a-null-pointer-check-in-opal_eve.patch
(bsc#1065729 CVE-2023-52686 bsc#1224682).
- Update
patches.suse/powerpc-powernv-Add-a-null-pointer-check-to-scom_deb.patch
(bsc#1194869 CVE-2023-52690 bsc#1224611).
- Update patches.suse/pwm-Fix-double-shift-bug.patch (git-fixes
CVE-2023-52756 bsc#1225461).
- Update
patches.suse/s390-dasd-protect-device-queue-against-concurrent-access.patch
(git-fixes bsc#1217515 CVE-2023-52774 bsc#1225572).
- Update
patches.suse/s390-decompressor-specify-__decompress-buf-len-to-avoid-overflow.patch
(git-fixes bsc#1213863 CVE-2023-52733 bsc#1225488).
- Update
patches.suse/sched-psi-Fix-use-after-free-in-ep_remove_wait_queue.patch
(bsc#1209799 CVE-2023-52707 bsc#1225109).
- Update
patches.suse/soc-qcom-llcc-Handle-a-second-device-without-data-co.patch
(git-fixes CVE-2023-52871 bsc#1225534).
- Update
patches.suse/thermal-core-prevent-potential-string-overflow.patch
(git-fixes CVE-2023-52868 bsc#1225044).
- Update
patches.suse/tty-n_gsm-fix-race-condition-in-status-line-change-o.patch
(git-fixes CVE-2023-52872 bsc#1225591).
- Update
patches.suse/tty-n_gsm-require-CAP_NET_ADMIN-to-attach-N_GSM0710-.patch
(bsc#1222619 CVE-2023-52880).
- Update
patches.suse/tty-vcc-Add-check-for-kstrdup-in-vcc_probe.patch
(git-fixes CVE-2023-52789 bsc#1225180).
- Update
patches.suse/usb-config-fix-iteration-issue-in-usb_get_bos_descri.patch
(git-fixes CVE-2023-52781 bsc#1225092).
- Update
patches.suse/usb-dwc2-fix-possible-NULL-pointer-dereference-cause.patch
(git-fixes CVE-2023-52855 bsc#1225583).
- Update
patches.suse/usb-typec-tcpm-Fix-NULL-pointer-dereference-in-tcpm_.patch
(git-fixes CVE-2023-52877 bsc#1224944).
- Update
patches.suse/wifi-ath11k-fix-dfs-radar-event-locking.patch
(git-fixes CVE-2023-52798 bsc#1224947).
- Update
patches.suse/wifi-mac80211-don-t-return-unset-power-in-ieee80211_.patch
(git-fixes CVE-2023-52832 bsc#1225577).
- commit c6aceca
- Update
patches.suse/drm-radeon-fix-a-possible-null-pointer-dereference.patch
(git-fixes CVE-2022-48710 bsc#1225230).
- Update
patches.suse/ice-switch-fix-potential-memleak-in-ice_add_adv_reci.patch
(git-fixes CVE-2022-48709 bsc#1225095).
- Update
patches.suse/pinctrl-single-fix-potential-NULL-dereference.patch
(git-fixes CVE-2022-48708 bsc#1224942).
- commit 41f6d79
- Update
patches.suse/ALSA-pcm-oss-Fix-negative-period-buffer-sizes.patch
(git-fixes CVE-2021-47511 bsc#1225411).
- Update
patches.suse/ALSA-pcm-oss-Limit-the-period-size-to-16MB.patch
(git-fixes CVE-2021-47509 bsc#1225409).
- Update
patches.suse/ASoC-SOF-Fix-DSP-oops-stack-dump-output-contents.patch
(git-fixes stable-5.14.10 CVE-2021-47381 bsc#1225206).
- Update
patches.suse/ASoC-codecs-wcd934x-handle-channel-mappping-list-cor.patch
(git-fixes CVE-2021-47502 bsc#1225369).
- Update
patches.suse/HID-amd_sfh-Fix-potential-NULL-pointer-dereference.patch
(stable-5.14.10 CVE-2021-47380 bsc#1225205).
- Update
patches.suse/HID-betop-fix-slab-out-of-bounds-Write-in-betop_prob.patch
(stable-5.14.10 CVE-2021-47404 bsc#1225303).
- Update
patches.suse/HID-bigbenff-prevent-null-pointer-dereference.patch
(git-fixes CVE-2021-47522 bsc#1225437).
- Update
patches.suse/HID-usbhid-free-raw_report-buffers-in-usbhid_stop.patch
(stable-5.14.10 CVE-2021-47405 bsc#1225238).
- Update
patches.suse/IB-hfi1-Fix-leak-of-rcvhdrtail_dummy_kvaddr.patch
(jsc#SLE-19242 CVE-2021-47523 bsc#1225438).
- Update
patches.suse/IB-qib-Protect-from-buffer-overflow-in-struct-qib_us.patch
(stable-5.14.16 CVE-2021-47485 bsc#1224904).
- Update
patches.suse/KVM-PPC-Book3S-HV-Fix-stack-handling-in-idle_kvm_sta.patch
(stable-5.14.15 bko#206669 bsc#1174585 bsc#1192107
CVE-2021-43056 CVE-2021-47465 bsc#1225341).
- Update
patches.suse/KVM-SVM-fix-missing-sev_decommission-in-sev_receive_.patch
(stable-5.14.10 CVE-2021-47389 bsc#1225126).
- Update
patches.suse/KVM-arm64-Fix-host-stage-2-PGD-refcount.patch
(stable-5.14.15 CVE-2021-47450 bsc#1225258).
- Update
patches.suse/KVM-x86-Fix-stack-out-of-bounds-memory-access-from-i.patch
(stable-5.14.10 CVE-2021-47390 bsc#1225125).
- Update
patches.suse/KVM-x86-Handle-SRCU-initialization-failure-during-pa.patch
(stable-5.14.10 CVE-2021-47407 bsc#1225306).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_in_s.patch
(stable-5.14.14 CVE-2021-47442 bsc#1225263).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_tg_l.patch
(stable-5.14.14 CVE-2021-47443 bsc#1225262).
- Update
patches.suse/RDMA-cma-Ensure-rdma_addr_cancel-happens-before-issu.patch
(stable-5.14.10 CVE-2021-47391 bsc#1225318).
- Update
patches.suse/RDMA-cma-Fix-listener-leak-in-rdma_cma_listen_on_all.patch
(stable-5.14.10 CVE-2021-47392 bsc#1225320).
- Update patches.suse/RDMA-hfi1-Fix-kernel-pointer-leak.patch
(stable-5.14.10 CVE-2021-47398 bsc#1225131).
- Update
patches.suse/RDMA-mlx5-Initialize-the-ODP-xarray-when-creating-an.patch
(stable-5.14.16 CVE-2021-47481 bsc#1224910).
- Update
patches.suse/afs-Fix-corruption-in-reads-at-fpos-2G-4G-from-an-Op.patch
(stable-5.14.9 CVE-2021-47366 bsc#1225160).
- Update
patches.suse/aio-fix-use-after-free-due-to-missing-POLLFREE-handl.patch
(CVE-2021-39698 bsc#1196956 CVE-2021-47505 bsc#1225400).
- Update
patches.suse/audit-fix-possible-null-pointer-dereference-in-audit.patch
(stable-5.14.15 CVE-2021-47464 bsc#1225393).
- Update patches.suse/binder-make-sure-fd-closes-complete.patch
(stable-5.14.9 CVE-2021-47360 bsc#1225122).
- Update
patches.suse/blk-cgroup-fix-UAF-by-grabbing-blkcg-lock-before-des.patch
(stable-5.14.9 CVE-2021-47379 bsc#1225203).
- Update
patches.suse/blktrace-Fix-uaf-in-blk_trace-access-after-removing-.patch
(stable-5.14.9 CVE-2021-47375 bsc#1225193).
- Update
patches.suse/block-don-t-call-rq_qos_ops-done_bio-if-the-bio-isn-.patch
(stable-5.14.11 CVE-2021-47412 bsc#1225332).
- Update
patches.suse/bpf-Add-oversize-check-before-call-kvcalloc.patch
(stable-5.14.9 CVE-2021-47376 bsc#1225195).
- Update
patches.suse/bpf-s390-Fix-potential-memory-leak-about-jit_data.patch
(stable-5.14.12 CVE-2021-47426 bsc#1225370).
- Update
patches.suse/btrfs-fix-abort-logic-in-btrfs_replace_file_extents.patch
(stable-5.14.14 CVE-2021-47433 bsc#1225392).
- Update
patches.suse/btrfs-fix-re-dirty-process-of-tree-log-nodes.patch
(bsc#1197915 CVE-2021-47510 bsc#1225410).
- Update
patches.suse/can-isotp-isotp_sendmsg-add-result-check-for-wait_ev.patch
(stable-5.14.15 CVE-2021-47457 bsc#1225235).
- Update
patches.suse/can-j1939-j1939_netdev_start-fix-UAF-for-rx_kref-of-.patch
(stable-5.14.15 CVE-2021-47459 bsc#1225253).
- Update
patches.suse/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch
(git-fixes CVE-2021-47520 bsc#1225431).
- Update patches.suse/can-peak_pci-peak_pci_remove-fix-UAF.patch
(stable-5.14.15 CVE-2021-47456 bsc#1225256).
- Update
patches.suse/can-sja1000-fix-use-after-free-in-ems_pcmcia_add_car.patch
(git-fixes CVE-2021-47521 bsc#1225435).
- Update
patches.suse/cfg80211-fix-management-registrations-locking.patch
(git-fixes stable-5.14.16 CVE-2021-47494 bsc#1225450).
- Update
patches.suse/cgroup-Fix-memory-leak-caused-by-missing-cgroup_bpf_.patch
(stable-5.14.16 CVE-2021-47488 bsc#1224902).
- Update patches.suse/cifs-Fix-soft-lockup-during-fsstress.patch
(stable-5.14.9 CVE-2021-47359 bsc#1225145).
- Update
patches.suse/comedi-Fix-memory-leak-in-compat_insnlist.patch
(stable-5.14.9 CVE-2021-47364 bsc#1225158).
- Update patches.suse/comedi-dt9812-fix-DMA-buffers-on-stack.patch
(git-fixes stable-5.14.18 CVE-2021-47477 bsc#1224912).
- Update
patches.suse/comedi-ni_usb6501-fix-NULL-deref-in-command-paths.patch
(git-fixes stable-5.14.18 CVE-2021-47476 bsc#1224913).
- Update
patches.suse/comedi-vmk80xx-fix-bulk-buffer-overflow.patch
(git-fixes stable-5.14.18 CVE-2021-47474 bsc#1224915).
- Update
patches.suse/comedi-vmk80xx-fix-transfer-buffer-overflows.patch
(git-fixes stable-5.14.18 CVE-2021-47475 bsc#1224914).
- Update
patches.suse/cpufreq-schedutil-Use-kobject-release-method-to-free.patch
(stable-5.14.10 CVE-2021-47387 bsc#1225316).
- Update
patches.suse/devlink-fix-netns-refcount-leak-in-devlink_nl_cmd_re.patch
(git-fixes CVE-2021-47514 bsc#1225425).
- Update
patches.suse/dm-fix-mempool-NULL-pointer-race-when-completing-IO.patch
(stable-5.14.14 CVE-2021-47435 bsc#1225247).
- Update
patches.suse/dm-rq-don-t-queue-request-to-blk-mq-during-DM-suspen.patch
(stable-5.14.14 CVE-2021-47498 bsc#1225357).
- Update
patches.suse/dma-debug-prevent-an-error-message-from-causing-runt.patch
(stable-5.14.9 CVE-2021-47374 bsc#1225191).
- Update patches.suse/drm-amd-amdgpu-fix-potential-memleak.patch
(git-fixes CVE-2021-47550 bsc#1225379).
- Update
patches.suse/drm-amd-amdkfd-Fix-kernel-panic-when-reset-failed-an.patch
(git-fixes CVE-2021-47551 bsc#1225510).
- Update
patches.suse/drm-amd-pm-Update-intermediate-power-state-for-SI.patch
(stable-5.14.9 CVE-2021-47362 bsc#1225153).
