From sle-security-updates at lists.suse.com Mon Oct 1 10:08:29 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Oct 2018 18:08:29 +0200 (CEST) Subject: SUSE-SU-2018:2960-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP1) Message-ID: <20181001160829.5CB94FD57@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2960-1 Rating: important References: #1102682 #1103203 #1105323 Cross-References: CVE-2018-10902 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_63 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2085=1 SUSE-SLE-SAP-12-SP1-2018-2086=1 SUSE-SLE-SAP-12-SP1-2018-2087=1 SUSE-SLE-SAP-12-SP1-2018-2088=1 SUSE-SLE-SAP-12-SP1-2018-2089=1 SUSE-SLE-SAP-12-SP1-2018-2090=1 SUSE-SLE-SAP-12-SP1-2018-2091=1 SUSE-SLE-SAP-12-SP1-2018-2092=1 SUSE-SLE-SAP-12-SP1-2018-2093=1 SUSE-SLE-SAP-12-SP1-2018-2094=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2085=1 SUSE-SLE-SERVER-12-SP1-2018-2086=1 SUSE-SLE-SERVER-12-SP1-2018-2087=1 SUSE-SLE-SERVER-12-SP1-2018-2088=1 SUSE-SLE-SERVER-12-SP1-2018-2089=1 SUSE-SLE-SERVER-12-SP1-2018-2090=1 SUSE-SLE-SERVER-12-SP1-2018-2091=1 SUSE-SLE-SERVER-12-SP1-2018-2092=1 SUSE-SLE-SERVER-12-SP1-2018-2093=1 SUSE-SLE-SERVER-12-SP1-2018-2094=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_60-default-11-2.1 kgraft-patch-3_12_74-60_64_60-xen-11-2.1 kgraft-patch-3_12_74-60_64_63-default-9-2.1 kgraft-patch-3_12_74-60_64_63-xen-9-2.1 kgraft-patch-3_12_74-60_64_66-default-8-2.1 kgraft-patch-3_12_74-60_64_66-xen-8-2.1 kgraft-patch-3_12_74-60_64_69-default-7-2.1 kgraft-patch-3_12_74-60_64_69-xen-7-2.1 kgraft-patch-3_12_74-60_64_82-default-7-2.1 kgraft-patch-3_12_74-60_64_82-xen-7-2.1 kgraft-patch-3_12_74-60_64_85-default-7-2.1 kgraft-patch-3_12_74-60_64_85-xen-7-2.1 kgraft-patch-3_12_74-60_64_88-default-5-2.1 kgraft-patch-3_12_74-60_64_88-xen-5-2.1 kgraft-patch-3_12_74-60_64_93-default-4-2.1 kgraft-patch-3_12_74-60_64_93-xen-4-2.1 kgraft-patch-3_12_74-60_64_96-default-4-2.1 kgraft-patch-3_12_74-60_64_96-xen-4-2.1 kgraft-patch-3_12_74-60_64_99-default-3-2.1 kgraft-patch-3_12_74-60_64_99-xen-3-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_60-default-11-2.1 kgraft-patch-3_12_74-60_64_60-xen-11-2.1 kgraft-patch-3_12_74-60_64_63-default-9-2.1 kgraft-patch-3_12_74-60_64_63-xen-9-2.1 kgraft-patch-3_12_74-60_64_66-default-8-2.1 kgraft-patch-3_12_74-60_64_66-xen-8-2.1 kgraft-patch-3_12_74-60_64_69-default-7-2.1 kgraft-patch-3_12_74-60_64_69-xen-7-2.1 kgraft-patch-3_12_74-60_64_82-default-7-2.1 kgraft-patch-3_12_74-60_64_82-xen-7-2.1 kgraft-patch-3_12_74-60_64_85-default-7-2.1 kgraft-patch-3_12_74-60_64_85-xen-7-2.1 kgraft-patch-3_12_74-60_64_88-default-5-2.1 kgraft-patch-3_12_74-60_64_88-xen-5-2.1 kgraft-patch-3_12_74-60_64_93-default-4-2.1 kgraft-patch-3_12_74-60_64_93-xen-4-2.1 kgraft-patch-3_12_74-60_64_96-default-4-2.1 kgraft-patch-3_12_74-60_64_96-xen-4-2.1 kgraft-patch-3_12_74-60_64_99-default-3-2.1 kgraft-patch-3_12_74-60_64_99-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1103203 https://bugzilla.suse.com/1105323 From sle-security-updates at lists.suse.com Mon Oct 1 13:08:02 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Oct 2018 21:08:02 +0200 (CEST) Subject: SUSE-SU-2018:2961-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP3) Message-ID: <20181001190802.AD529FD56@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2961-1 Rating: important References: #1102682 #1103203 #1105323 #1106191 Cross-References: CVE-2018-10902 CVE-2018-10938 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.131-94_29 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-2103=1 SUSE-SLE-Live-Patching-12-SP3-2018-2105=1 SUSE-SLE-Live-Patching-12-SP3-2018-2106=1 SUSE-SLE-Live-Patching-12-SP3-2018-2107=1 SUSE-SLE-Live-Patching-12-SP3-2018-2110=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_120-94_17-default-6-2.1 kgraft-patch-4_4_120-94_17-default-debuginfo-6-2.1 kgraft-patch-4_4_126-94_22-default-6-2.1 kgraft-patch-4_4_126-94_22-default-debuginfo-6-2.1 kgraft-patch-4_4_131-94_29-default-4-2.1 kgraft-patch-4_4_131-94_29-default-debuginfo-4-2.1 kgraft-patch-4_4_132-94_33-default-4-2.1 kgraft-patch-4_4_132-94_33-default-debuginfo-4-2.1 kgraft-patch-4_4_143-94_47-default-2-2.1 kgraft-patch-4_4_143-94_47-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10938.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1103203 https://bugzilla.suse.com/1105323 https://bugzilla.suse.com/1106191 From sle-security-updates at lists.suse.com Mon Oct 1 13:11:42 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Oct 2018 21:11:42 +0200 (CEST) Subject: SUSE-SU-2018:2965-1: moderate: Security update for openssl-1_0_0 Message-ID: <20181001191142.717C7FD56@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2965-1 Rating: moderate References: #1089039 #1097158 #1101470 #1104789 #1106197 Cross-References: CVE-2018-0732 CVE-2018-0737 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for openssl-1_0_0 to 1.0.2p fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Make problematic ECDSA sign addition length-invariant - Add blinding to ECDSA and DSA signatures to protect against side channel attacks This non-security issue was fixed: - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2095=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.8.1 libopenssl1_0_0-1.0.2p-3.8.1 libopenssl1_0_0-debuginfo-1.0.2p-3.8.1 openssl-1_0_0-1.0.2p-3.8.1 openssl-1_0_0-debuginfo-1.0.2p-3.8.1 openssl-1_0_0-debugsource-1.0.2p-3.8.1 References: https://www.suse.com/security/cve/CVE-2018-0732.html https://www.suse.com/security/cve/CVE-2018-0737.html https://bugzilla.suse.com/1089039 https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1101470 https://bugzilla.suse.com/1104789 https://bugzilla.suse.com/1106197 From sle-security-updates at lists.suse.com Tue Oct 2 10:08:28 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Oct 2018 18:08:28 +0200 (CEST) Subject: SUSE-SU-2018:2973-1: moderate: Security update for qemu Message-ID: <20181002160828.DE050FCBE@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2973-1 Rating: moderate References: #1092885 #1096223 #1098735 Cross-References: CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for qemu fixes the following security issues: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2116=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2116=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2116=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2116=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): qemu-2.6.2-41.43.3 qemu-block-curl-2.6.2-41.43.3 qemu-block-curl-debuginfo-2.6.2-41.43.3 qemu-block-ssh-2.6.2-41.43.3 qemu-block-ssh-debuginfo-2.6.2-41.43.3 qemu-debugsource-2.6.2-41.43.3 qemu-guest-agent-2.6.2-41.43.3 qemu-guest-agent-debuginfo-2.6.2-41.43.3 qemu-kvm-2.6.2-41.43.3 qemu-lang-2.6.2-41.43.3 qemu-tools-2.6.2-41.43.3 qemu-tools-debuginfo-2.6.2-41.43.3 - SUSE OpenStack Cloud 7 (x86_64): qemu-block-rbd-2.6.2-41.43.3 qemu-block-rbd-debuginfo-2.6.2-41.43.3 qemu-x86-2.6.2-41.43.3 qemu-x86-debuginfo-2.6.2-41.43.3 - SUSE OpenStack Cloud 7 (noarch): qemu-ipxe-1.0.0-41.43.3 qemu-seabios-1.9.1-41.43.3 qemu-sgabios-8-41.43.3 qemu-vgabios-1.9.1-41.43.3 - SUSE OpenStack Cloud 7 (s390x): qemu-s390-2.6.2-41.43.3 qemu-s390-debuginfo-2.6.2-41.43.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): qemu-2.6.2-41.43.3 qemu-block-curl-2.6.2-41.43.3 qemu-block-curl-debuginfo-2.6.2-41.43.3 qemu-block-ssh-2.6.2-41.43.3 qemu-block-ssh-debuginfo-2.6.2-41.43.3 qemu-debugsource-2.6.2-41.43.3 qemu-guest-agent-2.6.2-41.43.3 qemu-guest-agent-debuginfo-2.6.2-41.43.3 qemu-lang-2.6.2-41.43.3 qemu-tools-2.6.2-41.43.3 qemu-tools-debuginfo-2.6.2-41.43.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le): qemu-ppc-2.6.2-41.43.3 qemu-ppc-debuginfo-2.6.2-41.43.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): qemu-ipxe-1.0.0-41.43.3 qemu-seabios-1.9.1-41.43.3 qemu-sgabios-8-41.43.3 qemu-vgabios-1.9.1-41.43.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): qemu-block-rbd-2.6.2-41.43.3 qemu-block-rbd-debuginfo-2.6.2-41.43.3 qemu-kvm-2.6.2-41.43.3 qemu-x86-2.6.2-41.43.3 qemu-x86-debuginfo-2.6.2-41.43.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): qemu-2.6.2-41.43.3 qemu-block-curl-2.6.2-41.43.3 qemu-block-curl-debuginfo-2.6.2-41.43.3 qemu-block-ssh-2.6.2-41.43.3 qemu-block-ssh-debuginfo-2.6.2-41.43.3 qemu-debugsource-2.6.2-41.43.3 qemu-guest-agent-2.6.2-41.43.3 qemu-guest-agent-debuginfo-2.6.2-41.43.3 qemu-lang-2.6.2-41.43.3 qemu-tools-2.6.2-41.43.3 qemu-tools-debuginfo-2.6.2-41.43.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): qemu-kvm-2.6.2-41.43.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le): qemu-ppc-2.6.2-41.43.3 qemu-ppc-debuginfo-2.6.2-41.43.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): qemu-block-rbd-2.6.2-41.43.3 qemu-block-rbd-debuginfo-2.6.2-41.43.3 qemu-x86-2.6.2-41.43.3 qemu-x86-debuginfo-2.6.2-41.43.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): qemu-ipxe-1.0.0-41.43.3 qemu-seabios-1.9.1-41.43.3 qemu-sgabios-8-41.43.3 qemu-vgabios-1.9.1-41.43.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): qemu-s390-2.6.2-41.43.3 qemu-s390-debuginfo-2.6.2-41.43.3 - SUSE Enterprise Storage 4 (noarch): qemu-ipxe-1.0.0-41.43.3 qemu-seabios-1.9.1-41.43.3 qemu-sgabios-8-41.43.3 qemu-vgabios-1.9.1-41.43.3 - SUSE Enterprise Storage 4 (x86_64): qemu-2.6.2-41.43.3 qemu-block-curl-2.6.2-41.43.3 qemu-block-curl-debuginfo-2.6.2-41.43.3 qemu-block-rbd-2.6.2-41.43.3 qemu-block-rbd-debuginfo-2.6.2-41.43.3 qemu-block-ssh-2.6.2-41.43.3 qemu-block-ssh-debuginfo-2.6.2-41.43.3 qemu-debugsource-2.6.2-41.43.3 qemu-guest-agent-2.6.2-41.43.3 qemu-guest-agent-debuginfo-2.6.2-41.43.3 qemu-kvm-2.6.2-41.43.3 qemu-lang-2.6.2-41.43.3 qemu-tools-2.6.2-41.43.3 qemu-tools-debuginfo-2.6.2-41.43.3 qemu-x86-2.6.2-41.43.3 qemu-x86-debuginfo-2.6.2-41.43.3 References: https://www.suse.com/security/cve/CVE-2018-11806.html https://www.suse.com/security/cve/CVE-2018-12617.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1092885 https://bugzilla.suse.com/1096223 https://bugzilla.suse.com/1098735 From sle-security-updates at lists.suse.com Tue Oct 2 13:08:17 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Oct 2018 21:08:17 +0200 (CEST) Subject: SUSE-SU-2018:2975-1: important: Security update for ghostscript Message-ID: <20181002190817.D5FC5FEAD@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2975-1 Rating: important References: #1106171 #1106172 #1106173 #1106195 #1107410 #1107411 #1107412 #1107413 #1107420 #1107421 #1107422 #1107423 #1107426 #1107581 #1108027 #1109105 Cross-References: CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 CVE-2018-17183 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (bsc#1109105) - CVE-2018-15909: Prevent type confusion using the .shfill operator that could have been used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (bsc#1106172). - CVE-2018-15908: Prevent attackers that are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (bsc#1106171). - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams parameter that could have been used to crash the interpreter or execute code (bsc#1106173). - CVE-2018-15911: Prevent use uninitialized memory access in the aesdecode operator that could have been used to crash the interpreter or potentially execute code (bsc#1106195). - CVE-2018-16513: Prevent a type confusion in the setcolor function that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107412). - CVE-2018-16509: Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be have been used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction (bsc#1107410). - CVE-2018-16510: Incorrect exec stack handling in the "CS" and "SC" PDF primitives could have been used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact (bsc#1107411). - CVE-2018-16542: Prevent attackers able to supply crafted PostScript files from using insufficient interpreter stack-size checking during error handling to crash the interpreter (bsc#1107413). - CVE-2018-16541: Prevent attackers able to supply crafted PostScript files from using incorrect free logic in pagedevice replacement to crash the interpreter (bsc#1107421). - CVE-2018-16540: Prevent use-after-free in copydevice handling that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107420). - CVE-2018-16539: Prevent attackers able to supply crafted PostScript files from using incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable (bsc#1107422). - CVE-2018-16543: gssetresolution and gsgetresolution allowed attackers to have an unspecified impact (bsc#1107423). - CVE-2018-16511: A type confusion in "ztype" could have been used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107426). - CVE-2018-16585: The .setdistillerkeys PostScript command was accepted even though it is not intended for use during document processing (e.g., after the startup phase). This lead to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107581). - CVE-2018-16802: Incorrect "restoration of privilege" checking when running out of stack during exception handling could have been used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509 (bsc#1108027). These non-security issues were fixed: * Fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files). * Avoid that ps2epsi fails with 'Error: /undefined in --setpagedevice--' For additional changes please check http://www.ghostscript.com/doc/9.25/News.htm and the changes file of the package. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2121=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2121=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2121=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2121=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2121=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2121=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2121=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2121=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2121=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-devel-9.25-23.13.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 - SUSE Enterprise Storage 4 (x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 References: https://www.suse.com/security/cve/CVE-2018-15908.html https://www.suse.com/security/cve/CVE-2018-15909.html https://www.suse.com/security/cve/CVE-2018-15910.html https://www.suse.com/security/cve/CVE-2018-15911.html https://www.suse.com/security/cve/CVE-2018-16509.html https://www.suse.com/security/cve/CVE-2018-16510.html https://www.suse.com/security/cve/CVE-2018-16511.html https://www.suse.com/security/cve/CVE-2018-16513.html https://www.suse.com/security/cve/CVE-2018-16539.html https://www.suse.com/security/cve/CVE-2018-16540.html https://www.suse.com/security/cve/CVE-2018-16541.html https://www.suse.com/security/cve/CVE-2018-16542.html https://www.suse.com/security/cve/CVE-2018-16543.html https://www.suse.com/security/cve/CVE-2018-16585.html https://www.suse.com/security/cve/CVE-2018-16802.html https://www.suse.com/security/cve/CVE-2018-17183.html https://bugzilla.suse.com/1106171 https://bugzilla.suse.com/1106172 https://bugzilla.suse.com/1106173 https://bugzilla.suse.com/1106195 https://bugzilla.suse.com/1107410 https://bugzilla.suse.com/1107411 https://bugzilla.suse.com/1107412 https://bugzilla.suse.com/1107413 https://bugzilla.suse.com/1107420 https://bugzilla.suse.com/1107421 https://bugzilla.suse.com/1107422 https://bugzilla.suse.com/1107423 https://bugzilla.suse.com/1107426 https://bugzilla.suse.com/1107581 https://bugzilla.suse.com/1108027 https://bugzilla.suse.com/1109105 From sle-security-updates at lists.suse.com Tue Oct 2 13:10:48 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Oct 2018 21:10:48 +0200 (CEST) Subject: SUSE-SU-2018:2976-1: important: Security update for ghostscript Message-ID: <20181002191048.9207CFEAD@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2976-1 Rating: important References: #1106171 #1106172 #1106173 #1106195 #1107410 #1107411 #1107412 #1107413 #1107420 #1107421 #1107422 #1107423 #1107426 #1107581 #1108027 #1109105 Cross-References: CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 CVE-2018-17183 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (bsc#1109105) - CVE-2018-15909: Prevent type confusion using the .shfill operator that could have been used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (bsc#1106172). - CVE-2018-15908: Prevent attackers that are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (bsc#1106171). - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams parameter that could have been used to crash the interpreter or execute code (bsc#1106173). - CVE-2018-15911: Prevent use uninitialized memory access in the aesdecode operator that could have been used to crash the interpreter or potentially execute code (bsc#1106195). - CVE-2018-16513: Prevent a type confusion in the setcolor function that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107412). - CVE-2018-16509: Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be have been used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction (bsc#1107410). - CVE-2018-16510: Incorrect exec stack handling in the "CS" and "SC" PDF primitives could have been used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact (bsc#1107411). - CVE-2018-16542: Prevent attackers able to supply crafted PostScript files from using insufficient interpreter stack-size checking during error handling to crash the interpreter (bsc#1107413). - CVE-2018-16541: Prevent attackers able to supply crafted PostScript files from using incorrect free logic in pagedevice replacement to crash the interpreter (bsc#1107421). - CVE-2018-16540: Prevent use-after-free in copydevice handling that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107420). - CVE-2018-16539: Prevent attackers able to supply crafted PostScript files from using incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable (bsc#1107422). - CVE-2018-16543: gssetresolution and gsgetresolution allowed attackers to have an unspecified impact (bsc#1107423). - CVE-2018-16511: A type confusion in "ztype" could have been used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107426). - CVE-2018-16585: The .setdistillerkeys PostScript command was accepted even though it is not intended for use during document processing (e.g., after the startup phase). This lead to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107581). - CVE-2018-16802: Incorrect "restoration of privilege" checking when running out of stack during exception handling could have been used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509 (bsc#1108027). These non-security issues were fixed: * Fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files). * Avoid that ps2epsi fails with 'Error: /undefined in --setpagedevice--' For additional changes please check http://www.ghostscript.com/doc/9.25/News.htm Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2119=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2119=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libspectre-debugsource-0.2.8-3.2.1 libspectre-devel-0.2.8-3.2.1 libspectre1-0.2.8-3.2.1 libspectre1-debuginfo-0.2.8-3.2.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): ghostscript-9.25-3.6.1 ghostscript-debuginfo-9.25-3.6.1 ghostscript-debugsource-9.25-3.6.1 ghostscript-devel-9.25-3.6.1 ghostscript-x11-9.25-3.6.1 ghostscript-x11-debuginfo-9.25-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-15908.html https://www.suse.com/security/cve/CVE-2018-15909.html https://www.suse.com/security/cve/CVE-2018-15910.html https://www.suse.com/security/cve/CVE-2018-15911.html https://www.suse.com/security/cve/CVE-2018-16509.html https://www.suse.com/security/cve/CVE-2018-16510.html https://www.suse.com/security/cve/CVE-2018-16511.html https://www.suse.com/security/cve/CVE-2018-16513.html https://www.suse.com/security/cve/CVE-2018-16539.html https://www.suse.com/security/cve/CVE-2018-16540.html https://www.suse.com/security/cve/CVE-2018-16541.html https://www.suse.com/security/cve/CVE-2018-16542.html https://www.suse.com/security/cve/CVE-2018-16543.html https://www.suse.com/security/cve/CVE-2018-16585.html https://www.suse.com/security/cve/CVE-2018-16802.html https://www.suse.com/security/cve/CVE-2018-17183.html https://bugzilla.suse.com/1106171 https://bugzilla.suse.com/1106172 https://bugzilla.suse.com/1106173 https://bugzilla.suse.com/1106195 https://bugzilla.suse.com/1107410 https://bugzilla.suse.com/1107411 https://bugzilla.suse.com/1107412 https://bugzilla.suse.com/1107413 https://bugzilla.suse.com/1107420 https://bugzilla.suse.com/1107421 https://bugzilla.suse.com/1107422 https://bugzilla.suse.com/1107423 https://bugzilla.suse.com/1107426 https://bugzilla.suse.com/1107581 https://bugzilla.suse.com/1108027 https://bugzilla.suse.com/1109105 From sle-security-updates at lists.suse.com Tue Oct 2 13:13:46 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Oct 2018 21:13:46 +0200 (CEST) Subject: SUSE-SU-2018:2977-1: Security update for ImageMagick Message-ID: <20181002191346.88DC7FEAD@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2977-1 Rating: low References: #1106855 #1106857 #1106858 #1106989 #1107604 #1107609 #1107612 #1107616 #1107618 #1107619 Cross-References: CVE-2018-16323 CVE-2018-16328 CVE-2018-16329 CVE-2018-16413 CVE-2018-16640 CVE-2018-16641 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for ImageMagick fixes the following security issues: - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989) - CVE-2018-16329: Prevent NULL pointer dereference in the GetMagickProperty function leading to DoS (bsc#1106858). - CVE-2018-16328: Prevent NULL pointer dereference exists in the CheckEventLogging function leading to DoS (bsc#1106857). - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855) - CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616) - CVE-2018-16640: Prevent memory leak in the function ReadOneJNGImage (bsc#1107619) - CVE-2018-16641: Prevent memory leak in the TIFFWritePhotoshopLayers function (bsc#1107618). - CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612) - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609) - CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2118=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2118=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.24.1 ImageMagick-debugsource-7.0.7.34-3.24.1 perl-PerlMagick-7.0.7.34-3.24.1 perl-PerlMagick-debuginfo-7.0.7.34-3.24.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.24.1 ImageMagick-debuginfo-7.0.7.34-3.24.1 ImageMagick-debugsource-7.0.7.34-3.24.1 ImageMagick-devel-7.0.7.34-3.24.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.24.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.24.1 libMagick++-devel-7.0.7.34-3.24.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.24.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.24.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.24.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.24.1 References: https://www.suse.com/security/cve/CVE-2018-16323.html https://www.suse.com/security/cve/CVE-2018-16328.html https://www.suse.com/security/cve/CVE-2018-16329.html https://www.suse.com/security/cve/CVE-2018-16413.html https://www.suse.com/security/cve/CVE-2018-16640.html https://www.suse.com/security/cve/CVE-2018-16641.html https://www.suse.com/security/cve/CVE-2018-16642.html https://www.suse.com/security/cve/CVE-2018-16643.html https://www.suse.com/security/cve/CVE-2018-16644.html https://www.suse.com/security/cve/CVE-2018-16645.html https://bugzilla.suse.com/1106855 https://bugzilla.suse.com/1106857 https://bugzilla.suse.com/1106858 https://bugzilla.suse.com/1106989 https://bugzilla.suse.com/1107604 https://bugzilla.suse.com/1107609 https://bugzilla.suse.com/1107612 https://bugzilla.suse.com/1107616 https://bugzilla.suse.com/1107618 https://bugzilla.suse.com/1107619 From sle-security-updates at lists.suse.com Tue Oct 2 13:15:39 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Oct 2018 21:15:39 +0200 (CEST) Subject: SUSE-SU-2018:2978-1: moderate: Security update for unzip Message-ID: <20181002191539.E3E14FEAD@maintenance.suse.de> SUSE Security Update: Security update for unzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2978-1 Rating: moderate References: #1013992 #1013993 #1080074 #910683 #914442 #950110 #950111 Cross-References: CVE-2014-9636 CVE-2014-9913 CVE-2015-7696 CVE-2015-7697 CVE-2016-9844 CVE-2018-1000035 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for unzip fixes the following security issues: - CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013993) - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) - CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) - CVE-2016-9844: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013992) - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074). - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442). This non-security issue was fixed: +- Allow processing of Windows zip64 archives (Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher) (bnc#910683) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2117=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2117=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): unzip-6.00-33.8.1 unzip-debuginfo-6.00-33.8.1 unzip-debugsource-6.00-33.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): unzip-6.00-33.8.1 unzip-debuginfo-6.00-33.8.1 unzip-debugsource-6.00-33.8.1 References: https://www.suse.com/security/cve/CVE-2014-9636.html https://www.suse.com/security/cve/CVE-2014-9913.html https://www.suse.com/security/cve/CVE-2015-7696.html https://www.suse.com/security/cve/CVE-2015-7697.html https://www.suse.com/security/cve/CVE-2016-9844.html https://www.suse.com/security/cve/CVE-2018-1000035.html https://bugzilla.suse.com/1013992 https://bugzilla.suse.com/1013993 https://bugzilla.suse.com/1080074 https://bugzilla.suse.com/910683 https://bugzilla.suse.com/914442 https://bugzilla.suse.com/950110 https://bugzilla.suse.com/950111 From sle-security-updates at lists.suse.com Tue Oct 2 13:17:09 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Oct 2018 21:17:09 +0200 (CEST) Subject: SUSE-SU-2018:2979-1: important: Security update for mgetty Message-ID: <20181002191709.E70F5FEAD@maintenance.suse.de> SUSE Security Update: Security update for mgetty ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2979-1 Rating: important References: #1108752 #1108756 #1108757 #1108761 #1108762 Cross-References: CVE-2018-16741 CVE-2018-16742 CVE-2018-16743 CVE-2018-16744 CVE-2018-16745 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for mgetty fixes the following security issues: - CVE-2018-16741: The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (bsc#1108752) - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it (bsc#1108756) - CVE-2018-16744: The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it (bsc#1108757) - CVE-2018-16742: Prevent stack-based buffer overflow that could have been triggered via a command-line parameter (bsc#1108762) - CVE-2018-16743: The command-line parameter username wsa passed unsanitized to strcpy(), which could have caused a stack-based buffer overflow (bsc#1108761) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2122=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2122=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): g3utils-1.1.36-58.3.1 g3utils-debuginfo-1.1.36-58.3.1 mgetty-1.1.36-58.3.1 mgetty-debuginfo-1.1.36-58.3.1 mgetty-debugsource-1.1.36-58.