SUSE-SU-2016:2245-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Sep 6 07:08:54 MDT 2016


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:2245-1
Rating:             important
References:         #839104 #866130 #919351 #944309 #950998 #960689 
                    #962404 #963655 #963762 #966460 #969149 #970114 
                    #971126 #971360 #971446 #971729 #971944 #974428 
                    #975945 #978401 #978821 #978822 #979213 #979274 
                    #979548 #979681 #979867 #979879 #980371 #980725 
                    #980788 #980931 #981267 #983143 #983213 #983535 
                    #984107 #984755 #986362 #986365 #986445 #986572 
                    #987709 #988065 #989152 #989401 #991608 
Cross-References:   CVE-2013-4312 CVE-2015-7513 CVE-2015-7833
                    CVE-2016-0758 CVE-2016-1583 CVE-2016-2053
                    CVE-2016-2187 CVE-2016-3134 CVE-2016-3955
                    CVE-2016-4470 CVE-2016-4482 CVE-2016-4485
                    CVE-2016-4486 CVE-2016-4565 CVE-2016-4569
                    CVE-2016-4578 CVE-2016-4580 CVE-2016-4805
                    CVE-2016-4913 CVE-2016-4997 CVE-2016-4998
                    CVE-2016-5244 CVE-2016-5696 CVE-2016-5829
                    CVE-2016-6480
Affected Products:
                    SUSE OpenStack Cloud 5
                    SUSE Manager Proxy 2.1
                    SUSE Manager 2.1
                    SUSE Linux Enterprise Server 11-SP3-LTSS
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Point of Sale 11-SP3
                    SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