- Update patches.suse/drm-amdgpu-fix-gart.bo-pin_count-leak.patch
(stable-5.14.13 CVE-2021-47431 bsc#1225390).
- Update
patches.suse/drm-amdgpu-handle-the-case-of-pci_channel_io_frozen-.patch
(git-fixes stable-5.14.12 CVE-2021-47421 bsc#1225353).
- Update
patches.suse/drm-amdkfd-fix-a-potential-ttm-sg-memory-leak.patch
(git-fixes stable-5.14.12 CVE-2021-47420 bsc#1225339).
- Update
patches.suse/drm-amdkfd-fix-svm_migrate_fini-warning.patch
(stable-5.14.11 CVE-2021-47410 bsc#1225331).
- Update
patches.suse/drm-edid-In-connector_bad_edid-cap-num_of_ext-by-num.patch
(git-fixes stable-5.14.14 CVE-2021-47444 bsc#1225243).
- Update
patches.suse/drm-msm-Fix-null-pointer-dereference-on-pointer-edp.patch
(git-fixes stable-5.14.14 CVE-2021-47445 bsc#1225261).
- Update
patches.suse/drm-msm-a3xx-fix-error-handling-in-a3xx_gpu_init.patch
(git-fixes stable-5.14.14 CVE-2021-47447 bsc#1225260).
- Update
patches.suse/drm-msm-a4xx-fix-error-handling-in-a4xx_gpu_init.patch
(git-fixes stable-5.14.14 CVE-2021-47446 bsc#1225240).
- Update
patches.suse/drm-msm-a6xx-Allocate-enough-space-for-GMU-registers.patch
(git-fixes CVE-2021-47535 bsc#1225446).
- Update
patches.suse/drm-mxsfb-Fix-NULL-pointer-dereference-crash-on-unlo.patch
(stable-5.14.15 CVE-2021-47471 bsc#1225187).
- Update
patches.suse/drm-nouveau-debugfs-fix-file-release-memory-leak.patch
(git-fixes stable-5.14.12 CVE-2021-47423 bsc#1225366).
- Update
patches.suse/drm-nouveau-kms-nv50-fix-file-release-memory-leak.patch
(git-fixes stable-5.14.12 CVE-2021-47422 bsc#1225233).
- Update
patches.suse/drm-ttm-fix-memleak-in-ttm_transfered_destroy.patch
(stable-5.14.16 CVE-2021-47490 bsc#1225436).
- Update
patches.suse/drm-vc4-kms-Clear-the-HVS-FIFO-commit-pointer-once-d.patch
(git-fixes CVE-2021-47533 bsc#1225445).
- Update
patches.suse/enetc-Fix-illegal-access-when-reading-affinity_hint.patch
(stable-5.14.9 CVE-2021-47368 bsc#1225161).
- Update
patches.suse/ethtool-ioctl-fix-potential-NULL-deref-in-ethtool_se.patch
(jsc#SLE-19253 CVE-2021-47556 bsc#1225383).
- Update
patches.suse/ext4-add-error-checking-to-ext4_ext_replay_set_ibloc.patch
(stable-5.14.10 CVE-2021-47406 bsc#1225304).
- Update
patches.suse/hwmon-mlxreg-fan-Return-non-zero-value-when-fan-curr.patch
(git-fixes stable-5.14.10 CVE-2021-47393 bsc#1225321).
- Update
patches.suse/hwmon-w83791d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 CVE-2021-47386 bsc#1225268).
- Update
patches.suse/hwmon-w83792d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 CVE-2021-47385 bsc#1225210).
- Update
patches.suse/hwmon-w83793-Fix-NULL-pointer-dereference-by-removin.patch
(stable-5.14.10 CVE-2021-47384 bsc#1225209).
- Update
patches.suse/i2c-acpi-fix-resource-leak-in-reconfiguration-device.patch
(git-fixes stable-5.14.12 CVE-2021-47425 bsc#1225223).
- Update
patches.suse/i40e-Fix-NULL-pointer-dereference-in-i40e_dbg_dump_d.patch
(jsc#SLE-18378 CVE-2021-47501 bsc#1225361).
- Update
patches.suse/i40e-Fix-freeing-of-uninitialized-misc-IRQ-vector.patch
(stable-5.14.12 CVE-2021-47424 bsc#1225367).
- Update
patches.suse/ice-Avoid-crash-from-unnecessary-IDA-free.patch
(stable-5.14.15 CVE-2021-47453 bsc#1225239).
- Update patches.suse/ice-avoid-bpf_prog-refcount-underflow.patch
(jsc#SLE-18375 CVE-2021-47563 bsc#1225500).
- Update
patches.suse/ice-fix-locking-for-Tx-timestamp-tracking-flush.patch
(stable-5.14.14 CVE-2021-47449 bsc#1225259).
- Update patches.suse/ice-fix-vsi-txq_map-sizing.patch
(jsc#SLE-18375 CVE-2021-47562 bsc#1225499).
- Update
patches.suse/iio-accel-kxcjk-1013-Fix-possible-memory-leak-in-pro.patch
(git-fixes CVE-2021-47499 bsc#1225358).
- Update
patches.suse/iio-adis16475-fix-deadlock-on-frequency-set.patch
(git-fixes stable-5.14.14 CVE-2021-47437 bsc#1225245).
- Update
patches.suse/iio-mma8452-Fix-trigger-reference-couting.patch
(git-fixes CVE-2021-47500 bsc#1225360).
- Update
patches.suse/ipack-ipoctal-fix-module-reference-leak.patch
(stable-5.14.10 CVE-2021-47403 bsc#1225241).
- Update
patches.suse/ipack-ipoctal-fix-stack-information-leak.patch
(stable-5.14.10 CVE-2021-47401 bsc#1225242).
- Update
patches.suse/irqchip-gic-v3-its-Fix-potential-VPE-leak-on-error.patch
(stable-5.14.9 CVE-2021-47373 bsc#1225190).
- Update
patches.suse/isdn-mISDN-Fix-sleeping-function-called-from-invalid.patch
(stable-5.14.15 CVE-2021-47468 bsc#1225346).
- Update
patches.suse/isofs-Fix-out-of-bound-access-for-corrupted-isofs-im.patch
(stable-5.14.18 CVE-2021-47478 bsc#1225198).
- Update
patches.suse/iwlwifi-Fix-memory-leaks-in-error-handling-path.patch
(git-fixes CVE-2021-47529 bsc#1225373).
- Update
patches.suse/iwlwifi-mvm-Fix-possible-NULL-dereference.patch
(git-fixes stable-5.14.12 CVE-2021-47415 bsc#1225335).
- Update
patches.suse/ixgbe-Fix-NULL-pointer-dereference-in-ixgbe_xdp_setu.patch
(stable-5.14.10 CVE-2021-47399 bsc#1225328).
- Update
patches.suse/kunit-fix-reference-count-leak-in-kfree_at_end.patch
(stable-5.14.15 CVE-2021-47467 bsc#1225344).
- Update patches.suse/libbpf-Fix-memory-leak-in-strset.patch
(git-fixes stable-5.14.12 CVE-2021-47417 bsc#1225227).
- Update
patches.suse/mac80211-fix-use-after-free-in-CCMP-GCMP-RX.patch
(git-fixes stable-5.14.10 CVE-2021-47388 bsc#1225214).
- Update
patches.suse/mac80211-hwsim-fix-late-beacon-hrtimer-handling.patch
(git-fixes stable-5.14.10 CVE-2021-47396 bsc#1225327).
- Update
patches.suse/mac80211-limit-injected-vht-mcs-nss-in-ieee80211_par.patch
(git-fixes stable-5.14.10 CVE-2021-47395 bsc#1225326).
- Update
patches.suse/mcb-fix-error-handling-in-mcb_alloc_bus.patch
(stable-5.14.9 CVE-2021-47361 bsc#1225151).
- Update
patches.suse/mlxsw-spectrum-Protect-driver-from-buggy-firmware.patch
(git-fixes CVE-2021-47560 bsc#1225495).
- Update
patches.suse/mlxsw-thermal-Fix-out-of-bounds-memory-accesses.patch
(stable-5.14.14 CVE-2021-47441 bsc#1225224).
- Update
patches.suse/mm-mempolicy-do-not-allow-illegal-MPOL_F_NUMA_BALANC.patch
(stable-5.14.15 CVE-2021-47462 bsc#1225250).
- Update
patches.suse/mm-secretmem-fix-NULL-page-mapping-dereference-in-pa.patch
(stable-5.14.15 CVE-2021-47463 bsc#1225127).
- Update
patches.suse/mm-slub-fix-potential-memoryleak-in-kmem_cache_open.patch
(stable-5.14.15 CVE-2021-47466 bsc#1225342).
- Update
patches.suse/mm-slub-fix-potential-use-after-free-in-slab_debugfs.patch
(stable-5.14.15 CVE-2021-47470 bsc#1225186).
- Update
patches.suse/mptcp-ensure-tx-skbs-always-have-the-MPTCP-ext.patch
(stable-5.14.9 CVE-2021-47370 bsc#1225183).
- Update patches.suse/mptcp-fix-possible-stall-on-recvmsg.patch
(stable-5.14.14 CVE-2021-47448 bsc#1225129).
- Update
patches.suse/mt76-mt7915-fix-NULL-pointer-dereference-in-mt7915_g.patch
(git-fixes CVE-2021-47540 bsc#1225386).
- Update patches.suse/net-batman-adv-fix-error-handling.patch
(git-fixes stable-5.14.16 CVE-2021-47482 bsc#1224909).
- Update
patches.suse/net-dsa-felix-Fix-memory-leak-in-felix_setup_mmio_fi.patch
(git-fixes CVE-2021-47513 bsc#1225380).
- Update
patches.suse/net-dsa-microchip-Added-the-condition-for-scheduling.patch
(stable-5.14.14 CVE-2021-47439 bsc#1225246).
- Update
patches.suse/net-encx24j600-check-error-in-devm_regmap_init_encx2.patch
(stable-5.14.14 CVE-2021-47440 bsc#1225248).
- Update
patches.suse/net-hns3-do-not-allow-call-hns3_nic_net_open-repeate.patch
(stable-5.14.10 CVE-2021-47400 bsc#1225329).
- Update patches.suse/net-macb-fix-use-after-free-on-rmmod.patch
(stable-5.14.9 CVE-2021-47372 bsc#1225184).
- Update
patches.suse/net-marvell-prestera-fix-double-free-issue-on-err-pa.patch
(git-fixes CVE-2021-47564 bsc#1225501).
- Update
patches.suse/net-mdiobus-Fix-memory-leak-in-__mdiobus_register.patch
(stable-5.14.15 CVE-2021-47472 bsc#1225189).
- Update
patches.suse/net-mlx4_en-Fix-an-use-after-free-bug-in-mlx4_en_try.patch
(jsc#SLE-19256 CVE-2021-47541 bsc#1225453).
- Update
patches.suse/net-mlx5e-Fix-memory-leak-in-mlx5_core_destroy_cq-er.patch
(stable-5.14.14 CVE-2021-47438 bsc#1225229).
- Update
patches.suse/net-qlogic-qlcnic-Fix-a-NULL-pointer-dereference-in-.patch
(git-fixes CVE-2021-47542 bsc#1225455).
- Update
patches.suse/net-sched-flower-protect-fl_walk-with-rcu.patch
(stable-5.14.10 CVE-2021-47402 bsc#1225301).
- Update
patches.suse/net-sched-sch_taprio-properly-cancel-timer-from-tapr.patch
(stable-5.14.12 CVE-2021-47419 bsc#1225338).
- Update
patches.suse/net-smc-Fix-NULL-pointer-dereferencing-in-smc_vlan_by_tcpsk
(git-fixes CVE-2021-47559 bsc#1225396).
- Update
patches.suse/net-smc-fix-wrong-list_del-in-smc_lgr_cleanup_early
(git-fixes CVE-2021-47536 bsc#1225447).
- Update
patches.suse/net-stmmac-Disable-Tx-queues-when-reconfiguring-the-.patch
(jsc#SLE-19033 CVE-2021-47558 bsc#1225492).
