Overview

File _patchinfo of Package patchinfo.31727

<patchinfo incident="31727">
  <issue id="1084909" tracker="bnc">trackerbug: packages do not build reproducibly from hostname</issue>
  <issue id="1210780" tracker="bnc">VUL-0: CVE-2023-31083: kernel: drivers/bluetooth/hci_ldisc.c race condition in hci_uart_tty_ioctl</issue>
  <issue id="1216058" tracker="bnc">VUL-0: CVE-2023-45863: kernel: renaming a network device can cause a buffer overflow on the kernel heap, upstream 3bb2a01caa81</issue>
  <issue id="1216259" tracker="bnc">VUL-0: CVE-2023-45871: kernel: buffer size may not be adequate for frames larger than the MTU</issue>
  <issue id="1216584" tracker="bnc">VUL-0: CVE-2023-5717: kernel: heap out-of-bounds write vulnerability related to perf_read_group() can be exploited to achieve local privilege escalation</issue>
  <issue id="1216965" tracker="bnc">VUL-0: CVE-2023-39198: kernel: QXL: race condition leading to use-after-free in qxl_mode_dumb_create()</issue>
  <issue id="1216976" tracker="bnc">VUL-0: CVE-2023-39197: kernel: DCCP: conntrack out-of-bounds read in nf_conntrack_dccp_packet()</issue>
  <issue id="2023-39197" tracker="cve" />
  <issue id="2023-45863" tracker="cve" />
  <issue id="2023-5717" tracker="cve" />
  <issue id="2023-45871" tracker="cve" />
  <issue id="2023-39198" tracker="cve" />
  <issue id="2023-31083" tracker="cve" />
  <issue id="PED-3184" tracker="jsc" />
  <issue id="PED-5021" tracker="jsc" />
  <issue id="1208787" tracker="bnc">VUL-0: CVE-2023-0461: kernel: use-after-free in icsk_ulp_data()</issue>
  <issue id="2023-0461" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>alix82</packager>
  <reboot_needed/>
  <description>The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places