   An update that solves 25 vulnerabilities and has 22 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:
   - CVE-2016-3955: The usbip_recv_xbuff function in
     drivers/usb/usbip/usbip_common.c in the Linux kernel allowed remote
     attackers to cause a denial of service (out-of-bounds write) or possibly
     have unspecified other impact via a crafted length value in a USB/IP
     packet (bnc#975945).
   - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the
     netfilter subsystem in the Linux kernel allowed local users to cause a
     denial of service (out-of-bounds read) or possibly obtain sensitive
     information from kernel heap memory by leveraging in-container root
     access to provide a crafted offset value that leads to crossing a
     ruleset blob boundary (bnc#986365).
   - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the
     PIT counter values during state restoration, which allowed guest OS
     users to cause a denial of service (divide-by-zero error and host OS
     crash) via a zero value, related to the kvm_vm_ioctl_set_pit and
     kvm_vm_ioctl_set_pit2 functions (bnc#960689).
   - CVE-2013-4312: The Linux kernel allowed local users to bypass
     file-descriptor limits and cause a denial of service (memory
     consumption) by sending each descriptor over a UNIX socket before
     closing it, related to net/unix/af_unix.c and net/unix/garbage.c
     (bnc#839104).
   - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation
     in the netfilter subsystem in the Linux kernel allowed local users to
     gain privileges or cause a denial of service (memory corruption) by
     leveraging in-container root access to provide a crafted offset value
     that triggers an unintended decrement (bnc#986362).
   - CVE-2016-5829: Multiple heap-based buffer overflows in the
     hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux
     kernel allow local users to cause a denial of service or possibly have
     unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)
     HIDIOCSUSAGES ioctl call (bnc#986572).
   - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c
     in the Linux kernel did not ensure that a certain data structure was
     initialized, which allowed local users to cause a denial of service
     (system crash) via vectors involving a crafted keyctl request2 command
     (bnc#984755).
   - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the
     Linux kernel did not initialize a certain structure member, which
     allowed remote attackers to obtain sensitive information from kernel
     stack memory by reading an RDS message (bnc#983213).
   - CVE-2016-1583: The ecryptfs_privileged_open function in
     fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain
     privileges or cause a denial of service (stack memory consumption) via
     vectors involving crafted mmap calls for /proc pathnames, leading to
     recursive pagefault handling (bnc#983143).
   - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c
     in the Linux kernel mishandled NM (aka alternate name) entries
     containing \0 characters, which allowed local users to obtain sensitive
     information from kernel memory or possibly have unspecified other impact
     via a crafted isofs filesystem (bnc#980725).
   - CVE-2016-4580: The x25_negotiate_facilities function in
     net/x25/x25_facilities.c in the Linux kernel did not properly initialize
     a certain data structure, which allowed attackers to obtain sensitive
     information from kernel stack memory via an X.25 Call Request
     (bnc#981267).
   - CVE-2016-4805: Use-after-free vulnerability in
     drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to
     cause a denial of service (memory corruption and system crash, or
     spinlock) or possibly have unspecified other impact by removing a
     network namespace, related to the ppp_register_net_channel and
     ppp_unregister_channel functions (bnc#980371).
   - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux
     kernel allowed local users to gain privileges via crafted ASN.1 data
     (bnc#979867).
   - CVE-2015-7833: The usbvision driver in the Linux kernel allowed
     physically proximate attackers to cause a denial of service (panic) via
     a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998).
   - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in
     the Linux kernel allowed physically proximate attackers to cause a
     denial of service (NULL pointer dereference and system crash) via a
     crafted endpoints value in a USB device descriptor (bnc#971944).
   - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c
     in the Linux kernel did not initialize a certain data structure, which
     allowed local users to obtain sensitive information from kernel stack
     memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401).
   - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel
     incorrectly relies on the write system call, which allowed local users
     to cause a denial of service (kernel memory write operation) or possibly
     have unspecified other impact via a uAPI interface (bnc#979548).
   - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in
     the Linux kernel allowed attackers to cause a denial of service (panic)
     via an ASN.1 BER file that lacks a public key, leading to mishandling by
     the public_key_verify_signature function in
     crypto/asymmetric_keys/public_key.c (bnc#963762).
   - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the
     Linux kernel did not initialize a certain data structure, which allowed
     attackers to obtain sensitive information from kernel stack memory by
     reading a message (bnc#978821).
   - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize
     certain r1 data structures, which allowed local users to obtain
     sensitive information from kernel stack memory via crafted use of the
     ALSA timer interface, related to the (1) snd_timer_user_ccallback and
     (2) snd_timer_user_tinterrupt functions (bnc#979879).
   - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c
     in the Linux kernel did not initialize a certain data structure, which
     allowed local users to obtain sensitive information from kernel stack
     memory via crafted use of the ALSA timer interface (bnc#979213).
   - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c
     in the Linux kernel did not initialize a certain data structure, which
     allowed local users to obtain sensitive information from kernel stack
     memory by reading a Netlink message (bnc#978822).
   - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not
     validate certain offset fields, which allowed local users to gain
     privileges or cause a denial of service (heap memory corruption) via an
     IPT_SO_SET_REPLACE setsockopt call (bnc#971126).
   - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly
     determine the rate of challenge ACK segments, which made it easier for
     man-in-the-middle attackers to hijack TCP sessions via a blind in-window
     attack. (bsc#989152)
   - CVE-2016-6480: Race condition in the ioctl_send_fib function in
     drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users
     to cause a denial of service (out-of-bounds access or system crash) by
     changing a certain size value, aka a "double fetch" vulnerability.
     (bsc#991608)