- Update
patches.suse/net-tls-Fix-flipped-sign-in-tls_err_abort-calls.patch
(stable-5.14.16 CVE-2021-47496 bsc#1225354).
- Update
patches.suse/net_sched-fix-NULL-deref-in-fifo_set_limit.patch
(stable-5.14.12 CVE-2021-47418 bsc#1225337).
- Update
patches.suse/netfilter-conntrack-serialize-hash-resizes-and-clean.patch
(stable-5.14.10 CVE-2021-47408 bsc#1225236).
- Update
patches.suse/netfilter-nf_tables-skip-netdev-events-generated-on-.patch
(stable-5.14.15 CVE-2021-47452 bsc#1225257).
- Update
patches.suse/netfilter-nf_tables-unlink-table-before-deleting-it.patch
(stable-5.14.10 CVE-2021-47394 bsc#1225323).
- Update
patches.suse/netfilter-xt_IDLETIMER-fix-panic-that-occurs-when-ti.patch
(stable-5.14.15 CVE-2021-47451 bsc#1225237).
- Update
patches.suse/nexthop-Fix-division-by-zero-while-replacing-a-resil.patch
(stable-5.14.9 CVE-2021-47363 bsc#1225156).
- Update
patches.suse/nexthop-Fix-memory-leaks-in-nexthop-notification-cha.patch
(stable-5.14.9 CVE-2021-47371 bsc#1225167).
- Update
patches.suse/nfc-fix-potential-NULL-pointer-deref-in-nfc_genl_dum.patch
(git-fixes CVE-2021-47518 bsc#1225372).
- Update
patches.suse/nfp-Fix-memory-leak-in-nfp_cpp_area_cache_add.patch
(git-fixes CVE-2021-47516 bsc#1225427).
- Update patches.suse/nfsd-Fix-nsfd-startup-race-again.patch
(git-fixes CVE-2021-47507 bsc#1225405).
- Update
patches.suse/nfsd-fix-use-after-free-due-to-delegation-race.patch
(git-fixes CVE-2021-47506 bsc#1225404).
- Update
patches.suse/nvme-rdma-destroy-cm-id-before-destroy-qp-to-avoid-u.patch
(bsc#1190569 stable-5.14.9 CVE-2021-47378 bsc#1225201).
- Update
patches.suse/nvmem-Fix-shift-out-of-bound-UBSAN-with-byte-size-ce.patch
(stable-5.14.14 CVE-2021-47497 bsc#1225355).
- Update
patches.suse/ocfs2-fix-data-corruption-after-conversion-from-inli.patch
(stable-5.14.15 CVE-2021-47460 bsc#1225251).
- Update
patches.suse/ocfs2-fix-race-between-searching-chunks-and-release-.patch
(stable-5.14.16 CVE-2021-47493 bsc#1225439).
- Update
patches.suse/ocfs2-mount-fails-with-buffer-overflow-in-strlen.patch
(stable-5.14.15 CVE-2021-47458 bsc#1225252).
- Update
patches.suse/octeontx2-af-Fix-a-memleak-bug-in-rvu_mbox_init.patch
(git-fixes CVE-2021-47537 bsc#1225375).
- Update
patches.suse/octeontx2-af-Fix-possible-null-pointer-dereference.patch
(stable-5.14.16 CVE-2021-47484 bsc#1224905).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
stable-5.14.12 CVE-2021-47416 bsc#1225336).
- Update
patches.suse/powerpc-64s-Fix-unrecoverable-MCE-calling-async-hand.patch
(stable-5.14.12 CVE-2021-47429 bsc#1225388).
- Update
patches.suse/powerpc-64s-fix-program-check-interrupt-emergency-st.patch
(stable-5.14.12 CVE-2021-47428 bsc#1225387).
- Update
patches.suse/powerpc-smp-do-not-decrement-idle-task-preempt-count.patch
(stable-5.14.15 CVE-2021-47454 bsc#1225255).
- Update
patches.suse/ptp-Fix-possible-memory-leak-in-ptp_clock_register.patch
(stable-5.14.15 CVE-2021-47455 bsc#1225254).
- Update
patches.suse/regmap-Fix-possible-double-free-in-regcache_rbtree_e.patch
(git-fixes stable-5.14.16 CVE-2021-47483 bsc#1224907).
- Update
patches.suse/riscv-Flush-current-cpu-icache-before-other-cpus.patch
(stable-5.14.12 CVE-2021-47414 bsc#1225334).
- Update
patches.suse/riscv-bpf-Fix-potential-NULL-dereference.patch
(stable-5.14.16 CVE-2021-47486 bsc#1224903).
- Update
patches.suse/s390-qeth-fix-NULL-deref-in-qeth_clear_working_pool_.patch
(stable-5.14.9 CVE-2021-47369 bsc#1225164).
- Update
patches.suse/s390-qeth-fix-deadlock-during-failing-recovery.patch
(stable-5.14.10 CVE-2021-47382 bsc#1225207).
- Update
patches.suse/sata_fsl-fix-UAF-in-sata_fsl_port_stop-when-rmmod-sa.patch
(git-fixes CVE-2021-47549 bsc#1225508).
- Update
patches.suse/sched-scs-Reset-task-stack-state-in-bringup_cpu.patch
(git-fixes CVE-2021-47553 bsc#1225464).
- Update
patches.suse/scsi-core-Put-LLD-module-refcnt-after-SCSI-device-is.patch
(stable-5.14.17 CVE-2021-47480 bsc#1225322).
- Update
patches.suse/scsi-iscsi-Fix-iscsi_task-use-after-free.patch
(stable-5.14.12 CVE-2021-47427 bsc#1225225).
- Update
patches.suse/scsi-mpt3sas-Fix-kernel-panic-during-drive-powercycle-test
(git-fixes CVE-2021-47565 bsc#1225384).
- Update
patches.suse/scsi-pm80xx-Do-not-call-scsi_remove_host-in-pm8001_alloc
(git-fixes CVE-2021-47503 bsc#1225374).
- Update
patches.suse/scsi-qla2xxx-Fix-a-memory-leak-in-an-error-path-of-q.patch
(stable-5.14.15 CVE-2021-47473 bsc#1225192).
- Update
patches.suse/sctp-break-out-if-skb_header_pointer-returns-NULL-in.patch
(stable-5.14.10 CVE-2021-47397 bsc#1225082).
- Update
patches.suse/serial-core-fix-transmit-buffer-reset-and-memleak.patch
(git-fixes CVE-2021-47527 bsc#1194288).
- Update
patches.suse/serial-liteuart-Fix-NULL-pointer-dereference-in-remo.patch
(git-fixes CVE-2021-47526 bsc#1225376).
- Update
patches.suse/serial-liteuart-fix-minor-number-leak-on-probe-error.patch
(git-fixes CVE-2021-47524 bsc#1225377).
- Update
patches.suse/serial-liteuart-fix-use-after-free-and-memleak-on-un.patch
(git-fixes CVE-2021-47525 bsc#1225441).
- Update
patches.suse/spi-Fix-deadlock-when-adding-SPI-controllers-on-SPI-.patch
(stable-5.14.15 CVE-2021-47469 bsc#1225347).
- Update
patches.suse/staging-greybus-uart-fix-tty-use-after-free.patch
(stable-5.14.9 CVE-2021-47358 bsc#1224920).
- Update
patches.suse/staging-rtl8712-fix-use-after-free-in-rtl8712_dl_fw.patch
(git-fixes stable-5.14.18 CVE-2021-47479 bsc#1224911).
- Update
patches.suse/tcp-fix-page-frag-corruption-on-page-fault.patch
(git-fixes CVE-2021-47544 bsc#1225463).
- Update
patches.suse/tty-Fix-out-of-bound-vmalloc-access-in-imageblit.patch
(stable-5.14.10 CVE-2021-47383 bsc#1225208).
- Update
patches.suse/usb-cdnsp-Fix-a-NULL-pointer-dereference-in-cdnsp_en.patch
(git-fixes CVE-2021-47528 bsc#1225368).
- Update
patches.suse/usb-chipidea-ci_hdrc_imx-Also-search-for-phys-phandl.patch
(git-fixes stable-5.14.12 CVE-2021-47413 bsc#1225333).
- Update
patches.suse/usb-dwc2-check-return-value-after-calling-platform_g.patch
(stable-5.14.11 CVE-2021-47409 bsc#1225330).
- Update patches.suse/usb-musb-dsps-Fix-the-probe-error-path.patch
(git-fixes stable-5.14.14 CVE-2021-47436 bsc#1225244).
- Update patches.suse/usbnet-sanity-check-for-maxpacket.patch
(stable-5.14.16 CVE-2021-47495 bsc#1225351).
- Update
patches.suse/userfaultfd-fix-a-race-between-writeprotect-and-exit.patch
(stable-5.14.15 CVE-2021-47461 bsc#1225249).
- Update
patches.suse/vdpa_sim-avoid-putting-an-uninitialized-iova_domain.patch
(git-fixes CVE-2021-47554 bsc#1225466).
- Update
patches.suse/virtio-net-fix-pages-leaking-when-building-skb-in-bi.patch
(stable-5.14.9 CVE-2021-47367 bsc#1225123).
- Update
patches.suse/x86-entry-Clear-X86_FEATURE_SMAP-when-CONFIG_X86_SMA.patch
(stable-5.14.12 CVE-2021-47430 bsc#1225228).
- Update
patches.suse/xhci-Fix-command-ring-pointer-corruption-while-abort.patch
(stable-5.14.14 CVE-2021-47434 bsc#1225232).
- commit 3a2e44b
- Update
patches.suse/ALSA-hda-Do-not-unset-preset-when-cleaning-up-codec.patch
(git-fixes bsc#1225486 CVE-2023-52736).
- Update
patches.suse/ALSA-hda-Fix-possible-null-ptr-deref-when-assigning-.patch
(git-fixes bsc#1225554 CVE-2023-52806).
- Update
patches.suse/ALSA-pcm-oss-Fix-negative-period-buffer-sizes.patch
(git-fixes bsc#1225411 CVE-2021-47511).
- Update
patches.suse/ALSA-pcm-oss-Limit-the-period-size-to-16MB.patch
(git-fixes bsc#1225409 CVE-2021-47509).
- Update
patches.suse/ASoC-SOF-Fix-DSP-oops-stack-dump-output-contents.patch
(git-fixes stable-5.14.10 bsc#1225206 CVE-2021-47381).
- Update
patches.suse/ASoC-codecs-wcd934x-handle-channel-mappping-list-cor.patch
(git-fixes bsc#1225369 CVE-2021-47502).
- Update
patches.suse/Bluetooth-btusb-Add-date-evt_skb-is-NULL-check.patch
(git-fixes bsc#1225595 CVE-2023-52833).
- Update
patches.suse/Fix-page-corruption-caused-by-racy-check-in-__free_pages.patch
(bsc#1208149 bsc#1225118 CVE-2023-52739).
- Update
patches.suse/HID-amd_sfh-Fix-potential-NULL-pointer-dereference.patch
(stable-5.14.10 bsc#1225205 CVE-2021-47380).
- Update
patches.suse/HID-betop-fix-slab-out-of-bounds-Write-in-betop_prob.patch
(stable-5.14.10 bsc#1225303 CVE-2021-47404).
- Update
patches.suse/HID-bigbenff-prevent-null-pointer-dereference.patch
(git-fixes bsc#1225437 CVE-2021-47522).
- Update
patches.suse/HID-usbhid-free-raw_report-buffers-in-usbhid_stop.patch
(stable-5.14.10 bsc#1225238 CVE-2021-47405).
- Update
patches.suse/IB-IPoIB-Fix-legacy-IPoIB-due-to-wrong-number-of-que.patch
(git-fixes bsc#1225032 CVE-2023-52745).
- Update
patches.suse/IB-hfi1-Fix-leak-of-rcvhdrtail_dummy_kvaddr.patch
(jsc#SLE-19242 bsc#1225438 CVE-2021-47523).
