SUSE-SU-2023:3705-1: important: Security update for the Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Sep 20 12:30:14 UTC 2023
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:3705-1
Rating: important
References:
* #1120059
* #1203517
* #1210327
* #1210448
* #1212051
* #1213543
* #1213546
* #1213601
* #1213666
* #1213899
* #1213904
* #1213906
* #1213908
* #1213910
* #1213911
* #1213912
* #1213921
* #1213927
* #1213969
* #1213970
* #1213971
* #1214019
* #1214149
* #1214157
* #1214209
* #1214233
* #1214299
* #1214335
* #1214348
* #1214350
* #1214451
* #1214453
* #1214752
* #1214928
* #1215028
* #1215032
* #1215034
* #1215035
* #1215036
* #1215037
* #1215038
* #1215041
* #1215046
* #1215049
* #1215057
* PED-4579
* SLE-18779
Cross-References:
* CVE-2022-36402
* CVE-2023-2007
* CVE-2023-20588
* CVE-2023-34319
* CVE-2023-3772
* CVE-2023-3812
* CVE-2023-3863
* CVE-2023-40283
* CVE-2023-4128
* CVE-2023-4132
* CVE-2023-4133
* CVE-2023-4134
* CVE-2023-4194
* CVE-2023-4385
* CVE-2023-4387
* CVE-2023-4459
CVSS scores:
* CVE-2022-36402 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-36402 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4132 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4132 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-4385 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4385 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4387 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* SUSE Linux Enterprise High Availability Extension 12 SP5
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise Live Patching 12-SP5
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Software Development Kit 12 SP5
* SUSE Linux Enterprise Workstation Extension 12 12-SP5
An update that solves 16 vulnerabilities, contains two features and has 29
security fixes can now be installed.
## Description:
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in
that allowed a local attacker with a user account on the system to gain
privilege, causing a denial of service (bsc#1203517).
* CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could
allow an attacker to escalate privileges and execute arbitrary code in the
context of the kernel (bsc#1210448).
* CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that
can potentially return speculative data resulting in loss of confidentiality
(bsc#1213927).
* CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in
xen/netback (XSA-432) (bsc#1213546).
* CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a
malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL
pointer leading to a possible kernel crash and denial of service
(bsc#1213666).
* CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP
device driver functionality that could allow a local user to crash or
potentially escalate their privileges on the system (bsc#1213543).
* CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local
that allowed a local user with special privileges to impact a kernel
information leak issue (bsc#1213601).
* CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
* CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that
allowed a local attacker to perform a local privilege escalation due to
incorrect handling of the existing filter, leading to a kernel information
leak issue (bsc#1214149).
* CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano
smsusb module that allowed a local user to crash the system, causing a
denial of service condition (bsc#1213969).
* CVE-2023-4133: Fixed use after free bugs caused by circular dependency
problem in cxgb4 (bsc#1213970).
* CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work()
(bsc#1213971).
* CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
* CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have
allowed a local attacker to crash the system due to a missing sanity check
(bsc#1214348).
* CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that
could allow a local attacker to crash the system due to a double-free
(bsc#1214350).
* CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup
that may have allowed a local attacker with normal user privilege to cause a
denial of service (bsc#1214451).
The following non-security bugs were fixed:
* af_key: fix send_acquire race with pfkey_register (git-fixes).
* af_packet: fix data-race in packet_setsockopt / packet_setsockopt (git-
fixes).
* af_unix: fix a data race of sk->sk_receive_queue->qlen (git-fixes).
* arm64: re-enable support for contiguous hugepages (git-fixes)
* arm64: vdso: fix clock_getres() for clock_realtime (git-fixes)
* arm: spear: do not use timer namespace for timer_shutdown() function
(bsc#1213970).
* bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-
fixes).
* bnx2x: fix page fault following eeh recovery (bsc#1214299).
* bonding: fix a use-after-free problem when bond_sysfs_slave_add() failed
(git-fixes).
* bpf, arm64: remove prefetch insn in xadd mapping (git-fixes)
* bpf, arm64: use more scalable stadd over ldxr / stxr loop in xadd (git-
fixes)
* bridge: ebtables: do not crash when using dnat target in output chains (git-
fixes).