   The following non-security bugs were fixed:
   - Update patches.fixes/pci-determine-actual-vpd-size-on-first-access.patch
     (bsc#971729, bsc#974428).
   - Update PCI VPD size patch to upstream:
     * PCI: Determine actual VPD size on first access (bsc#971729).
     * PCI: Update VPD definitions (bsc#971729). (cherry picked from commit
       d2af5b7e0cd7ee2a54f02ad65ec300d16b3ad956)
   - Update patches.fixes/pci-update-vpd-definitions.patch (bsc#971729,
     bsc#974428).
   - cgroups: do not attach task to subsystem if migration failed
     (bnc#979274).
   - cgroups: more safe tasklist locking in cgroup_attach_proc (bnc#979274).
   - fs/cifs: Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309)
   - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681)
   - hid: add ALWAYS_POLL quirk for a Logitech 0xc055 (bnc#962404).
   - hid: add HP OEM mouse to quirk ALWAYS_POLL (bsc#919351).
   - hid: add quirk for PIXART OEM mouse used by HP (bsc#919351).
   - hid-elo: kill not flush the work.
   - ipv4/fib: do not warn when primary address is missing if in_dev is dead
     (bsc#971360).
   - ipv4: fix ineffective source address selection (bsc#980788).
   - ipvs: count pre-established TCP states as active (bsc#970114).
   - kabi, unix: properly account for FDs passed over unix sockets
     (bnc#839104).
   - mm/hugetlb.c: correct missing private flag clearing (VM Functionality,
     bnc#971446).
   - mm/hugetlb: fix backport of upstream commit 07443a85ad (VM
     Functionality, bnc#971446).
   - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED
     (VM Functionality, bnc#986445).
   - nfs: Do not attempt to decode missing directory entries (bsc#980931).
   - nfs: fix memory corruption rooted in get_ih_name pointer math
     (bsc#984107).
   - nfs: reduce access cache shrinker locking (bnc#866130).
   - ppp: defer netns reference release for ppp channel (bsc#980371).
   - s390/cio: collect format 1 channel-path description data
     (bsc#966460,LTC#136434).
   - s390/cio: ensure consistent measurement state (bsc#966460,LTC#136434).
   - s390/cio: fix measurement characteristics memleak
     (bsc#966460,LTC#136434).
   - s390/cio: update measurement characteristics (bsc#966460,LTC#136434).
   - usbhid: add device USB_DEVICE_ID_LOGITECH_C077 (bsc#919351).
   - usbhid: more mice with ALWAYS_POLL (bsc#919351).
   - usbhid: yet another mouse with ALWAYS_POLL (bsc#919351).
   - veth: do not modify ip_summed (bsc#969149).
   - virtio_scsi: Implement eh_timed_out callback.
   - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065).
   - xfs: Avoid grabbing ilock when file size is not changed (bsc#983535).
   - xfs: avoid xfs_buf hang in lookup node directory corruption (bsc#989401).
   - xfs: only update the last_sync_lsn when a transaction completes
     (bsc#987709).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 5:

      zypper in -t patch sleclo50sp3-kernel-12730=1

   - SUSE Manager Proxy 2.1:

      zypper in -t patch slemap21-kernel-12730=1

   - SUSE Manager 2.1:

      zypper in -t patch sleman21-kernel-12730=1

   - SUSE Linux Enterprise Server 11-SP3-LTSS:

      zypper in -t patch slessp3-kernel-12730=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-kernel-12730=1

   - SUSE Linux Enterprise Point of Sale 11-SP3:

      zypper in -t patch sleposp3-kernel-12730=1

   - SUSE Linux Enterprise Debuginfo 11-SP3:

      zypper in -t patch dbgsp3-kernel-12730=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE OpenStack Cloud 5 (x86_64):

      kernel-bigsmp-3.0.101-0.47.86.1
      kernel-bigsmp-base-3.0.101-0.47.86.1
      kernel-bigsmp-devel-3.0.101-0.47.86.1
      kernel-default-3.0.101-0.47.86.1
      kernel-default-base-3.0.101-0.47.86.1
      kernel-default-devel-3.0.101-0.47.86.1
      kernel-ec2-3.0.101-0.47.86.1
      kernel-ec2-base-3.0.101-0.47.86.1
      kernel-ec2-devel-3.0.101-0.47.86.1
      kernel-source-3.0.101-0.47.86.1
      kernel-syms-3.0.101-0.47.86.1
      kernel-trace-3.0.101-0.47.86.1
      kernel-trace-base-3.0.101-0.47.86.1
      kernel-trace-devel-3.0.101-0.47.86.1
      kernel-xen-3.0.101-0.47.86.1
      kernel-xen-base-3.0.101-0.47.86.1
      kernel-xen-devel-3.0.101-0.47.86.1

   - SUSE Manager Proxy 2.1 (x86_64):

      kernel-bigsmp-3.0.101-0.47.86.1
      kernel-bigsmp-base-3.0.101-0.47.86.1
      kernel-bigsmp-devel-3.0.101-0.47.86.1
      kernel-default-3.0.101-0.47.86.1
      kernel-default-base-3.0.101-0.47.86.1
      kernel-default-devel-3.0.101-0.47.86.1
      kernel-ec2-3.0.101-0.47.86.1
      kernel-ec2-base-3.0.101-0.47.86.1
      kernel-ec2-devel-3.0.101-0.47.86.1
      kernel-source-3.0.101-0.47.86.1
      kernel-syms-3.0.101-0.47.86.1
      kernel-trace-3.0.101-0.47.86.1
      kernel-trace-base-3.0.101-0.47.86.1
      kernel-trace-devel-3.0.101-0.47.86.1
      kernel-xen-3.0.101-0.47.86.1
      kernel-xen-base-3.0.101-0.47.86.1
      kernel-xen-devel-3.0.101-0.47.86.1