- Update
patches.suse/IB-hfi1-Restore-allocated-resources-on-failed-copyou.patch
(git-fixes bsc#1224931 CVE-2023-52747).
- Update
patches.suse/IB-qib-Protect-from-buffer-overflow-in-struct-qib_us.patch
(stable-5.14.16 bsc#1224904 CVE-2021-47485).
- Update
patches.suse/Input-synaptics-rmi4-fix-use-after-free-in-rmi_unreg.patch
(git-fixes bsc#1224928 CVE-2023-52840).
- Update
patches.suse/KVM-PPC-Book3S-HV-Fix-stack-handling-in-idle_kvm_sta.patch
(stable-5.14.15 bko#206669 bsc#1174585 bsc#1192107
CVE-2021-43056 bsc#1225341 CVE-2021-47465).
- Update
patches.suse/KVM-SVM-fix-missing-sev_decommission-in-sev_receive_.patch
(stable-5.14.10 bsc#1225126 CVE-2021-47389).
- Update
patches.suse/KVM-arm64-Fix-host-stage-2-PGD-refcount.patch
(stable-5.14.15 bsc#1225258 CVE-2021-47450).
- Update
patches.suse/KVM-x86-Fix-stack-out-of-bounds-memory-access-from-i.patch
(stable-5.14.10 bsc#1225125 CVE-2021-47390).
- Update
patches.suse/KVM-x86-Handle-SRCU-initialization-failure-during-pa.patch
(stable-5.14.10 bsc#1225306 CVE-2021-47407).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_in_s.patch
(stable-5.14.14 bsc#1225263 CVE-2021-47442).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_tg_l.patch
(stable-5.14.14 bsc#1225262 CVE-2021-47443).
- Update
patches.suse/RDMA-cma-Ensure-rdma_addr_cancel-happens-before-issu.patch
(stable-5.14.10 bsc#1225318 CVE-2021-47391).
- Update
patches.suse/RDMA-cma-Fix-listener-leak-in-rdma_cma_listen_on_all.patch
(stable-5.14.10 bsc#1225320 CVE-2021-47392).
- Update patches.suse/RDMA-hfi1-Fix-kernel-pointer-leak.patch
(stable-5.14.10 bsc#1225131 CVE-2021-47398).
- Update
patches.suse/RDMA-irdma-Fix-potential-NULL-ptr-dereference.patch
(git-fixes bsc#1225121 CVE-2023-52744).
- Update
patches.suse/RDMA-mlx5-Initialize-the-ODP-xarray-when-creating-an.patch
(stable-5.14.16 bsc#1224910 CVE-2021-47481).
- Update
patches.suse/afs-Fix-corruption-in-reads-at-fpos-2G-4G-from-an-Op.patch
(stable-5.14.9 bsc#1225160 CVE-2021-47366).
- Update
patches.suse/aio-fix-use-after-free-due-to-missing-POLLFREE-handl.patch
(CVE-2021-39698 bsc#1196956 bsc#1225400 CVE-2021-47505).
- Update
patches.suse/atl1c-Work-around-the-DMA-RX-overflow-issue.patch
(git-fixes bsc#1225599 CVE-2023-52834).
- Update
patches.suse/audit-fix-possible-null-pointer-dereference-in-audit.patch
(stable-5.14.15 bsc#1225393 CVE-2021-47464).
- Update patches.suse/binder-make-sure-fd-closes-complete.patch
(stable-5.14.9 bsc#1225122 CVE-2021-47360).
- Update
patches.suse/blk-cgroup-fix-UAF-by-grabbing-blkcg-lock-before-des.patch
(stable-5.14.9 bsc#1225203 CVE-2021-47379).
- Update
patches.suse/blktrace-Fix-uaf-in-blk_trace-access-after-removing-.patch
(stable-5.14.9 bsc#1225193 CVE-2021-47375).
- Update
patches.suse/block-don-t-call-rq_qos_ops-done_bio-if-the-bio-isn-.patch
(stable-5.14.11 bsc#1225332 CVE-2021-47412).
- Update
patches.suse/bpf-Add-oversize-check-before-call-kvcalloc.patch
(stable-5.14.9 bsc#1225195 CVE-2021-47376).
- Update
patches.suse/bpf-s390-Fix-potential-memory-leak-about-jit_data.patch
(stable-5.14.12 bsc#1225370 CVE-2021-47426).
- Update
patches.suse/btrfs-fix-abort-logic-in-btrfs_replace_file_extents.patch
(stable-5.14.14 bsc#1225392 CVE-2021-47433).
- Update
patches.suse/btrfs-fix-re-dirty-process-of-tree-log-nodes.patch
(bsc#1197915 bsc#1225410 CVE-2021-47510).
- Update
patches.suse/can-dev-can_put_echo_skb-don-t-crash-kernel-if-can_p.patch
(git-fixes bsc#1225000 CVE-2023-52878).
- Update
patches.suse/can-isotp-isotp_sendmsg-add-result-check-for-wait_ev.patch
(stable-5.14.15 bsc#1225235 CVE-2021-47457).
- Update
patches.suse/can-j1939-j1939_netdev_start-fix-UAF-for-rx_kref-of-.patch
(stable-5.14.15 bsc#1225253 CVE-2021-47459).
- Update
patches.suse/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch
(git-fixes bsc#1225431 CVE-2021-47520).
- Update patches.suse/can-peak_pci-peak_pci_remove-fix-UAF.patch
(stable-5.14.15 bsc#1225256 CVE-2021-47456).
- Update
patches.suse/can-sja1000-fix-use-after-free-in-ems_pcmcia_add_car.patch
(git-fixes bsc#1225435 CVE-2021-47521).
- Update
patches.suse/cfg80211-fix-management-registrations-locking.patch
(git-fixes stable-5.14.16 bsc#1225450 CVE-2021-47494).
- Update
patches.suse/cgroup-Fix-memory-leak-caused-by-missing-cgroup_bpf_.patch
(stable-5.14.16 bsc#1224902 CVE-2021-47488).
- Update patches.suse/cifs-Fix-soft-lockup-during-fsstress.patch
(stable-5.14.9 bsc#1225145 CVE-2021-47359).
- Update
patches.suse/cifs-Fix-use-after-free-in-rdata-read_into_pages-.patch
(git-fixes bsc#1225479 CVE-2023-52741).
- Update
patches.suse/clk-mediatek-clk-mt2701-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225096 CVE-2023-52875).
- Update
patches.suse/clk-mediatek-clk-mt6765-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1224937 CVE-2023-52870).
- Update
patches.suse/clk-mediatek-clk-mt6779-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225589 CVE-2023-52873).
- Update
patches.suse/clk-mediatek-clk-mt6797-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225086 CVE-2023-52865).
- Update
patches.suse/clk-mediatek-clk-mt7629-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225566 CVE-2023-52858).
- Update
patches.suse/clk-mediatek-clk-mt7629-eth-Add-check-for-mtk_alloc_.patch
(git-fixes bsc#1225036 CVE-2023-52876).
- Update
patches.suse/comedi-Fix-memory-leak-in-compat_insnlist.patch
(stable-5.14.9 bsc#1225158 CVE-2021-47364).
- Update patches.suse/comedi-dt9812-fix-DMA-buffers-on-stack.patch
(git-fixes stable-5.14.18 bsc#1224912 CVE-2021-47477).
- Update
patches.suse/comedi-ni_usb6501-fix-NULL-deref-in-command-paths.patch
(git-fixes stable-5.14.18 bsc#1224913 CVE-2021-47476).
- Update
patches.suse/comedi-vmk80xx-fix-bulk-buffer-overflow.patch
(git-fixes stable-5.14.18 bsc#1224915 CVE-2021-47474).
- Update
patches.suse/comedi-vmk80xx-fix-transfer-buffer-overflows.patch
(git-fixes stable-5.14.18 bsc#1224914 CVE-2021-47475).
- Update
patches.suse/cpufreq-schedutil-Use-kobject-release-method-to-free.patch
(stable-5.14.10 bsc#1225316 CVE-2021-47387).
- Update
patches.suse/devlink-fix-netns-refcount-leak-in-devlink_nl_cmd_re.patch
(git-fixes bsc#1225425 CVE-2021-47514).
- Update
patches.suse/dm-fix-mempool-NULL-pointer-race-when-completing-IO.patch
(stable-5.14.14 bsc#1225247 CVE-2021-47435).
- Update
patches.suse/dm-rq-don-t-queue-request-to-blk-mq-during-DM-suspen.patch
(stable-5.14.14 bsc#1225357 CVE-2021-47498).
- Update
patches.suse/dma-debug-prevent-an-error-message-from-causing-runt.patch
(stable-5.14.9 bsc#1225191 CVE-2021-47374).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch
(git-fixes bsc#1225532 CVE-2023-52819).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch
(git-fixes bsc#1225530 CVE-2023-52818).
- Update patches.suse/drm-amd-amdgpu-fix-potential-memleak.patch
(git-fixes bsc#1225379 CVE-2021-47550).
- Update
patches.suse/drm-amd-amdkfd-Fix-kernel-panic-when-reset-failed-an.patch
(git-fixes bsc#1225510 CVE-2021-47551).
- Update
patches.suse/drm-amd-display-Avoid-NULL-dereference-of-timing-gen.patch
(git-fixes bsc#1225478 CVE-2023-52753).
- Update
patches.suse/drm-amd-pm-Update-intermediate-power-state-for-SI.patch
(stable-5.14.9 bsc#1225153 CVE-2021-47362).
- Update
patches.suse/drm-amdgpu-Fix-a-null-pointer-access-when-the-smc_rr.patch
(git-fixes bsc#1225569 CVE-2023-52817).
- Update
patches.suse/drm-amdgpu-Fix-potential-null-pointer-derefernce.patch
(git-fixes bsc#1225565 CVE-2023-52814).
- Update
patches.suse/drm-amdgpu-fence-Fix-oops-due-to-non-matching-drm_sc.patch
(git-fixes bsc#1225005 CVE-2023-52738).
- Update patches.suse/drm-amdgpu-fix-gart.bo-pin_count-leak.patch
(stable-5.14.13 bsc#1225390 CVE-2021-47431).
- Update
patches.suse/drm-amdgpu-handle-the-case-of-pci_channel_io_frozen-.patch
(git-fixes stable-5.14.12 bsc#1225353 CVE-2021-47421).
- Update
patches.suse/drm-amdkfd-Fix-a-race-condition-of-vram-buffer-unref.patch
(git-fixes bsc#1225076 CVE-2023-52825).
- Update
patches.suse/drm-amdkfd-Fix-shift-out-of-bounds-issue.patch
(git-fixes bsc#1225529 CVE-2023-52816).
- Update
patches.suse/drm-amdkfd-fix-a-potential-ttm-sg-memory-leak.patch
(git-fixes stable-5.14.12 bsc#1225339 CVE-2021-47420).
- Update
patches.suse/drm-amdkfd-fix-svm_migrate_fini-warning.patch
(stable-5.14.11 bsc#1225331 CVE-2021-47410).
- Update
patches.suse/drm-bridge-lt8912b-Fix-crash-on-bridge-detach.patch
(git-fixes bsc#1224932 CVE-2023-52856).
- Update
patches.suse/drm-edid-In-connector_bad_edid-cap-num_of_ext-by-num.patch
(git-fixes stable-5.14.14 bsc#1225243 CVE-2021-47444).
- Update
patches.suse/drm-msm-Fix-null-pointer-dereference-on-pointer-edp.patch
(git-fixes stable-5.14.14 bsc#1225261 CVE-2021-47445).
- Update
patches.suse/drm-msm-a3xx-fix-error-handling-in-a3xx_gpu_init.patch
(git-fixes stable-5.14.14 bsc#1225260 CVE-2021-47447).
- Update
patches.suse/drm-msm-a4xx-fix-error-handling-in-a4xx_gpu_init.patch
(git-fixes stable-5.14.14 bsc#1225240 CVE-2021-47446).
- Update
patches.suse/drm-msm-a6xx-Allocate-enough-space-for-GMU-registers.patch
(git-fixes bsc#1225446 CVE-2021-47535).