* btrfs-allow-use-of-global-block-reserve-for-balance (bsc#1214335).
* btrfs-unset-reloc-control-if-transaction-commit-fail (bsc#1212051).
* clocksource/drivers/arm_arch_timer: do not use timer namespace for
timer_shutdown() function (bsc#1213970).
* clocksource/drivers/sp804: do not use timer namespace for timer_shutdown()
function (bsc#1213970).
* fs/sysv: null check to prevent null-ptr-deref bug (git-fixes).
* fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git-
fixes).
* fs: lockd: avoid possible wrong null parameter (git-fixes).
* inetpeer: fix data-race in inet_putpeer / inet_putpeer (git-fixes).
* kabi/severities: ignore newly added srso mitigation functions
* libceph: fix potential hang in ceph_osdc_notify() (bsc#1214752).
* module: avoid allocation if module is already present and ready
(bsc#1213921).
* module: extract patient module check into helper (bsc#1213921).
* module: move check_modinfo() early to early_mod_check() (bsc#1213921).
* module: move early sanity checks into a helper (bsc#1213921).
* net-sysfs: call dev_hold always in netdev_queue_add_kobject (git-fixes).
* net-sysfs: call dev_hold always in rx_queue_add_kobject (git-fixes).
* net-sysfs: fix netdev_queue_add_kobject() breakage (git-fixes).
* net-sysfs: fix reference count leak in rx|netdev_queue_add_kobject (git-
fixes).
* net/af_unix: fix a data-race in unix_dgram_poll (git-fixes).
* net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock (git-
fixes).
* net/fq_impl: switch to kvmalloc() for memory allocation (git-fixes).
* net: bnx2x: fix variable dereferenced before check (git-fixes).
* net: icmp: fix data-race in cmp_global_allow() (git-fixes).
* net: mana: add support for xdp_query_prog (jsc#sle-18779, bsc#1214209).
* net: usb: qmi_wwan: add support for compal rxm-g1 (git-fixes).
* netfilter: ipset: fix an error code in ip_set_sockfn_get() (git-fixes).
* netfilter: nf_conntrack: fix possible possible crash on module loading (git-
fixes).
* nfs/blocklayout: use the passed in gfp flags (git-fixes).
* nfs: guard against readdir loop when entry names exceed maxnamelen (git-
fixes).
* nfsd: add encoding of op_recall flag for write delegation (git-fixes).
* nfsd: da_addr_body field missing in some getdeviceinfo replies (git-fixes).
* nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes).
* packet: fix data-race in fanout_flow_is_huge() (git-fixes).
* packet: unconditionally free po->rollover (git-fixes).
* powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes).
* revert "scsi: qla2xxx: fix buffer overrun" (bsc#1214928).
* ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes).
* ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes).
* s390/cio: cio_ignore_proc_seq_next should increase position index (git-fixes
bsc#1215057).
* s390/cpum_sf: avoid sbd overflow condition in irq handler (git-fixes
bsc#1213908).
* s390/cpum_sf: check for sdbt and sdb consistency (git-fixes bsc#1213910).
* s390/dasd/cio: interpret ccw_device_get_mdc return value correctly (git-
fixes bsc#1215049).
* s390/dasd: fix capacity calculation for large volumes (git-fixes
bsc#1215034).
* s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1214157).
* s390/ftrace: fix endless recursion in function_graph tracer (git-fixes
bsc#1213912).
* s390/jump_label: print real address in a case of a jump label bug (git-fixes
bsc#1213899).
* s390/kasan: fix strncpy_from_user kasan checks (git-fixes bsc#1215037).
* s390/kdump: fix memleak in nt_vmcoreinfo (git-fixes bsc#1215028).
* s390/pkey: add one more argument space for debug feature entry (git-fixes
bsc#1215035).
* s390/qdio: add sanity checks to the fast-requeue path (git-fixes
bsc#1215038).
* s390/smp: __smp_rescan_cpus() - move cpumask away from stack (git-fixes
bsc#1213906).
* s390/smp: fix physical to logical cpu map for smt (git-fixes bsc#1213904).
* s390/time: ensure get_clock_monotonic() returns monotonic values (git-fixes
bsc#1213911).