   - SUSE Manager 2.1 (s390x x86_64):

      kernel-default-3.0.101-0.47.86.1
      kernel-default-base-3.0.101-0.47.86.1
      kernel-default-devel-3.0.101-0.47.86.1
      kernel-source-3.0.101-0.47.86.1
      kernel-syms-3.0.101-0.47.86.1
      kernel-trace-3.0.101-0.47.86.1
      kernel-trace-base-3.0.101-0.47.86.1
      kernel-trace-devel-3.0.101-0.47.86.1

   - SUSE Manager 2.1 (x86_64):

      kernel-bigsmp-3.0.101-0.47.86.1
      kernel-bigsmp-base-3.0.101-0.47.86.1
      kernel-bigsmp-devel-3.0.101-0.47.86.1
      kernel-ec2-3.0.101-0.47.86.1
      kernel-ec2-base-3.0.101-0.47.86.1
      kernel-ec2-devel-3.0.101-0.47.86.1
      kernel-xen-3.0.101-0.47.86.1
      kernel-xen-base-3.0.101-0.47.86.1
      kernel-xen-devel-3.0.101-0.47.86.1

   - SUSE Manager 2.1 (s390x):

      kernel-default-man-3.0.101-0.47.86.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

      kernel-default-3.0.101-0.47.86.1
      kernel-default-base-3.0.101-0.47.86.1
      kernel-default-devel-3.0.101-0.47.86.1
      kernel-source-3.0.101-0.47.86.1
      kernel-syms-3.0.101-0.47.86.1
      kernel-trace-3.0.101-0.47.86.1
      kernel-trace-base-3.0.101-0.47.86.1
      kernel-trace-devel-3.0.101-0.47.86.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):

      kernel-ec2-3.0.101-0.47.86.1
      kernel-ec2-base-3.0.101-0.47.86.1
      kernel-ec2-devel-3.0.101-0.47.86.1
      kernel-xen-3.0.101-0.47.86.1
      kernel-xen-base-3.0.101-0.47.86.1
      kernel-xen-devel-3.0.101-0.47.86.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64):

      kernel-bigsmp-3.0.101-0.47.86.1
      kernel-bigsmp-base-3.0.101-0.47.86.1
      kernel-bigsmp-devel-3.0.101-0.47.86.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x):

      kernel-default-man-3.0.101-0.47.86.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586):

      kernel-pae-3.0.101-0.47.86.1
      kernel-pae-base-3.0.101-0.47.86.1
      kernel-pae-devel-3.0.101-0.47.86.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-0.47.86.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-0.47.86.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-bigsmp-extra-3.0.101-0.47.86.1
      kernel-trace-extra-3.0.101-0.47.86.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-0.47.86.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-0.47.86.1

   - SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

      kernel-default-3.0.101-0.47.86.1
      kernel-default-base-3.0.101-0.47.86.1
      kernel-default-devel-3.0.101-0.47.86.1
      kernel-ec2-3.0.101-0.47.86.1
      kernel-ec2-base-3.0.101-0.47.86.1
      kernel-ec2-devel-3.0.101-0.47.86.1
      kernel-pae-3.0.101-0.47.86.1
      kernel-pae-base-3.0.101-0.47.86.1
      kernel-pae-devel-3.0.101-0.47.86.1
      kernel-source-3.0.101-0.47.86.1
      kernel-syms-3.0.101-0.47.86.1
      kernel-trace-3.0.101-0.47.86.1
      kernel-trace-base-3.0.101-0.47.86.1
      kernel-trace-devel-3.0.101-0.47.86.1
      kernel-xen-3.0.101-0.47.86.1
      kernel-xen-base-3.0.101-0.47.86.1
      kernel-xen-devel-3.0.101-0.47.86.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

      kernel-default-debuginfo-3.0.101-0.47.86.1
      kernel-default-debugsource-3.0.101-0.47.86.1
      kernel-trace-debuginfo-3.0.101-0.47.86.1
      kernel-trace-debugsource-3.0.101-0.47.86.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-0.47.86.1
      kernel-ec2-debugsource-3.0.101-0.47.86.1
      kernel-xen-debuginfo-3.0.101-0.47.86.1
      kernel-xen-debugsource-3.0.101-0.47.86.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64):

      kernel-bigsmp-debuginfo-3.0.101-0.47.86.1
      kernel-bigsmp-debugsource-3.0.101-0.47.86.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586):

      kernel-pae-debuginfo-3.0.101-0.47.86.1
      kernel-pae-debugsource-3.0.101-0.47.86.1