- Update
patches.suse/drm-mxsfb-Fix-NULL-pointer-dereference-crash-on-unlo.patch
(stable-5.14.15 bsc#1225187 CVE-2021-47471).
- Update
patches.suse/drm-nouveau-debugfs-fix-file-release-memory-leak.patch
(git-fixes stable-5.14.12 bsc#1225366 CVE-2021-47423).
- Update
patches.suse/drm-nouveau-kms-nv50-fix-file-release-memory-leak.patch
(git-fixes stable-5.14.12 bsc#1225233 CVE-2021-47422).
- Update
patches.suse/drm-panel-fix-a-possible-null-pointer-dereference.patch
(git-fixes bsc#1225022 CVE-2023-52821).
- Update
patches.suse/drm-panel-panel-tpo-tpg110-fix-a-possible-null-point.patch
(git-fixes bsc#1225077 CVE-2023-52826).
- Update
patches.suse/drm-radeon-fix-a-possible-null-pointer-dereference.patch
(git-fixes bsc#1225230 CVE-2022-48710).
- Update patches.suse/drm-radeon-possible-buffer-overflow.patch
(git-fixes bsc#1225009 CVE-2023-52867).
- Update
patches.suse/drm-ttm-fix-memleak-in-ttm_transfered_destroy.patch
(stable-5.14.16 bsc#1225436 CVE-2021-47490).
- Update
patches.suse/drm-vc4-kms-Add-missing-drm_crtc_commit_put.patch
(git-fixes CVE-2021-47534).
- Update
patches.suse/drm-vc4-kms-Clear-the-HVS-FIFO-commit-pointer-once-d.patch
(git-fixes bsc#1225445 CVE-2021-47533).
- Update
patches.suse/enetc-Fix-illegal-access-when-reading-affinity_hint.patch
(stable-5.14.9 bsc#1225161 CVE-2021-47368).
- Update
patches.suse/ethtool-ioctl-fix-potential-NULL-deref-in-ethtool_se.patch
(jsc#SLE-19253 bsc#1225383 CVE-2021-47556).
- Update
patches.suse/ext4-add-error-checking-to-ext4_ext_replay_set_ibloc.patch
(stable-5.14.10 bsc#1225304 CVE-2021-47406).
- Update
patches.suse/fbdev-imsttfb-fix-a-resource-leak-in-probe.patch
(git-fixes bsc#1225031 CVE-2023-52838).
- Update
patches.suse/fs-jfs-Add-check-for-negative-db_l2nbperpage.patch
(git-fixes bsc#1225557 CVE-2023-52810).
- Update
patches.suse/fs-jfs-Add-validity-check-for-db_maxag-and-db_agpref.patch
(git-fixes bsc#1225550 CVE-2023-52804).
- Update patches.suse/gfs2-ignore-negated-quota-changes.patch
(git-fixes bsc#1225560 CVE-2023-52759).
- Update
patches.suse/hid-cp2112-Fix-duplicate-workqueue-initialization.patch
(git-fixes bsc#1224988 CVE-2023-52853).
- Update
patches.suse/hwmon-mlxreg-fan-Return-non-zero-value-when-fan-curr.patch
(git-fixes stable-5.14.10 bsc#1225321 CVE-2021-47393).
- Update
patches.suse/hwmon-w83791d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 bsc#1225268 CVE-2021-47386).
- Update
patches.suse/hwmon-w83792d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 bsc#1225210 CVE-2021-47385).
- Update
patches.suse/hwmon-w83793-Fix-NULL-pointer-dereference-by-removin.patch
(stable-5.14.10 bsc#1225209 CVE-2021-47384).
- Update
patches.suse/i2c-acpi-fix-resource-leak-in-reconfiguration-device.patch
(git-fixes stable-5.14.12 bsc#1225223 CVE-2021-47425).
- Update
patches.suse/i2c-core-Run-atomic-i2c-xfer-when-preemptible.patch
(git-fixes bsc#1225108 CVE-2023-52791).
- Update
patches.suse/i3c-master-mipi-i3c-hci-Fix-a-kernel-panic-for-acces.patch
(git-fixes bsc#1225570 CVE-2023-52763).
- Update
patches.suse/i3c-mipi-i3c-hci-Fix-out-of-bounds-access-in-hci_dma.patch
(git-fixes CVE-2023-52766).
- Update
patches.suse/i40e-Fix-NULL-pointer-dereference-in-i40e_dbg_dump_d.patch
(jsc#SLE-18378 bsc#1225361 CVE-2021-47501).
- Update
patches.suse/i40e-Fix-freeing-of-uninitialized-misc-IRQ-vector.patch
(stable-5.14.12 bsc#1225367 CVE-2021-47424).
- Update
patches.suse/i915-perf-Fix-NULL-deref-bugs-with-drm_dbg-calls.patch
(git-fixes bsc#1225106 CVE-2023-52788).
- Update
patches.suse/ice-Avoid-crash-from-unnecessary-IDA-free.patch
(stable-5.14.15 bsc#1225239 CVE-2021-47453).
- Update
patches.suse/ice-Do-not-use-WQ_MEM_RECLAIM-flag-for-workqueue.patch
(git-fixes bsc#1225003 CVE-2023-52743).
- Update patches.suse/ice-avoid-bpf_prog-refcount-underflow.patch
(jsc#SLE-18375 bsc#1225500 CVE-2021-47563).
- Update
patches.suse/ice-fix-locking-for-Tx-timestamp-tracking-flush.patch
(stable-5.14.14 bsc#1225259 CVE-2021-47449).
- Update patches.suse/ice-fix-vsi-txq_map-sizing.patch
(jsc#SLE-18375 bsc#1225499 CVE-2021-47562).
- Update
patches.suse/ice-switch-fix-potential-memleak-in-ice_add_adv_reci.patch
(git-fixes bsc#1225095 CVE-2022-48709).
- Update
patches.suse/iio-accel-kxcjk-1013-Fix-possible-memory-leak-in-pro.patch
(git-fixes bsc#1225358 CVE-2021-47499).
- Update
patches.suse/iio-adis16475-fix-deadlock-on-frequency-set.patch
(git-fixes stable-5.14.14 bsc#1225245 CVE-2021-47437).
- Update
patches.suse/iio-mma8452-Fix-trigger-reference-couting.patch
(git-fixes bsc#1225360 CVE-2021-47500).
- Update
patches.suse/ipack-ipoctal-fix-module-reference-leak.patch
(stable-5.14.10 bsc#1225241 CVE-2021-47403).
- Update
patches.suse/ipack-ipoctal-fix-stack-information-leak.patch
(stable-5.14.10 bsc#1225242 CVE-2021-47401).
- Update
patches.suse/irqchip-gic-v3-its-Fix-potential-VPE-leak-on-error.patch
(stable-5.14.9 bsc#1225190 CVE-2021-47373).
- Update
patches.suse/isdn-mISDN-Fix-sleeping-function-called-from-invalid.patch
(stable-5.14.15 bsc#1225346 CVE-2021-47468).
- Update
patches.suse/isofs-Fix-out-of-bound-access-for-corrupted-isofs-im.patch
(stable-5.14.18 bsc#1225198 CVE-2021-47478).
- Update
patches.suse/iwlwifi-Fix-memory-leaks-in-error-handling-path.patch
(git-fixes bsc#1225373 CVE-2021-47529).
- Update
patches.suse/iwlwifi-mvm-Fix-possible-NULL-dereference.patch
(git-fixes stable-5.14.12 bsc#1225335 CVE-2021-47415).
- Update
patches.suse/ixgbe-Fix-NULL-pointer-dereference-in-ixgbe_xdp_setu.patch
(stable-5.14.10 bsc#1225328 CVE-2021-47399).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-dbFindLeaf.patch
(git-fixes bsc#1225472 CVE-2023-52799).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-diAlloc.patch
(git-fixes bsc#1225553 CVE-2023-52805).
- Update
patches.suse/kunit-fix-reference-count-leak-in-kfree_at_end.patch
(stable-5.14.15 bsc#1225344 CVE-2021-47467).
- Update patches.suse/libbpf-Fix-memory-leak-in-strset.patch
(git-fixes stable-5.14.12 bsc#1225227 CVE-2021-47417).
- Update
patches.suse/mac80211-fix-use-after-free-in-CCMP-GCMP-RX.patch
(git-fixes stable-5.14.10 bsc#1225214 CVE-2021-47388).
- Update
patches.suse/mac80211-hwsim-fix-late-beacon-hrtimer-handling.patch
(git-fixes stable-5.14.10 bsc#1225327 CVE-2021-47396).
- Update
patches.suse/mac80211-limit-injected-vht-mcs-nss-in-ieee80211_par.patch
(git-fixes stable-5.14.10 bsc#1225326 CVE-2021-47395).
- Update
patches.suse/mcb-fix-error-handling-in-mcb_alloc_bus.patch
(stable-5.14.9 bsc#1225151 CVE-2021-47361).
- Update
patches.suse/media-bttv-fix-use-after-free-error-due-to-btv-timeo.patch
(git-fixes bsc#1225588 CVE-2023-52847).
- Update
patches.suse/media-gspca-cpia1-shift-out-of-bounds-in-set_flicker.patch
(git-fixes bsc#1225571 CVE-2023-52764).
- Update
patches.suse/media-imon-fix-access-to-invalid-resource-for-the-se.patch
(git-fixes bsc#1225490 CVE-2023-52754).
- Update
patches.suse/media-vidtv-mux-Add-check-and-kfree-for-kstrdup.patch
(git-fixes bsc#1225592 CVE-2023-52841).
- Update patches.suse/media-vidtv-psi-Add-check-for-kstrdup.patch
(git-fixes bsc#1225590 CVE-2023-52844).
- Update
patches.suse/mlxsw-spectrum-Protect-driver-from-buggy-firmware.patch
(git-fixes bsc#1225495 CVE-2021-47560).
- Update
patches.suse/mlxsw-thermal-Fix-out-of-bounds-memory-accesses.patch
(stable-5.14.14 bsc#1225224 CVE-2021-47441).
- Update
patches.suse/mm-mempolicy-do-not-allow-illegal-MPOL_F_NUMA_BALANC.patch
(stable-5.14.15 bsc#1225250 CVE-2021-47462).
- Update
patches.suse/mm-secretmem-fix-NULL-page-mapping-dereference-in-pa.patch
(stable-5.14.15 bsc#1225127 CVE-2021-47463).
- Update
patches.suse/mm-slub-fix-potential-memoryleak-in-kmem_cache_open.patch
(stable-5.14.15 bsc#1225342 CVE-2021-47466).
- Update
patches.suse/mm-slub-fix-potential-use-after-free-in-slab_debugfs.patch
(stable-5.14.15 bsc#1225186 CVE-2021-47470).
- Update
patches.suse/mmc-mmc_spi-fix-error-handling-in-mmc_spi_probe.patch
(git-fixes bsc#1225483 CVE-2023-52708).
- Update
patches.suse/mmc-sdio-fix-possible-resource-leaks-in-some-error-p.patch
(git-fixes bsc#1224956 CVE-2023-52730).
- Update
patches.suse/mptcp-ensure-tx-skbs-always-have-the-MPTCP-ext.patch
(stable-5.14.9 bsc#1225183 CVE-2021-47370).
- Update patches.suse/mptcp-fix-possible-stall-on-recvmsg.patch
(stable-5.14.14 bsc#1225129 CVE-2021-47448).
- Update
patches.suse/mt76-mt7915-fix-NULL-pointer-dereference-in-mt7915_g.patch
(git-fixes bsc#1225386 CVE-2021-47540).
- Update
patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch
(git-fixes bsc#1225482 CVE-2023-52742).
- Update patches.suse/net-batman-adv-fix-error-handling.patch
(git-fixes stable-5.14.16 bsc#1224909 CVE-2021-47482).
- Update
patches.suse/net-dsa-felix-Fix-memory-leak-in-felix_setup_mmio_fi.patch
(git-fixes bsc#1225380 CVE-2021-47513).
- Update
patches.suse/net-dsa-microchip-Added-the-condition-for-scheduling.patch
(stable-5.14.14 bsc#1225246 CVE-2021-47439).