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): g3utils-1.1.36-58.3.1 g3utils-debuginfo-1.1.36-58.3.1 mgetty-1.1.36-58.3.1 mgetty-debuginfo-1.1.36-58.3.1 mgetty-debugsource-1.1.36-58.3.1 References: https://www.suse.com/security/cve/CVE-2018-16741.html https://www.suse.com/security/cve/CVE-2018-16742.html https://www.suse.com/security/cve/CVE-2018-16743.html https://www.suse.com/security/cve/CVE-2018-16744.html https://www.suse.com/security/cve/CVE-2018-16745.html https://bugzilla.suse.com/1108752 https://bugzilla.suse.com/1108756 https://bugzilla.suse.com/1108757 https://bugzilla.suse.com/1108761 https://bugzilla.suse.com/1108762 From sle-security-updates at lists.suse.com Tue Oct 2 13:18:20 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Oct 2018 21:18:20 +0200 (CEST) Subject: SUSE-SU-2018:2980-1: important: Security update for the Linux Kernel Message-ID: <20181002191820.1413FFEAD@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2980-1 Rating: important References: #1012382 #1043912 #1044189 #1046302 #1046306 #1046307 #1046543 #1050244 #1051510 #1054914 #1055014 #1055117 #1058659 #1060463 #1064232 #1065600 #1065729 #1068032 #1069138 #1071995 #1077761 #1077989 #1078720 #1080157 #1082555 #1083647 #1083663 #1084332 #1085042 #1085262 #1086282 #1089663 #1090528 #1092903 #1093389 #1094244 #1095344 #1096748 #1097105 #1098459 #1098822 #1099922 #1099999 #1100000 #1100001 #1100132 #1101557 #1101669 #1102346 #1102870 #1102875 #1102877 #1102879 #1102882 #1102896 #1103363 #1103387 #1103421 #1103948 #1103949 #1103961 #1104172 #1104353 #1104824 #1105247 #1105524 #1105536 #1105597 #1105603 #1105672 #1105907 #1106007 #1106016 #1106105 #1106121 #1106170 #1106178 #1106191 #1106229 #1106230 #1106231 #1106233 #1106235 #1106236 #1106237 #1106238 #1106240 #1106291 #1106297 #1106333 #1106369 #1106426 #1106427 #1106464 #1106509 #1106511 #1106594 #1106636 #1106688 #1106697 #1106743 #1106779 #1106800 #1106890 #1106891 #1106892 #1106893 #1106894 #1106896 #1106897 #1106898 #1106899 #1106900 #1106901 #1106902 #1106903 #1106905 #1106906 #1106948 #1106995 #1107008 #1107060 #1107061 #1107065 #1107073 #1107074 #1107078 #1107265 #1107319 #1107320 #1107522 #1107535 #1107689 #1107735 #1107756 #1107870 #1107924 #1107945 #1107966 #1108010 #1108093 #1108243 #1108520 #1108870 #1109269 #1109511 #920344 Cross-References: CVE-2018-10938 CVE-2018-10940 CVE-2018-1128 CVE-2018-1129 CVE-2018-12896 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-14613 CVE-2018-14617 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 134 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) - CVE-2018-14613: Prevent invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, caused by a lack of block group item validation in check_leaf_item (bsc#1102896). - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001) - CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000) - CVE-2018-13095: Prevent denial of service (memory corruption and BUG) that could have occurred for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999) - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (bnc#1096748) - CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (bnc#1096748) - CVE-2018-10938: A crafted network packet sent remotely by an attacker forced the kernel to enter an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service (bnc#1106016) The following non-security bugs were fixed: - /dev/mem: Add bounce buffer for copy-out (git-fixes). - /dev/mem: Avoid overwriting "err" in read_mem() (git-fixes). - 9p/net: Fix zero-copy path in the 9p virtio transport (bsc#1051510). - 9p/virtio: fix off-by-one error in sg list bounds check (bsc#1051510). - 9p: fix multiple NULL-pointer-dereferences (bsc#1051510). - ACPI / EC: Add another entry for Thinkpad X1 Carbon 6th (bsc#1051510). - ACPI / EC: Add parameter to force disable the GPE on suspend (bsc#1051510). - ACPI / EC: Use ec_no_wakeup on ThinkPad X1 Yoga 3rd (bsc#1051510). - ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th (bsc#1051510). - ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems (bsc#1051510). - ACPI / PCI: pci_link: Allow the absence of _PRS and change log level (bsc#1104172). - ACPI / bus: Only call dmi_check_system on X86 (bsc#1105597, bsc#1106178). - ACPI / scan: Initialize status to ACPI_STA_DEFAULT (bsc#1051510). - ACPI/IORT: Remove temporary iort_get_id_mapping_index() ACPICA guard (bsc#1103387). - ACPI/PCI: pci_link: reduce verbosity when IRQ is enabled (bsc#1104172). - ACPICA: iasl: Add SMMUv3 device ID mapping index support (bsc#1103387). - ALSA: cs46xx: Deliver indirect-PCM transfer error. - ALSA: emu10k1: Deliver indirect-PCM transfer error. - ALSA: fireface: fix memory leak in ff400_switch_fetching_mode() (bsc#1051510). - ALSA: firewire-digi00x: fix memory leak of private data (bsc#1051510). - ALSA: firewire-tascam: fix memory leak of private data (bsc#1051510). - ALSA: hda - Fix cancel_work_sync() stall from jackpoll work (bsc#1051510). - ALSA: mips: Deliver indirect-PCM transfer error. - ALSA: oxfw: fix memory leak for model-dependent data at error path (bsc#1051510). - ALSA: oxfw: fix memory leak of discovered stream formats at error path (bsc#1051510). - ALSA: oxfw: fix memory leak of private data (bsc#1051510). - ALSA: pcm: Call ack() whenever appl_ptr is updated. - ALSA: pcm: Fix negative appl_ptr handling in pcm-indirect helpers. - ALSA: pcm: Fix possible inconsistent appl_ptr update via mmap. - ALSA: pcm: Simplify forward/rewind codes. - ALSA: pcm: Skip ack callback without actual appl_ptr update. - ALSA: pcm: Use a common helper for PCM state check and hwsync. - ALSA: pcm: Workaround for weird PulseAudio behavior on rewind error. - ALSA: rme32: Deliver indirect-PCM transfer error. - ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot (bsc#1051510). - ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores (bsc#1051510). - ARM: hisi: fix error handling and missing of_node_put (bsc#1051510). - ARM: hisi: handle of_iomap and fix missing of_node_put (bsc#1051510). - ARM: imx: flag failure of of_iomap (bsc#1051510). - ARM: imx_v4_v5_defconfig: Select ULPI support (bsc#1051510). - ARM: imx_v6_v7_defconfig: Select ULPI support (bsc#1051510). - ARM: pxa: irq: fix handling of ICMR registers in suspend/resume (bsc#1051510). - ASoC: rsnd: fixup not to call clk_get/set under non-atomic (bsc#1051510). - ASoC: rsnd: move rsnd_ssi_config_init() execute condition into it (bsc#1051510). - ASoC: rsnd: update pointer more accurate (bsc#1051510). - ASoC: wm8994: Fix missing break in switch (bsc#1051510). - Apply e666d4e9ceec crypto: vmx - Use skcipher for ctr fallback to SLE12-SP4 (bsc#1106464). - Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV (bsc#1051510). - Bluetooth: hidp: Fix handling of strncpy for hid->name information (bsc#1051510). - Prevent errors at reboot (bsc#1093389) - Documentation: add some docs for errseq_t (bsc#1107008). - Fix buggy backport of patches.drivers/libnvdimm-btt-fix-an-incompatibility-in-the-log-layout.patc h (bsc#1103961). - Fix kABI breakage due to enum addition for ath10k (bsc#1051510). - HID: add quirk for another PIXART OEM mouse used by HP (bsc#1051510). - HID: i2c-hid: Add no-irq-after-reset quirk for 0911:5288 device. - IB/core: type promotion bug in rdma_rw_init_one_mr() (bsc#1046306). - IB/hfi1: Invalid NUMA node information can cause a divide by zero (bsc#1060463). - IB/hfi1: Remove incorrect call to do_interrupt callback (bsc#1060463). - IB/hfi1: Set in_use_ctxts bits for user ctxts only (bsc#1060463 ). - IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler (bsc#1046307). - IB/ipoib: Fix error return code in ipoib_dev_init() (bsc#1046307 ). - IB/mlx4: Test port number before querying type (bsc#1046302 ). - IB/mlx4: Use 4K pages for kernel QP's WQE buffer (bsc#1046302 ). - Input: atmel_mxt_ts - only use first T9 instance (bsc#1051510). - Input: edt-ft5x06 - fix error handling for factory mode on non-M06 (bsc#1051510). - Input: edt-ft5x06 - implement support for the EDT-M12 series (bsc#1051510). - Input: edt-ft5x06 - make distinction between m06/m09/generic more clear (bsc#1051510). - Input: synaptics-rmi4 - fix axis-swap behavior (bsc#1051510). - KABI: tpm: change relinquish_locality return value back to void (bsc#1082555). - KABI: tpm: do keep the cmd_ready and go_idle as pm ops (bsc#1082555). - KVM/x86: remove WARN_ON() for when vm_munmap() fails (bsc#1106240). - KVM: Enforce error in ioctl for compat tasks when !KVM_COMPAT (bsc#1106240). - KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages (bsc#1077761, git-fixes, bsc#1103948, bsc#1103949). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: nVMX: Do not flush TLB when vmcs12 uses VPID (bsc#1106240). - KVM: nVMX: Fix injection to L2 when L1 do not intercept external-interrupts (bsc#1106240). - KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2 (bsc#1106240). - KVM: nVMX: Re-evaluate L1 pending events when running L2 and L1 got posted-interrupt (bsc#1106240). - KVM: s390: add etoken support for guests (bsc#1106948, LTC#171029). - KVM: s390: force bp isolation for VSIE (bsc#1103421). - KVM: s390: implement CPU model only facilities (bsc#1106948, LTC#171029). - KVM: x86: Change __kvm_apic_update_irr() to also return if max IRR updated (bsc#1106240). - KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled (git-fixes 1f50ddb4f418). - KVM: x86: fix APIC page invalidation (bsc#1106240). - NET: stmmac: align DMA stuff to largest cache line length (netfilter-stable-18_08_01). - NFSv4 client live hangs after live data migration recovery (git-fixes). - NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence() (git-fixes). - NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message (git-fixes). - Netperf performance issue due to AppArmor net mediation (bsc#1108520) - PCI: Match Root Port's MPS to endpoint's MPSS as necessary (bsc#1109269). - PCI: OF: Fix I/O space page leak (git-fixes). - PCI: aardvark: Fix I/O space page leak (git-fixes). - PCI: hotplug: Do not leak pci_slot on registration failure (bsc#1051510). - PCI: hv: Make sure the bus domain is really unique (git-fixes). - PCI: mvebu: Fix I/O space end address calculation (bsc#1051510). - PCI: pciehp: Fix use-after-free on unplug (bsc#1051510). - PM / Domains: Fix error path during attach in genpd (bsc#1051510). - PM / clk: signedness bug in of_pm_clk_add_clks() (bsc#1051510). - PM / runtime: Drop usage count for suppliers at device link removal (bsc#1100132). - RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c (bsc#1050244). - RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1050244 ). - RDMA/i40w: Hold read semaphore while looking after VMA (bsc#1058659). - Refresh with the upstream patches for lan78xx fixes (bsc#1085262) - Replace magic for trusting the secondary keyring with #define (bsc#1051510). - Revert "PCI: Add ACS quirk for Intel 300 series" (bsc#1051510). - Revert "UBIFS: Fix potential integer overflow in allocation" (bsc#1051510). - Revert "mm: page_alloc: skip over regions of invalid pfns where possible" (bnc#1107078). - Revert "vhost: cache used event for better performance" (bsc#1090528). - Revert "vmalloc: back off when the current task is killed" (bnc#1107073). - Staging: vc04_services: remove unused variables. - Tools: hv: vss: fix loop device detection. - USB: net2280: Fix erroneous synchronization change (bsc#1051510). - USB: serial: io_ti: fix array underflow in completion handler (bsc#1051510). - USB: serial: ti_usb_3410_5052: fix array underflow in completion handler (bsc#1051510). - Update patches.drivers/0016-arm64-vgic-v2-Fix-proxying-of-cpuif-access.patch (bsc#1106901, bsc#1107265). - Update patches.fixes/4.4.139-043-powerpc-mm-hash-Add-missing-isync-prior-to-ke.pat ch (bnc#1012382, bsc#1094244). - Update config files, make CRYPTO_CRCT10DIF_PCLMUL built-in (bsc#1105603). - Update patch tag of dmi fix (bsc#1105597) Also moved to the sorted section. - Update patch tags of recent security fixes (bsc#1106426) - Update references (bsc#1064232) - Workaround kABI breakage by __must_check drop of strscpy() (bsc#1051510). - ahci: Add Intel Ice Lake LP PCI ID (bsc#1051510). - apparmor: Fix regression in profile conflict logic (bsc#1106427) - apparmor: ensure that undecidable profile attachments fail (bsc#1106427). - apparmor: fix an error code in __aa_create_ns() (bsc#1106427). - apparmor: remove no-op permission check in policy_unpack (bsc#1106427). - arm64/acpi: Create arch specific cpu to acpi id helper (bsc#1106903). - arm64/kasan: do not allocate extra shadow memory (bsc#1106897). - arm64/mm/kasan: do not use vmemmap_populate() to initialize shadow (bsc#1106898). - arm64: Enforce BBM for huge IO/VMAP mappings (bsc#1106890). - arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect() (bsc#1108010). - arm64: Make sure permission updates happen for pmd/pud (bsc#1106891). - arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag (bsc#1106902). - arm64: export memblock_reserve()d regions via /proc/iomem (bsc#1106892). - arm64: fix unwind_frame() for filtered out fn for function graph tracing (bsc#1106900). - arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups (bsc#1106896). - arm64: fpsimd: Avoid FPSIMD context leakage for the init task (bsc#1106894). - arm64: kasan: avoid pfn_to_nid() before page array is initialized (bsc#1106899). - arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance (bsc#1106906). - arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() (bsc#1106893). - arm64: numa: rework ACPI NUMA initialization (bsc#1106905). - arm64: vgic-v2: Fix proxying of cpuif access (bsc#1106901). - ata: libahci: Allow reconfigure of DEVSLP register (bsc#1051510). - ata: libahci: Correct setting of DEVSLP register (bsc#1051510). - ath10k: disable bundle mgmt tx completion event support (bsc#1051510). - ath10k: update the phymode along with bandwidth change request (bsc#1051510). - ath9k: add MSI support. - ath9k: report tx status on EOSP (bsc#1051510). - ath9k_hw: fix channel maximum power level test (bsc#1051510). - b43/leds: Ensure NUL-termination of LED name string (bsc#1051510). - b43legacy/leds: Ensure NUL-termination of LED name string (bsc#1051510). - bcache: avoid unncessary cache prefetch bch_btree_node_get(). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes. - bcache: display rate debug parameters to 0 when writeback is not running. - bcache: do not check return value of debugfs_create_dir(). - bcache: finish incremental GC. - bcache: fix I/O significant decline while backend devices registering. - bcache: fix error setting writeback_rate through sysfs interface. - bcache: free heap cache_set->flush_btree in bch_journal_free. - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section. - bcache: release dc->writeback_lock properly in bch_writeback_thread(). - bcache: set max writeback rate when I/O request is idle. - bcache: simplify the calculation of the total amount of flash dirty data. - Add a blacklist entry for the reverted patch (bsc#1106743) - blk-mq: avoid to synchronize rcu inside blk_cleanup_queue() (bsc#1077989). - blkdev: __blkdev_direct_IO_simple: fix leak in error case (bsc#1083663). - block, bfq: return nbytes and not zero from struct cftype .write() method (bsc#1106238). - block: bio_iov_iter_get_pages: fix size of last iovec (bsc#1083663). - block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs (bsc#1083663). - block: do not print a message when the device went away (bsc#1098459). - block: do not warn for flush on read-only device (bsc#1107756). - bnxt_en: Clean up unused functions (bsc#1086282). - bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA (bsc#1086282). - bnxt_en: Fix VF mac address regression (bsc#1086282 ). - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1050244). - bonding: avoid lockdep confusion in bond_get_stats() (netfilter-stable-18_08_04). - bpf, s390: fix potential memleak when later bpf_jit_prog fails (bsc#1083647). - bpf: fix references to free_bpf_prog_info() in comments (bsc#1083647). - bpf: fix uninitialized variable in bpf tools (bsc#1083647). - bpf: hash map: decrement counter on error (bsc#1083647). - bpf: powerpc64: pad function address loads with NOPs (bsc#1083647). - bpf: use GFP_ATOMIC instead of GFP_KERNEL in bpf_parse_prog() (bsc#1083647). - brcmfmac: stop watchdog before detach and free everything (bsc#1051510). - btrfs: Add checker for EXTENT_CSUM (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Add sanity check for EXTENT_DATA when reading out leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check if item pointer overlaps with the item itself (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check that each block group has corresponding chunk at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device (bsc#1097105). - btrfs: Handle error from btrfs_uuid_tree_rem call in _btrfs_ioctl_set_received_subvol (bsc#1097105). - btrfs: Introduce mount time chunk <-> dev extent mapping check (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Manually implement device_total_bytes getter/setter (bsc#1043912). - btrfs: Move leaf and node validation checker to tree-checker.c (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Round down values which are written for total_bytes_size (bsc#1043912). - btrfs: Verify that every chunk has corresponding block group at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: fix error handling in btrfs_dev_replace_start (bsc#1107535). - btrfs: round down size diff when shrinking/growing device (bsc#1097105). - btrfs: tree-checker: Add checker for dir item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Detect invalid and empty essential trees (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance btrfs_check_node output (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_extent_data_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for btrfs_check_leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_csum_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Fix false panic for sanity test (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Replace root parameter with fs_info (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Verify block_group_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (bsc#1051510). - ceph: fix incorrect use of strncpy (bsc#1107319). - ceph: return errors from posix_acl_equiv_mode() correctly (bsc#1107320). - cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE (bsc#1051510). - cgroup: avoid copying strings longer than the buffers (bsc#1051510). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510). - cifs: check kmalloc before use (bsc#1051510). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510). - cls_matchall: fix tcf_unbind_filter missing (networking-stable-18_08_21). - crypto: caam/jr - fix descriptor DMA unmapping (bsc#1051510). - crypto: caam/qi - fix error path in xts setkey (bsc#1051510). - crypto: vmx - Fix sleep-in-atomic bugs (bsc#1051510). - cxl: Configure PSL to not use APC virtual machines (bsc#1055014, git-fixes). - cxl: Fix wrong comparison in cxl_adapter_context_get() (bsc#1055014, git-fixes). - dax: remove VM_MIXEDMAP for fsdax and device dax (bsc#1106007). - dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() (netfilter-stable-18_08_17). - drm/amd/pp/Polaris12: Fix a chunk of registers missed to program (bsc#1051510). - drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode (bsc#1051510). - drm/amdgpu: fix swapped emit_ib_size in vce3 (bsc#1051510). - drm/amdgpu: update tmr mc address (bsc#1100132). - drm/amdgpu:add new firmware id for VCN (bsc#1051510). - drm/amdgpu:add tmr mc address into amdgpu_firmware_info (bsc#1051510). - drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format (bsc#1051510). - drm/armada: fix colorkey mode property (bsc#1051510). - drm/armada: fix irq handling (bsc#1051510). - drm/bridge/sii8620: Fix display of packed pixel modes (bsc#1051510). - drm/bridge/sii8620: fix display of packed pixel modes in MHL2 (bsc#1051510). - drm/bridge/sii8620: fix loops in EDID fetch logic (bsc#1051510). - drm/bridge: adv7511: Reset registers on hotplug (bsc#1051510). - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 (bsc#1051510). - drm/exynos: decon5433: Fix WINCONx reset value (bsc#1051510). - drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes (bsc#1051510). - drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes (bsc#1051510). - drm/i915/audio: Fix audio enumeration issue on BXT. - drm/i915/gvt: Fix the incorrect length of child_device_config issue (bsc#1051510). - drm/i915/gvt: clear ggtt entries when destroy vgpu (bsc#1051510). - drm/i915/gvt: request srcu_read_lock before checking if one gfn is valid (bsc#1051510). - drm/i915/kvmgt: Fix potential Spectre v1 (bsc#1051510). - drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks" (bsc#1051510). - drm/i915/overlay: Allocate physical registers from stolen (bsc#1051510). - drm/i915: Increase LSPCON timeout (bsc#1051510). - drm/i915: set DP Main Stream Attribute for color range on DDI platforms (bsc#1051510). - drm/imx: imx-ldb: check if channel is enabled before printing warning (bsc#1051510). - drm/imx: imx-ldb: disable LDB on driver bind (bsc#1051510). - drm/modes: Introduce drm_mode_match(). - drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement (bsc#1051510). - drm/tegra: Check for malformed offsets and sizes in the 'submit' IOCTL (bsc#1106170). - drm/tegra: Fix comparison operator for buffer size (bsc#1100132). - drm/vc4: Fix the "no scaling" case on multi-planar YUV formats (bsc#1051510). - drm: Add DRM client cap for aspect-ratio. - drm: Add and handle new aspect ratios in DRM layer. - drm: Add aspect ratio parsing in DRM layer. - drm: Expose modes with aspect ratio, only if requested. - drm: Handle aspect ratio info in legacy modeset path. - drm: mali-dp: Enable Global SE interrupts mask for DP500 (bsc#1051510). - dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation (bsc#1051510). - errseq: Add to documentation tree (bsc#1107008). - errseq: Always report a writeback error once (bsc#1107008). - ext4: sysfs: print ext4_super_block fields as little-endian (bsc#1106229). - f2fs: remove unneeded memory footprint accounting (bsc#1106233). - f2fs: remove unneeded memory footprint accounting (bsc#1106297). - f2fs: validate before set/clear free nat bitmap (bsc#1106231). - f2fs: validate before set/clear free nat bitmap (bsc#1106297). - fat: fix memory allocation failure handling of match_strdup() (bsc#1051510). - fb: fix lost console when the user unplugs a USB adapter (bsc#1051510). - fbdev: omapfb: off by one in omapfb_register_client() (bsc#1051510). - fix __legitimize_mnt()/mntput() race (bsc#1106297). - fix a page leak in vhost_scsi_iov_to_sgl() error recovery (bsc#1051510). - fix mntput/mntput race (bsc#1106297). - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed (bsc#1051510). - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table (bsc#1106297). - fuse: Add missed unlock_page() to fuse_readpages_fill() (bsc#1106291). - fuse: Fix oops at process_init_reply() (bsc#1106291). - fuse: fix double request_end() (bsc#1106291). - fuse: fix initial parallel dirops (bsc#1106291). - fuse: fix unlocked access to processing queue (bsc#1106291). - fuse: umount should wait for all requests (bsc#1106291). - getxattr: use correct xattr length (bsc#1106235). - getxattr: use correct xattr length (bsc#1106297). - gpio: ml-ioh: Fix buffer underwrite on probe error path (bsc#1051510). - gpio: tegra: Move driver registration to subsys_init level (bsc#1051510). - gpiolib-acpi: make sure we trigger edge events at least once on boot (bsc#1051510). - gpiolib: acpi: Switch to cansleep version of GPIO library call (bsc#1051510). - gpu: host1x: Check whether size of unpin isn't 0 (bsc#1051510). - gpu: ipu-v3: default to id 0 on missing OF alias (bsc#1051510). - i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes (bsc#1051510). - i2c: davinci: Avoid zero value of CLKH (bsc#1051510). - i2c: i801: Add missing documentation entries for Braswell and Kaby Lake (bsc#1051510). - i2c: i801: Add support for Intel Cedar Fork (bsc#1051510). - i2c: i801: Add support for Intel Ice Lake (bsc#1051510). - i2c: i801: Consolidate chipset names in documentation and Kconfig (bsc#1051510). - i2c: i801: fix DNV's SMBCTRL register offset (bsc#1051510). - i2c: imx: Fix race condition in dma read (bsc#1051510). - i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP (bsc#1051510). - i2c: uniphier: issue STOP only for last message or I2C_M_STOP (bsc#1051510). - i2c: xiic: Make the start and the byte count write atomic (bsc#1051510). - i2c: xlp9xx: Fix case where SSIF read transaction completes early (bsc#1105907). - i2c: xlp9xx: Fix issue seen when updating receive length (bsc#1105907). - i2c: xlp9xx: Make sure the transfer size is not more than I2C_SMBUS_BLOCK_SIZE (bsc#1105907). - i40e: fix condition of WARN_ONCE for stat strings (bsc#1107522). - ib_srpt: Fix a use-after-free in srpt_close_ch() (bsc#1046306 ). - ibmvnic: Include missing return code checks in reset function (bnc#1107966). - iommu/amd: Add support for IOMMU XT mode. - iommu/amd: Add support for higher 64-bit IOMMU Control Register. - iommu/amd: Finish TLB flush in amd_iommu_unmap() (bsc#1106105). - iommu/amd: make sure TLB to be flushed before IOVA freed (bsc#1106105). - iommu/arm-smmu-v3: Do not free page table ops twice (bsc#1106237). - iommu/vt-d: Fix a potential memory leak (bsc#1106105). - iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105). - ipmi/powernv: Fix error return code in ipmi_powernv_probe() (git-fixes). - ipmi: Fix some counter issues (bsc#1105907). - ipmi: Move BT capabilities detection to the detect call (bsc#1106779). - ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver (bsc#1105907). - ipmi:bt: Set the timeout before doing a capabilities check (bsc#1051510). - ipv4: remove BUG_ON() from fib_compute_spec_dst (netfilter-stable-18_08_01). - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP (bsc#1051510). - iw_cxgb4: remove duplicate memcpy() in c4iw_create_listen() (bsc#1046543). - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557). - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557). - kabi fix for check_disk_size_change() (bsc#1098459). - kabi protect hnae_ae_ops (bsc#1107924). - kabi protect struct kvm_sync_regs (bsc#1106948). - kabi/severities: Whitelist libceph, rbd, and ceph (bsc#1096748). - kabi: move s390 mm_context_t lock to mm_struct and ignore the change (bsc#1103421). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kvm: arm64: Convert kvm_set_s2pte_readonly() from inline asm to cmpxchg() (bsc#1108010). - kvm: nVMX: Fix fault vector for VMX operation at CPL > 0 (bsc#1106105). - kvm: nVMX: Use nested_run_pending rather than from_vmentry (bsc#1106240). - kvm: x86: vmx: fix vpid leak (bsc#1106240). - l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache (netfilter-stable-18_08_17). - lan78xx: Lan7801 Support for Fixed PHY (bsc#1085262). - lan78xx: Set ASD in MAC_CR when EEE is enabled (bsc#1085262). - lan78xx: remove redundant initialization of pointer 'phydev' (bsc#1085262). - lib/test_hexdump.c: fix failure on big endian cpu (bsc#1051510). - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() (bsc#1051510). - libbpf: Makefile set specified permission mode (bsc#1083647). - libceph: check authorizer reply/challenge length before reading (bsc#1096748). - libceph: factor out __ceph_x_decrypt() (bsc#1096748). - libceph: factor out __prepare_write_connect() (bsc#1096748). - libceph: factor out encrypt_authorizer() (bsc#1096748). - libceph: store ceph_auth_handshake pointer in ceph_connection (bsc#1096748). - libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() (bsc#1096748). - libnvdimm, btt: fix uninitialized err_lock (bsc#1103961). - libnvdimm, nfit: enable support for volatile ranges (bsc#1103961). - libnvdimm, nfit: move the check on nd_reserved2 to the endpoint (bsc#1103961). - libnvdimm: Use max contiguous area for namespace size (git-fixes). - libnvdimm: rename nd_sector_size_{show,store} to nd_size_select_{show,store} (bsc#1103961). - livepatch: Remove reliable stacktrace check in klp_try_switch_task() (bsc#1071995). - livepatch: Validate module/old func name length (bsc#1071995). - llc: use refcount_inc_not_zero() for llc_sap_find() (netfilter-stable-18_08_17). - mac80211: add stations tied to AP_VLANs during hw reconfig (bsc#1051510). - mac80211: always account for A-MSDU header changes (bsc#1051510). - mac80211: avoid kernel panic when building AMSDU from non-linear SKB (bsc#1051510). - mac80211: fix an off-by-one issue in A-MSDU max_subframe computation (bsc#1051510). - macros.kernel-source: pass -b properly in kernel module package (bsc#1107870). - md-cluster: clear another node's suspend_area after the copy is finished (bsc#1106333). - md-cluster: do not send msg if array is closing (bsc#1106333). - md-cluster: release RESYNC lock after the last resync message (bsc#1106688). - md-cluster: show array's status more accurate (bsc#1106333). - media: Revert "[media] tvp5150: fix pad format frame height" (bsc#1051510). - mei: do not update offset in write (bsc#1051510). - mei: me: enable asynchronous probing. - memcg, thp: do not invoke oom killer on thp charges (bnc#1089663). - memory: tegra: Apply interrupts mask per SoC (bsc#1051510). - memory: tegra: Do not handle spurious interrupts (bsc#1051510). - mfd: intel-lpss: Add Ice Lake PCI IDs (bsc#1051510). - mfd: lpc_ich: Do not touch SPI-NOR write protection bit on Apollo Lake (bsc#1051510). - mlxsw: core_acl_flex_actions: Return error for conflicting actions (netfilter-stable-18_08_17). - mm/huge_memory.c: fix data loss when splitting a file pmd (bnc#1107074). - mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported (bnc#1106697). - mm/vmscan: wake up flushers for legacy cgroups too (bnc#1107061). - mm: fix devmem_is_allowed() for sub-page System RAM intersections (bsc#1106800). - mm: memcg: fix use after free in mem_cgroup_iter() (bnc#1107065). - mmc: omap_hsmmc: fix wakeirq handling on removal (bsc#1051510). - module: exclude SHN_UNDEF symbols from kallsyms api (bsc#1071995). - net/9p/client.c: version pointer uninitialized (bsc#1051510). - net/9p/trans_fd.c: fix race by holding the lock (bsc#1051510). - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() (bsc#1051510). - net/9p: Switch to wait_event_killable() (bsc#1051510). - net/9p: fix error path of p9_virtio_probe (bsc#1051510). - net: dsa: Do not suspend/resume closed slave_dev (netfilter-stable-18_08_04). - net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108093). - net: ena: Fix use of uninitialized DMA address bits field (netfilter-stable-18_08_01). - net: ena: fix device destruction to gracefully free resources (bsc#1108093). - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108093). - net: ena: fix incorrect usage of memory barriers (bsc#1108093). - net: ena: fix missing calls to READ_ONCE (bsc#1108093). - net: ena: fix missing lock during device destruction (bsc#1108093). - net: ena: fix potential double ena_destroy_device() (bsc#1108093). - net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108093). - net: ethernet: mvneta: Fix napi structure mixup on armada 3700 (networking-stable-18_08_21). - net: fix amd-xgbe flow-control issue (netfilter-stable-18_08_01). - net: hns3: Fix for waterline not setting correctly (bsc#1104353 ). - net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES (bsc#1104353). - net: hns: add netif_carrier_off before change speed and duplex (bsc#1107924). - net: hns: add the code for cleaning pkt in chip (bsc#1107924). - net: mdio-mux: bcm-iproc: fix wrong getter and setter pair (netfilter-stable-18_08_01). - net: mvneta: fix mvneta_config_rss on armada 3700 (networking-stable-18_08_21). - net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags (git-fixes). - net: stmmac: Fix WoL for PCI-based setups (netfilter-stable-18_08_04). - net: stmmac: mark PM functions as __maybe_unused (git-fixes). - net_sched: Fix missing res info when create new tc_index filter (netfilter-stable-18_08_17). - netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses (git-fixes). - netlink: Do not shift on 64 for ngroups (git-fixes). - netlink: Do not shift with UB on nlk->ngroups (netfilter-stable-18_08_01). - netlink: Do not subscribe to non-existent groups (netfilter-stable-18_08_01). - netlink: Fix spectre v1 gadget in netlink_create() (netfilter-stable-18_08_04). - nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds (git-fixes). - nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE (git-fixes). - nfsd: remove blocked locks on client teardown (git-fixes). - nl80211: Add a missing break in parse_station_flags (bsc#1051510). - nl80211: check nla_parse_nested() return values (bsc#1051510). - nvme: register ns_id attributes as default sysfs groups (bsc#1105247). - nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device (bsc#1044189). - pinctrl/amd: only handle irq if it is pending and unmasked (bsc#1051510). - pipe: actually allow root to exceed the pipe buffer limits (bsc#1106297). - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 (bsc#1051510). - pnfs/blocklayout: off by one in bl_map_stripe() (git-fixes). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes). - powerpc/64s: Fix DT CPU features Power9 DD2.1 logic (bsc#1055117). - powerpc/64s: Fix compiler store ordering to SLB shadow area (bsc#1094244). - powerpc/64s: move machine check SLB flushing to mm/slb.c (bsc#1094244). - powerpc/kprobes: Fix call trace due to incorrect preempt count (bsc#1065729). - powerpc/lib: Fix the feature fixup tests to actually work (bsc#1065729). - powerpc/mce: Fix SLB rebolting during MCE recovery path (bsc#1094244). - powerpc/perf: Fix IMC allocation routine (bsc#1054914). - powerpc/perf: Fix memory allocation for core-imc based on num_possible_cpus() (bsc#1054914). - powerpc/perf: Remove sched_task function defined for thread-imc (bsc#1054914). - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX (bsc#1094244). - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler (bsc#1094244). - powerpc/pseries: fix EEH recovery of some IOV devices (bsc#1078720, git-fixes). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc: make feature-fixup tests fortify-safe (bsc#1065729). - pstore: Fix incorrect persistent ram buffer mapping (bsc#1051510). - pwm: tiehrpwm: Fix disabling of output of PWMs (bsc#1051510). - qlge: Fix netdev features configuration (bsc#1098822). - r8169: add support for NCube 8168 network card (bsc#1051510). - reiserfs: fix broken xattr handling (heap corruption, bad retval) (bsc#1106236). - rhashtable: add schedule points (bsc#1051510). - root dentries need RCU-delayed freeing (bsc#1106297). - rsi: Fix 'invalid vdd' warning in mmc (bsc#1051510). - rxrpc: Fix user call ID check in rxrpc_service_prealloc_one (netfilter-stable-18_08_04). - s390/entry.S: use assembler alternatives (bsc#1103421). - s390/lib: use expoline for all bcr instructions (git-fixes, bsc#1103421). - s390/mm: fix local TLB flushing vs. detach of an mm address space (bsc#1103421). - s390/mm: fix race on mm->context.flush_mm (bsc#1103421). - s390/runtime instrumentation: simplify task exit handling (bsc#1103421). - s390: always save and restore all registers on context switch (bsc#1103421). - s390: detect etoken facility (bsc#1103421). - s390: fix br_r1_trampoline for machines without exrl (git-fixes, bsc#1103421). - s390: fix compat system call table (bsc#1103421). - s390: fix handling of -1 in set{,fs}id16 syscalls (bsc#1103421). - s390: use expoline thunks for all branches generated by the BPF JIT (bsc#1103421). - samples/bpf: adjust rlimit RLIMIT_MEMLOCK for xdp1 (bsc#1083647). - sched/fair: Fix vruntime_normalized() for remote non-migration wakeup (git-fixes). - sched/numa: Do not move imbalanced load purely on the basis of an idle CPU (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Evaluate move once per node (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove numa_has_capacity() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove unused task_capacity from 'struct numa_stats' (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop comparing tasks for NUMA placement after selecting an idle core (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: remove unused code from update_numa_stats() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: remove unused nr_running field (bnc#1101669 optimise numa balancing for fast migrate). - scripts/git_sort/git_sort.py: Add fixes branch from mkp/scsi.git. - scripts/git_sort/git_sort.py: add mkp 4.20/scsi-queue - scripts/tar-up.sh: Do not package gitlog-excludes file Also fix the evaluation of gitlog-excludes file, too - scripts: modpost: check memory allocation results (bsc#1051510). - scsi: fcoe: hold disc_mutex when traversing rport lists (bsc#1077989). - scsi: hpsa: limit transfer length to 1MB, not 512kB (bsc#1102346). - scsi: libfc: Add lockdep annotations (bsc#1077989). - scsi: libfc: fixup 'sleeping function called from invalid context' (bsc#1077989). - scsi: libfc: fixup lockdep annotations (bsc#1077989). - scsi: libfc: hold disc_mutex in fc_disc_stop_rports() (bsc#1077989). - scsi: lpfc: Correct MDS diag and nvmet configuration (bsc#1106636). - scsi: mpt3sas: Fix calltrace observed while running IO and reset (bsc#1077989). - scsi: qla2xxx: Add appropriate debug info for invalid RX_ID (bsc#1108870). - scsi: qla2xxx: Add logic to detect ABTS hang and response completion (bsc#1108870). - scsi: qla2xxx: Add mode control for each physical port (bsc#1108870). - scsi: qla2xxx: Add support for ZIO6 interrupt threshold (bsc#1108870). - scsi: qla2xxx: Allow FC-NVMe underrun to be handled by transport (bsc#1108870). - scsi: qla2xxx: Check for Register disconnect (bsc#1108870). - scsi: qla2xxx: Decrement login retry count for only plogi (bsc#1108870). - scsi: qla2xxx: Defer chip reset until target mode is enabled (bsc#1108870). - scsi: qla2xxx: Fix Remote port registration (bsc#1108870). - scsi: qla2xxx: Fix deadlock between ATIO and HW lock (bsc#1108870). - scsi: qla2xxx: Fix double increment of switch scan retry count (bsc#1108870). - scsi: qla2xxx: Fix dropped srb resource (bsc#1108870). - scsi: qla2xxx: Fix duplicate switch's Nport ID entries (bsc#1108870). - scsi: qla2xxx: Fix early srb free on abort (bsc#1108870). - scsi: qla2xxx: Fix iIDMA error (bsc#1108870). - scsi: qla2xxx: Fix incorrect port speed being set for FC adapters (bsc#1108870). - scsi: qla2xxx: Fix out of order Termination and ABTS response (bsc#1108870). - scsi: qla2xxx: Fix port speed display on chip reset (bsc#1108870). - scsi: qla2xxx: Fix premature command free (bsc#1108870). - scsi: qla2xxx: Fix process response queue for ISP26XX and above (bsc#1108870). - scsi: qla2xxx: Fix race condition for resource cleanup (bsc#1108870). - scsi: qla2xxx: Fix stuck session in PLOGI state (bsc#1108870). - scsi: qla2xxx: Force fw cleanup on ADISC error (bsc#1108870). - scsi: qla2xxx: Increase abort timeout value (bsc#1108870). - scsi: qla2xxx: Move ABTS code behind qpair (bsc#1108870). - scsi: qla2xxx: Move rport registration out of internal work_list (bsc#1108870). - scsi: qla2xxx: Move {get|rel}_sp to base_qpair struct (bsc#1108870). - scsi: qla2xxx: Reduce holding sess_lock to prevent CPU lock-up (bsc#1108870). - scsi: qla2xxx: Reject bsg request if chip is down (bsc#1108870). - scsi: qla2xxx: Remove ASYNC GIDPN switch command (bsc#1108870). - scsi: qla2xxx: Remove all rports if fabric scan retry fails (bsc#1108870). - scsi: qla2xxx: Remove redundant check for fcport deletion (bsc#1108870). - scsi: qla2xxx: Remove stale ADISC_DONE event (bsc#1108870). - scsi: qla2xxx: Remove stale debug trace message from tcm_qla2xxx (bsc#1108870). - scsi: qla2xxx: Serialize mailbox request (bsc#1108870). - scsi: qla2xxx: Terminate Plogi/PRLI if WWN is 0 (bsc#1108870). - scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion (bsc#1108870). - scsi: qla2xxx: Update driver to version 10.00.00.09-k (bsc#1108870). - scsi: qla2xxx: Update driver version to 10.00.00.10-k (bsc#1108870). - scsi: qla2xxx: Update driver version to 10.00.00.11-k (bsc#1108870). - scsi: qla2xxx: Update rscn_rcvd field to more meaningful scan_needed (bsc#1108870). - scsi: qla2xxx: Use correct qpair for ABTS/CMD (bsc#1108870). - scsi: qla2xxx: shutdown chip if reset fail (bsc#1108870). - scsi_debug: call resp_XXX function after setting host_scribble (bsc#1069138). - scsi_debug: reset injection flags for every_nth > 0 (bsc#1069138). - selftests/bpf/test_maps: exit child process without error in ENOMEM case (bsc#1083647). - selftests/bpf: fix a typo in map in map test (bsc#1083647). - serial: enable spi in sc16is7xx driver References: bsc#1105672 - serial: make sc16is7xx driver supported References: bsc#1105672 - slab: __GFP_ZERO is incompatible with a constructor (bnc#1107060). - spi-nor: intel-spi: Fix number of protected range registers for BYT/LPT. - spi: cadence: Change usleep_range() to udelay(), for atomic context (bsc#1051510). - spi: davinci: fix a NULL pointer dereference (bsc#1051510). - spi: pxa2xx: Add support for Intel Ice Lake (bsc#1051510). - staging: bcm2835-audio: Check if workqueue allocation failed. - staging: bcm2835-audio: Deliver indirect-PCM transfer error. - staging: bcm2835-audio: Disconnect and free vchi_instance on module_exit(). - staging: bcm2835-audio: Do not leak workqueue if open fails. - staging: bcm2835-audio: constify snd_pcm_ops structures. - staging: bcm2835-audio: make snd_pcm_hardware const. - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice (bsc#1051510). - staging: lustre: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1051510). - staging: lustre: disable preempt while sampling processor id (bsc#1051510). - staging: lustre: fix bug in osc_enter_cache_try (bsc#1051510). - staging: lustre: ldlm: free resource when ldlm_lock_create() fails (bsc#1051510). - staging: lustre: libcfs: Prevent harmless read underflow (bsc#1051510). - staging: lustre: libcfs: fix test for libcfs_ioctl_hdr minimum size (bsc#1051510). - staging: lustre: llite: correct removexattr detection (bsc#1051510). - staging: lustre: llite: initialize xattr->xe_namelen (bsc#1051510). - staging: lustre: lmv: correctly iput lmo_root (bsc#1051510). - staging: lustre: lov: use correct env in lov_io_data_version_end() (bsc#1051510). - staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5 (bsc#1051510). - staging: lustre: o2iblnd: Fix crash in kiblnd_handle_early_rxs() (bsc#1051510). - staging: lustre: o2iblnd: fix race at kiblnd_connect_peer (bsc#1051510). - staging: lustre: obd_mount: use correct niduuid suffix (bsc#1051510). - staging: lustre: obdclass: return -EFAULT if copy_from_user() fails (bsc#1051510). - staging: lustre: ptlrpc: kfree used instead of kvfree (bsc#1051510). - staging: lustre: remove invariant in cl_io_read_ahead() (bsc#1051510). - staging: lustre: statahead: remove incorrect test on agl_list_empty() (bsc#1051510). - staging: vc04_services: Fix platform_no_drv_owner.cocci warnings. - staging: vc04_services: bcm2835-audio Format multiline comment. - staging: vc04_services: bcm2835-audio: Add blank line after declaration. - staging: vc04_services: bcm2835-audio: Change to unsigned int *. - staging: vc04_services: bcm2835-audio: add SPDX identifiers. - staging: vc04_services: bcm2835-audio: remove redundant license text. - staging: vc04_services: please do not use multiple blank lines. - string: drop __must_check from strscpy() and restore strscpy() usages in cgroup (bsc#1051510). - sunxi-rsb: Include OF based modalias in device uevent (bsc#1051510). - sys: do not hold uts_sem while accessing userspace memory (bnc#1106995). - target_core_rbd: break up free_device callback (bsc#1105524). - target_core_rbd: use RCU in free_device (bsc#1105524). - tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode (netfilter-stable-18_08_01). - tcp: add one more quick ack after after ECN events (netfilter-stable-18_08_01). - tcp: do not aggressively quick ack after ECN events (netfilter-stable-18_08_01). - tcp: do not force quickack when receiving out-of-order packets (netfilter-stable-18_08_01). - tcp: refactor tcp_ecn_check_ce to remove sk type cast (netfilter-stable-18_08_01). - tcp_bbr: fix bw probing to raise in-flight data for very small BDPs (netfilter-stable-18_08_01). - thermal: thermal_hwmon: Convert to hwmon_device_register_with_info() (bsc#1103363). - thermal_hwmon: Pass the originating device down to hwmon_device_register_with_info (bsc#1103363). - thermal_hwmon: Sanitize attribute name passed to hwmon (bsc#1103363). - ti: ethernet: cpdma: Use correct format for genpool_* (bsc#1051510). - tools/power turbostat: Read extended processor family from CPUID (bsc#1051510). - tools/power turbostat: fix -S on UP systems (bsc#1051510). - tools: usb: ffs-test: Fix build on big endian systems (bsc#1051510). - tpm: Introduce flag TPM_TRANSMIT_RAW (bsc#1082555). - tpm: cmd_ready command can be issued only after granting locality (bsc#1082555). - tpm: fix race condition in tpm_common_write() (bsc#1082555). - tpm: fix use after free in tpm2_load_context() (bsc#1082555). - tpm: separate cmd_ready/go_idle from runtime_pm (bsc#1082555). - tpm: tpm_crb: relinquish locality on error path (bsc#1082555). - tpm: vtpm_proxy: Implement request_locality function (bsc#1082555). - tracepoint: Do not warn on ENOMEM (bsc#1051510). - uart: fix race between uart_put_char() and uart_shutdown() (bsc#1051510). - ubifs: Check data node size before truncate (bsc#1051510). - ubifs: Fix directory size calculation for symlinks (bsc#1106230). - ubifs: Fix memory leak in lprobs self-check (bsc#1051510). - ubifs: Fix synced_i_size calculation for xattr inodes (bsc#1051510). - ubifs: xattr: Do not operate on deleted inodes (bsc#1051510). - udl-kms: avoid division (bsc#1051510). - udl-kms: change down_interruptible to down (bsc#1051510). - udl-kms: fix crash due to uninitialized memory (bsc#1051510). - udl-kms: handle allocation failure (bsc#1051510). - udlfb: set optimal write delay (bsc#1051510). - usb/phy: fix PPC64 build errors in phy-fsl-usb.c (bsc#1051510). - usb: Do not die twice if PCI xhci host is not responding in resume (bsc#1051510). - usb: dwc2: fix isoc split in transfer with no data (bsc#1051510). - usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() (bsc#1051510). - usb: dwc3: pci: add support for Intel IceLake (bsc#1051510). - usb: gadget: composite: fix delayed_status race condition when set_interface (bsc#1051510). - usb: gadget: dwc2: fix memory leak in gadget_init() (bsc#1051510). - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() (bsc#1051510). - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() (bsc#1051510). - usb: gadget: udc: renesas_usb3: fix maxpacket size of ep0 (bsc#1051510). - usb: xhci: increase CRS timeout value (bsc#1051510). - userns: move user access out of the mutex (bsc#1051510). - vfio/pci: Virtualize Maximum Payload Size (bsc#1051510). - vfio/pci: Virtualize Maximum Read Request Size (bsc#1051510). - vfio/type1: Fix task tracking for QEMU vCPU hotplug (bsc#1051510). - vhost: correctly check the iova range when waking virtqueue (bsc#1051510). - vhost: do not try to access device IOTLB when not initialized (bsc#1051510). - vhost: reset metadata cache when initializing new IOTLB (netfilter-stable-18_08_17). - vhost: use mutex_lock_nested() in vhost_dev_lock_vqs() (bsc#1051510). - video: fbdev: pxafb: clear allocated memory for video modes (bsc#1051510). - vsock: split dwork to avoid reinitializations (netfilter-stable-18_08_17). - wlcore: Set rx_status boottime_ns field on rx (bsc#1051510). - x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available. - x86/CPU: Modify detect_extended_topology() to return result. - x86/events/intel/ds: Fix bts_interrupt_threshold alignment (git-fixes c1961a4631da). - x86/init: fix build with CONFIG_SWAP=n (bnc#1106121). - x86/kasan/64: Teach KASAN about the cpu_entry_area (kasan). - x86/kvm: fix LAPIC timer drift when guest uses periodic mode (bsc#1106240). - x86/mcelog: Get rid of RCU remnants (git-fixes 5de97c9f6d85). - x86/mm/kasan: Do not use vmemmap_populate() to initialize shadow (kasan). - x86/mm/memory_hotplug: determine block size based on the end of boot memory (bsc#1108243). - x86/platform/UV: Add adjustable set memory block size function (bsc#1108243). - x86/platform/UV: Add kernel parameter to set memory block size (bsc#1108243). - x86/platform/UV: Mark memblock related init code and data correctly (bsc#1108243). - x86/platform/UV: Use new set memory block size function (bsc#1108243). - x86/spectre: Add missing family 6 check to microcode check (git-fixes a5b296636453). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - x86/vdso: Fix vDSO build if a retpoline is emitted (git-fixes 76b043848fd2). - x86/xen/efi: Initialize only the EFI struct members used by Xen (bnc#1107945). - x86: irq_remapping: Move irq remapping mode enum. - xen-netfront-dont-bug-in-case-of-too-many-frags.patch: (bnc#1104824). - xen-netfront: fix queue name setting (bnc#1065600). - xen-netfront: fix warn message as irq device name has '/' (bnc#1065600). - xen/blkback: do not keep persistent grants too long (bsc#1085042). - xen/blkback: move persistent grants flags to bool (bsc#1085042). - xen/blkback: remove unused pers_gnts_lock from struct (bsc#1085042). - xen/blkfront: cleanup stale persistent grants (bsc#1085042). - xen/blkfront: reorder tests in xlblk_init() (bsc#1085042). - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling (bnc#1065600). - xen: xenbus_dev_frontend: Really return response string (bnc#1065600). - xenbus: track caller request id (bnc#1065600). - xfs: Fix per-inode DAX flag inheritance (Git-fixes bsc#1109511). - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344). - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344). - xfs: add a xfs_iext_update_extent helper (bsc#1095344). - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space (bsc#1095344). - xfs: add comments documenting the rebalance algorithm (bsc#1095344). - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344). - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344). - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344). - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344). - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344). - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344). - xfs: fix type usage (bsc#1095344). - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344). - xfs: inline xfs_shift_file_space into callers (bsc#1095344). - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344). - xfs: iterate backwards in xfs_reflink_cancel_cow_blocks (bsc#1095344). - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344). - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344). - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344). - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344). - xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344). - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344). - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344). - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344). - xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344). - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344). - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344). - xfs: preserve i_rdev when recycling a reclaimable inode (bsc#1095344). - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: refactor xfs_del_extent_real (bsc#1095344). - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344). - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344). - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344). - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344). - xfs: remove if_rdev (bsc#1095344). - xfs: remove post-bmap tracing in xfs_bmap_local_to_extents (bsc#1095344). - xfs: remove support for inlining data/extents into the inode fork (bsc#1095344). - xfs: remove the never fully implemented UUID fork format (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344). - xfs: remove xfs_bmbt_get_state (bsc#1095344). - xfs: remove xfs_bmse_shift_one (bsc#1095344). - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344). - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344). - xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344). - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344). - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344). - xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344). - xfs: simplify the xfs_getbmap interface (bsc#1095344). - xfs: simplify xfs_reflink_convert_cow (bsc#1095344). - xfs: split xfs_bmap_shift_extents (bsc#1095344). - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344). - xfs: trivial indentation fixup for xfs_iext_remove_node (bsc#1095344). - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344). - xfs: use a b+tree for the in-core extent list (bsc#1095344). - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay} (bsc#1095344). - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344). - xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344). - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344). - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-2120=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2120=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2120=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2120=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-2120=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-25.19.1 kernel-default-debugsource-4.12.14-25.19.1 kernel-default-extra-4.12.14-25.19.1 kernel-default-extra-debuginfo-4.12.14-25.19.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-25.19.1 kernel-default-debugsource-4.12.14-25.19.1 reiserfs-kmp-default-4.12.14-25.19.1 reiserfs-kmp-default-debuginfo-4.12.14-25.19.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-25.19.1 kernel-obs-build-debugsource-4.12.14-25.19.1 kernel-syms-4.12.14-25.19.1 kernel-vanilla-base-4.12.14-25.19.1 kernel-vanilla-base-debuginfo-4.12.14-25.19.1 kernel-vanilla-debuginfo-4.12.14-25.19.1 kernel-vanilla-debugsource-4.12.14-25.19.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-25.19.1 kernel-source-4.12.14-25.19.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-25.19.1 kernel-default-debuginfo-4.12.14-25.19.1 kernel-default-debugsource-4.12.14-25.19.1 kernel-default-devel-4.12.14-25.19.1 kernel-default-devel-debuginfo-4.12.14-25.19.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-25.19.1 kernel-macros-4.12.14-25.19.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-25.19.1 kernel-zfcpdump-4.12.14-25.19.1 kernel-zfcpdump-debuginfo-4.12.14-25.19.1 kernel-zfcpdump-debugsource-4.12.14-25.19.