References:

   https://www.suse.com/security/cve/CVE-2013-4312.html
   https://www.suse.com/security/cve/CVE-2015-7513.html
   https://www.suse.com/security/cve/CVE-2015-7833.html
   https://www.suse.com/security/cve/CVE-2016-0758.html
   https://www.suse.com/security/cve/CVE-2016-1583.html
   https://www.suse.com/security/cve/CVE-2016-2053.html
   https://www.suse.com/security/cve/CVE-2016-2187.html
   https://www.suse.com/security/cve/CVE-2016-3134.html
   https://www.suse.com/security/cve/CVE-2016-3955.html
   https://www.suse.com/security/cve/CVE-2016-4470.html
   https://www.suse.com/security/cve/CVE-2016-4482.html
   https://www.suse.com/security/cve/CVE-2016-4485.html
   https://www.suse.com/security/cve/CVE-2016-4486.html
   https://www.suse.com/security/cve/CVE-2016-4565.html
   https://www.suse.com/security/cve/CVE-2016-4569.html
   https://www.suse.com/security/cve/CVE-2016-4578.html
   https://www.suse.com/security/cve/CVE-2016-4580.html
   https://www.suse.com/security/cve/CVE-2016-4805.html
   https://www.suse.com/security/cve/CVE-2016-4913.html
   https://www.suse.com/security/cve/CVE-2016-4997.html
   https://www.suse.com/security/cve/CVE-2016-4998.html
   https://www.suse.com/security/cve/CVE-2016-5244.html
   https://www.suse.com/security/cve/CVE-2016-5696.html
   https://www.suse.com/security/cve/CVE-2016-5829.html
   https://www.suse.com/security/cve/CVE-2016-6480.html
   https://bugzilla.suse.com/839104
   https://bugzilla.suse.com/866130
   https://bugzilla.suse.com/919351
   https://bugzilla.suse.com/944309
   https://bugzilla.suse.com/950998
   https://bugzilla.suse.com/960689
   https://bugzilla.suse.com/962404
   https://bugzilla.suse.com/963655
   https://bugzilla.suse.com/963762
   https://bugzilla.suse.com/966460
   https://bugzilla.suse.com/969149
   https://bugzilla.suse.com/970114
   https://bugzilla.suse.com/971126
   https://bugzilla.suse.com/971360
   https://bugzilla.suse.com/971446
   https://bugzilla.suse.com/971729
   https://bugzilla.suse.com/971944
   https://bugzilla.suse.com/974428
   https://bugzilla.suse.com/975945
   https://bugzilla.suse.com/978401
   https://bugzilla.suse.com/978821
   https://bugzilla.suse.com/978822
   https://bugzilla.suse.com/979213
   https://bugzilla.suse.com/979274
   https://bugzilla.suse.com/979548
   https://bugzilla.suse.com/979681
   https://bugzilla.suse.com/979867
   https://bugzilla.suse.com/979879
   https://bugzilla.suse.com/980371
   https://bugzilla.suse.com/980725
   https://bugzilla.suse.com/980788
   https://bugzilla.suse.com/980931
   https://bugzilla.suse.com/981267
   https://bugzilla.suse.com/983143
   https://bugzilla.suse.com/983213
   https://bugzilla.suse.com/983535
   https://bugzilla.suse.com/984107
   https://bugzilla.suse.com/984755
   https://bugzilla.suse.com/986362
   https://bugzilla.suse.com/986365
   https://bugzilla.suse.com/986445
   https://bugzilla.suse.com/986572
   https://bugzilla.suse.com/987709
   https://bugzilla.suse.com/988065
   https://bugzilla.suse.com/989152
   https://bugzilla.suse.com/989401
   https://bugzilla.suse.com/991608



More information about the sle-security-updates mailing list