- Update
patches.suse/net-encx24j600-check-error-in-devm_regmap_init_encx2.patch
(stable-5.14.14 bsc#1225248 CVE-2021-47440).
- Update
patches.suse/net-hns3-do-not-allow-call-hns3_nic_net_open-repeate.patch
(stable-5.14.10 bsc#1225329 CVE-2021-47400).
- Update patches.suse/net-macb-fix-use-after-free-on-rmmod.patch
(stable-5.14.9 bsc#1225184 CVE-2021-47372).
- Update
patches.suse/net-marvell-prestera-fix-double-free-issue-on-err-pa.patch
(git-fixes bsc#1225501 CVE-2021-47564).
- Update
patches.suse/net-mdiobus-Fix-memory-leak-in-__mdiobus_register.patch
(stable-5.14.15 bsc#1225189 CVE-2021-47472).
- Update
patches.suse/net-mlx4_en-Fix-an-use-after-free-bug-in-mlx4_en_try.patch
(jsc#SLE-19256 bsc#1225453 CVE-2021-47541).
- Update
patches.suse/net-mlx5e-Fix-memory-leak-in-mlx5_core_destroy_cq-er.patch
(stable-5.14.14 bsc#1225229 CVE-2021-47438).
- Update
patches.suse/net-openvswitch-fix-possible-memory-leak-in-ovs_mete.patch
(git-fixes bsc#1224945 CVE-2023-52702).
- Update
patches.suse/net-qlogic-qlcnic-Fix-a-NULL-pointer-dereference-in-.patch
(git-fixes bsc#1225455 CVE-2021-47542).
- Update
patches.suse/net-sched-flower-protect-fl_walk-with-rcu.patch
(stable-5.14.10 bsc#1225302 CVE-2021-47402).
- Update
patches.suse/net-sched-sch_taprio-properly-cancel-timer-from-tapr.patch
(stable-5.14.12 bsc#1225338 CVE-2021-47419).
- Update
patches.suse/net-smc-Fix-NULL-pointer-dereferencing-in-smc_vlan_by_tcpsk
(git-fixes bsc#1225396 CVE-2021-47559).
- Update
patches.suse/net-smc-fix-wrong-list_del-in-smc_lgr_cleanup_early
(git-fixes bsc#1225447 CVE-2021-47536).
- Update
patches.suse/net-stmmac-Disable-Tx-queues-when-reconfiguring-the-.patch
(jsc#SLE-19033 bsc#1225492 CVE-2021-47558).
- Update
patches.suse/net-tls-Fix-flipped-sign-in-tls_err_abort-calls.patch
(stable-5.14.16 bsc#1225354 CVE-2021-47496).
- Update
patches.suse/net-usb-kalmia-Don-t-pass-act_len-in-usb_bulk_msg-er.patch
(git-fixes bsc#1225549 CVE-2023-52703).
- Update
patches.suse/net_sched-fix-NULL-deref-in-fifo_set_limit.patch
(stable-5.14.12 bsc#1225337 CVE-2021-47418).
- Update
patches.suse/netfilter-conntrack-serialize-hash-resizes-and-clean.patch
(stable-5.14.10 bsc#1225236 CVE-2021-47408).
- Update
patches.suse/netfilter-nf_tables-skip-netdev-events-generated-on-.patch
(stable-5.14.15 bsc#1225257 CVE-2021-47452).
- Update
patches.suse/netfilter-nf_tables-unlink-table-before-deleting-it.patch
(stable-5.14.10 bsc#1225323 CVE-2021-47394).
- Update
patches.suse/netfilter-xt_IDLETIMER-fix-panic-that-occurs-when-ti.patch
(stable-5.14.15 bsc#1225237 CVE-2021-47451).
- Update
patches.suse/nexthop-Fix-division-by-zero-while-replacing-a-resil.patch
(stable-5.14.9 bsc#1225156 CVE-2021-47363).
- Update
patches.suse/nexthop-Fix-memory-leaks-in-nexthop-notification-cha.patch
(stable-5.14.9 bsc#1225167 CVE-2021-47371).
- Update
patches.suse/nfc-fix-potential-NULL-pointer-deref-in-nfc_genl_dum.patch
(git-fixes bsc#1225372 CVE-2021-47518).
- Update
patches.suse/nfp-Fix-memory-leak-in-nfp_cpp_area_cache_add.patch
(git-fixes bsc#1225427 CVE-2021-47516).
- Update patches.suse/nfsd-Fix-nsfd-startup-race-again.patch
(git-fixes bsc#1225405 CVE-2021-47507).
- Update
patches.suse/nfsd-fix-use-after-free-due-to-delegation-race.patch
(git-fixes bsc#1225404 CVE-2021-47506).
- Update
patches.suse/nvme-rdma-destroy-cm-id-before-destroy-qp-to-avoid-u.patch
(bsc#1190569 stable-5.14.9 bsc#1225201 CVE-2021-47378).
- Update
patches.suse/nvmem-Fix-shift-out-of-bound-UBSAN-with-byte-size-ce.patch
(stable-5.14.14 bsc#1225355 CVE-2021-47497).
- Update
patches.suse/ocfs2-fix-data-corruption-after-conversion-from-inli.patch
(stable-5.14.15 bsc#1225251 CVE-2021-47460).
- Update
patches.suse/ocfs2-fix-race-between-searching-chunks-and-release-.patch
(stable-5.14.16 bsc#1225439 CVE-2021-47493).
- Update
patches.suse/ocfs2-mount-fails-with-buffer-overflow-in-strlen.patch
(stable-5.14.15 bsc#1225252 CVE-2021-47458).
- Update
patches.suse/octeontx2-af-Fix-a-memleak-bug-in-rvu_mbox_init.patch
(git-fixes bsc#1225375 CVE-2021-47537).
- Update
patches.suse/octeontx2-af-Fix-possible-null-pointer-dereference.patch
(stable-5.14.16 bsc#1224905 CVE-2021-47484).
- Update
patches.suse/padata-Fix-refcnt-handling-in-padata_free_shell.patch
(git-fixes bsc#1225584 CVE-2023-52854).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
stable-5.14.12 bsc#1225336 CVE-2021-47416).
- Update
patches.suse/pinctrl-single-fix-potential-NULL-dereference.patch
(git-fixes bsc#1224942 CVE-2022-48708).
- Update
patches.suse/platform-x86-wmi-Fix-opening-of-char-device.patch
(git-fixes bsc#1225132 CVE-2023-52864).
- Update
patches.suse/powerpc-64s-Fix-unrecoverable-MCE-calling-async-hand.patch
(stable-5.14.12 bsc#1225388 CVE-2021-47429).
- Update
patches.suse/powerpc-64s-fix-program-check-interrupt-emergency-st.patch
(stable-5.14.12 bsc#1225387 CVE-2021-47428).
- Update
patches.suse/powerpc-64s-interrupt-Fix-interrupt-exit-race-with-s.patch
(bsc#1194869 bsc#1225471 CVE-2023-52740).
- Update
patches.suse/powerpc-smp-do-not-decrement-idle-task-preempt-count.patch
(stable-5.14.15 bsc#1225255 CVE-2021-47454).
- Update
patches.suse/ptp-Fix-possible-memory-leak-in-ptp_clock_register.patch
(stable-5.14.15 bsc#1225254 CVE-2021-47455).
- Update patches.suse/pwm-Fix-double-shift-bug.patch (git-fixes
bsc#1225461 CVE-2023-52756).
- Update
patches.suse/regmap-Fix-possible-double-free-in-regcache_rbtree_e.patch
(git-fixes stable-5.14.16 bsc#1224907 CVE-2021-47483).
- Update
patches.suse/riscv-Flush-current-cpu-icache-before-other-cpus.patch
(stable-5.14.12 bsc#1225334 CVE-2021-47414).
- Update
patches.suse/riscv-bpf-Fix-potential-NULL-dereference.patch
(stable-5.14.16 bsc#1224903 CVE-2021-47486).
- Update
patches.suse/s390-dasd-protect-device-queue-against-concurrent-access.patch
(git-fixes bsc#1217515 bsc#1225572 CVE-2023-52774).
- Update
patches.suse/s390-decompressor-specify-__decompress-buf-len-to-avoid-overflow.patch
(git-fixes bsc#1213863 bsc#1225488 CVE-2023-52733).
- Update
patches.suse/s390-qeth-fix-NULL-deref-in-qeth_clear_working_pool_.patch
(stable-5.14.9 bsc#1225164 CVE-2021-47369).
- Update
patches.suse/s390-qeth-fix-deadlock-during-failing-recovery.patch
(stable-5.14.10 bsc#1225207 CVE-2021-47382).
- Update
patches.suse/sata_fsl-fix-UAF-in-sata_fsl_port_stop-when-rmmod-sa.patch
(git-fixes bsc#1225508 CVE-2021-47549).
- Update
patches.suse/sched-psi-Fix-use-after-free-in-ep_remove_wait_queue.patch
(bsc#1209799 bsc#1225109 CVE-2023-52707).
- Update
patches.suse/sched-scs-Reset-task-stack-state-in-bringup_cpu.patch
(git-fixes bsc#1225464 CVE-2021-47553).
- Update
patches.suse/scsi-core-Put-LLD-module-refcnt-after-SCSI-device-is.patch
(stable-5.14.17 bsc#1225322 CVE-2021-47480).
- Update
patches.suse/scsi-ibmvfc-Remove-BUG_ON-in-the-case-of-an-empty-ev.patch
(bsc#1209834 ltc#202097 bsc#1225559 CVE-2023-52811).
- Update
patches.suse/scsi-iscsi-Fix-iscsi_task-use-after-free.patch
(stable-5.14.12 bsc#1225225 CVE-2021-47427).
- Update
patches.suse/scsi-mpt3sas-Fix-kernel-panic-during-drive-powercycle-test
(git-fixes bsc#1225384 CVE-2021-47565).
- Update
patches.suse/scsi-pm80xx-Do-not-call-scsi_remove_host-in-pm8001_alloc
(git-fixes bsc#1225374 CVE-2021-47503).
- Update
patches.suse/scsi-qla2xxx-Fix-a-memory-leak-in-an-error-path-of-q.patch
(stable-5.14.15 bsc#1225192 CVE-2021-47473).
- Update
patches.suse/sctp-break-out-if-skb_header_pointer-returns-NULL-in.patch
(stable-5.14.10 bsc#1225082 CVE-2021-47397).
- Update
patches.suse/serial-core-fix-transmit-buffer-reset-and-memleak.patch
(git-fixes bsc#1194288 CVE-2021-47527).
- Update
patches.suse/serial-liteuart-Fix-NULL-pointer-dereference-in-remo.patch
(git-fixes bsc#1225376 CVE-2021-47526).
- Update
patches.suse/serial-liteuart-fix-minor-number-leak-on-probe-error.patch
(git-fixes bsc#1225377 CVE-2021-47524).
- Update
patches.suse/serial-liteuart-fix-use-after-free-and-memleak-on-un.patch
(git-fixes bsc#1225441 CVE-2021-47525).
- Update
patches.suse/soc-qcom-llcc-Handle-a-second-device-without-data-co.patch
(git-fixes bsc#1225534 CVE-2023-52871).
- Update
patches.suse/spi-Fix-deadlock-when-adding-SPI-controllers-on-SPI-.patch
(stable-5.14.15 bsc#1225347 CVE-2021-47469).
- Update
patches.suse/staging-greybus-uart-fix-tty-use-after-free.patch
(stable-5.14.9 bsc#1224920 CVE-2021-47358).
- Update
patches.suse/staging-rtl8712-fix-use-after-free-in-rtl8712_dl_fw.patch
(git-fixes stable-5.14.18 bsc#1224911 CVE-2021-47479).
- Update
patches.suse/tcp-fix-page-frag-corruption-on-page-fault.patch
(git-fixes bsc#1225463 CVE-2021-47544).
- Update
patches.suse/thermal-core-prevent-potential-string-overflow.patch
(git-fixes bsc#1225044 CVE-2023-52868).