* s390/uaccess: avoid (false positive) compiler warnings (git-fixes
bsc#1215041).
* s390/zcrypt: handle new reply code filtered_by_hypervisor (git-fixes
bsc#1215046).
* s390/zcrypt: improve special ap message cmd handling (git-fixes
bsc#1215032).
* s390: zcrypt: initialize variables before_use (git-fixes bsc#1215036).
* sched/core: check quota and period overflow at usec to nsec conversion (git
fixes).
* sched/core: handle overflow in cpu_shares_write_u64 (git fixes).
* sched/cpufreq: fix kobject memleak (git fixes).
* sched/fair: do not numa balance for kthreads (git fixes).
* sched/fair: fix cfs bandwidth hrtimer expiry type (git fixes).
* sched/topology: fix off by one bug (git fixes).
* scsi: qla2xxx: add logs for sfp temperature monitoring (bsc#1214928).
* scsi: qla2xxx: allow 32-byte cdbs (bsc#1214928).
* scsi: qla2xxx: error code did not return to upper layer (bsc#1214928).
* scsi: qla2xxx: fix firmware resource tracking (bsc#1214928).
* scsi: qla2xxx: fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
* scsi: qla2xxx: flush mailbox commands on chip reset (bsc#1214928).
* scsi: qla2xxx: move resource to allow code reuse (bsc#1214928).
* scsi: qla2xxx: remove unsupported ql2xenabledif option (bsc#1214928).
* scsi: qla2xxx: remove unused declarations (bsc#1214928).
* scsi: qla2xxx: remove unused variables in qla24xx_build_scsi_type_6_iocbs()
(bsc#1214928).
* scsi: qla2xxx: update version to 10.02.09.100-k (bsc#1214928).
* scsi: storvsc: always set no_report_opcodes (git-fixes).
* scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes).
* skbuff: fix a data race in skb_queue_len() (git-fixes).
* sort latest foray of security patches
* sunrpc: always clear xprt_sock_connecting before xprt_clear_connecting on
tcp xprt (bsc#1214453).
* timers: add shutdown mechanism to the internal functions (bsc#1213970).
* timers: provide timer_shutdown_sync (bsc#1213970).
* timers: rename del_timer() to timer_delete() (bsc#1213970).
* timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
* timers: replace bug_on()s (bsc#1213970).
* timers: silently ignore timers with a null function (bsc#1213970).
* timers: split [try_to_]del_timer_sync to prepare for shutdown mode
(bsc#1213970).
* timers: update kernel-doc for various functions (bsc#1213970).
* timers: use del_timer_sync() even on up (bsc#1213970).
* tracing: fix warning in trace_buffered_event_disable() (git-fixes).
* tun: fix bonding active backup with arp monitoring (git-fixes).
* ubifs: fix snprintf() checking (git-fixes).
* udp6: fix race condition in udp6_sendmsg & connect (git-fixes).
* udp: fix race between close() and udp_abort() (git-fixes).
* usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes).
* usb: host: xhci: fix potential memory leak in xhci_alloc_stream_info() (git-
fixes).
* usb: serial: cp210x: add kamstrup rf sniffer pids (git-fixes).
* usb: serial: cp210x: add scalance lpe-9000 device id (git-fixes).
* usb: serial: option: add lara-r6 01b pids (git-fixes).
* usb: serial: option: add quectel ec200a module support (git-fixes).
* usb: serial: option: add quectel ec200u modem (git-fixes).
* usb: serial: option: add quectel em05cn (sg) modem (git-fixes).
* usb: serial: option: add quectel em05cn modem (git-fixes).
* usb: serial: option: add support for vw/skoda "carstick lte" (git-fixes).
* usb: serial: option: add u-blox lara-l6 modem (git-fixes).
* usb: serial: option: support quectel em060k_128 (git-fixes).
* usb: serial: simple: add kaufmann rks+can vcp (git-fixes).
* usb: serial: simple: sort driver entries (git-fixes).
* usb: xhci-mtk: set the dma max_seg_size (git-fixes).
* usb: xhci: check endpoint is valid before dereferencing it (git-fixes).
* usb: zaurus: add id for a-300/b-500/c-700 (git-fixes).