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-25.19.1 cluster-md-kmp-default-debuginfo-4.12.14-25.19.1 dlm-kmp-default-4.12.14-25.19.1 dlm-kmp-default-debuginfo-4.12.14-25.19.1 gfs2-kmp-default-4.12.14-25.19.1 gfs2-kmp-default-debuginfo-4.12.14-25.19.1 kernel-default-debuginfo-4.12.14-25.19.1 kernel-default-debugsource-4.12.14-25.19.1 ocfs2-kmp-default-4.12.14-25.19.1 ocfs2-kmp-default-debuginfo-4.12.14-25.19.1 References: https://www.suse.com/security/cve/CVE-2018-10938.html https://www.suse.com/security/cve/CVE-2018-10940.html https://www.suse.com/security/cve/CVE-2018-1128.html https://www.suse.com/security/cve/CVE-2018-1129.html https://www.suse.com/security/cve/CVE-2018-12896.html https://www.suse.com/security/cve/CVE-2018-13093.html https://www.suse.com/security/cve/CVE-2018-13094.html https://www.suse.com/security/cve/CVE-2018-13095.html https://www.suse.com/security/cve/CVE-2018-14613.html https://www.suse.com/security/cve/CVE-2018-14617.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1043912 https://bugzilla.suse.com/1044189 https://bugzilla.suse.com/1046302 https://bugzilla.suse.com/1046306 https://bugzilla.suse.com/1046307 https://bugzilla.suse.com/1046543 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055014 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1058659 https://bugzilla.suse.com/1060463 https://bugzilla.suse.com/1064232 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1069138 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1077761 https://bugzilla.suse.com/1077989 https://bugzilla.suse.com/1078720 https://bugzilla.suse.com/1080157 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1083663 https://bugzilla.suse.com/1084332 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1085262 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1089663 https://bugzilla.suse.com/1090528 https://bugzilla.suse.com/1092903 https://bugzilla.suse.com/1093389 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1095344 https://bugzilla.suse.com/1096748 https://bugzilla.suse.com/1097105 https://bugzilla.suse.com/1098459 https://bugzilla.suse.com/1098822 https://bugzilla.suse.com/1099922 https://bugzilla.suse.com/1099999 https://bugzilla.suse.com/1100000 https://bugzilla.suse.com/1100001 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1101557 https://bugzilla.suse.com/1101669 https://bugzilla.suse.com/1102346 https://bugzilla.suse.com/1102870 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1103363 https://bugzilla.suse.com/1103387 https://bugzilla.suse.com/1103421 https://bugzilla.suse.com/1103948 https://bugzilla.suse.com/1103949 https://bugzilla.suse.com/1103961 https://bugzilla.suse.com/1104172 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104824 https://bugzilla.suse.com/1105247 https://bugzilla.suse.com/1105524 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1105597 https://bugzilla.suse.com/1105603 https://bugzilla.suse.com/1105672 https://bugzilla.suse.com/1105907 https://bugzilla.suse.com/1106007 https://bugzilla.suse.com/1106016 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106121 https://bugzilla.suse.com/1106170 https://bugzilla.suse.com/1106178 https://bugzilla.suse.com/1106191 https://bugzilla.suse.com/1106229 https://bugzilla.suse.com/1106230 https://bugzilla.suse.com/1106231 https://bugzilla.suse.com/1106233 https://bugzilla.suse.com/1106235 https://bugzilla.suse.com/1106236 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106238 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106291 https://bugzilla.suse.com/1106297 https://bugzilla.suse.com/1106333 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106426 https://bugzilla.suse.com/1106427 https://bugzilla.suse.com/1106464 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1106594 https://bugzilla.suse.com/1106636 https://bugzilla.suse.com/1106688 https://bugzilla.suse.com/1106697 https://bugzilla.suse.com/1106743 https://bugzilla.suse.com/1106779 https://bugzilla.suse.com/1106800 https://bugzilla.suse.com/1106890 https://bugzilla.suse.com/1106891 https://bugzilla.suse.com/1106892 https://bugzilla.suse.com/1106893 https://bugzilla.suse.com/1106894 https://bugzilla.suse.com/1106896 https://bugzilla.suse.com/1106897 https://bugzilla.suse.com/1106898 https://bugzilla.suse.com/1106899 https://bugzilla.suse.com/1106900 https://bugzilla.suse.com/1106901 https://bugzilla.suse.com/1106902 https://bugzilla.suse.com/1106903 https://bugzilla.suse.com/1106905 https://bugzilla.suse.com/1106906 https://bugzilla.suse.com/1106948 https://bugzilla.suse.com/1106995 https://bugzilla.suse.com/1107008 https://bugzilla.suse.com/1107060 https://bugzilla.suse.com/1107061 https://bugzilla.suse.com/1107065 https://bugzilla.suse.com/1107073 https://bugzilla.suse.com/1107074 https://bugzilla.suse.com/1107078 https://bugzilla.suse.com/1107265 https://bugzilla.suse.com/1107319 https://bugzilla.suse.com/1107320 https://bugzilla.suse.com/1107522 https://bugzilla.suse.com/1107535 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1107735 https://bugzilla.suse.com/1107756 https://bugzilla.suse.com/1107870 https://bugzilla.suse.com/1107924 https://bugzilla.suse.com/1107945 https://bugzilla.suse.com/1107966 https://bugzilla.suse.com/1108010 https://bugzilla.suse.com/1108093 https://bugzilla.suse.com/1108243 https://bugzilla.suse.com/1108520 https://bugzilla.suse.com/1108870 https://bugzilla.suse.com/1109269 https://bugzilla.suse.com/1109511 https://bugzilla.suse.com/920344 From sle-security-updates at lists.suse.com Tue Oct 2 13:43:23 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Oct 2018 21:43:23 +0200 (CEST) Subject: SUSE-SU-2018:2981-1: important: Security update for the Linux Kernel Message-ID: <20181002194323.AFD52FEAD@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2981-1 Rating: important References: #1012382 #1043912 #1044189 #1046302 #1046306 #1046307 #1046543 #1050244 #1051510 #1054914 #1055014 #1055117 #1058659 #1060463 #1064232 #1065600 #1065729 #1068032 #1069138 #1071995 #1077761 #1077989 #1078720 #1080157 #1082555 #1083647 #1083663 #1084332 #1085042 #1085262 #1086282 #1089663 #1090528 #1092903 #1093389 #1094244 #1095344 #1096748 #1097105 #1098459 #1098822 #1099922 #1099999 #1100000 #1100001 #1100132 #1101557 #1101669 #1102346 #1102870 #1102875 #1102877 #1102879 #1102882 #1102896 #1103363 #1103387 #1103421 #1103948 #1103949 #1103961 #1104172 #1104353 #1104824 #1105247 #1105524 #1105536 #1105597 #1105603 #1105672 #1105907 #1106007 #1106016 #1106105 #1106121 #1106170 #1106178 #1106191 #1106229 #1106230 #1106231 #1106233 #1106235 #1106236 #1106237 #1106238 #1106240 #1106291 #1106297 #1106333 #1106369 #1106426 #1106427 #1106464 #1106509 #1106511 #1106594 #1106636 #1106688 #1106697 #1106743 #1106779 #1106800 #1106890 #1106891 #1106892 #1106893 #1106894 #1106896 #1106897 #1106898 #1106899 #1106900 #1106901 #1106902 #1106903 #1106905 #1106906 #1106948 #1106995 #1107008 #1107060 #1107061 #1107065 #1107073 #1107074 #1107078 #1107265 #1107319 #1107320 #1107522 #1107535 #1107689 #1107735 #1107756 #1107870 #1107924 #1107945 #1107966 #1108010 #1108093 #1108243 #1108520 #1108870 #1109269 #1109511 #920344 Cross-References: CVE-2018-10938 CVE-2018-10940 CVE-2018-1128 CVE-2018-1129 CVE-2018-12896 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-14613 CVE-2018-14617 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 134 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) - CVE-2018-14613: Prevent invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, caused by a lack of block group item validation in check_leaf_item (bsc#1102896). - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001) - CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000) - CVE-2018-13095: Prevent denial of service (memory corruption and BUG) that could have occurred for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999) - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (bnc#1096748) - CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (bnc#1096748) - CVE-2018-10938: A crafted network packet sent remotely by an attacker forced the kernel to enter an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service (bnc#1106016) The following non-security bugs were fixed: - /dev/mem: Add bounce buffer for copy-out (git-fixes). - /dev/mem: Avoid overwriting "err" in read_mem() (git-fixes). - 9p/net: Fix zero-copy path in the 9p virtio transport (bsc#1051510). - 9p/virtio: fix off-by-one error in sg list bounds check (bsc#1051510). - 9p: fix multiple NULL-pointer-dereferences (bsc#1051510). - ACPI / EC: Add another entry for Thinkpad X1 Carbon 6th (bsc#1051510). - ACPI / EC: Add parameter to force disable the GPE on suspend (bsc#1051510). - ACPI / EC: Use ec_no_wakeup on ThinkPad X1 Yoga 3rd (bsc#1051510). - ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th (bsc#1051510). - ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems (bsc#1051510). - ACPI / PCI: pci_link: Allow the absence of _PRS and change log level (bsc#1104172). - ACPI / bus: Only call dmi_check_system on X86 (bsc#1105597, bsc#1106178). - ACPI / scan: Initialize status to ACPI_STA_DEFAULT (bsc#1051510). - ACPI/IORT: Remove temporary iort_get_id_mapping_index() ACPICA guard (bsc#1103387). - ACPI/PCI: pci_link: reduce verbosity when IRQ is enabled (bsc#1104172). - ACPICA: iasl: Add SMMUv3 device ID mapping index support (bsc#1103387). - ALSA: cs46xx: Deliver indirect-PCM transfer error. - ALSA: emu10k1: Deliver indirect-PCM transfer error. - ALSA: fireface: fix memory leak in ff400_switch_fetching_mode() (bsc#1051510). - ALSA: firewire-digi00x: fix memory leak of private data (bsc#1051510). - ALSA: firewire-tascam: fix memory leak of private data (bsc#1051510). - ALSA: hda - Fix cancel_work_sync() stall from jackpoll work (bsc#1051510). - ALSA: mips: Deliver indirect-PCM transfer error. - ALSA: oxfw: fix memory leak for model-dependent data at error path (bsc#1051510). - ALSA: oxfw: fix memory leak of discovered stream formats at error path (bsc#1051510). - ALSA: oxfw: fix memory leak of private data (bsc#1051510). - ALSA: pcm: Call ack() whenever appl_ptr is updated. - ALSA: pcm: Fix negative appl_ptr handling in pcm-indirect helpers. - ALSA: pcm: Fix possible inconsistent appl_ptr update via mmap. - ALSA: pcm: Simplify forward/rewind codes. - ALSA: pcm: Skip ack callback without actual appl_ptr update. - ALSA: pcm: Use a common helper for PCM state check and hwsync. - ALSA: pcm: Workaround for weird PulseAudio behavior on rewind error. - ALSA: rme32: Deliver indirect-PCM transfer error. - ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot (bsc#1051510). - ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores (bsc#1051510). - ARM: hisi: fix error handling and missing of_node_put (bsc#1051510). - ARM: hisi: handle of_iomap and fix missing of_node_put (bsc#1051510). - ARM: imx: flag failure of of_iomap (bsc#1051510). - ARM: imx_v4_v5_defconfig: Select ULPI support (bsc#1051510). - ARM: imx_v6_v7_defconfig: Select ULPI support (bsc#1051510). - ARM: pxa: irq: fix handling of ICMR registers in suspend/resume (bsc#1051510). - ASoC: rsnd: fixup not to call clk_get/set under non-atomic (bsc#1051510). - ASoC: rsnd: move rsnd_ssi_config_init() execute condition into it (bsc#1051510). - ASoC: rsnd: update pointer more accurate (bsc#1051510). - ASoC: wm8994: Fix missing break in switch (bsc#1051510). - Apply e666d4e9ceec crypto: vmx - Use skcipher for ctr fallback to SLE12-SP4 (bsc#1106464). - Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV (bsc#1051510). - Bluetooth: hidp: Fix handling of strncpy for hid->name information (bsc#1051510). - Prevent errors at reboot (bsc#1093389) - Documentation: add some docs for errseq_t (bsc#1107008). - Fix buggy backport of patches.drivers/libnvdimm-btt-fix-an-incompatibility-in-the-log-layout.patc h (bsc#1103961). - Fix kABI breakage due to enum addition for ath10k (bsc#1051510). - HID: add quirk for another PIXART OEM mouse used by HP (bsc#1051510). - HID: i2c-hid: Add no-irq-after-reset quirk for 0911:5288 device. - IB/core: type promotion bug in rdma_rw_init_one_mr() (bsc#1046306). - IB/hfi1: Invalid NUMA node information can cause a divide by zero (bsc#1060463). - IB/hfi1: Remove incorrect call to do_interrupt callback (bsc#1060463). - IB/hfi1: Set in_use_ctxts bits for user ctxts only (bsc#1060463 ). - IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler (bsc#1046307). - IB/ipoib: Fix error return code in ipoib_dev_init() (bsc#1046307 ). - IB/mlx4: Test port number before querying type (bsc#1046302 ). - IB/mlx4: Use 4K pages for kernel QP's WQE buffer (bsc#1046302 ). - Input: atmel_mxt_ts - only use first T9 instance (bsc#1051510). - Input: edt-ft5x06 - fix error handling for factory mode on non-M06 (bsc#1051510). - Input: edt-ft5x06 - implement support for the EDT-M12 series (bsc#1051510). - Input: edt-ft5x06 - make distinction between m06/m09/generic more clear (bsc#1051510). - Input: synaptics-rmi4 - fix axis-swap behavior (bsc#1051510). - KABI: tpm: change relinquish_locality return value back to void (bsc#1082555). - KABI: tpm: do keep the cmd_ready and go_idle as pm ops (bsc#1082555). - KVM/x86: remove WARN_ON() for when vm_munmap() fails (bsc#1106240). - KVM: Enforce error in ioctl for compat tasks when !KVM_COMPAT (bsc#1106240). - KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages (bsc#1077761, git-fixes, bsc#1103948, bsc#1103949). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: nVMX: Do not flush TLB when vmcs12 uses VPID (bsc#1106240). - KVM: nVMX: Fix injection to L2 when L1 do not intercept external-interrupts (bsc#1106240). - KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2 (bsc#1106240). - KVM: nVMX: Re-evaluate L1 pending events when running L2 and L1 got posted-interrupt (bsc#1106240). - KVM: s390: add etoken support for guests (bsc#1106948, LTC#171029). - KVM: s390: force bp isolation for VSIE (bsc#1103421). - KVM: s390: implement CPU model only facilities (bsc#1106948, LTC#171029). - KVM: x86: Change __kvm_apic_update_irr() to also return if max IRR updated (bsc#1106240). - KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled (git-fixes 1f50ddb4f418). - KVM: x86: fix APIC page invalidation (bsc#1106240). - NET: stmmac: align DMA stuff to largest cache line length (netfilter-stable-18_08_01). - NFSv4 client live hangs after live data migration recovery (git-fixes). - NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence() (git-fixes). - NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message (git-fixes). - Netperf performance issue due to AppArmor net mediation (bsc#1108520) - PCI: Match Root Port's MPS to endpoint's MPSS as necessary (bsc#1109269). - PCI: OF: Fix I/O space page leak (git-fixes). - PCI: aardvark: Fix I/O space page leak (git-fixes). - PCI: hotplug: Do not leak pci_slot on registration failure (bsc#1051510). - PCI: hv: Make sure the bus domain is really unique (git-fixes). - PCI: mvebu: Fix I/O space end address calculation (bsc#1051510). - PCI: pciehp: Fix use-after-free on unplug (bsc#1051510). - PM / Domains: Fix error path during attach in genpd (bsc#1051510). - PM / clk: signedness bug in of_pm_clk_add_clks() (bsc#1051510). - PM / runtime: Drop usage count for suppliers at device link removal (bsc#1100132). - RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c (bsc#1050244). - RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1050244 ). - RDMA/i40w: Hold read semaphore while looking after VMA (bsc#1058659). - Refresh with the upstream patches for lan78xx fixes (bsc#1085262) - Replace magic for trusting the secondary keyring with #define (bsc#1051510). - Revert "PCI: Add ACS quirk for Intel 300 series" (bsc#1051510). - Revert "UBIFS: Fix potential integer overflow in allocation" (bsc#1051510). - Revert "mm: page_alloc: skip over regions of invalid pfns where possible" (bnc#1107078). - Revert "vhost: cache used event for better performance" (bsc#1090528). - Revert "vmalloc: back off when the current task is killed" (bnc#1107073). - Staging: vc04_services: remove unused variables. - Tools: hv: vss: fix loop device detection. - USB: net2280: Fix erroneous synchronization change (bsc#1051510). - USB: serial: io_ti: fix array underflow in completion handler (bsc#1051510). - USB: serial: ti_usb_3410_5052: fix array underflow in completion handler (bsc#1051510). - Update patches.drivers/0016-arm64-vgic-v2-Fix-proxying-of-cpuif-access.patch (bsc#1106901, bsc#1107265). - Update patches.fixes/4.4.139-043-powerpc-mm-hash-Add-missing-isync-prior-to-ke.pat ch (bnc#1012382, bsc#1094244). - Update config files, make CRYPTO_CRCT10DIF_PCLMUL built-in (bsc#1105603). - Update patch tag of dmi fix (bsc#1105597) Also moved to the sorted section. - Update patch tags of recent security fixes (bsc#1106426) - Update references (bsc#1064232) - Workaround kABI breakage by __must_check drop of strscpy() (bsc#1051510). - ahci: Add Intel Ice Lake LP PCI ID (bsc#1051510). - apparmor: Fix regression in profile conflict logic (bsc#1106427) - apparmor: ensure that undecidable profile attachments fail (bsc#1106427). - apparmor: fix an error code in __aa_create_ns() (bsc#1106427). - apparmor: remove no-op permission check in policy_unpack (bsc#1106427). - arm64/acpi: Create arch specific cpu to acpi id helper (bsc#1106903). - arm64/kasan: do not allocate extra shadow memory (bsc#1106897). - arm64/mm/kasan: do not use vmemmap_populate() to initialize shadow (bsc#1106898). - arm64: Enforce BBM for huge IO/VMAP mappings (bsc#1106890). - arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect() (bsc#1108010). - arm64: Make sure permission updates happen for pmd/pud (bsc#1106891). - arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag (bsc#1106902). - arm64: export memblock_reserve()d regions via /proc/iomem (bsc#1106892). - arm64: fix unwind_frame() for filtered out fn for function graph tracing (bsc#1106900). - arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups (bsc#1106896). - arm64: fpsimd: Avoid FPSIMD context leakage for the init task (bsc#1106894). - arm64: kasan: avoid pfn_to_nid() before page array is initialized (bsc#1106899). - arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance (bsc#1106906). - arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() (bsc#1106893). - arm64: numa: rework ACPI NUMA initialization (bsc#1106905). - arm64: vgic-v2: Fix proxying of cpuif access (bsc#1106901). - ata: libahci: Allow reconfigure of DEVSLP register (bsc#1051510). - ata: libahci: Correct setting of DEVSLP register (bsc#1051510). - ath10k: disable bundle mgmt tx completion event support (bsc#1051510). - ath10k: update the phymode along with bandwidth change request (bsc#1051510). - ath9k: add MSI support. - ath9k: report tx status on EOSP (bsc#1051510). - ath9k_hw: fix channel maximum power level test (bsc#1051510). - b43/leds: Ensure NUL-termination of LED name string (bsc#1051510). - b43legacy/leds: Ensure NUL-termination of LED name string (bsc#1051510). - bcache: avoid unncessary cache prefetch bch_btree_node_get(). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes. - bcache: display rate debug parameters to 0 when writeback is not running. - bcache: do not check return value of debugfs_create_dir(). - bcache: finish incremental GC. - bcache: fix I/O significant decline while backend devices registering. - bcache: fix error setting writeback_rate through sysfs interface. - bcache: free heap cache_set->flush_btree in bch_journal_free. - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section. - bcache: release dc->writeback_lock properly in bch_writeback_thread(). - bcache: set max writeback rate when I/O request is idle. - bcache: simplify the calculation of the total amount of flash dirty data. - Add a blacklist entry for the reverted patch (bsc#1106743) - blk-mq: avoid to synchronize rcu inside blk_cleanup_queue() (bsc#1077989). - blkdev: __blkdev_direct_IO_simple: fix leak in error case (bsc#1083663). - block, bfq: return nbytes and not zero from struct cftype .write() method (bsc#1106238). - block: bio_iov_iter_get_pages: fix size of last iovec (bsc#1083663). - block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs (bsc#1083663). - block: do not print a message when the device went away (bsc#1098459). - block: do not warn for flush on read-only device (bsc#1107756). - bnxt_en: Clean up unused functions (bsc#1086282). - bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA (bsc#1086282). - bnxt_en: Fix VF mac address regression (bsc#1086282 ). - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1050244). - bonding: avoid lockdep confusion in bond_get_stats() (netfilter-stable-18_08_04). - bpf, s390: fix potential memleak when later bpf_jit_prog fails (bsc#1083647). - bpf: fix references to free_bpf_prog_info() in comments (bsc#1083647). - bpf: fix uninitialized variable in bpf tools (bsc#1083647). - bpf: hash map: decrement counter on error (bsc#1083647). - bpf: powerpc64: pad function address loads with NOPs (bsc#1083647). - bpf: use GFP_ATOMIC instead of GFP_KERNEL in bpf_parse_prog() (bsc#1083647). - brcmfmac: stop watchdog before detach and free everything (bsc#1051510). - btrfs: Add checker for EXTENT_CSUM (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Add sanity check for EXTENT_DATA when reading out leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check if item pointer overlaps with the item itself (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check that each block group has corresponding chunk at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device (bsc#1097105). - btrfs: Handle error from btrfs_uuid_tree_rem call in _btrfs_ioctl_set_received_subvol (bsc#1097105). - btrfs: Introduce mount time chunk <-> dev extent mapping check (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Manually implement device_total_bytes getter/setter (bsc#1043912). - btrfs: Move leaf and node validation checker to tree-checker.c (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Round down values which are written for total_bytes_size (bsc#1043912). - btrfs: Verify that every chunk has corresponding block group at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: fix error handling in btrfs_dev_replace_start (bsc#1107535). - btrfs: round down size diff when shrinking/growing device (bsc#1097105). - btrfs: tree-checker: Add checker for dir item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Detect invalid and empty essential trees (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance btrfs_check_node output (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_extent_data_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for btrfs_check_leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_csum_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Fix false panic for sanity test (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Replace root parameter with fs_info (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Verify block_group_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (bsc#1051510). - ceph: fix incorrect use of strncpy (bsc#1107319). - ceph: return errors from posix_acl_equiv_mode() correctly (bsc#1107320). - cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE (bsc#1051510). - cgroup: avoid copying strings longer than the buffers (bsc#1051510). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510). - cifs: check kmalloc before use (bsc#1051510). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510). - cls_matchall: fix tcf_unbind_filter missing (networking-stable-18_08_21). - crypto: caam/jr - fix descriptor DMA unmapping (bsc#1051510). - crypto: caam/qi - fix error path in xts setkey (bsc#1051510). - crypto: vmx - Fix sleep-in-atomic bugs (bsc#1051510). - cxl: Configure PSL to not use APC virtual machines (bsc#1055014, git-fixes). - cxl: Fix wrong comparison in cxl_adapter_context_get() (bsc#1055014, git-fixes). - dax: remove VM_MIXEDMAP for fsdax and device dax (bsc#1106007). - dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() (netfilter-stable-18_08_17). - drm/amd/pp/Polaris12: Fix a chunk of registers missed to program (bsc#1051510). - drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode (bsc#1051510). - drm/amdgpu: fix swapped emit_ib_size in vce3 (bsc#1051510). - drm/amdgpu: update tmr mc address (bsc#1100132). - drm/amdgpu:add new firmware id for VCN (bsc#1051510). - drm/amdgpu:add tmr mc address into amdgpu_firmware_info (bsc#1051510). - drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format (bsc#1051510). - drm/armada: fix colorkey mode property (bsc#1051510). - drm/armada: fix irq handling (bsc#1051510). - drm/bridge/sii8620: Fix display of packed pixel modes (bsc#1051510). - drm/bridge/sii8620: fix display of packed pixel modes in MHL2 (bsc#1051510). - drm/bridge/sii8620: fix loops in EDID fetch logic (bsc#1051510). - drm/bridge: adv7511: Reset registers on hotplug (bsc#1051510). - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 (bsc#1051510). - drm/exynos: decon5433: Fix WINCONx reset value (bsc#1051510). - drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes (bsc#1051510). - drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes (bsc#1051510). - drm/i915/audio: Fix audio enumeration issue on BXT. - drm/i915/gvt: Fix the incorrect length of child_device_config issue (bsc#1051510). - drm/i915/gvt: clear ggtt entries when destroy vgpu (bsc#1051510). - drm/i915/gvt: request srcu_read_lock before checking if one gfn is valid (bsc#1051510). - drm/i915/kvmgt: Fix potential Spectre v1 (bsc#1051510). - drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks" (bsc#1051510). - drm/i915/overlay: Allocate physical registers from stolen (bsc#1051510). - drm/i915: Increase LSPCON timeout (bsc#1051510). - drm/i915: set DP Main Stream Attribute for color range on DDI platforms (bsc#1051510). - drm/imx: imx-ldb: check if channel is enabled before printing warning (bsc#1051510). - drm/imx: imx-ldb: disable LDB on driver bind (bsc#1051510). - drm/modes: Introduce drm_mode_match(). - drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement (bsc#1051510). - drm/tegra: Check for malformed offsets and sizes in the 'submit' IOCTL (bsc#1106170). - drm/tegra: Fix comparison operator for buffer size (bsc#1100132). - drm/vc4: Fix the "no scaling" case on multi-planar YUV formats (bsc#1051510). - drm: Add DRM client cap for aspect-ratio. - drm: Add and handle new aspect ratios in DRM layer. - drm: Add aspect ratio parsing in DRM layer. - drm: Expose modes with aspect ratio, only if requested. - drm: Handle aspect ratio info in legacy modeset path. - drm: mali-dp: Enable Global SE interrupts mask for DP500 (bsc#1051510). - dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation (bsc#1051510). - errseq: Add to documentation tree (bsc#1107008). - errseq: Always report a writeback error once (bsc#1107008). - ext4: sysfs: print ext4_super_block fields as little-endian (bsc#1106229). - f2fs: remove unneeded memory footprint accounting (bsc#1106233). - f2fs: remove unneeded memory footprint accounting (bsc#1106297). - f2fs: validate before set/clear free nat bitmap (bsc#1106231). - f2fs: validate before set/clear free nat bitmap (bsc#1106297). - fat: fix memory allocation failure handling of match_strdup() (bsc#1051510). - fb: fix lost console when the user unplugs a USB adapter (bsc#1051510). - fbdev: omapfb: off by one in omapfb_register_client() (bsc#1051510). - fix __legitimize_mnt()/mntput() race (bsc#1106297). - fix a page leak in vhost_scsi_iov_to_sgl() error recovery (bsc#1051510). - fix mntput/mntput race (bsc#1106297). - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed (bsc#1051510). - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table (bsc#1106297). - fuse: Add missed unlock_page() to fuse_readpages_fill() (bsc#1106291). - fuse: Fix oops at process_init_reply() (bsc#1106291). - fuse: fix double request_end() (bsc#1106291). - fuse: fix initial parallel dirops (bsc#1106291). - fuse: fix unlocked access to processing queue (bsc#1106291). - fuse: umount should wait for all requests (bsc#1106291). - getxattr: use correct xattr length (bsc#1106235). - getxattr: use correct xattr length (bsc#1106297). - gpio: ml-ioh: Fix buffer underwrite on probe error path (bsc#1051510). - gpio: tegra: Move driver registration to subsys_init level (bsc#1051510). - gpiolib-acpi: make sure we trigger edge events at least once on boot (bsc#1051510). - gpiolib: acpi: Switch to cansleep version of GPIO library call (bsc#1051510). - gpu: host1x: Check whether size of unpin isn't 0 (bsc#1051510). - gpu: ipu-v3: default to id 0 on missing OF alias (bsc#1051510). - i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes (bsc#1051510). - i2c: davinci: Avoid zero value of CLKH (bsc#1051510). - i2c: i801: Add missing documentation entries for Braswell and Kaby Lake (bsc#1051510). - i2c: i801: Add support for Intel Cedar Fork (bsc#1051510). - i2c: i801: Add support for Intel Ice Lake (bsc#1051510). - i2c: i801: Consolidate chipset names in documentation and Kconfig (bsc#1051510). - i2c: i801: fix DNV's SMBCTRL register offset (bsc#1051510). - i2c: imx: Fix race condition in dma read (bsc#1051510). - i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP (bsc#1051510). - i2c: uniphier: issue STOP only for last message or I2C_M_STOP (bsc#1051510). - i2c: xiic: Make the start and the byte count write atomic (bsc#1051510). - i2c: xlp9xx: Fix case where SSIF read transaction completes early (bsc#1105907). - i2c: xlp9xx: Fix issue seen when updating receive length (bsc#1105907). - i2c: xlp9xx: Make sure the transfer size is not more than I2C_SMBUS_BLOCK_SIZE (bsc#1105907). - i40e: fix condition of WARN_ONCE for stat strings (bsc#1107522). - ib_srpt: Fix a use-after-free in srpt_close_ch() (bsc#1046306 ). - ibmvnic: Include missing return code checks in reset function (bnc#1107966). - iommu/amd: Add support for IOMMU XT mode. - iommu/amd: Add support for higher 64-bit IOMMU Control Register. - iommu/amd: Finish TLB flush in amd_iommu_unmap() (bsc#1106105). - iommu/amd: make sure TLB to be flushed before IOVA freed (bsc#1106105). - iommu/arm-smmu-v3: Do not free page table ops twice (bsc#1106237). - iommu/vt-d: Fix a potential memory leak (bsc#1106105). - iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105). - ipmi/powernv: Fix error return code in ipmi_powernv_probe() (git-fixes). - ipmi: Fix some counter issues (bsc#1105907). - ipmi: Move BT capabilities detection to the detect call (bsc#1106779). - ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver (bsc#1105907). - ipmi:bt: Set the timeout before doing a capabilities check (bsc#1051510). - ipv4: remove BUG_ON() from fib_compute_spec_dst (netfilter-stable-18_08_01). - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP (bsc#1051510). - iw_cxgb4: remove duplicate memcpy() in c4iw_create_listen() (bsc#1046543). - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557). - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557). - kabi fix for check_disk_size_change() (bsc#1098459). - kabi protect hnae_ae_ops (bsc#1107924). - kabi protect struct kvm_sync_regs (bsc#1106948). - kabi/severities: Whitelist libceph, rbd, and ceph (bsc#1096748). - kabi: move s390 mm_context_t lock to mm_struct and ignore the change (bsc#1103421). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kvm: arm64: Convert kvm_set_s2pte_readonly() from inline asm to cmpxchg() (bsc#1108010). - kvm: nVMX: Fix fault vector for VMX operation at CPL > 0 (bsc#1106105). - kvm: nVMX: Use nested_run_pending rather than from_vmentry (bsc#1106240). - kvm: x86: vmx: fix vpid leak (bsc#1106240). - l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache (netfilter-stable-18_08_17). - lan78xx: Lan7801 Support for Fixed PHY (bsc#1085262). - lan78xx: Set ASD in MAC_CR when EEE is enabled (bsc#1085262). - lan78xx: remove redundant initialization of pointer 'phydev' (bsc#1085262). - lib/test_hexdump.c: fix failure on big endian cpu (bsc#1051510). - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() (bsc#1051510). - libbpf: Makefile set specified permission mode (bsc#1083647). - libceph: check authorizer reply/challenge length before reading (bsc#1096748). - libceph: factor out __ceph_x_decrypt() (bsc#1096748). - libceph: factor out __prepare_write_connect() (bsc#1096748). - libceph: factor out encrypt_authorizer() (bsc#1096748). - libceph: store ceph_auth_handshake pointer in ceph_connection (bsc#1096748). - libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() (bsc#1096748). - libnvdimm, btt: fix uninitialized err_lock (bsc#1103961). - libnvdimm, nfit: enable support for volatile ranges (bsc#1103961). - libnvdimm, nfit: move the check on nd_reserved2 to the endpoint (bsc#1103961). - libnvdimm: Use max contiguous area for namespace size (git-fixes). - libnvdimm: rename nd_sector_size_{show,store} to nd_size_select_{show,store} (bsc#1103961). - livepatch: Remove reliable stacktrace check in klp_try_switch_task() (bsc#1071995). - livepatch: Validate module/old func name length (bsc#1071995). - llc: use refcount_inc_not_zero() for llc_sap_find() (netfilter-stable-18_08_17). - mac80211: add stations tied to AP_VLANs during hw reconfig (bsc#1051510). - mac80211: always account for A-MSDU header changes (bsc#1051510). - mac80211: avoid kernel panic when building AMSDU from non-linear SKB (bsc#1051510). - mac80211: fix an off-by-one issue in A-MSDU max_subframe computation (bsc#1051510). - macros.kernel-source: pass -b properly in kernel module package (bsc#1107870). - md-cluster: clear another node's suspend_area after the copy is finished (bsc#1106333). - md-cluster: do not send msg if array is closing (bsc#1106333). - md-cluster: release RESYNC lock after the last resync message (bsc#1106688). - md-cluster: show array's status more accurate (bsc#1106333). - media: Revert "[media] tvp5150: fix pad format frame height" (bsc#1051510). - mei: do not update offset in write (bsc#1051510). - mei: me: enable asynchronous probing. - memcg, thp: do not invoke oom killer on thp charges (bnc#1089663). - memory: tegra: Apply interrupts mask per SoC (bsc#1051510). - memory: tegra: Do not handle spurious interrupts (bsc#1051510). - mfd: intel-lpss: Add Ice Lake PCI IDs (bsc#1051510). - mfd: lpc_ich: Do not touch SPI-NOR write protection bit on Apollo Lake (bsc#1051510). - mlxsw: core_acl_flex_actions: Return error for conflicting actions (netfilter-stable-18_08_17). - mm/huge_memory.c: fix data loss when splitting a file pmd (bnc#1107074). - mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported (bnc#1106697). - mm/vmscan: wake up flushers for legacy cgroups too (bnc#1107061). - mm: fix devmem_is_allowed() for sub-page System RAM intersections (bsc#1106800). - mm: memcg: fix use after free in mem_cgroup_iter() (bnc#1107065). - mmc: omap_hsmmc: fix wakeirq handling on removal (bsc#1051510). - module: exclude SHN_UNDEF symbols from kallsyms api (bsc#1071995). - net/9p/client.c: version pointer uninitialized (bsc#1051510). - net/9p/trans_fd.c: fix race by holding the lock (bsc#1051510). - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() (bsc#1051510). - net/9p: Switch to wait_event_killable() (bsc#1051510). - net/9p: fix error path of p9_virtio_probe (bsc#1051510). - net: dsa: Do not suspend/resume closed slave_dev (netfilter-stable-18_08_04). - net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108093). - net: ena: Fix use of uninitialized DMA address bits field (netfilter-stable-18_08_01). - net: ena: fix device destruction to gracefully free resources (bsc#1108093). - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108093). - net: ena: fix incorrect usage of memory barriers (bsc#1108093). - net: ena: fix missing calls to READ_ONCE (bsc#1108093). - net: ena: fix missing lock during device destruction (bsc#1108093). - net: ena: fix potential double ena_destroy_device() (bsc#1108093). - net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108093). - net: ethernet: mvneta: Fix napi structure mixup on armada 3700 (networking-stable-18_08_21). - net: fix amd-xgbe flow-control issue (netfilter-stable-18_08_01). - net: hns3: Fix for waterline not setting correctly (bsc#1104353 ). - net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES (bsc#1104353). - net: hns: add netif_carrier_off before change speed and duplex (bsc#1107924). - net: hns: add the code for cleaning pkt in chip (bsc#1107924). - net: mdio-mux: bcm-iproc: fix wrong getter and setter pair (netfilter-stable-18_08_01). - net: mvneta: fix mvneta_config_rss on armada 3700 (networking-stable-18_08_21). - net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags (git-fixes). - net: stmmac: Fix WoL for PCI-based setups (netfilter-stable-18_08_04). - net: stmmac: mark PM functions as __maybe_unused (git-fixes). - net_sched: Fix missing res info when create new tc_index filter (netfilter-stable-18_08_17). - netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses (git-fixes). - netlink: Do not shift on 64 for ngroups (git-fixes). - netlink: Do not shift with UB on nlk->ngroups (netfilter-stable-18_08_01). - netlink: Do not subscribe to non-existent groups (netfilter-stable-18_08_01). - netlink: Fix spectre v1 gadget in netlink_create() (netfilter-stable-18_08_04). - nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds (git-fixes). - nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE (git-fixes). - nfsd: remove blocked locks on client teardown (git-fixes). - nl80211: Add a missing break in parse_station_flags (bsc#1051510). - nl80211: check nla_parse_nested() return values (bsc#1051510). - nvme: register ns_id attributes as default sysfs groups (bsc#1105247). - nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device (bsc#1044189). - pinctrl/amd: only handle irq if it is pending and unmasked (bsc#1051510). - pipe: actually allow root to exceed the pipe buffer limits (bsc#1106297). - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 (bsc#1051510). - pnfs/blocklayout: off by one in bl_map_stripe() (git-fixes). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes). - powerpc/64s: Fix DT CPU features Power9 DD2.1 logic (bsc#1055117). - powerpc/64s: Fix compiler store ordering to SLB shadow area (bsc#1094244). - powerpc/64s: move machine check SLB flushing to mm/slb.c (bsc#1094244). - powerpc/kprobes: Fix call trace due to incorrect preempt count (bsc#1065729). - powerpc/lib: Fix the feature fixup tests to actually work (bsc#1065729). - powerpc/mce: Fix SLB rebolting during MCE recovery path (bsc#1094244). - powerpc/perf: Fix IMC allocation routine (bsc#1054914). - powerpc/perf: Fix memory allocation for core-imc based on num_possible_cpus() (bsc#1054914). - powerpc/perf: Remove sched_task function defined for thread-imc (bsc#1054914). - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX (bsc#1094244). - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler (bsc#1094244). - powerpc/pseries: fix EEH recovery of some IOV devices (bsc#1078720, git-fixes). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc: make feature-fixup tests fortify-safe (bsc#1065729). - pstore: Fix incorrect persistent ram buffer mapping (bsc#1051510). - pwm: tiehrpwm: Fix disabling of output of PWMs (bsc#1051510). - qlge: Fix netdev features configuration (bsc#1098822). - r8169: add support for NCube 8168 network card (bsc#1051510). - reiserfs: fix broken xattr handling (heap corruption, bad retval) (bsc#1106236). - rhashtable: add schedule points (bsc#1051510). - root dentries need RCU-delayed freeing (bsc#1106297). - rsi: Fix 'invalid vdd' warning in mmc (bsc#1051510). - rxrpc: Fix user call ID check in rxrpc_service_prealloc_one (netfilter-stable-18_08_04). - s390/entry.S: use assembler alternatives (bsc#1103421). - s390/lib: use expoline for all bcr instructions (git-fixes, bsc#1103421). - s390/mm: fix local TLB flushing vs. detach of an mm address space (bsc#1103421). - s390/mm: fix race on mm->context.flush_mm (bsc#1103421). - s390/runtime instrumentation: simplify task exit handling (bsc#1103421). - s390: always save and restore all registers on context switch (bsc#1103421). - s390: detect etoken facility (bsc#1103421). - s390: fix br_r1_trampoline for machines without exrl (git-fixes, bsc#1103421). - s390: fix compat system call table (bsc#1103421). - s390: fix handling of -1 in set{,fs}id16 syscalls (bsc#1103421). - s390: use expoline thunks for all branches generated by the BPF JIT (bsc#1103421). - samples/bpf: adjust rlimit RLIMIT_MEMLOCK for xdp1 (bsc#1083647). - sched/fair: Fix vruntime_normalized() for remote non-migration wakeup (git-fixes). - sched/numa: Do not move imbalanced load purely on the basis of an idle CPU (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Evaluate move once per node (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove numa_has_capacity() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove unused task_capacity from 'struct numa_stats' (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop comparing tasks for NUMA placement after selecting an idle core (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: remove unused code from update_numa_stats() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: remove unused nr_running field (bnc#1101669 optimise numa balancing for fast migrate). - scripts/git_sort/git_sort.py: Add fixes branch from mkp/scsi.git. - scripts/git_sort/git_sort.py: add mkp 4.20/scsi-queue - scripts/tar-up.sh: Do not package gitlog-excludes file Also fix the evaluation of gitlog-excludes file, too - scripts: modpost: check memory allocation results (bsc#1051510). - scsi: fcoe: hold disc_mutex when traversing rport lists (bsc#1077989). - scsi: hpsa: limit transfer length to 1MB, not 512kB (bsc#1102346). - scsi: libfc: Add lockdep annotations (bsc#1077989). - scsi: libfc: fixup 'sleeping function called from invalid context' (bsc#1077989). - scsi: libfc: fixup lockdep annotations (bsc#1077989). - scsi: libfc: hold disc_mutex in fc_disc_stop_rports() (bsc#1077989). - scsi: lpfc: Correct MDS diag and nvmet configuration (bsc#1106636). - scsi: mpt3sas: Fix calltrace observed while running IO and reset (bsc#1077989). - scsi: qla2xxx: Add appropriate debug info for invalid RX_ID (bsc#1108870). - scsi: qla2xxx: Add logic to detect ABTS hang and response completion (bsc#1108870). - scsi: qla2xxx: Add mode control for each physical port (bsc#1108870). - scsi: qla2xxx: Add support for ZIO6 interrupt threshold (bsc#1108870). - scsi: qla2xxx: Allow FC-NVMe underrun to be handled by transport (bsc#1108870). - scsi: qla2xxx: Check for Register disconnect (bsc#1108870). - scsi: qla2xxx: Decrement login retry count for only plogi (bsc#1108870). - scsi: qla2xxx: Defer chip reset until target mode is enabled (bsc#1108870). - scsi: qla2xxx: Fix Remote port registration (bsc#1108870). - scsi: qla2xxx: Fix deadlock between ATIO and HW lock (bsc#1108870). - scsi: qla2xxx: Fix double increment of switch scan retry count (bsc#1108870). - scsi: qla2xxx: Fix dropped srb resource (bsc#1108870). - scsi: qla2xxx: Fix duplicate switch's Nport ID entries (bsc#1108870). - scsi: qla2xxx: Fix early srb free on abort (bsc#1108870). - scsi: qla2xxx: Fix iIDMA error (bsc#1108870). - scsi: qla2xxx: Fix incorrect port speed being set for FC adapters (bsc#1108870). - scsi: qla2xxx: Fix out of order Termination and ABTS response (bsc#1108870). - scsi: qla2xxx: Fix port speed display on chip reset (bsc#1108870). - scsi: qla2xxx: Fix premature command free (bsc#1108870). - scsi: qla2xxx: Fix process response queue for ISP26XX and above (bsc#1108870). - scsi: qla2xxx: Fix race condition for resource cleanup (bsc#1108870). - scsi: qla2xxx: Fix stuck session in PLOGI state (bsc#1108870). - scsi: qla2xxx: Force fw cleanup on ADISC error (bsc#1108870). - scsi: qla2xxx: Increase abort timeout value (bsc#1108870). - scsi: qla2xxx: Move ABTS code behind qpair (bsc#1108870). - scsi: qla2xxx: Move rport registration out of internal work_list (bsc#1108870). - scsi: qla2xxx: Move {get|rel}_sp to base_qpair struct (bsc#1108870). - scsi: qla2xxx: Reduce holding sess_lock to prevent CPU lock-up (bsc#1108870). - scsi: qla2xxx: Reject bsg request if chip is down (bsc#1108870). - scsi: qla2xxx: Remove ASYNC GIDPN switch command (bsc#1108870). - scsi: qla2xxx: Remove all rports if fabric scan retry fails (bsc#1108870). - scsi: qla2xxx: Remove redundant check for fcport deletion (bsc#1108870). - scsi: qla2xxx: Remove stale ADISC_DONE event (bsc#1108870). - scsi: qla2xxx: Remove stale debug trace message from tcm_qla2xxx (bsc#1108870). - scsi: qla2xxx: Serialize mailbox request (bsc#1108870). - scsi: qla2xxx: Terminate Plogi/PRLI if WWN is 0 (bsc#1108870). - scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion (bsc#1108870). - scsi: qla2xxx: Update driver to version 10.00.00.09-k (bsc#1108870). - scsi: qla2xxx: Update driver version to 10.00.00.10-k (bsc#1108870). - scsi: qla2xxx: Update driver version to 10.00.00.11-k (bsc#1108870). - scsi: qla2xxx: Update rscn_rcvd field to more meaningful scan_needed (bsc#1108870). - scsi: qla2xxx: Use correct qpair for ABTS/CMD (bsc#1108870). - scsi: qla2xxx: shutdown chip if reset fail (bsc#1108870). - scsi_debug: call resp_XXX function after setting host_scribble (bsc#1069138). - scsi_debug: reset injection flags for every_nth > 0 (bsc#1069138). - selftests/bpf/test_maps: exit child process without error in ENOMEM case (bsc#1083647). - selftests/bpf: fix a typo in map in map test (bsc#1083647). - serial: enable spi in sc16is7xx driver References: bsc#1105672 - serial: make sc16is7xx driver supported References: bsc#1105672 - slab: __GFP_ZERO is incompatible with a constructor (bnc#1107060). - spi-nor: intel-spi: Fix number of protected range registers for BYT/LPT. - spi: cadence: Change usleep_range() to udelay(), for atomic context (bsc#1051510). - spi: davinci: fix a NULL pointer dereference (bsc#1051510). - spi: pxa2xx: Add support for Intel Ice Lake (bsc#1051510). - staging: bcm2835-audio: Check if workqueue allocation failed. - staging: bcm2835-audio: Deliver indirect-PCM transfer error. - staging: bcm2835-audio: Disconnect and free vchi_instance on module_exit(). - staging: bcm2835-audio: Do not leak workqueue if open fails. - staging: bcm2835-audio: constify snd_pcm_ops structures. - staging: bcm2835-audio: make snd_pcm_hardware const. - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice (bsc#1051510). - staging: lustre: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1051510). - staging: lustre: disable preempt while sampling processor id (bsc#1051510). - staging: lustre: fix bug in osc_enter_cache_try (bsc#1051510). - staging: lustre: ldlm: free resource when ldlm_lock_create() fails (bsc#1051510). - staging: lustre: libcfs: Prevent harmless read underflow (bsc#1051510). - staging: lustre: libcfs: fix test for libcfs_ioctl_hdr minimum size (bsc#1051510). - staging: lustre: llite: correct removexattr detection (bsc#1051510). - staging: lustre: llite: initialize xattr->xe_namelen (bsc#1051510). - staging: lustre: lmv: correctly iput lmo_root (bsc#1051510). - staging: lustre: lov: use correct env in lov_io_data_version_end() (bsc#1051510). - staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5 (bsc#1051510). - staging: lustre: o2iblnd: Fix crash in kiblnd_handle_early_rxs() (bsc#1051510). - staging: lustre: o2iblnd: fix race at kiblnd_connect_peer (bsc#1051510). - staging: lustre: obd_mount: use correct niduuid suffix (bsc#1051510). - staging: lustre: obdclass: return -EFAULT if copy_from_user() fails (bsc#1051510). - staging: lustre: ptlrpc: kfree used instead of kvfree (bsc#1051510). - staging: lustre: remove invariant in cl_io_read_ahead() (bsc#1051510). - staging: lustre: statahead: remove incorrect test on agl_list_empty() (bsc#1051510). - staging: vc04_services: Fix platform_no_drv_owner.cocci warnings. - staging: vc04_services: bcm2835-audio Format multiline comment. - staging: vc04_services: bcm2835-audio: Add blank line after declaration. - staging: vc04_services: bcm2835-audio: Change to unsigned int *. - staging: vc04_services: bcm2835-audio: add SPDX identifiers. - staging: vc04_services: bcm2835-audio: remove redundant license text. - staging: vc04_services: please do not use multiple blank lines. - string: drop __must_check from strscpy() and restore strscpy() usages in cgroup (bsc#1051510). - sunxi-rsb: Include OF based modalias in device uevent (bsc#1051510). - sys: do not hold uts_sem while accessing userspace memory (bnc#1106995). - target_core_rbd: break up free_device callback (bsc#1105524). - target_core_rbd: use RCU in free_device (bsc#1105524). - tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode (netfilter-stable-18_08_01). - tcp: add one more quick ack after after ECN events (netfilter-stable-18_08_01). - tcp: do not aggressively quick ack after ECN events (netfilter-stable-18_08_01). - tcp: do not force quickack when receiving out-of-order packets (netfilter-stable-18_08_01). - tcp: refactor tcp_ecn_check_ce to remove sk type cast (netfilter-stable-18_08_01). - tcp_bbr: fix bw probing to raise in-flight data for very small BDPs (netfilter-stable-18_08_01). - thermal: thermal_hwmon: Convert to hwmon_device_register_with_info() (bsc#1103363). - thermal_hwmon: Pass the originating device down to hwmon_device_register_with_info (bsc#1103363). - thermal_hwmon: Sanitize attribute name passed to hwmon (bsc#1103363). - ti: ethernet: cpdma: Use correct format for genpool_* (bsc#1051510). - tools/power turbostat: Read extended processor family from CPUID (bsc#1051510). - tools/power turbostat: fix -S on UP systems (bsc#1051510). - tools: usb: ffs-test: Fix build on big endian systems (bsc#1051510). - tpm: Introduce flag TPM_TRANSMIT_RAW (bsc#1082555). - tpm: cmd_ready command can be issued only after granting locality (bsc#1082555). - tpm: fix race condition in tpm_common_write() (bsc#1082555). - tpm: fix use after free in tpm2_load_context() (bsc#1082555). - tpm: separate cmd_ready/go_idle from runtime_pm (bsc#1082555). - tpm: tpm_crb: relinquish locality on error path (bsc#1082555). - tpm: vtpm_proxy: Implement request_locality function (bsc#1082555). - tracepoint: Do not warn on ENOMEM (bsc#1051510). - uart: fix race between uart_put_char() and uart_shutdown() (bsc#1051510). - ubifs: Check data node size before truncate (bsc#1051510). - ubifs: Fix directory size calculation for symlinks (bsc#1106230). - ubifs: Fix memory leak in lprobs self-check (bsc#1051510). - ubifs: Fix synced_i_size calculation for xattr inodes (bsc#1051510). - ubifs: xattr: Do not operate on deleted inodes (bsc#1051510). - udl-kms: avoid division (bsc#1051510). - udl-kms: change down_interruptible to down (bsc#1051510). - udl-kms: fix crash due to uninitialized memory (bsc#1051510). - udl-kms: handle allocation failure (bsc#1051510). - udlfb: set optimal write delay (bsc#1051510). - usb/phy: fix PPC64 build errors in phy-fsl-usb.c (bsc#1051510). - usb: Do not die twice if PCI xhci host is not responding in resume (bsc#1051510). - usb: dwc2: fix isoc split in transfer with no data (bsc#1051510). - usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() (bsc#1051510). - usb: dwc3: pci: add support for Intel IceLake (bsc#1051510). - usb: gadget: composite: fix delayed_status race condition when set_interface (bsc#1051510). - usb: gadget: dwc2: fix memory leak in gadget_init() (bsc#1051510). - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() (bsc#1051510). - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() (bsc#1051510). - usb: gadget: udc: renesas_usb3: fix maxpacket size of ep0 (bsc#1051510). - usb: xhci: increase CRS timeout value (bsc#1051510). - userns: move user access out of the mutex (bsc#1051510). - vfio/pci: Virtualize Maximum Payload Size (bsc#1051510). - vfio/pci: Virtualize Maximum Read Request Size (bsc#1051510). - vfio/type1: Fix task tracking for QEMU vCPU hotplug (bsc#1051510). - vhost: correctly check the iova range when waking virtqueue (bsc#1051510). - vhost: do not try to access device IOTLB when not initialized (bsc#1051510). - vhost: reset metadata cache when initializing new IOTLB (netfilter-stable-18_08_17). - vhost: use mutex_lock_nested() in vhost_dev_lock_vqs() (bsc#1051510). - video: fbdev: pxafb: clear allocated memory for video modes (bsc#1051510). - vsock: split dwork to avoid reinitializations (netfilter-stable-18_08_17). - wlcore: Set rx_status boottime_ns field on rx (bsc#1051510). - x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available. - x86/CPU: Modify detect_extended_topology() to return result. - x86/events/intel/ds: Fix bts_interrupt_threshold alignment (git-fixes c1961a4631da). - x86/init: fix build with CONFIG_SWAP=n (bnc#1106121). - x86/kasan/64: Teach KASAN about the cpu_entry_area (kasan). - x86/kvm: fix LAPIC timer drift when guest uses periodic mode (bsc#1106240). - x86/mcelog: Get rid of RCU remnants (git-fixes 5de97c9f6d85). - x86/mm/kasan: Do not use vmemmap_populate() to initialize shadow (kasan). - x86/mm/memory_hotplug: determine block size based on the end of boot memory (bsc#1108243). - x86/platform/UV: Add adjustable set memory block size function (bsc#1108243). - x86/platform/UV: Add kernel parameter to set memory block size (bsc#1108243). - x86/platform/UV: Mark memblock related init code and data correctly (bsc#1108243). - x86/platform/UV: Use new set memory block size function (bsc#1108243). - x86/spectre: Add missing family 6 check to microcode check (git-fixes a5b296636453). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - x86/vdso: Fix vDSO build if a retpoline is emitted (git-fixes 76b043848fd2). - x86/xen/efi: Initialize only the EFI struct members used by Xen (bnc#1107945). - x86: irq_remapping: Move irq remapping mode enum. - xen-netfront-dont-bug-in-case-of-too-many-frags.patch: (bnc#1104824). - xen-netfront: fix queue name setting (bnc#1065600). - xen-netfront: fix warn message as irq device name has '/' (bnc#1065600). - xen/blkback: do not keep persistent grants too long (bsc#1085042). - xen/blkback: move persistent grants flags to bool (bsc#1085042). - xen/blkback: remove unused pers_gnts_lock from struct (bsc#1085042). - xen/blkfront: cleanup stale persistent grants (bsc#1085042). - xen/blkfront: reorder tests in xlblk_init() (bsc#1085042). - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling (bnc#1065600). - xen: xenbus_dev_frontend: Really return response string (bnc#1065600). - xenbus: track caller request id (bnc#1065600). - xfs: Fix per-inode DAX flag inheritance (Git-fixes bsc#1109511). - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344). - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344). - xfs: add a xfs_iext_update_extent helper (bsc#1095344). - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space (bsc#1095344). - xfs: add comments documenting the rebalance algorithm (bsc#1095344). - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344). - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344). - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344). - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344). - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344). - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344). - xfs: fix type usage (bsc#1095344). - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344). - xfs: inline xfs_shift_file_space into callers (bsc#1095344). - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344). - xfs: iterate backwards in xfs_reflink_cancel_cow_blocks (bsc#1095344). - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344). - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344). - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344). - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344). - xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344). - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344). - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344). - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344). - xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344). - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344). - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344). - xfs: preserve i_rdev when recycling a reclaimable inode (bsc#1095344). - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: refactor xfs_del_extent_real (bsc#1095344). - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344). - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344). - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344). - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344). - xfs: remove if_rdev (bsc#1095344). - xfs: remove post-bmap tracing in xfs_bmap_local_to_extents (bsc#1095344). - xfs: remove support for inlining data/extents into the inode fork (bsc#1095344). - xfs: remove the never fully implemented UUID fork format (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344). - xfs: remove xfs_bmbt_get_state (bsc#1095344). - xfs: remove xfs_bmse_shift_one (bsc#1095344). - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344). - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344). - xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344). - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344). - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344). - xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344). - xfs: simplify the xfs_getbmap interface (bsc#1095344). - xfs: simplify xfs_reflink_convert_cow (bsc#1095344). - xfs: split xfs_bmap_shift_extents (bsc#1095344). - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344). - xfs: trivial indentation fixup for xfs_iext_remove_node (bsc#1095344). - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344). - xfs: use a b+tree for the in-core extent list (bsc#1095344). - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay} (bsc#1095344). - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344). - xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344). - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344). - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-2120=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-25.19.1 kernel-default-debugsource-4.12.14-25.19.1 kernel-default-livepatch-4.12.14-25.19.1 kernel-livepatch-4_12_14-25_19-default-1-1.3.1 kernel-livepatch-4_12_14-25_19-default-debuginfo-1-1.3.1 References: https://www.suse.com/security/cve/CVE-2018-10938.html https://www.suse.com/security/cve/CVE-2018-10940.html https://www.suse.com/security/cve/CVE-2018-1128.html https://www.suse.com/security/cve/CVE-2018-1129.html https://www.suse.com/security/cve/CVE-2018-12896.html https://www.suse.com/security/cve/CVE-2018-13093.html https://www.suse.com/security/cve/CVE-2018-13094.html https://www.suse.com/security/cve/CVE-2018-13095.html https://www.suse.com/security/cve/CVE-2018-14613.html https://www.suse.com/security/cve/CVE-2018-14617.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1043912 https://bugzilla.suse.com/1044189 https://bugzilla.suse.com/1046302 https://bugzilla.suse.com/1046306 https://bugzilla.suse.com/1046307 https://bugzilla.suse.com/1046543 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055014 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1058659 https://bugzilla.suse.com/1060463 https://bugzilla.suse.com/1064232 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1069138 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1077761 https://bugzilla.suse.com/1077989 https://bugzilla.suse.com/1078720 https://bugzilla.suse.com/1080157 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1083663 https://bugzilla.suse.com/1084332 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1085262 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1089663 https://bugzilla.suse.com/1090528 https://bugzilla.suse.com/1092903 https://bugzilla.suse.com/1093389 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1095344 https://bugzilla.suse.com/1096748 https://bugzilla.suse.com/1097105 https://bugzilla.suse.com/1098459 https://bugzilla.suse.com/1098822 https://bugzilla.suse.com/1099922 https://bugzilla.suse.com/1099999 https://bugzilla.suse.com/1100000 https://bugzilla.suse.com/1100001 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1101557 https://bugzilla.suse.com/1101669 https://bugzilla.suse.com/1102346 https://bugzilla.suse.com/1102870 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1103363 https://bugzilla.suse.com/1103387 https://bugzilla.suse.com/1103421 https://bugzilla.suse.com/1103948 https://bugzilla.suse.com/1103949 https://bugzilla.suse.com/1103961 https://bugzilla.suse.com/1104172 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104824 https://bugzilla.suse.com/1105247 https://bugzilla.suse.com/1105524 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1105597 https://bugzilla.suse.com/1105603 https://bugzilla.suse.com/1105672 https://bugzilla.suse.com/1105907 https://bugzilla.suse.com/1106007 https://bugzilla.suse.com/1106016 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106121 https://bugzilla.suse.com/1106170 https://bugzilla.suse.com/1106178 https://bugzilla.suse.com/1106191 https://bugzilla.suse.com/1106229 https://bugzilla.suse.com/1106230 https://bugzilla.suse.com/1106231 https://bugzilla.suse.com/1106233 https://bugzilla.suse.com/1106235 https://bugzilla.suse.com/1106236 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106238 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106291 https://bugzilla.suse.com/1106297 https://bugzilla.suse.com/1106333 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106426 https://bugzilla.suse.com/1106427 https://bugzilla.suse.com/1106464 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1106594 https://bugzilla.suse.com/1106636 https://bugzilla.suse.com/1106688 https://bugzilla.suse.com/1106697 https://bugzilla.suse.com/1106743 https://bugzilla.suse.com/1106779 https://bugzilla.suse.com/1106800 https://bugzilla.suse.com/1106890 https://bugzilla.suse.com/1106891 https://bugzilla.suse.com/1106892 https://bugzilla.suse.com/1106893 https://bugzilla.suse.com/1106894 https://bugzilla.suse.com/1106896 https://bugzilla.suse.com/1106897 https://bugzilla.suse.com/1106898 https://bugzilla.suse.com/1106899 https://bugzilla.suse.com/1106900 https://bugzilla.suse.com/1106901 https://bugzilla.suse.com/1106902 https://bugzilla.suse.com/1106903 https://bugzilla.suse.com/1106905 https://bugzilla.suse.com/1106906 https://bugzilla.suse.com/1106948 https://bugzilla.suse.com/1106995 https://bugzilla.suse.com/1107008 https://bugzilla.suse.com/1107060 https://bugzilla.suse.com/1107061 https://bugzilla.suse.com/1107065 https://bugzilla.suse.com/1107073 https://bugzilla.suse.com/1107074 https://bugzilla.suse.com/1107078 https://bugzilla.suse.com/1107265 https://bugzilla.suse.com/1107319 https://bugzilla.suse.com/1107320 https://bugzilla.suse.com/1107522 https://bugzilla.suse.com/1107535 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1107735 https://bugzilla.suse.com/1107756 https://bugzilla.suse.com/1107870 https://bugzilla.suse.com/1107924 https://bugzilla.suse.com/1107945 https://bugzilla.suse.com/1107966 https://bugzilla.suse.com/1108010 https://bugzilla.suse.com/1108093 https://bugzilla.suse.com/1108243 https://bugzilla.suse.com/1108520 https://bugzilla.suse.com/1108870 https://bugzilla.suse.com/1109269 https://bugzilla.suse.com/1109511 https://bugzilla.suse.com/920344 From sle-security-updates at lists.suse.com Thu Oct 4 04:12:06 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Oct 2018 12:12:06 +0200 (CEST) Subject: SUSE-SU-2018:2991-1: important: Security update for openslp Message-ID: <20181004101206.CEB57FEAD@maintenance.suse.de> SUSE Security Update: Security update for openslp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2991-1 Rating: important References: #1090638 Cross-References: CVE-2017-17833 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2132=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2132=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2132=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2132=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2132=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2132=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2132=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2132=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2132=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2132=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): openslp-2.0.0-18.17.1 openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-server-2.0.0-18.17.1 openslp-server-debuginfo-2.0.0-18.17.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): openslp-debuginfo-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-devel-2.0.0-18.17.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): openslp-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-server-2.0.0-18.17.1 openslp-server-debuginfo-2.0.0-18.17.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): openslp-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-server-2.0.0-18.17.1 openslp-server-debuginfo-2.0.0-18.17.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): openslp-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-server-2.0.0-18.17.1 openslp-server-debuginfo-2.0.0-18.17.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): openslp-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-server-2.0.0-18.17.1 openslp-server-debuginfo-2.0.0-18.17.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): openslp-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-server-2.0.0-18.17.1 openslp-server-debuginfo-2.0.0-18.17.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): openslp-2.0.0-18.17.1 openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 - SUSE Enterprise Storage 4 (x86_64): openslp-2.0.0-18.17.1 openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-server-2.0.0-18.17.1 openslp-server-debuginfo-2.0.0-18.17.1 - SUSE CaaS Platform ALL (x86_64): openslp-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 - SUSE CaaS Platform 3.0 (x86_64): openslp-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): openslp-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 References: https://www.suse.com/security/cve/CVE-2017-17833.html https://bugzilla.suse.com/1090638 From sle-security-updates at lists.suse.com Thu Oct 4 10:08:16 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Oct 2018 18:08:16 +0200 (CEST) Subject: SUSE-SU-2018:3002-1: moderate: Security update for python Message-ID: <20181004160816.3C591FEAD@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3002-1 Rating: moderate References: #1109663 Cross-References: CVE-2018-1000802 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issue: - CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2136=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2136=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.3.1 python-debugsource-2.7.14-7.3.1 python-tk-2.7.14-7.3.1 python-tk-debuginfo-2.7.14-7.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.14-7.3.1 libpython2_7-1_0-debuginfo-2.7.14-7.3.1 python-2.7.14-7.3.1 python-base-2.7.14-7.3.1 python-base-debuginfo-2.7.14-7.3.1 python-base-debugsource-2.7.14-7.3.1 python-curses-2.7.14-7.3.1 python-curses-debuginfo-2.7.14-7.3.1 python-debuginfo-2.7.14-7.3.1 python-debugsource-2.7.14-7.3.1 python-devel-2.7.14-7.3.1 python-gdbm-2.7.14-7.3.1 python-gdbm-debuginfo-2.7.14-7.3.1 python-xml-2.7.14-7.3.1 python-xml-debuginfo-2.7.14-7.3.1 References: https://www.suse.com/security/cve/CVE-2018-1000802.html https://bugzilla.suse.com/1109663 From sle-security-updates at lists.suse.com Thu Oct 4 10:17:56 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Oct 2018 18:17:56 +0200 (CEST) Subject: SUSE-SU-2018:3004-1: important: Security update for the Linux Kernel Message-ID: <20181004161756.F0EA3FEAD@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3004-1 Rating: important References: #1012382 #1044189 #1063026 #1066223 #1082863 #1082979 #1084427 #1084536 #1087209 #1088087 #1090535 #1091815 #1094244 #1094555 #1094562 #1095344 #1095753 #1096547 #1099810 #1102495 #1102715 #1102870 #1102875 #1102877 #1102879 #1102882 #1102896 #1103156 #1103269 #1106095 #1106434 #1106512 #1106594 #1106934 #1107924 #1108096 #1108170 #1108240 #1108399 #1108803 #1108823 #1109333 #1109336 #1109337 #1109441 #1110297 #1110337 Cross-References: CVE-2018-14613 CVE-2018-14617 CVE-2018-16276 CVE-2018-16597 CVE-2018-17182 CVE-2018-7480 CVE-2018-7757 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 40 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.156 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-16597: Incorrect access checking in overlayfs mounts could have been used by local attackers to modify or truncate files in the underlying filesystem (bnc#1106512). - CVE-2018-14613: Prevent invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, caused by a lack of block group item validation in check_leaf_item (bsc#1102896) - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) - CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095) - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536) - CVE-2018-7480: The blkcg_init_queue function allowed local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure (bsc#1082863). - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). The following non-security bugs were fixed: - asm/sections: add helpers to check for section data (bsc#1063026). - ASoC: wm8994: Fix missing break in switch (bnc#1012382). - block: bvec_nr_vecs() returns value for wrong slab (bsc#1082979). - bpf: fix overflow in prog accounting (bsc#1012382). - btrfs: Add checker for EXTENT_CSUM (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Add sanity check for EXTENT_DATA when reading out leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check if item pointer overlaps with the item itself (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check that each block group has corresponding chunk at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Introduce mount time chunk <-> dev extent mapping check (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Move leaf and node validation checker to tree-checker.c (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bnc#1012382). - btrfs: replace: Reset on-disk dev stats value after replace (bnc#1012382). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (bsc#1108096). - btrfs: tree-checker: Add checker for dir item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Detect invalid and empty essential trees (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance btrfs_check_node output (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for btrfs_check_leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_csum_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_extent_data_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Fix false panic for sanity test (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Replace root parameter with fs_info (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Verify block_group_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: use correct compare function of dirty_metadata_bytes (bnc#1012382). - btrfs: Verify that every chunk has corresponding block group at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bnc#1012382). - crypto: clarify licensing of OpenSSL asm code (). - crypto: vmx - Remove overly verbose printk from AES XTS init (git-fixes). - debugobjects: Make stack check warning more informative (bnc#1012382). - dm kcopyd: avoid softlockup in run_complete_job (bnc#1012382). - dm-mpath: do not try to access NULL rq (bsc#1110337). - EDAC: Fix memleak in module init error path (bsc#1109441). - EDAC, i7core: Fix memleaks and use-after-free on probe and remove (1109441). - fat: validate ->i_start before using (bnc#1012382). - Fixes: Commit cdbf92675fad ("mm: numa: avoid waiting on freed migrated pages") (bnc#1012382). - Follow-up fix for patches.arch/01-jump_label-reduce-the-size-of-struct-static_key-kabi.patch (bsc#1108803). - fork: do not copy inconsistent signal handler state to child (bnc#1012382). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (bnc#1012382). - genirq: Delay incrementing interrupt count if it's disabled/pending (bnc#1012382). - grow_cache: we still have a code which uses both __GFP_ZERO and constructors. The code seems to be correct and the warning does more harm than good so revert for the the meantime until we catch offenders. (bnc#1110297) - hfsplus: do not return 0 when fill_super() failed (bnc#1012382). - hfs: prevent crash on exit from failed search (bnc#1012382). - ib_srp: Remove WARN_ON in srp_terminate_io() (bsc#1094562). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bnc#1012382). - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP (bnc#1012382). - irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar() (bnc#1012382). - kabi protect hnae_ae_ops (bsc#1107924). - kbuild: make missing $DEPMOD a Warning instead of an Error (bnc#1012382). - l2tp: cast l2tp traffic counter to unsigned (bsc#1099810). - mei: me: allow runtime pm for platform with D0i3 (bnc#1012382). - mfd: sm501: Set coherent_dma_mask when creating subdevices (bnc#1012382). - mm/fadvise.c: fix signed overflow UBSAN complaint (bnc#1012382). - net/9p: fix error path of p9_virtio_probe (bnc#1012382). - net: bcmgenet: use MAC link status for fixed phy (bnc#1012382). - net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108240). - net: ena: fix device destruction to gracefully free resources (bsc#1108240). - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108240). - net: ena: fix incorrect usage of memory barriers (bsc#1108240). - net: ena: fix missing calls to READ_ONCE (bsc#1108240). - net: ena: fix missing lock during device destruction (bsc#1108240). - net: ena: fix potential double ena_destroy_device() (bsc#1108240). - net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108240). - net: hns: add netif_carrier_off before change speed and duplex (bsc#1107924). - net: hns: add the code for cleaning pkt in chip (bsc#1107924). - nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device (bsc#1044189). - nvmet: fixup crash on NULL device path (bsc#1082979). - ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512) - ovl: proper cleanup of workdir (bnc#1012382). - ovl: rename is_merge to is_lowest (bnc#1012382). - PCI: mvebu: Fix I/O space end address calculation (bnc#1012382). - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 (bnc#1012382). - powerpc/64: Do load of PACAKBASE in LOAD_HANDLER (bsc#1094244). - powerpc/book3s: Fix MCE console messages for unrecoverable MCE (bsc#1094244). - powerpc/fadump: cleanup crash memory ranges support (bsc#1103269). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc: Fix size calculation using resource_size() (bnc#1012382). - powerpc/mce: Move 64-bit machine check code into mce.c (bsc#1094244). - powerpc/perf/hv-24x7: Fix off-by-one error in request_buffer check (git-fixes). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1066223). - powerpc/powernv: Rename machine_check_pSeries_early() to powernv (bsc#1094244). - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX (bnc#1012382). - powerpc/pseries: Disable CPU hotplug across migrations (bsc#1066223). - powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337). - powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495, bsc#1109337). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - RDMA/rw: Fix rdma_rw_ctx_signature_init() kernel-doc header (bsc#1082979). - reiserfs: change j_timestamp type to time64_t (bnc#1012382). - Revert "ARM: imx_v6_v7_defconfig: Select ULPI support" (bnc#1012382). - s390/dasd: fix hanging offline processing due to canceled worker (bnc#1012382). - s390/lib: use expoline for all bcr instructions (LTC#171029 bnc#1012382 bnc#1106934). - sch_hhf: fix null pointer dereference on init failure (bnc#1012382). - sch_htb: fix crash on init failure (bnc#1012382). - sch_multiq: fix double free on init failure (bnc#1012382). - sch_netem: avoid null pointer deref on init failure (bnc#1012382). - sch_tbf: fix two null pointer dereferences on init failure (bnc#1012382). - scripts: modpost: check memory allocation results (bnc#1012382). - scsi: aic94xx: fix an error code in aic94xx_init() (bnc#1012382). - scsi: ipr: System hung while dlpar adding primary ipr adapter back (bsc#1109336). - scsi: qla2xxx: Add changes for devloss timeout in driver (bsc#1084427). - scsi: qla2xxx: Add FC-NVMe abort processing (bsc#1084427). - scsi: qla2xxx: Add longer window for chip reset (bsc#1094555). - scsi: qla2xxx: Avoid double completion of abort command (bsc#1094555). - scsi: qla2xxx: Cleanup code to improve FC-NVMe error handling (bsc#1084427). - scsi: qla2xxx: Cleanup for N2N code (bsc#1094555). - scsi: qla2xxx: correctly shift host byte (bsc#1094555). - scsi: qla2xxx: Correct setting of SAM_STAT_CHECK_CONDITION (bsc#1094555). - scsi: qla2xxx: Delete session for nport id change (bsc#1094555). - scsi: qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan (bsc#1084427). - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (bsc#1094555). - scsi: qla2xxx: Fix double free bug after firmware timeout (bsc#1094555). - scsi: qla2xxx: Fix driver unload by shutting down chip (bsc#1094555). - scsi: qla2xxx: fix error message on ignore_df check from vti6_xmit() (bnc#1012382). - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear (bnc#1012382). - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bnc#1012382). - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344). - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space (bsc#1095344). - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344). - xfs: add a xfs_iext_update_extent helper (bsc#1095344). - xfs: add comments documenting the rebalance algorithm (bsc#1095344). - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344). - xfs: add xfs_trim_extent (bsc#1095344). - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344). - xfs: borrow indirect blocks from freed extent when available (bsc#1095344). - xfs: cleanup xfs_bmap_last_before (bsc#1095344). - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344). - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344). - xfs: during btree split, save new block key and ptr for future insertion (bsc#1095344). - xfs: factor out a helper to initialize a local format inode fork (bsc#1095344). - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344). - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344). - xfs: fix transaction allocation deadlock in IO path (bsc#1090535). - xfs: handle indlen shortage on delalloc extent merge (bsc#1095344). - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344). - xfs: improve kmem_realloc (bsc#1095344). - xfs: inline xfs_shift_file_space into callers (bsc#1095344). - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344). - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344). - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344). - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344). - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344). - xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344). - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344). - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344). - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344). - xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344). - xfs: new inode extent list lookup helpers (bsc#1095344). - xfs: only run torn log write detection on dirty logs (bsc#1095753). - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344). - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344). - xfs: provide helper for counting extents from if_bytes (bsc#1095344). - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor delalloc indlen reservation split into helper (bsc#1095344). - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344). - xfs: refactor in-core log state update to helper (bsc#1095753). - xfs: refactor unmount record detection into helper (bsc#1095753). - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: refactor xfs_bunmapi_cow (bsc#1095344). - xfs: refactor xfs_del_extent_real (bsc#1095344). - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344). - xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344). - xfs: remove if_rdev (bsc#1095344). - xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344). - xfs: remove support for inlining data/extents into the inode fork (bsc#1095344). - xfs: remove the never fully implemented UUID fork format (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344). - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344). - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344). - xfs: remove xfs_bmbt_get_state (bsc#1095344). - xfs: remove xfs_bmse_shift_one (bsc#1095344). - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344). - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344). - xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344). - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344). - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344). - xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344). - xfs: separate log head record discovery from verification (bsc#1095753). - xfs: simplify the xfs_getbmap interface (bsc#1095344). - xfs: simplify validation of the unwritten extent bit (bsc#1095344). - xfs: split indlen reservations fairly when under reserved (bsc#1095344). - xfs: split xfs_bmap_shift_extents (bsc#1095344). - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344). - xfs: update freeblocks counter after extent deletion (bsc#1095344). - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344). - xfs: use a b+tree for the in-core extent list (bsc#1095344). - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay} (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344). - xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344). - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344). - xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344). - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344). - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-2135=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_156-94_57-default-1-4.3.5 kgraft-patch-4_4_156-94_57-default-debuginfo-1-4.3.5 References: https://www.suse.com/security/cve/CVE-2018-14613.html https://www.suse.com/security/cve/CVE-2018-14617.html https://www.suse.com/security/cve/CVE-2018-16276.html https://www.suse.com/security/cve/CVE-2018-16597.html https://www.suse.com/security/cve/CVE-2018-17182.html https://www.suse.com/security/cve/CVE-2018-7480.html https://www.suse.com/security/cve/CVE-2018-7757.