- Update
patches.suse/tty-Fix-out-of-bound-vmalloc-access-in-imageblit.patch
(stable-5.14.10 bsc#1225208 CVE-2021-47383).
- Update
patches.suse/tty-n_gsm-fix-race-condition-in-status-line-change-o.patch
(git-fixes bsc#1225591 CVE-2023-52872).
- Update
patches.suse/tty-n_gsm-require-CAP_NET_ADMIN-to-attach-N_GSM0710-.patch
(bsc#1222619 CVE-2023-52880).
- Update
patches.suse/tty-vcc-Add-check-for-kstrdup-in-vcc_probe.patch
(git-fixes bsc#1225180 CVE-2023-52789).
- Update
patches.suse/usb-cdnsp-Fix-a-NULL-pointer-dereference-in-cdnsp_en.patch
(git-fixes bsc#1225368 CVE-2021-47528).
- Update
patches.suse/usb-chipidea-ci_hdrc_imx-Also-search-for-phys-phandl.patch
(git-fixes stable-5.14.12 bsc#1225333 CVE-2021-47413).
- Update
patches.suse/usb-config-fix-iteration-issue-in-usb_get_bos_descri.patch
(git-fixes bsc#1225092 CVE-2023-52781).
- Update
patches.suse/usb-dwc2-check-return-value-after-calling-platform_g.patch
(stable-5.14.11 bsc#1225330 CVE-2021-47409).
- Update
patches.suse/usb-dwc2-fix-possible-NULL-pointer-dereference-cause.patch
(git-fixes bsc#1225583 CVE-2023-52855).
- Update patches.suse/usb-musb-dsps-Fix-the-probe-error-path.patch
(git-fixes stable-5.14.14 bsc#1225244 CVE-2021-47436).
- Update
patches.suse/usb-typec-tcpm-Fix-NULL-pointer-dereference-in-tcpm_.patch
(git-fixes bsc#1224944 CVE-2023-52877).
- Update patches.suse/usbnet-sanity-check-for-maxpacket.patch
(stable-5.14.16 bsc#1225351 CVE-2021-47495).
- Update
patches.suse/userfaultfd-fix-a-race-between-writeprotect-and-exit.patch
(stable-5.14.15 bsc#1225249 CVE-2021-47461).
- Update
patches.suse/vdpa_sim-avoid-putting-an-uninitialized-iova_domain.patch
(git-fixes bsc#1225466 CVE-2021-47554).
- Update
patches.suse/virtio-net-fix-pages-leaking-when-building-skb-in-bi.patch
(stable-5.14.9 bsc#1225123 CVE-2021-47367).
- Update
patches.suse/wifi-ath11k-fix-dfs-radar-event-locking.patch
(git-fixes bsc#1224947 CVE-2023-52798).
- Update patches.suse/wifi-ath11k-fix-htt-pktlog-locking.patch
(git-fixes CVE-2023-52800).
- Update
patches.suse/wifi-mac80211-don-t-return-unset-power-in-ieee80211_.patch
(git-fixes bsc#1225577 CVE-2023-52832).
- Update
patches.suse/x86-entry-Clear-X86_FEATURE_SMAP-when-CONFIG_X86_SMA.patch
(stable-5.14.12 bsc#1225228 CVE-2021-47430).
- Update
patches.suse/xhci-Fix-command-ring-pointer-corruption-while-abort.patch
(stable-5.14.14 bsc#1225232 CVE-2021-47434).
- commit c477ba3
- powerpc/pseries/iommu: LPAR panics during boot up with a frozen
PE (bsc#1222011 ltc#205900 CVE-2024-36926).
- commit db3b1aa
- netfilter: nf_tables: release mutex after nft_gc_seq_end from
abort path (CVE-2024-26925 bsc#1223390).
- commit d38b98f
- idpf: extend tx watchdog timeout (bsc#1224137).
- commit 64976b7
- efi/capsule-loader: fix incorrect allocation size (bsc#1224438
CVE-2024-27413).
- commit bcbd0b7
- drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (CVE-2024-35817 bsc#1224736).
- commit 3fd949a
- selinux: avoid dereference of garbage after mount failure
(bsc#1224494 CVE-2024-35904).
- commit dad5bc3
- af_unix: annote lockless accesses to unix_tot_inflight &
gc_in_progress (bsc#1223384).
- Refresh
patches.suse/io_uring-af_unix-defer-registered-files-gc-to-io_uri.patch.
- commit 478234c
- Update
patches.suse/bpf-sockmap-Prevent-lock-inversion-deadlock-in-map-d.patch
(bsc#1209657 CVE-2023-0160 CVE-2024-35895 bsc#1224511).
- Update
patches.suse/fs-aio-Check-IOCB_AIO_RW-before-the-struct-aio_kiocb.patch
(bsc#1222721 CVE-2024-26764 CVE-2024-35815 bsc#1224685).
- Update
patches.suse/nfsd-Fix-error-cleanup-path-in-nfsd_rename.patch
(bsc#1221044 CVE-2023-52591 CVE-2024-35914 bsc#1224482).
- Update
patches.suse/wifi-brcmfmac-Fix-use-after-free-bug-in-brcmf_cfg802.patch
(CVE-2023-47233 bsc#1216702 CVE-2024-35811 bsc#1224592).
- commit 78f49e4
- Update
patches.suse/bpf-Guard-stack-limits-against-32bit-overflow.patch
(git-fixes CVE-2023-52676 bsc#1224730).
- commit bdae745
- Update patches.suse/afs-Fix-page-leak.patch (stable-5.14.9
CVE-2021-47365 bsc#1224895).
- Update
patches.suse/drm-amdgpu-Fix-even-more-out-of-bound-writes-from-de.patch
(bsc#1191949 CVE-2021-42327 stable-5.14.16 CVE-2021-47489
bsc#1224901).
- Update
patches.suse/mm-khugepaged-skip-huge-page-collapse-for-special-fi.patch
(stable-5.14.16 bsc#1193983 CVE-2021-4148 CVE-2021-47491
bsc#1224900).
- Update
patches.suse/mm-thp-bail-out-early-in-collapse_file-for-writeback.patch
(stable-5.14.16 CVE-2021-47492 bsc#1224898).
- commit 9ce4e35
- Update
patches.suse/drm-nouveau-avoid-a-use-after-free-when-BO-init-fail.patch
(git-fixes stable-5.14.12 CVE-2020-36788 bsc#1224816).
- commit 92d2a7f
- Update patches.suse/powerpc-powernv-Add-a-null-pointer-check-in-opal_eve.patch
(bsc#1065729 CVE-2023-52686).
- Update patches.suse/powerpc-powernv-Add-a-null-pointer-check-to-scom_deb.patch
(bsc#1194869 CVE-2023-52690).
- commit 2a79a5d
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling
(bsc#1216124).
- commit 7f04710
- rpm/kernel-obs-build.spec.in: remove reiserfs from OBS initrd
We disabled the FS in bug 1202309. And we actively blacklist it in:
/usr/lib/modprobe.d/60-blacklist_fs-reiserfs.conf
This, as a side-effect, fixes obs-build's warning:
dracut-pre-udev[1463]: sh: line 1: /usr/lib/module-init-tools/unblacklist: No such file or directory
Exactly due to the above 60-blacklist_fs-reiserfs.conf trying to call the
above unblacklist.
We should likely drop ext2+ext3 from the list too, as we don't build
them at all. But that's a different story.
- commit 9e1a078
- filemap: remove use of wait bookmarks (bsc#1224085).
- commit 36d572b
- scsi: qla2xxx: Fix double free of fcport (bsc#1223715
CVE-2024-26929).
- commit b3136a1
- powerpc/pseries/vio: Don't return ENODEV if node or compatible
missing (bsc#1220783).
- commit 1f4ad41
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
(bsc#1224174 CVE-2024-27398).
- commit d55ff83
- af_unix: Fix garbage collector racing against connect()
(CVE-2024-26923 bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- commit 94450ec
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer
(bsc#1223626 CVE-2024-26930).
- commit dba3cc6
- Update
patches.suse/io_uring-af_unix-disable-sending-io_uring-over-socke.patch
(bsc#1218447 CVE-2023-6531 CVE-2023-52654 bsc#1224099).
- commit 659f245
- Update
patches.suse/usb-aqc111-check-packet-for-fixup-for-true-limit.patch
(bsc#1217169 CVE-2023-52655).
Added bugzilla ID and CVE
- commit a741c33
- supported.conf: support tcp_dctcp module (jsc#PED-8111)
- commit cca73b5
- Update
patches.suse/sched-debug-fix-dentry-leak-in-update_sched_domain_d.patch
(git-fixes CVE-2022-48699 bsc#1223996).
- commit 201a58f
- cachefiles: fix memory leak in cachefiles_add_cache()
(bsc#1222976 CVE-2024-26840).
- commit 6543e12
- Update
patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
references (CVE-2024-26739 bsc#1222559, drop incorrect references).
- commit 892e634
- Update
patches.suse/ALSA-emu10k1-Fix-out-of-bounds-access-in-snd_emu10k1.patch
(git-fixes CVE-2022-48702 bsc#1223923).
- Update
patches.suse/ALSA-usb-audio-Fix-an-out-of-bounds-bug-in-__snd_usb.patch
(git-fixes CVE-2022-48701 bsc#1223921).
- Update
patches.suse/RDMA-irdma-Fix-drain-SQ-hang-with-no-completion.patch
(jsc#SLE-18383 CVE-2022-48694 bsc#1223964).
- Update
patches.suse/RDMA-srp-Set-scmnd-result-only-when-scmnd-is-not-NUL.patch
(git-fixes CVE-2022-48692 bsc#1223962).
- Update
patches.suse/cgroup-Add-missing-cpus_read_lock-to-cgroup_attach_task_all.patch
(bsc#1196869 CVE-2022-48671 bsc#1223929).
- Update
patches.suse/drm-radeon-add-a-force-flush-to-delay-work-when-rade.patch
(git-fixes CVE-2022-48704 bsc#1223932).
- Update
patches.suse/i40e-Fix-kernel-crash-during-module-removal.patch
(jsc#SLE-18378 CVE-2022-48688 bsc#1223953).
- Update
patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch
(bsc#1211592 CVE-2023-2860 CVE-2022-48687 bsc#1223952).
- Update
patches.suse/net-smc-Fix-possible-access-to-freed-memory-in-link-clear
(git-fixes CVE-2022-48673 bsc#1223934).
- Update
patches.suse/nvme-tcp-fix-uaf-when-detecting-digest-errors.patch
(bsc#1200313 bsc#1201489 CVE-2022-48686 bsc#1223948).
- Update patches.suse/nvmet-fix-a-use-after-free.patch (git-fixes
CVE-2022-48697 bsc#1223922).
- Update
patches.suse/of-fdt-fix-off-by-one-error-in-unflatten_dt_nodes.patch
(git-fixes CVE-2022-48672 bsc#1223931).
- Update
patches.suse/scsi-mpt3sas-Fix-use-after-free-warning.patch
(git-fixes CVE-2022-48695 bsc#1223941).
- Update
patches.suse/soc-brcmstb-pm-arm-Fix-refcount-leak-and-__iomem-lea.patch
(git-fixes CVE-2022-48693 bsc#1223963).
- Update
patches.suse/thermal-int340x_thermal-handle-data_vault-when-the-v.patch
(bsc#1201308 CVE-2022-48703 bsc#1223924).
- Update patches.suse/vfio-type1-Unpin-zero-pages.patch (git-fixes
CVE-2022-48700 bsc#1223957).
- commit c8677b5
- packet: annotate data-races around ignore_outgoing
(CVE-2024-26862 bsc#1223111).
- commit 6e591e7
- sctp: fix potential deadlock on &net->sctp.addr_wq_lock
(CVE-2024-0639 bsc#1218917).
- commit 517d4f7
- Update
patches.suse/drm-i915-gem-Really-move-i915_gem_context.link-under.patch
(CVE-2022-48662 bsc#1223505).
Unbreak metadata (References: collides with our internal tracking,
switch to Fixes: when referencing a commit).