* x86/bugs: reset speculation control settings on init (git-fixes).
* x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes).
* x86/cpu/amd: enable zenbleed fix for amd custom apu 0405 (git-fixes).
* x86/cpu/kvm: provide untrain_ret_vm (git-fixes).
* x86/cpu/vmware: fix platform detection vmware_port macro (bsc#1210327).
* x86/cpu/vmware: use the full form of inl in vmware_hypercall, for clang/llvm
(bsc#1210327).
* x86/cpu/vmware: use the full form of inl in vmware_port (bsc#1210327).
* x86/cpu: cleanup the untrain mess (git-fixes).
* x86/cpu: fix __x86_return_thunk symbol type (git-fixes).
* x86/cpu: fix amd_check_microcode() declaration (git-fixes).
* x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
* x86/cpu: rename original retbleed methods (git-fixes).
* x86/cpu: rename srso_(.*) _alias to srso_alias_ \1 (git-fixes).
* x86/crash: disable virt in core nmi crash handler to avoid double shootdown
(git-fixes).
* x86/ioapic: do not return 0 from arch_dynirq_lower_bound() (git-fixes).
* x86/microcode/amd: load late on both threads too (git-fixes).
* x86/mm: do not shuffle cpu entry areas without kaslr (git-fixes).
* x86/mm: fix use of uninitialized buffer in sme_enable() (git-fixes).
* x86/reboot: disable svm, not just vmx, when stopping cpus (git-fixes).
* x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang
(git-fixes).
* x86/retpoline,kprobes: skip optprobe check for indirect jumps with
retpolines and ibt (git-fixes).
* x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes).
* x86/speculation: add cpu_show_gds() prototype (git-fixes).
* x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes).
* x86/srso: correct the mitigation status when smt is disabled (git-fixes).
* x86/srso: disable the mitigation on unaffected configurations (git-fixes).
* x86/srso: explain the untraining sequences a bit more (git-fixes).
* x86/srso: fix build breakage with the llvm linker (git-fixes).
* x86/virt: force gif=1 prior to disabling svm (for reboot flows) (git-fixes).
* x86/vmware: add a header file for hypercall definitions (bsc#1210327).
* x86/vmware: add steal time clock support for vmware guests (bsc#1210327).
* x86/vmware: enable steal time accounting (bsc#1210327).
* x86/vmware: update platform detection code for vmcall/vmmcall hypercalls
(bsc#1210327).
* x86: move gds_ucode_mitigated() declaration to header (git-fixes).
* xfrm: release device reference for invalid state (git-fixes).
* xhci-pci: set the dma max_seg_size (git-fixes).
* xhci: Remove device endpoints from bandwidth list when freeing the device
(git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
zypper in -t patch SUSE-SLE-HA-12-SP5-2023-3705=1 SUSE-SLE-
SERVER-12-SP5-2023-3705=1
* SUSE Linux Enterprise High Availability Extension 12 SP5
zypper in -t patch SUSE-SLE-HA-12-SP5-2023-3705=1
* SUSE Linux Enterprise Live Patching 12-SP5
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-3705=1
* SUSE Linux Enterprise Software Development Kit 12 SP5
zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3705=1
* SUSE Linux Enterprise High Performance Computing 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3705=1
* SUSE Linux Enterprise Server 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3705=1
* SUSE Linux Enterprise Workstation Extension 12 12-SP5
zypper in -t patch SUSE-SLE-WE-12-SP5-2023-3705=1
## Package List:
* SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
* kernel-default-base-4.12.14-122.176.1
* gfs2-kmp-default-4.12.14-122.176.1
* cluster-md-kmp-default-4.12.14-122.176.1
* cluster-md-kmp-default-debuginfo-4.12.14-122.176.1