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1044189 https://bugzilla.suse.com/1063026 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1082863 https://bugzilla.suse.com/1082979 https://bugzilla.suse.com/1084427 https://bugzilla.suse.com/1084536 https://bugzilla.suse.com/1087209 https://bugzilla.suse.com/1088087 https://bugzilla.suse.com/1090535 https://bugzilla.suse.com/1091815 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1094562 https://bugzilla.suse.com/1095344 https://bugzilla.suse.com/1095753 https://bugzilla.suse.com/1096547 https://bugzilla.suse.com/1099810 https://bugzilla.suse.com/1102495 https://bugzilla.suse.com/1102715 https://bugzilla.suse.com/1102870 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1103156 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1106095 https://bugzilla.suse.com/1106434 https://bugzilla.suse.com/1106512 https://bugzilla.suse.com/1106594 https://bugzilla.suse.com/1106934 https://bugzilla.suse.com/1107924 https://bugzilla.suse.com/1108096 https://bugzilla.suse.com/1108170 https://bugzilla.suse.com/1108240 https://bugzilla.suse.com/1108399 https://bugzilla.suse.com/1108803 https://bugzilla.suse.com/1108823 https://bugzilla.suse.com/1109333 https://bugzilla.suse.com/1109336 https://bugzilla.suse.com/1109337 https://bugzilla.suse.com/1109441 https://bugzilla.suse.com/1110297 https://bugzilla.suse.com/1110337 From sle-security-updates at lists.suse.com Fri Oct 5 07:10:18 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Oct 2018 15:10:18 +0200 (CEST) Subject: SUSE-SU-2018:3016-1: moderate: Security update for php7 Message-ID: <20181005131018.10192FD56@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3016-1 Rating: moderate References: #1108554 #1108753 Cross-References: CVE-2018-17082 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for php7 fixes the following issues: This security issue was fixed: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade was mishandled in the php_handler function (bsc#1108753) This non-security issue was fixed: - reenable php7-dba support of Berkeley DB (bsc#1108554) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2018-2148=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.12.2 apache2-mod_php7-debuginfo-7.2.5-4.12.2 php7-7.2.5-4.12.2 php7-bcmath-7.2.5-4.12.2 php7-bcmath-debuginfo-7.2.5-4.12.2 php7-bz2-7.2.5-4.12.2 php7-bz2-debuginfo-7.2.5-4.12.2 php7-calendar-7.2.5-4.12.2 php7-calendar-debuginfo-7.2.5-4.12.2 php7-ctype-7.2.5-4.12.2 php7-ctype-debuginfo-7.2.5-4.12.2 php7-curl-7.2.5-4.12.2 php7-curl-debuginfo-7.2.5-4.12.2 php7-dba-7.2.5-4.12.2 php7-dba-debuginfo-7.2.5-4.12.2 php7-debuginfo-7.2.5-4.12.2 php7-debugsource-7.2.5-4.12.2 php7-devel-7.2.5-4.12.2 php7-dom-7.2.5-4.12.2 php7-dom-debuginfo-7.2.5-4.12.2 php7-enchant-7.2.5-4.12.2 php7-enchant-debuginfo-7.2.5-4.12.2 php7-exif-7.2.5-4.12.2 php7-exif-debuginfo-7.2.5-4.12.2 php7-fastcgi-7.2.5-4.12.2 php7-fastcgi-debuginfo-7.2.5-4.12.2 php7-fileinfo-7.2.5-4.12.2 php7-fileinfo-debuginfo-7.2.5-4.12.2 php7-fpm-7.2.5-4.12.2 php7-fpm-debuginfo-7.2.5-4.12.2 php7-ftp-7.2.5-4.12.2 php7-ftp-debuginfo-7.2.5-4.12.2 php7-gd-7.2.5-4.12.2 php7-gd-debuginfo-7.2.5-4.12.2 php7-gettext-7.2.5-4.12.2 php7-gettext-debuginfo-7.2.5-4.12.2 php7-gmp-7.2.5-4.12.2 php7-gmp-debuginfo-7.2.5-4.12.2 php7-iconv-7.2.5-4.12.2 php7-iconv-debuginfo-7.2.5-4.12.2 php7-intl-7.2.5-4.12.2 php7-intl-debuginfo-7.2.5-4.12.2 php7-json-7.2.5-4.12.2 php7-json-debuginfo-7.2.5-4.12.2 php7-ldap-7.2.5-4.12.2 php7-ldap-debuginfo-7.2.5-4.12.2 php7-mbstring-7.2.5-4.12.2 php7-mbstring-debuginfo-7.2.5-4.12.2 php7-mysql-7.2.5-4.12.2 php7-mysql-debuginfo-7.2.5-4.12.2 php7-odbc-7.2.5-4.12.2 php7-odbc-debuginfo-7.2.5-4.12.2 php7-opcache-7.2.5-4.12.2 php7-opcache-debuginfo-7.2.5-4.12.2 php7-openssl-7.2.5-4.12.2 php7-openssl-debuginfo-7.2.5-4.12.2 php7-pcntl-7.2.5-4.12.2 php7-pcntl-debuginfo-7.2.5-4.12.2 php7-pdo-7.2.5-4.12.2 php7-pdo-debuginfo-7.2.5-4.12.2 php7-pgsql-7.2.5-4.12.2 php7-pgsql-debuginfo-7.2.5-4.12.2 php7-phar-7.2.5-4.12.2 php7-phar-debuginfo-7.2.5-4.12.2 php7-posix-7.2.5-4.12.2 php7-posix-debuginfo-7.2.5-4.12.2 php7-shmop-7.2.5-4.12.2 php7-shmop-debuginfo-7.2.5-4.12.2 php7-snmp-7.2.5-4.12.2 php7-snmp-debuginfo-7.2.5-4.12.2 php7-soap-7.2.5-4.12.2 php7-soap-debuginfo-7.2.5-4.12.2 php7-sockets-7.2.5-4.12.2 php7-sockets-debuginfo-7.2.5-4.12.2 php7-sqlite-7.2.5-4.12.2 php7-sqlite-debuginfo-7.2.5-4.12.2 php7-sysvmsg-7.2.5-4.12.2 php7-sysvmsg-debuginfo-7.2.5-4.12.2 php7-sysvsem-7.2.5-4.12.2 php7-sysvsem-debuginfo-7.2.5-4.12.2 php7-sysvshm-7.2.5-4.12.2 php7-sysvshm-debuginfo-7.2.5-4.12.2 php7-tokenizer-7.2.5-4.12.2 php7-tokenizer-debuginfo-7.2.5-4.12.2 php7-wddx-7.2.5-4.12.2 php7-wddx-debuginfo-7.2.5-4.12.2 php7-xmlreader-7.2.5-4.12.2 php7-xmlreader-debuginfo-7.2.5-4.12.2 php7-xmlrpc-7.2.5-4.12.2 php7-xmlrpc-debuginfo-7.2.5-4.12.2 php7-xmlwriter-7.2.5-4.12.2 php7-xmlwriter-debuginfo-7.2.5-4.12.2 php7-xsl-7.2.5-4.12.2 php7-xsl-debuginfo-7.2.5-4.12.2 php7-zip-7.2.5-4.12.2 php7-zip-debuginfo-7.2.5-4.12.2 php7-zlib-7.2.5-4.12.2 php7-zlib-debuginfo-7.2.5-4.12.2 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): php7-pear-7.2.5-4.12.2 php7-pear-Archive_Tar-7.2.5-4.12.2 References: https://www.suse.com/security/cve/CVE-2018-17082.html https://bugzilla.suse.com/1108554 https://bugzilla.suse.com/1108753 From sle-security-updates at lists.suse.com Fri Oct 5 07:11:04 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Oct 2018 15:11:04 +0200 (CEST) Subject: SUSE-SU-2018:3017-1: moderate: Security update for php5 Message-ID: <20181005131104.A2F68FD56@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3017-1 Rating: moderate References: #1108753 Cross-References: CVE-2018-17082 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php5 fixes the following issue: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade was mishandled in the php_handler function (bsc#1108753) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2147=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-2147=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.41.1 php5-debugsource-5.5.14-109.41.1 php5-devel-5.5.14-109.41.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-109.41.1 apache2-mod_php5-debuginfo-5.5.14-109.41.1 php5-5.5.14-109.41.1 php5-bcmath-5.5.14-109.41.1 php5-bcmath-debuginfo-5.5.14-109.41.1 php5-bz2-5.5.14-109.41.1 php5-bz2-debuginfo-5.5.14-109.41.1 php5-calendar-5.5.14-109.41.1 php5-calendar-debuginfo-5.5.14-109.41.1 php5-ctype-5.5.14-109.41.1 php5-ctype-debuginfo-5.5.14-109.41.1 php5-curl-5.5.14-109.41.1 php5-curl-debuginfo-5.5.14-109.41.1 php5-dba-5.5.14-109.41.1 php5-dba-debuginfo-5.5.14-109.41.1 php5-debuginfo-5.5.14-109.41.1 php5-debugsource-5.5.14-109.41.1 php5-dom-5.5.14-109.41.1 php5-dom-debuginfo-5.5.14-109.41.1 php5-enchant-5.5.14-109.41.1 php5-enchant-debuginfo-5.5.14-109.41.1 php5-exif-5.5.14-109.41.1 php5-exif-debuginfo-5.5.14-109.41.1 php5-fastcgi-5.5.14-109.41.1 php5-fastcgi-debuginfo-5.5.14-109.41.1 php5-fileinfo-5.5.14-109.41.1 php5-fileinfo-debuginfo-5.5.14-109.41.1 php5-fpm-5.5.14-109.41.1 php5-fpm-debuginfo-5.5.14-109.41.1 php5-ftp-5.5.14-109.41.1 php5-ftp-debuginfo-5.5.14-109.41.1 php5-gd-5.5.14-109.41.1 php5-gd-debuginfo-5.5.14-109.41.1 php5-gettext-5.5.14-109.41.1 php5-gettext-debuginfo-5.5.14-109.41.1 php5-gmp-5.5.14-109.41.1 php5-gmp-debuginfo-5.5.14-109.41.1 php5-iconv-5.5.14-109.41.1 php5-iconv-debuginfo-5.5.14-109.41.1 php5-imap-5.5.14-109.41.1 php5-imap-debuginfo-5.5.14-109.41.1 php5-intl-5.5.14-109.41.1 php5-intl-debuginfo-5.5.14-109.41.1 php5-json-5.5.14-109.41.1 php5-json-debuginfo-5.5.14-109.41.1 php5-ldap-5.5.14-109.41.1 php5-ldap-debuginfo-5.5.14-109.41.1 php5-mbstring-5.5.14-109.41.1 php5-mbstring-debuginfo-5.5.14-109.41.1 php5-mcrypt-5.5.14-109.41.1 php5-mcrypt-debuginfo-5.5.14-109.41.1 php5-mysql-5.5.14-109.41.1 php5-mysql-debuginfo-5.5.14-109.41.1 php5-odbc-5.5.14-109.41.1 php5-odbc-debuginfo-5.5.14-109.41.1 php5-opcache-5.5.14-109.41.1 php5-opcache-debuginfo-5.5.14-109.41.1 php5-openssl-5.5.14-109.41.1 php5-openssl-debuginfo-5.5.14-109.41.1 php5-pcntl-5.5.14-109.41.1 php5-pcntl-debuginfo-5.5.14-109.41.1 php5-pdo-5.5.14-109.41.1 php5-pdo-debuginfo-5.5.14-109.41.1 php5-pgsql-5.5.14-109.41.1 php5-pgsql-debuginfo-5.5.14-109.41.1 php5-phar-5.5.14-109.41.1 php5-phar-debuginfo-5.5.14-109.41.1 php5-posix-5.5.14-109.41.1 php5-posix-debuginfo-5.5.14-109.41.1 php5-pspell-5.5.14-109.41.1 php5-pspell-debuginfo-5.5.14-109.41.1 php5-shmop-5.5.14-109.41.1 php5-shmop-debuginfo-5.5.14-109.41.1 php5-snmp-5.5.14-109.41.1 php5-snmp-debuginfo-5.5.14-109.41.1 php5-soap-5.5.14-109.41.1 php5-soap-debuginfo-5.5.14-109.41.1 php5-sockets-5.5.14-109.41.1 php5-sockets-debuginfo-5.5.14-109.41.1 php5-sqlite-5.5.14-109.41.1 php5-sqlite-debuginfo-5.5.14-109.41.1 php5-suhosin-5.5.14-109.41.1 php5-suhosin-debuginfo-5.5.14-109.41.1 php5-sysvmsg-5.5.14-109.41.1 php5-sysvmsg-debuginfo-5.5.14-109.41.1 php5-sysvsem-5.5.14-109.41.1 php5-sysvsem-debuginfo-5.5.14-109.41.1 php5-sysvshm-5.5.14-109.41.1 php5-sysvshm-debuginfo-5.5.14-109.41.1 php5-tokenizer-5.5.14-109.41.1 php5-tokenizer-debuginfo-5.5.14-109.41.1 php5-wddx-5.5.14-109.41.1 php5-wddx-debuginfo-5.5.14-109.41.1 php5-xmlreader-5.5.14-109.41.1 php5-xmlreader-debuginfo-5.5.14-109.41.1 php5-xmlrpc-5.5.14-109.41.1 php5-xmlrpc-debuginfo-5.5.14-109.41.1 php5-xmlwriter-5.5.14-109.41.1 php5-xmlwriter-debuginfo-5.5.14-109.41.1 php5-xsl-5.5.14-109.41.1 php5-xsl-debuginfo-5.5.14-109.41.1 php5-zip-5.5.14-109.41.1 php5-zip-debuginfo-5.5.14-109.41.1 php5-zlib-5.5.14-109.41.1 php5-zlib-debuginfo-5.5.14-109.41.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-109.41.1 References: https://www.suse.com/security/cve/CVE-2018-17082.html https://bugzilla.suse.com/1108753 From sle-security-updates at lists.suse.com Fri Oct 5 07:11:36 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Oct 2018 15:11:36 +0200 (CEST) Subject: SUSE-SU-2018:3018-1: moderate: Security update for php53 Message-ID: <20181005131136.475E2FD57@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3018-1 Rating: moderate References: #1108753 Cross-References: CVE-2018-17082 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php53 fixes the following issue: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade was mishandled in the php_handler function (bsc#1108753) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-13807=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-13807=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-13807=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-112.41.1 php53-imap-5.3.17-112.41.1 php53-posix-5.3.17-112.41.1 php53-readline-5.3.17-112.41.1 php53-sockets-5.3.17-112.41.1 php53-sqlite-5.3.17-112.41.1 php53-tidy-5.3.17-112.41.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-112.41.1 php53-5.3.17-112.41.1 php53-bcmath-5.3.17-112.41.1 php53-bz2-5.3.17-112.41.1 php53-calendar-5.3.17-112.41.1 php53-ctype-5.3.17-112.41.1 php53-curl-5.3.17-112.41.1 php53-dba-5.3.17-112.41.1 php53-dom-5.3.17-112.41.1 php53-exif-5.3.17-112.41.1 php53-fastcgi-5.3.17-112.41.1 php53-fileinfo-5.3.17-112.41.1 php53-ftp-5.3.17-112.41.1 php53-gd-5.3.17-112.41.1 php53-gettext-5.3.17-112.41.1 php53-gmp-5.3.17-112.41.1 php53-iconv-5.3.17-112.41.1 php53-intl-5.3.17-112.41.1 php53-json-5.3.17-112.41.1 php53-ldap-5.3.17-112.41.1 php53-mbstring-5.3.17-112.41.1 php53-mcrypt-5.3.17-112.41.1 php53-mysql-5.3.17-112.41.1 php53-odbc-5.3.17-112.41.1 php53-openssl-5.3.17-112.41.1 php53-pcntl-5.3.17-112.41.1 php53-pdo-5.3.17-112.41.1 php53-pear-5.3.17-112.41.1 php53-pgsql-5.3.17-112.41.1 php53-pspell-5.3.17-112.41.1 php53-shmop-5.3.17-112.41.1 php53-snmp-5.3.17-112.41.1 php53-soap-5.3.17-112.41.1 php53-suhosin-5.3.17-112.41.1 php53-sysvmsg-5.3.17-112.41.1 php53-sysvsem-5.3.17-112.41.1 php53-sysvshm-5.3.17-112.41.1 php53-tokenizer-5.3.17-112.41.1 php53-wddx-5.3.17-112.41.1 php53-xmlreader-5.3.17-112.41.1 php53-xmlrpc-5.3.17-112.41.1 php53-xmlwriter-5.3.17-112.41.1 php53-xsl-5.3.17-112.41.1 php53-zip-5.3.17-112.41.1 php53-zlib-5.3.17-112.41.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-112.41.1 php53-debugsource-5.3.17-112.41.1 References: https://www.suse.com/security/cve/CVE-2018-17082.html https://bugzilla.suse.com/1108753 From sle-security-updates at lists.suse.com Fri Oct 5 10:14:58 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Oct 2018 18:14:58 +0200 (CEST) Subject: SUSE-SU-2018:3029-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3) Message-ID: <20181005161458.08BE0FD56@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3029-1 Rating: important References: #1096723 #1102682 #1105323 #1106191 Cross-References: CVE-2018-1000026 CVE-2018-10902 CVE-2018-10938 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.82-6_9 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-1000026: Fixed an insufficient input validation in bnx2x network card driver that can result in DoS via very large, specially crafted packet to the bnx2x card due to a network card firmware assertion that will take the card offline (bsc#1096723). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-2152=1 SUSE-SLE-Live-Patching-12-SP3-2018-2153=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_6-default-11-2.1 kgraft-patch-4_4_82-6_6-default-debuginfo-11-2.1 kgraft-patch-4_4_82-6_9-default-11-2.1 kgraft-patch-4_4_82-6_9-default-debuginfo-11-2.1 References: https://www.suse.com/security/cve/CVE-2018-1000026.html https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10938.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1096723 https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1105323 https://bugzilla.suse.com/1106191 From sle-security-updates at lists.suse.com Fri Oct 5 13:08:07 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Oct 2018 21:08:07 +0200 (CEST) Subject: SUSE-SU-2018:3032-1: important: Security update for the Linux Kernel Message-ID: <20181005190807.3BB65FD56@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3032-1 Rating: important References: #1108399 Cross-References: CVE-2018-17182 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive a security fix. The following security bug was fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2163=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-2163=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.107.1 kernel-default-base-3.12.74-60.64.107.1 kernel-default-base-debuginfo-3.12.74-60.64.107.1 kernel-default-debuginfo-3.12.74-60.64.107.1 kernel-default-debugsource-3.12.74-60.64.107.1 kernel-default-devel-3.12.74-60.64.107.1 kernel-syms-3.12.74-60.64.107.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.107.1 kernel-macros-3.12.74-60.64.107.1 kernel-source-3.12.74-60.64.107.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.107.1 kernel-xen-base-3.12.74-60.64.107.1 kernel-xen-base-debuginfo-3.12.74-60.64.107.1 kernel-xen-debuginfo-3.12.74-60.64.107.1 kernel-xen-debugsource-3.12.74-60.64.107.1 kernel-xen-devel-3.12.74-60.64.107.1 kgraft-patch-3_12_74-60_64_107-default-1-2.3.1 kgraft-patch-3_12_74-60_64_107-xen-1-2.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.107.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.107.1 kernel-ec2-debuginfo-3.12.74-60.64.107.1 kernel-ec2-debugsource-3.12.74-60.64.107.1 kernel-ec2-devel-3.12.74-60.64.107.1 kernel-ec2-extra-3.12.74-60.64.107.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.107.1 References: https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1108399 From sle-security-updates at lists.suse.com Fri Oct 5 13:08:40 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Oct 2018 21:08:40 +0200 (CEST) Subject: SUSE-SU-2018:3033-1: important: Security update for texlive Message-ID: <20181005190840.3D662FD56@maintenance.suse.de> SUSE Security Update: Security update for texlive ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3033-1 Rating: important References: #1109673 Cross-References: CVE-2018-17407 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for texlive fixes the following issue: - CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (bsc#1109673) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2164=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2164=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2164=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libptexenc1-1.3.2dev-22.3.1 libptexenc1-debuginfo-1.3.2dev-22.3.1 texlive-2013.20130620-22.3.1 texlive-bibtex-bin-2013.20130620.svn30088-22.3.1 texlive-bibtex-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-bin-devel-2013.20130620-22.3.1 texlive-checkcites-bin-2013.20130620.svn25623-22.3.1 texlive-context-bin-2013.20130620.svn29741-22.3.1 texlive-cweb-bin-2013.20130620.svn30088-22.3.1 texlive-cweb-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-debugsource-2013.20130620-22.3.1 texlive-dviasm-bin-2013.20130620.svn8329-22.3.1 texlive-dvidvi-bin-2013.20130620.svn30088-22.3.1 texlive-dvidvi-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-dviljk-bin-2013.20130620.svn30088-22.3.1 texlive-dviljk-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-dvipdfmx-bin-2013.20130620.svn30845-22.3.1 texlive-dvipdfmx-bin-debuginfo-2013.20130620.svn30845-22.3.1 texlive-dvipng-bin-2013.20130620.svn30845-22.3.1 texlive-dvipng-bin-debuginfo-2013.20130620.svn30845-22.3.1 texlive-dvips-bin-2013.20130620.svn30088-22.3.1 texlive-dvips-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-dvisvgm-bin-2013.20130620.svn30613-22.3.1 texlive-dvisvgm-bin-debuginfo-2013.20130620.svn30613-22.3.1 texlive-gsftopk-bin-2013.20130620.svn30088-22.3.1 texlive-gsftopk-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-jadetex-bin-2013.20130620.svn3006-22.3.1 texlive-kpathsea-bin-2013.20130620.svn30088-22.3.1 texlive-kpathsea-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-kpathsea-devel-6.2.0dev-22.3.1 texlive-lacheck-bin-2013.20130620.svn30088-22.3.1 texlive-lacheck-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-latex-bin-bin-2013.20130620.svn14050-22.3.1 texlive-lua2dox-bin-2013.20130620.svn29053-22.3.1 texlive-luaotfload-bin-2013.20130620.svn30313-22.3.1 texlive-luatex-bin-2013.20130620.svn30845-22.3.1 texlive-luatex-bin-debuginfo-2013.20130620.svn30845-22.3.1 texlive-makeindex-bin-2013.20130620.svn30088-22.3.1 texlive-makeindex-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-metafont-bin-2013.20130620.svn30088-22.3.1 texlive-metafont-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-metapost-bin-2013.20130620.svn30845-22.3.1 texlive-metapost-bin-debuginfo-2013.20130620.svn30845-22.3.1 texlive-mfware-bin-2013.20130620.svn30088-22.3.1 texlive-mfware-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-mptopdf-bin-2013.20130620.svn18674-22.3.1 texlive-pdftex-bin-2013.20130620.svn30845-22.3.1 texlive-pdftex-bin-debuginfo-2013.20130620.svn30845-22.3.1 texlive-pstools-bin-2013.20130620.svn30088-22.3.1 texlive-pstools-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-ptexenc-devel-1.3.2dev-22.3.1 texlive-seetexk-bin-2013.20130620.svn30088-22.3.1 texlive-seetexk-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-splitindex-bin-2013.20130620.svn29688-22.3.1 texlive-tetex-bin-2013.20130620.svn29741-22.3.1 texlive-tex-bin-2013.20130620.svn30088-22.3.1 texlive-tex-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-tex4ht-bin-2013.20130620.svn30088-22.3.1 texlive-tex4ht-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-texconfig-bin-2013.20130620.svn29741-22.3.1 texlive-thumbpdf-bin-2013.20130620.svn6898-22.3.1 texlive-vlna-bin-2013.20130620.svn30088-22.3.1 texlive-vlna-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-web-bin-2013.20130620.svn30088-22.3.1 texlive-web-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-xdvi-bin-2013.20130620.svn30088-22.3.1 texlive-xdvi-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-xetex-bin-2013.20130620.svn30845-22.3.1 texlive-xetex-bin-debuginfo-2013.20130620.svn30845-22.3.1 texlive-xmltex-bin-2013.20130620.svn3006-22.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 References: https://www.suse.com/security/cve/CVE-2018-17407.html https://bugzilla.suse.com/1109673 From sle-security-updates at lists.suse.com Fri Oct 5 13:20:16 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Oct 2018 21:20:16 +0200 (CEST) Subject: SUSE-SU-2018:3045-1: important: Security update for java-1_8_0-openjdk Message-ID: <20181005192016.1FE66FD56@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3045-1 Rating: important References: #1101644 #1101645 #1101651 #1101656 #1106812 Cross-References: CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645) - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656) These non-security issues were fixed: - Improve desktop file usage - Better Internet address support - speculative traps break when classes are redefined - sun/security/pkcs11/ec/ReadCertificates.java fails intermittently - Clean up code that saves the previous versions of redefined classes - Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links - RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid - NMT is not enabled if NMT option is specified after class path specifiers - EndEntityChecker should not process custom extensions after PKIX validation - SupportedDSAParamGen.java failed with timeout - Montgomery multiply intrinsic should use correct name - When determining the ciphersuite lists, there is no debug output for disabled suites. - sun/security/mscapi/SignedObjectChain.java fails on Windows - On Windows Swing changes keyboard layout on a window activation - IfNode::range_check_trap_proj() should handler dying subgraph with single if proj - Even better Internet address support - Newlines in JAXB string values of SOAP-requests are escaped to " " - TestFlushableGZIPOutputStream failing with IndexOutOfBoundsException - Unable to use JDWP API in JDK 8 to debug JDK 9 VM - Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3 - Performance drop with Java JDK 1.8.0_162-b32 - Upgrade time-zone data to tzdata2018d - Fix potential crash in BufImg_SetupICM - JDK 8u181 l10n resource file update - Remove debug print statements from RMI fix - (tz) Upgrade time-zone data to tzdata2018e - ObjectInputStream filterCheck method throws NullPointerException - adjust reflective access checks - Fixed builds on s390 (bsc#1106812) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2165=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.181-3.10.1 java-1_8_0-openjdk-debuginfo-1.8.0.181-3.10.1 java-1_8_0-openjdk-debugsource-1.8.0.181-3.10.1 java-1_8_0-openjdk-demo-1.8.0.181-3.10.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-3.10.1 java-1_8_0-openjdk-devel-1.8.0.181-3.10.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.181-3.10.1 java-1_8_0-openjdk-headless-1.8.0.181-3.10.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-3.10.1 References: https://www.suse.com/security/cve/CVE-2018-2938.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2973.html https://bugzilla.suse.com/1101644 https://bugzilla.suse.com/1101645 https://bugzilla.suse.com/1101651 https://bugzilla.suse.com/1101656 https://bugzilla.suse.com/1106812 From sle-security-updates at lists.suse.com Mon Oct 8 04:11:35 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Oct 2018 12:11:35 +0200 (CEST) Subject: SUSE-SU-2018:3064-1: important: Security update for java-1_8_0-openjdk Message-ID: <20181008101135.61C6CFED7@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3064-1 Rating: important References: #1101644 #1101645 #1101651 #1101656 #1106812 Cross-References: CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3639 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645) - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656) These non-security issues were fixed: - Improve desktop file usage - Better Internet address support - speculative traps break when classes are redefined - sun/security/pkcs11/ec/ReadCertificates.java fails intermittently - Clean up code that saves the previous versions of redefined classes - Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links - RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid - NMT is not enabled if NMT option is specified after class path specifiers - EndEntityChecker should not process custom extensions after PKIX validation - SupportedDSAParamGen.java failed with timeout - Montgomery multiply intrinsic should use correct name - When determining the ciphersuite lists, there is no debug output for disabled suites. - sun/security/mscapi/SignedObjectChain.java fails on Windows - On Windows Swing changes keyboard layout on a window activation - IfNode::range_check_trap_proj() should handler dying subgraph with single if proj - Even better Internet address support - Newlines in JAXB string values of SOAP-requests are escaped to " " - TestFlushableGZIPOutputStream failing with IndexOutOfBoundsException - Unable to use JDWP API in JDK 8 to debug JDK 9 VM - Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3 - Performance drop with Java JDK 1.8.0_162-b32 - Upgrade time-zone data to tzdata2018d - Fix potential crash in BufImg_SetupICM - JDK 8u181 l10n resource file update - Remove debug print statements from RMI fix - (tz) Upgrade time-zone data to tzdata2018e - ObjectInputStream filterCheck method throws NullPointerException - adjust reflective access checks Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2168=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2168=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2168=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2168=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2168=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2168=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2168=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-openjdk-1.8.0.181-27.26.2 java-1_8_0-openjdk-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-debugsource-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-27.26.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.181-27.26.2 java-1_8_0-openjdk-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-debugsource-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-27.26.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.181-27.26.2 java-1_8_0-openjdk-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-debugsource-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-27.26.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.181-27.26.2 java-1_8_0-openjdk-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-debugsource-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-27.26.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.181-27.26.2 java-1_8_0-openjdk-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-debugsource-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-27.26.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): java-1_8_0-openjdk-1.8.0.181-27.26.2 java-1_8_0-openjdk-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-debugsource-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-27.26.2 - SUSE Enterprise Storage 4 (x86_64): java-1_8_0-openjdk-1.8.0.181-27.26.2 java-1_8_0-openjdk-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-debugsource-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-27.26.2 References: https://www.suse.com/security/cve/CVE-2018-2938.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2973.