- commit cd38265
- Update
patches.suse/IB-core-Fix-a-nested-dead-lock-as-part-of-ODP-flow.patch
(git-fixes CVE-2022-48675 bsc#1223894).
- Update
patches.suse/drm-gma500-Fix-BUG-sleeping-function-called-from-inv.patch
(git-fixes CVE-2022-48634 bsc#1223501).
- Update
patches.suse/drm-i915-gem-Really-move-i915_gem_context.link-under.patch
(CVE-2022-48662 bsc#1223505a4e7ccdac38e ("drm/i915: Move
context management under GEM") bsc#1223505).
- Update
patches.suse/i2c-mlxbf-prevent-stack-overflow-in-mlxbf_i2c_smbus_.patch
(git-fixes CVE-2022-48632 bsc#1223481).
- Update
patches.suse/ice-Fix-crash-by-keep-old-cfg-when-update-TCs-more-t.patch
(git-fixes CVE-2022-48652 bsc#1223520).
- Update
patches.suse/s390-dasd-fix-Oops-in-dasd_alias_get_start_dev-due-to-missing-pavgroup
(git-fixes CVE-2022-48636 bsc#1223512).
- commit 523501c
- krb5
-
- Fix vulnerabilities in GSS message token handling, add patch
0013-Fix-vulnerabilities-in-GSS-message-token-handling.patch
* CVE-2024-37370, bsc#1227186
* CVE-2024-37371, bsc#1227187
- gcc13
-
- Update to GCC 13.3 release
- Update to gcc-13 branch head, b7a2697733d19a093cbdd0e200, git8761
- Removed gcc13-pr111731.patch now included upstream
- Add gcc13-amdgcn-remove-fiji.patch removing Fiji support from
the GCN offload compiler as that is requiring Code Object version 3
which is no longer supported by llvm18.
- Add gcc13-pr101523.patch to avoid combine spending too much
compile-time and memory doing nothing on s390x. [boo#1188441]
- Make requirement to lld version specific to avoid requiring the
meta-package.
- jitterentropy
-
- Fix a stack corruption on s390x: [bsc#1209627]
* Output size of the STCKE command on s390x is 16 bytes, compared
to 8 bytes of the STCK command. Fix a stack corruption in the
s390x version of jent_get_nstime(). Add some more detailed
information on the STCKE command.
* github.com/smuellerDD/jitterentropy-library/commit/7bf9f85
* Add jitterentropy-fix-a-stack-corruption-on-s390x.patch
- oniguruma
-
- Added oniguruma-6.8.2-CVE-2019-13225-fix.patch (boo#1141157 CVE-2019-13225)
oniguruma: null-pointer dereference in match_at() in regexec.c
- openssl-1_1
-
- Apply "openssl-CVE-2024-4741.patch" to fix a use-after-free
security vulnerability. Calling the function SSL_free_buffers()
potentially caused memory to be accessed that was previously
freed in some situations and a malicious attacker could attempt
to engineer a stituation where this occurs to facilitate a
denial-of-service attack. [CVE-2024-4741, bsc#1225551]
- libsolv
-
- add a conflict to older libsolv-tools to libsolv-tools-base
- improve updating of installed multiversion packages
- fix decision introspection going into an endless loop in some
cases
- added experimental lua bindings
- bump version to 0.7.29
- split libsolv-tools into libsolv-tools-base [jsc#PED-8153]
- libxml2
-
- Security fix (CVE-2024-34459, bsc#1224282) buffer over-read in
xmlHTMLPrintFileContext in xmllint.c
* Added libxml2-CVE-2024-34459.patch
- libzypp
-
- zypp-tui: Make sure translated texts use the correct textdomain
(fixes #551)
- Skip libproxy1 requires for tumbleweed.
- version 17.34.1 (34)
- don't require libproxy1 on tumbleweed, it is optional now
- version 17.34.0 (34)
- Fix versioning scheme
- version 17.33.4 (35)
- add one more missing export for libyui-qt-pkg
- Revert eintrSafeCall behavior to setting errno to 0.
- version 17.33.3 (34)
- fix up requires_eq usage for libsolv-tools-base
- add one more missing export for PackageKit
- version 17.33.2
- version 17.33.1 (33)
- switch to reduced size libsolv-tools-base (jsc#PED-8153)
- Fixed check for outdated repo metadata as non-root user
(bsc#1222086)
- Add ZYPP_API for exported functions and switch to
visibility=hidden (jsc#PED-8153)
- Dynamically resolve libproxy (jsc#PED-8153)
- version 17.33.0 (33)
- Fix download from gpgkey URL (bsc#1223430, fixes openSUSE/zypper#546)
- version 17.32.6 (32)
- shadow
-
- bsc#1228770: Fix not copying of skel files
Update shadow-CVE-2013-4235.patch
- bsc#916845 (CVE-2013-4235): Fix TOCTOU race condition
Add shadow-CVE-2013-4235.patch
- python-requests
-
- Update CVE-2024-35195.patch to allow the usage of "verify" parameter
as a directory, bsc#1225912
- python-urllib3
-
- Add CVE-2024-37891.patch (bsc#1226469, CVE-2024-37891)
- runc
-
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.13. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.12>.
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
- Backport <https://github.com/opencontainers/runc/pull/3931> to fix a
performance issue when running lots of containers, caused by system getting
too many mount notifications. bsc#1214960
+ 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- socat
-
- Update to 1.8.0.0:
* Support for network namespaces (option netns)
* TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success
* Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following)
* New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL
* New script socat-mux.sh allows n-to-1 / 1-to-n communications
* New script socat-broker.sh allows group communications
* Experimental socks5 client feature
* Address ACCEPT-FD for systemd "inetd" mode
* UDP-Lite and DCCP address types
* Addresses SOCKETPAIR and SHELL
* New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes
* New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets
* Simple statistics output with Socat option --statistics and with SIGUSR1
* A couple of new options, many fixes and corrections, see file CHANGES
- Drop socat-common-fixes.patch (no longer necessary)
- Refactor socat-ignore-tests-failure-boo1078346.patch (test suite no longer exits at this stage)
- Add socat-test-dhparam fixture (reduce build load and time)
- Add socat-test-without-tty.patch for testing without tty.
- Note: This version introduces "socat1", linking to "socat"
- Note: This version introduces additional shell scripts, those are shipped in a new "socat-extra" subpackage
- Update to 1.7.4.4:
* FIX: In error.c msg2() there was a stack overflow on long messages: The
terminating \0 Byte was written behind the last position.
* FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets
arrived.
* FIX: a couple of weaknesses and errors when accessing invalid or
incompatible file system entries with UNIX domain, file, and generic
addresses.
* FIX: bad parser error message on "socat /tmp/x\"x/x -"
- Drop socat-fix-asan-error.patch
- Use autosetup
- Add socat-fix-asan-error.patch that is offered to upstream
and that fixes an ASAN error seen for 'test 313 NESTEDOVFL'.
- update to 1.7.4.3:
* fixes the TCP_INFO issue that broke building on non-Linux platforms.
* building on AIX works again.
* A few more corrections and improvements have been added
- Update to version 1.7.4.2:
* Fixes a lot of bugs, e.g., for options -r and -R.
* Further bugfixes, see the CHANGES file
- update to 1.7.4.1:
Security:
* Buffer size option (-b) is internally doubled for CR-CRLF conversion,
but not checked for integer overflow. This could lead to heap based buffer
overflow, assuming the attacker could provide this parameter.
* Many further bugfixes and new features, see the CHANGES file
- Update to version 1.7.3.4:
* bugfix release, see the CHANGES file for all changes
- Refresh patches:
* socat-common-fixes.patch
* socat-ignore-tests-failure-boo1078346.patch
- socat-common-fixes.patch: include tcpd.h where needed to fix
- fno-common bsc#1160293
- Update to version 1.7.3.3:
* bugfix release, see the CHANGES file for all changes
- Drop patch:
* socat-openssl-1.1-tests.patch (not longer needed)
- Run spec-cleaner
- Replace old variables by modern counterparts.
- We HAVE_SSLv23_*_method, just not as functions, but macros
add the relevant defines in the command line so support for
autonegotiation of the highest TLS version is restored.
- suse-build-key
-
- added missing ; in shell script (bsc#1227681)
- Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import
them. (bsc#1227429)
gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key
gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key.
- suseconnect-ng
-
- Update version to 1.11
- Added uname as collector
- Added SAP workload detection
- Added detection of container runtimes
- Multiple fixes on ARM64 detection
- Use `read_values` for the CPU collector on Z
- Fixed data collection for ppc64le
- Grab the home directory from /etc/passwd if needed (bsc#1226128)
- Update version to 1.10.0
* Build zypper-migration and zypper-packages-search as standalone
binaries rather then one single binary
* Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004)
* Include /etc/products.d in directories whose content are backed
up and restored if a zypper-migration rollback happens. (bsc#1219004)
* Add the ability to upload the system uptime logs, produced by the
suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report.
(jsc#PED-7982) (jsc#PED-8018)
* Add support for third party packages in SUSEConnect
* Refactor existing system information collection implementation
- wget
-
- Fix mishandled semicolons in the userinfo subcomponent could lead to an
insecure behavior in which data that was supposed to be in the userinfo
subcomponent is misinterpreted to be part of the host subcomponent.
[bsc#1226419, CVE-2024-38428, properly-re-implement-userinfo-parsing.patch]
- wicked
-
- Update to version 0.6.76
- compat-suse: warn user and create missing parent config of
infiniband children (gh#openSUSE/wicked#1027)
- client: fix origin in loaded xml-config with obsolete port
references but missing port interface config, causing a
no-carrier of master (bsc#1226125)
- ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976)
- wireless: add frequency-list in station mode (jsc#PED-8715)
- client: fix crash while hierarchy traversing due to loop in
e.g. systemd-nspawn containers (bsc#1226664)
- man: add supported bonding options to ifcfg-bonding(5) man page
(gh#openSUSE/wicked#1021)
- arputil: Document minimal interval for getopts (gh#openSUSE/wicked#1019)
- man: (re)generate man pages from md sources (gh#openSUSE/wicked#1018)
- client: warn on interface wait time reached (gh#openSUSE/wicked#1017)
- compat-suse: fix dummy type detection from ifname to not cause
conflicts with e.g. correct vlan config on dummy0.42 interfaces
(gh#openSUSE/wicked#1016)
- compat-suse: fix infiniband and infiniband child type detection
from ifname (gh#openSUSE/wicked#1015)
- Removed patches included in the source archive:
[- 0001-ifreload-pull-UP-again-on-master-lower-changes-bsc1224100.patch]
[- 0002-increase-arp-retry-attempts-on-sending-bsc1218668.patch]
- arp: increase arp-send retry value to avoid address configuration
failure due to ENOBUF reported by kernel while duplicate address
detection with underlying bonding in 802.3ad mode reporting link
"up & running" too early (bsc#1218668, gh#openSUSE/wicked#1020,
gh#openSUSE/wicked#1022).
[+ 0002-increase-arp-retry-attempts-on-sending-bsc1218668.patch]
- xfsprogs
-
- xfs_copy: don't use cached buffer reads until after libxfs_mount
(bsc#1227150)
- Add xfsprogs-xfs_copy-don-t-use-cached-buffer-reads-until-after-l.patch
- zypper
-
- Fixed check for outdated repo metadata as non-root user
(bsc#1222086)
- BuildRequires: libzypp-devel >= 17.33.0.
- Delay zypp lock until command options are parsed (bsc#1223766)
- version 1.14.73
- Unify message format(fixes #485)
- version 1.14.72
- switch cmake build type to RelWithDebInfo
- modernize spec file (remove Authors section, use proper macros,
remove redundant clean section, don't mark man pages as doc)
- switch to -O2 -fvisibility=hidden -fpie:
* PIC is not needed as no shared lib is built
* fstack-protector-strong is default on modern dists and would
be downgraded by fstack-protector
* default visibility hidden allows better optimisation
* O2 is reducing inlining bloat
- > 18% reduced binary size
- remove procps requires (was only for ZMD which is dropped)
(jsc#PED-8153)