* kernel-default-debugsource-4.12.14-122.176.1
* kernel-syms-4.12.14-122.176.1
* kernel-default-debuginfo-4.12.14-122.176.1
* kernel-default-base-debuginfo-4.12.14-122.176.1
* dlm-kmp-default-debuginfo-4.12.14-122.176.1
* dlm-kmp-default-4.12.14-122.176.1
* gfs2-kmp-default-debuginfo-4.12.14-122.176.1
* kernel-default-devel-4.12.14-122.176.1
* ocfs2-kmp-default-debuginfo-4.12.14-122.176.1
* ocfs2-kmp-default-4.12.14-122.176.1
* SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le
x86_64)
* kernel-default-4.12.14-122.176.1
* SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
* kernel-macros-4.12.14-122.176.1
* kernel-devel-4.12.14-122.176.1
* kernel-source-4.12.14-122.176.1
* SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
* kernel-default-devel-debuginfo-4.12.14-122.176.1
* SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x
x86_64)
* gfs2-kmp-default-4.12.14-122.176.1
* cluster-md-kmp-default-4.12.14-122.176.1
* cluster-md-kmp-default-debuginfo-4.12.14-122.176.1
* kernel-default-debugsource-4.12.14-122.176.1
* kernel-default-debuginfo-4.12.14-122.176.1
* dlm-kmp-default-debuginfo-4.12.14-122.176.1
* dlm-kmp-default-4.12.14-122.176.1
* gfs2-kmp-default-debuginfo-4.12.14-122.176.1
* ocfs2-kmp-default-debuginfo-4.12.14-122.176.1
* ocfs2-kmp-default-4.12.14-122.176.1
* SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc)
* kernel-default-4.12.14-122.176.1
* SUSE Linux Enterprise Live Patching 12-SP5 (nosrc)
* kernel-default-4.12.14-122.176.1
* SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
* kernel-default-kgraft-devel-4.12.14-122.176.1
* kernel-default-debugsource-4.12.14-122.176.1
* kernel-default-debuginfo-4.12.14-122.176.1
* kernel-default-kgraft-4.12.14-122.176.1
* kgraft-patch-4_12_14-122_176-default-1-8.3.1
* SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc)
* kernel-docs-4.12.14-122.176.1
* SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x
x86_64)
* kernel-obs-build-4.12.14-122.176.1
* kernel-obs-build-debugsource-4.12.14-122.176.1
* SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc
x86_64)
* kernel-default-4.12.14-122.176.1
* SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
* kernel-default-base-4.12.14-122.176.1
* kernel-default-debugsource-4.12.14-122.176.1
* kernel-syms-4.12.14-122.176.1
* kernel-default-debuginfo-4.12.14-122.176.1
* kernel-default-base-debuginfo-4.12.14-122.176.1
* kernel-default-devel-4.12.14-122.176.1
* SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
* kernel-macros-4.12.14-122.176.1
* kernel-devel-4.12.14-122.176.1
* kernel-source-4.12.14-122.176.1
* SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
* kernel-default-devel-debuginfo-4.12.14-122.176.1
* SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-4.12.14-122.176.1
* SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
* kernel-default-base-4.12.14-122.176.1
* kernel-default-debugsource-4.12.14-122.176.1
* kernel-syms-4.12.14-122.176.1
* kernel-default-debuginfo-4.12.14-122.176.1
* kernel-default-base-debuginfo-4.12.14-122.176.1
* kernel-default-devel-4.12.14-122.176.1
* SUSE Linux Enterprise Server 12 SP5 (noarch)
* kernel-macros-4.12.14-122.176.1
* kernel-devel-4.12.14-122.176.1
* kernel-source-4.12.14-122.176.1
* SUSE Linux Enterprise Server 12 SP5 (s390x)
* kernel-default-man-4.12.14-122.176.1
* SUSE Linux Enterprise Server 12 SP5 (x86_64)
* kernel-default-devel-debuginfo-4.12.14-122.176.1
* SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc)
* kernel-default-4.12.14-122.176.1
* SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
* kernel-default-extra-4.12.14-122.176.1
* kernel-default-extra-debuginfo-4.12.14-122.176.1
* kernel-default-debuginfo-4.12.14-122.176.1
* kernel-default-debugsource-4.12.14-122.176.1
## References:
* https://www.suse.com/security/cve/CVE-2022-36402.html
* https://www.suse.com/security/cve/CVE-2023-2007.html
* https://www.suse.com/security/cve/CVE-2023-20588.html
* https://www.suse.com/security/cve/CVE-2023-34319.html
* https://www.suse.com/security/cve/CVE-2023-3772.html
* https://www.suse.com/security/cve/CVE-2023-3812.html
* https://www.suse.com/security/cve/CVE-2023-3863.html
* https://www.suse.com/security/cve/CVE-2023-40283.html
* https://www.suse.com/security/cve/CVE-2023-4128.html
* https://www.suse.com/security/cve/CVE-2023-4132.html
* https://www.suse.com/security/cve/CVE-2023-4133.html
* https://www.suse.com/security/cve/CVE-2023-4134.html
* https://www.suse.com/security/cve/CVE-2023-4194.html
* https://www.suse.com/security/cve/CVE-2023-4385.html
* https://www.suse.com/security/cve/CVE-2023-4387.html
* https://www.suse.com/security/cve/CVE-2023-4459.html
* https://bugzilla.suse.com/show_bug.cgi?id=1120059
* https://bugzilla.suse.com/show_bug.cgi?id=1203517
* https://bugzilla.suse.com/show_bug.cgi?id=1210327
* https://bugzilla.suse.com/show_bug.cgi?id=1210448
* https://bugzilla.suse.com/show_bug.cgi?id=1212051
* https://bugzilla.suse.com/show_bug.cgi?id=1213543
* https://bugzilla.suse.com/show_bug.cgi?id=1213546
* https://bugzilla.suse.com/show_bug.cgi?id=1213601
* https://bugzilla.suse.com/show_bug.cgi?id=1213666
* https://bugzilla.suse.com/show_bug.cgi?id=1213899
* https://bugzilla.suse.com/show_bug.cgi?id=1213904
* https://bugzilla.suse.com/show_bug.cgi?id=1213906
* https://bugzilla.suse.com/show_bug.cgi?id=1213908
* https://bugzilla.suse.com/show_bug.cgi?id=1213910
* https://bugzilla.suse.com/show_bug.cgi?id=1213911
* https://bugzilla.suse.com/show_bug.cgi?id=1213912
* https://bugzilla.suse.com/show_bug.cgi?id=1213921
* https://bugzilla.suse.com/show_bug.cgi?id=1213927
* https://bugzilla.suse.com/show_bug.cgi?id=1213969
* https://bugzilla.suse.com/show_bug.cgi?id=1213970
* https://bugzilla.suse.com/show_bug.cgi?id=1213971
* https://bugzilla.suse.com/show_bug.cgi?id=1214019
* https://bugzilla.suse.com/show_bug.cgi?id=1214149
* https://bugzilla.suse.com/show_bug.cgi?id=1214157
* https://bugzilla.suse.com/show_bug.cgi?id=1214209
* https://bugzilla.suse.com/show_bug.cgi?id=1214233
* https://bugzilla.suse.com/show_bug.cgi?id=1214299
* https://bugzilla.suse.com/show_bug.cgi?id=1214335
* https://bugzilla.suse.com/show_bug.cgi?id=1214348
* https://bugzilla.suse.com/show_bug.cgi?id=1214350
* https://bugzilla.suse.com/show_bug.cgi?id=1214451
* https://bugzilla.suse.com/show_bug.cgi?id=1214453
* https://bugzilla.suse.com/show_bug.cgi?id=1214752
* https://bugzilla.suse.com/show_bug.cgi?id=1214928
* https://bugzilla.suse.com/show_bug.cgi?id=1215028
* https://bugzilla.suse.com/show_bug.cgi?id=1215032
* https://bugzilla.suse.com/show_bug.cgi?id=1215034
* https://bugzilla.suse.com/show_bug.cgi?id=1215035
* https://bugzilla.suse.com/show_bug.cgi?id=1215036
* https://bugzilla.suse.com/show_bug.cgi?id=1215037
* https://bugzilla.suse.com/show_bug.cgi?id=1215038
* https://bugzilla.suse.com/show_bug.cgi?id=1215041
* https://bugzilla.suse.com/show_bug.cgi?id=1215046
* https://bugzilla.suse.com/show_bug.cgi?id=1215049
* https://bugzilla.suse.com/show_bug.cgi?id=1215057
* https://jira.suse.com/browse/PED-4579
* https://jira.suse.com/browse/SLE-18779
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20230920/df26474d/attachment.htm>
More information about the sle-security-updates
mailing list