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1101644 https://bugzilla.suse.com/1101645 https://bugzilla.suse.com/1101651 https://bugzilla.suse.com/1101656 https://bugzilla.suse.com/1106812 From sle-security-updates at lists.suse.com Mon Oct 8 04:13:52 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Oct 2018 12:13:52 +0200 (CEST) Subject: SUSE-SU-2018:3066-1: moderate: Security update for qpdf Message-ID: <20181008101352.3DE77FED7@maintenance.suse.de> SUSE Security Update: Security update for qpdf ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3066-1 Rating: moderate References: #1040311 #1040312 #1040313 #1050577 #1050578 #1050579 #1050581 #1055960 Cross-References: CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 CVE-2017-12595 CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for qpdf fixes the following issues: qpdf was updated to 7.1.1. Security issues fixed: - CVE-2017-11627: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050577). - CVE-2017-11625: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050579). - CVE-2017-11626: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050578). - CVE-2017-11624: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050581). - CVE-2017-12595: Stack overflow when processing deeply nested arrays and dictionaries (bsc#1055960). - CVE-2017-9209: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040312). - CVE-2017-9210: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040313). - CVE-2017-9208: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040311). * Check release notes for detailed bug fixes. * http://qpdf.sourceforge.net/files/qpdf-manual.html#ref.release-notes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2169=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2169=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2169=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2169=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2169=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2169=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2169=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2169=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2169=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2169=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): cups-filters-1.0.58-15.2.1 cups-filters-cups-browsed-1.0.58-15.2.1 cups-filters-cups-browsed-debuginfo-1.0.58-15.2.1 cups-filters-debuginfo-1.0.58-15.2.1 cups-filters-debugsource-1.0.58-15.2.1 cups-filters-foomatic-rip-1.0.58-15.2.1 cups-filters-foomatic-rip-debuginfo-1.0.58-15.2.1 cups-filters-ghostscript-1.0.58-15.2.1 cups-filters-ghostscript-debuginfo-1.0.58-15.2.1 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 qpdf-devel-7.1.1-3.3.4 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): cups-filters-1.0.58-15.2.1 cups-filters-cups-browsed-1.0.58-15.2.1 cups-filters-cups-browsed-debuginfo-1.0.58-15.2.1 cups-filters-debuginfo-1.0.58-15.2.1 cups-filters-debugsource-1.0.58-15.2.1 cups-filters-foomatic-rip-1.0.58-15.2.1 cups-filters-foomatic-rip-debuginfo-1.0.58-15.2.1 cups-filters-ghostscript-1.0.58-15.2.1 cups-filters-ghostscript-debuginfo-1.0.58-15.2.1 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): cups-filters-1.0.58-15.2.1 cups-filters-cups-browsed-1.0.58-15.2.1 cups-filters-cups-browsed-debuginfo-1.0.58-15.2.1 cups-filters-debuginfo-1.0.58-15.2.1 cups-filters-debugsource-1.0.58-15.2.1 cups-filters-foomatic-rip-1.0.58-15.2.1 cups-filters-foomatic-rip-debuginfo-1.0.58-15.2.1 cups-filters-ghostscript-1.0.58-15.2.1 cups-filters-ghostscript-debuginfo-1.0.58-15.2.1 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): cups-filters-1.0.58-19.2.3 cups-filters-cups-browsed-1.0.58-19.2.3 cups-filters-cups-browsed-debuginfo-1.0.58-19.2.3 cups-filters-debuginfo-1.0.58-19.2.3 cups-filters-debugsource-1.0.58-19.2.3 cups-filters-foomatic-rip-1.0.58-19.2.3 cups-filters-foomatic-rip-debuginfo-1.0.58-19.2.3 cups-filters-ghostscript-1.0.58-19.2.3 cups-filters-ghostscript-debuginfo-1.0.58-19.2.3 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): cups-filters-1.0.58-15.2.1 cups-filters-cups-browsed-1.0.58-15.2.1 cups-filters-cups-browsed-debuginfo-1.0.58-15.2.1 cups-filters-debuginfo-1.0.58-15.2.1 cups-filters-debugsource-1.0.58-15.2.1 cups-filters-foomatic-rip-1.0.58-15.2.1 cups-filters-foomatic-rip-debuginfo-1.0.58-15.2.1 cups-filters-ghostscript-1.0.58-15.2.1 cups-filters-ghostscript-debuginfo-1.0.58-15.2.1 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): cups-filters-1.0.58-15.2.1 cups-filters-cups-browsed-1.0.58-15.2.1 cups-filters-cups-browsed-debuginfo-1.0.58-15.2.1 cups-filters-debuginfo-1.0.58-15.2.1 cups-filters-debugsource-1.0.58-15.2.1 cups-filters-foomatic-rip-1.0.58-15.2.1 cups-filters-foomatic-rip-debuginfo-1.0.58-15.2.1 cups-filters-ghostscript-1.0.58-15.2.1 cups-filters-ghostscript-debuginfo-1.0.58-15.2.1 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): cups-filters-1.0.58-15.2.1 cups-filters-cups-browsed-1.0.58-15.2.1 cups-filters-cups-browsed-debuginfo-1.0.58-15.2.1 cups-filters-debuginfo-1.0.58-15.2.1 cups-filters-debugsource-1.0.58-15.2.1 cups-filters-foomatic-rip-1.0.58-15.2.1 cups-filters-foomatic-rip-debuginfo-1.0.58-15.2.1 cups-filters-ghostscript-1.0.58-15.2.1 cups-filters-ghostscript-debuginfo-1.0.58-15.2.1 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): cups-filters-1.0.58-19.2.3 cups-filters-cups-browsed-1.0.58-19.2.3 cups-filters-cups-browsed-debuginfo-1.0.58-19.2.3 cups-filters-debuginfo-1.0.58-19.2.3 cups-filters-debugsource-1.0.58-19.2.3 cups-filters-foomatic-rip-1.0.58-19.2.3 cups-filters-foomatic-rip-debuginfo-1.0.58-19.2.3 cups-filters-ghostscript-1.0.58-19.2.3 cups-filters-ghostscript-debuginfo-1.0.58-19.2.3 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 - SUSE Enterprise Storage 4 (x86_64): cups-filters-1.0.58-15.2.1 cups-filters-cups-browsed-1.0.58-15.2.1 cups-filters-cups-browsed-debuginfo-1.0.58-15.2.1 cups-filters-debuginfo-1.0.58-15.2.1 cups-filters-debugsource-1.0.58-15.2.1 cups-filters-foomatic-rip-1.0.58-15.2.1 cups-filters-foomatic-rip-debuginfo-1.0.58-15.2.1 cups-filters-ghostscript-1.0.58-15.2.1 cups-filters-ghostscript-debuginfo-1.0.58-15.2.1 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 References: https://www.suse.com/security/cve/CVE-2017-11624.html https://www.suse.com/security/cve/CVE-2017-11625.html https://www.suse.com/security/cve/CVE-2017-11626.html https://www.suse.com/security/cve/CVE-2017-11627.html https://www.suse.com/security/cve/CVE-2017-12595.html https://www.suse.com/security/cve/CVE-2017-9208.html https://www.suse.com/security/cve/CVE-2017-9209.html https://www.suse.com/security/cve/CVE-2017-9210.html https://bugzilla.suse.com/1040311 https://bugzilla.suse.com/1040312 https://bugzilla.suse.com/1040313 https://bugzilla.suse.com/1050577 https://bugzilla.suse.com/1050578 https://bugzilla.suse.com/1050579 https://bugzilla.suse.com/1050581 https://bugzilla.suse.com/1055960 From sle-security-updates at lists.suse.com Mon Oct 8 07:08:08 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Oct 2018 15:08:08 +0200 (CEST) Subject: SUSE-SU-2018:3068-1: moderate: Security update for soundtouch Message-ID: <20181008130808.9F5C2FED8@maintenance.suse.de> SUSE Security Update: Security update for soundtouch ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3068-1 Rating: moderate References: #1103676 Cross-References: CVE-2018-1000223 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for soundtouch fixes the following security issue: - CVE-2018-1000223: Prevent buffer overflow in WavInFile::readHeaderBlock() that could have resulted in arbitrary code execution when opening maliocius file in soundstretch utility (bsc#1103676) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2171=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libSoundTouch0-1.8.0-3.3.1 libSoundTouch0-debuginfo-1.8.0-3.3.1 soundtouch-debuginfo-1.8.0-3.3.1 soundtouch-debugsource-1.8.0-3.3.1 soundtouch-devel-1.8.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-1000223.html https://bugzilla.suse.com/1103676 From sle-security-updates at lists.suse.com Mon Oct 8 07:09:17 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Oct 2018 15:09:17 +0200 (CEST) Subject: SUSE-SU-2018:3070-1: moderate: Security update for soundtouch Message-ID: <20181008130917.82A60FED8@maintenance.suse.de> SUSE Security Update: Security update for soundtouch ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3070-1 Rating: moderate References: #1103676 Cross-References: CVE-2018-1000223 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for soundtouch fixes the following security issue: - CVE-2018-1000223: Prevent buffer overflow in WavInFile::readHeaderBlock() that could have resulted in arbitrary code execution when opening maliocius file in soundstretch utility (bsc#1103676) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2172=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2172=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2172=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2172=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libSoundTouch0-32bit-1.7.1-5.3.1 libSoundTouch0-debuginfo-32bit-1.7.1-5.3.1 soundtouch-1.7.1-5.3.1 soundtouch-debuginfo-1.7.1-5.3.1 soundtouch-debugsource-1.7.1-5.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): soundtouch-1.7.1-5.3.1 soundtouch-debuginfo-1.7.1-5.3.1 soundtouch-debugsource-1.7.1-5.3.1 soundtouch-devel-1.7.1-5.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libSoundTouch0-1.7.1-5.3.1 libSoundTouch0-debuginfo-1.7.1-5.3.1 soundtouch-debuginfo-1.7.1-5.3.1 soundtouch-debugsource-1.7.1-5.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libSoundTouch0-1.7.1-5.3.1 libSoundTouch0-32bit-1.7.1-5.3.1 libSoundTouch0-debuginfo-1.7.1-5.3.1 libSoundTouch0-debuginfo-32bit-1.7.1-5.3.1 soundtouch-1.7.1-5.3.1 soundtouch-debuginfo-1.7.1-5.3.1 soundtouch-debugsource-1.7.1-5.3.1 References: https://www.suse.com/security/cve/CVE-2018-1000223.html https://bugzilla.suse.com/1103676 From sle-security-updates at lists.suse.com Mon Oct 8 07:51:13 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Oct 2018 15:51:13 +0200 (CEST) Subject: SUSE-SU-2018:3072-1: important: Security update for ImageMagick Message-ID: <20181008135113.3FFD6FED9@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3072-1 Rating: important References: #1105592 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for ImageMagick fixes the following issues: - Allow writing PS, PS2, PS3, XPS, EPS and PDF, disable reading these filetypes only by default security policy (bsc#1105592) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2173=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2173=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.27.1 ImageMagick-debugsource-7.0.7.34-3.27.1 perl-PerlMagick-7.0.7.34-3.27.1 perl-PerlMagick-debuginfo-7.0.7.34-3.27.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.27.1 ImageMagick-debuginfo-7.0.7.34-3.27.1 ImageMagick-debugsource-7.0.7.34-3.27.1 ImageMagick-devel-7.0.7.34-3.27.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.27.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.27.1 libMagick++-devel-7.0.7.34-3.27.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.27.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.27.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.27.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.27.1 References: https://bugzilla.suse.com/1105592 From sle-security-updates at lists.suse.com Mon Oct 8 10:08:04 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Oct 2018 18:08:04 +0200 (CEST) Subject: SUSE-SU-2018:3073-1: moderate: Security update for kubernetes-salt, velum Message-ID: <20181008160804.43E5CFED7@maintenance.suse.de> SUSE Security Update: Security update for kubernetes-salt, velum ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3073-1 Rating: moderate References: #1097753 #1098369 #1109320 Cross-References: CVE-2018-3760 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for rubygem-sprockets to version 3.7.2 and velum fixes the following issues: This security issue was fixed in rubygem-sprockets: - CVE-2018-3760: Specially crafted requests could have been be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production (bsc#1098369) These non-security issues were fixed in velum: - Fix external auth group mapping for group attr name. (bsc#1109320) - Add configmap from pillar data to dex ldap connectors (fate#324601) - Backport of LDAP external auth feature (fate#324601) - Allow the user to upload a certificate via file (bsc#1097753) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (noarch): kubernetes-salt-3.0.0+git_r855_633c667-3.12.6 - SUSE CaaS Platform 3.0 (x86_64): sles12-velum-image-3.1.2-3.11.30 References: https://www.suse.com/security/cve/CVE-2018-3760.html https://bugzilla.suse.com/1097753 https://bugzilla.suse.com/1098369 https://bugzilla.suse.com/1109320 From sle-security-updates at lists.suse.com Mon Oct 8 13:08:09 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Oct 2018 21:08:09 +0200 (CEST) Subject: SUSE-SU-2018:3074-1: moderate: Security update for postgresql10 Message-ID: <20181008190809.0DF71FEAF@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3074-1 Rating: moderate References: #1108308 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for brings postgresql10 version 10.5 to SUSE Linux Enterprise 12 SP3. (FATE#325659 bnc#1108308) This release marks the change of the versioning scheme for PostgreSQL to a "x.y" format. This means the next minor releases of PostgreSQL will be 10.1, 10.2, ... and the next major release will be 11. * Logical Replication Logical replication extends the current replication features of PostgreSQL with the ability to send modifications on a per-database and per-table level to different PostgreSQL databases. Users can now fine-tune the data replicated to various database clusters and will have the ability to perform zero-downtime upgrades to future major PostgreSQL versions. * Declarative Table Partitioning Table partitioning has existed for years in PostgreSQL but required a user to maintain a nontrivial set of rules and triggers for the partitioning to work. PostgreSQL 10 introduces a table partitioning syntax that lets users easily create and maintain range and list partitioned tables. * Improved Query Parallelism PostgreSQL 10 provides better support for parallelized queries by allowing more parts of the query execution process to be parallelized. Improvements include additional types of data scans that are parallelized as well as optimizations when the data is recombined, such as pre-sorting. These enhancements allow results to be returned more quickly. * Quorum Commit for Synchronous Replication PostgreSQL 10 introduces quorum commit for synchronous replication, which allows for flexibility in how a primary database receives acknowledgement that changes were successfully written to remote replicas. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2176=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2176=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2176=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2176=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2176=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2176=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2176=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2176=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2176=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2176=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-contrib-10.5-1.3.2 postgresql10-contrib-debuginfo-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 postgresql10-server-10.5-1.3.2 postgresql10-server-debuginfo-10.5-1.3.2 - SUSE OpenStack Cloud 7 (noarch): postgresql-init-10-17.20.1 postgresql10-docs-10.5-1.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): postgresql10-devel-10.5-1.3.1 postgresql10-devel-debuginfo-10.5-1.3.1 postgresql10-libs-debugsource-10.5-1.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-contrib-10.5-1.3.2 postgresql10-contrib-debuginfo-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 postgresql10-server-10.5-1.3.2 postgresql10-server-debuginfo-10.5-1.3.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): postgresql-init-10-17.20.1 postgresql10-docs-10.5-1.3.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-contrib-10.5-1.3.2 postgresql10-contrib-debuginfo-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 postgresql10-server-10.5-1.3.2 postgresql10-server-debuginfo-10.5-1.3.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): postgresql-init-10-17.20.1 postgresql10-docs-10.5-1.3.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-contrib-10.5-1.3.2 postgresql10-contrib-debuginfo-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 postgresql10-server-10.5-1.3.2 postgresql10-server-debuginfo-10.5-1.3.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): postgresql-init-10-17.20.1 postgresql10-docs-10.5-1.3.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-contrib-10.5-1.3.2 postgresql10-contrib-debuginfo-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 postgresql10-server-10.5-1.3.2 postgresql10-server-debuginfo-10.5-1.3.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): postgresql-init-10-17.20.1 postgresql10-docs-10.5-1.3.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-contrib-10.5-1.3.2 postgresql10-contrib-debuginfo-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 postgresql10-server-10.5-1.3.2 postgresql10-server-debuginfo-10.5-1.3.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): postgresql-init-10-17.20.1 postgresql10-docs-10.5-1.3.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-contrib-10.5-1.3.2 postgresql10-contrib-debuginfo-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 postgresql10-server-10.5-1.3.2 postgresql10-server-debuginfo-10.5-1.3.2 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): postgresql-init-10-17.20.1 postgresql10-docs-10.5-1.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 - SUSE Enterprise Storage 4 (noarch): postgresql-init-10-17.20.1 postgresql10-docs-10.5-1.3.2 - SUSE Enterprise Storage 4 (x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-contrib-10.5-1.3.2 postgresql10-contrib-debuginfo-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 postgresql10-server-10.5-1.3.2 postgresql10-server-debuginfo-10.5-1.3.2 References: https://bugzilla.suse.com/1108308 From sle-security-updates at lists.suse.com Tue Oct 9 07:08:29 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Oct 2018 15:08:29 +0200 (CEST) Subject: SUSE-SU-2018:3080-1: moderate: Security update for libxml2 Message-ID: <20181009130829.144C8FCBE@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3080-1 Rating: moderate References: #1088279 #1102046 #1105166 Cross-References: CVE-2018-14404 CVE-2018-14567 CVE-2018-9251 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279) - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166) - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2182=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-3.3.1 libxml2-2-debuginfo-2.9.7-3.3.1 libxml2-debugsource-2.9.7-3.3.1 libxml2-devel-2.9.7-3.3.1 libxml2-tools-2.9.7-3.3.1 libxml2-tools-debuginfo-2.9.7-3.3.1 python-libxml2-python-debugsource-2.9.7-3.3.1 python2-libxml2-python-2.9.7-3.3.1 python2-libxml2-python-debuginfo-2.9.7-3.3.1 python3-libxml2-python-2.9.7-3.3.1 python3-libxml2-python-debuginfo-2.9.7-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libxml2-2-32bit-2.9.7-3.3.1 libxml2-2-32bit-debuginfo-2.9.7-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-14404.html https://www.suse.com/security/cve/CVE-2018-14567.html https://www.suse.com/security/cve/CVE-2018-9251.html https://bugzilla.suse.com/1088279 https://bugzilla.suse.com/1102046 https://bugzilla.suse.com/1105166 From sle-security-updates at lists.suse.com Tue Oct 9 07:09:31 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Oct 2018 15:09:31 +0200 (CEST) Subject: SUSE-SU-2018:3081-1: moderate: Security update for libxml2 Message-ID: <20181009130931.4A926FCBE@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3081-1 Rating: moderate References: #1088279 #1088601 #1102046 #1105166 Cross-References: CVE-2017-18258 CVE-2018-14404 CVE-2018-14567 CVE-2018-9251 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279). - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166). - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046). - CVE-2017-18258: The xz_head function allowed remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality did not restrict memory usage to what is required for a legitimate file (bsc#1088601). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2181=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2181=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2181=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2181=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-46.15.1 libxml2-devel-2.9.4-46.15.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.15.1 libxml2-2-debuginfo-2.9.4-46.15.1 libxml2-debugsource-2.9.4-46.15.1 libxml2-tools-2.9.4-46.15.1 libxml2-tools-debuginfo-2.9.4-46.15.1 python-libxml2-2.9.4-46.15.1 python-libxml2-debuginfo-2.9.4-46.15.1 python-libxml2-debugsource-2.9.4-46.15.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libxml2-2-32bit-2.9.4-46.15.1 libxml2-2-debuginfo-32bit-2.9.4-46.15.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): libxml2-doc-2.9.4-46.15.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libxml2-2-2.9.4-46.15.1 libxml2-2-32bit-2.9.4-46.15.1 libxml2-2-debuginfo-2.9.4-46.15.1 libxml2-2-debuginfo-32bit-2.9.4-46.15.1 libxml2-debugsource-2.9.4-46.15.1 libxml2-tools-2.9.4-46.15.1 libxml2-tools-debuginfo-2.9.4-46.15.1 python-libxml2-2.9.4-46.15.1 python-libxml2-debuginfo-2.9.4-46.15.1 python-libxml2-debugsource-2.9.4-46.15.1 - SUSE CaaS Platform ALL (x86_64): libxml2-2-2.9.4-46.15.1 libxml2-2-debuginfo-2.9.4-46.15.1 libxml2-debugsource-2.9.4-46.15.1 libxml2-tools-2.9.4-46.15.1 libxml2-tools-debuginfo-2.9.4-46.15.1 - SUSE CaaS Platform 3.0 (x86_64): libxml2-2-2.9.4-46.15.1 libxml2-2-debuginfo-2.9.4-46.15.1 libxml2-debugsource-2.9.4-46.15.1 libxml2-tools-2.9.4-46.15.1 libxml2-tools-debuginfo-2.9.4-46.15.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libxml2-2-2.9.4-46.15.1 libxml2-2-debuginfo-2.9.4-46.15.1 libxml2-debugsource-2.9.4-46.15.1 References: https://www.suse.com/security/cve/CVE-2017-18258.html https://www.suse.com/security/cve/CVE-2018-14404.html https://www.suse.com/security/cve/CVE-2018-14567.html https://www.suse.com/security/cve/CVE-2018-9251.html https://bugzilla.suse.com/1088279 https://bugzilla.suse.com/1088601 https://bugzilla.suse.com/1102046 https://bugzilla.suse.com/1105166 From sle-security-updates at lists.suse.com Tue Oct 9 07:10:34 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Oct 2018 15:10:34 +0200 (CEST) Subject: SUSE-SU-2018:3082-1: moderate: Security update for java-1_8_0-ibm Message-ID: <20181009131034.9BF30FCBE@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3082-1 Rating: moderate References: #1104668 Cross-References: CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2964 CVE-2018-2973 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_8_0-ibm to 8.0.5.20 fixes the following issues: - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1104668). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1104668). - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1104668). - CVE-2018-2964: Vulnerability in subcomponent: Deployment. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. (bsc#1104668). - CVE-2016-0705: Prevent double free in the dsa_priv_decode function that allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key (bsc#1104668). - CVE-2017-3732: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668). - CVE-2017-3736: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668). - CVE-2018-12539: Users other than the process owner might have been able to use Java Attach API to connect to an IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code (bsc#1104668) - CVE-2018-1517: Unspecified vulnerability (bsc#1104668). - CVE-2018-1656: Unspecified vulnerability (bsc#1104668) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2183=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.20-3.6.2 java-1_8_0-ibm-devel-1.8.0_sr5.20-3.6.2 - SUSE Linux Enterprise Module for Legacy Software 15 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.20-3.6.2 java-1_8_0-ibm-plugin-1.8.0_sr5.20-3.6.2 References: https://www.suse.com/security/cve/CVE-2016-0705.html https://www.suse.com/security/cve/CVE-2017-3732.html https://www.suse.com/security/cve/CVE-2017-3736.html https://www.suse.com/security/cve/CVE-2018-12539.html https://www.suse.com/security/cve/CVE-2018-1517.html https://www.suse.com/security/cve/CVE-2018-1656.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2964.html https://www.suse.com/security/cve/CVE-2018-2973.html https://bugzilla.suse.com/1104668 From sle-security-updates at lists.suse.com Tue Oct 9 10:08:12 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Oct 2018 18:08:12 +0200 (CEST) Subject: SUSE-SU-2018:3083-1: important: Security update for the Linux Kernel Message-ID: <20181009160812.683DFFCBE@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3083-1 Rating: important References: #1012382 #1062604 #1064232 #1065999 #1092903 #1093215 #1096547 #1097104 #1099811 #1099813 #1099844 #1099845 #1099846 #1099849 #1099863 #1099864 #1099922 #1100001 #1100089 #1102870 #1103445 #1104319 #1104495 #1104906 #1105322 #1105412 #1106095 #1106369 #1106509 #1106511 #1107689 #1108399 #1108912 Cross-References: CVE-2018-10853 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-10902 CVE-2018-10940 CVE-2018-12896 CVE-2018-13093 CVE-2018-14617 CVE-2018-14634 CVE-2018-16276 CVE-2018-16658 CVE-2018-17182 CVE-2018-6554 CVE-2018-6555 Affected Products: SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 20 vulnerabilities and has 13 fixes is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912) - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) - CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095) - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) - CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001) - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-10853: The KVM hypervisor did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could have used this flaw to potentially escalate privileges inside guest (bsc#1097104) - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322). - CVE-2018-10879: A local user could have caused a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact by renaming a file in a crafted ext4 filesystem image (bsc#1099844) - CVE-2018-10883: A local user could have caused an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099863) - CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could have used this to cause a system crash and a denial of service (bsc#1099845) - CVE-2018-10882: A local user could have caused an out-of-bound write, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image (bsc#1099849) - CVE-2018-10881: A local user could have caused an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099864) - CVE-2018-10877: Prevent out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image (bsc#1099846) - CVE-2018-10876: A use-after-free was possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image (bsc#1099811) - CVE-2018-10878: A local user could have caused an out-of-bounds write and a denial of service or unspecified other impact by mounting and operating a crafted ext4 filesystem image (bsc#1099813) - CVE-2018-17182: An issue was discovered in the Linux kernel The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). The following non-security bugs were fixed: - bcache: avoid unncessary cache prefetch bch_btree_node_get(). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes. - bcache: display rate debug parameters to 0 when writeback is not running. - bcache: do not check return value of debugfs_create_dir(). - bcache: finish incremental GC. - bcache: fix error setting writeback_rate through sysfs interface (bsc#1064232). - bcache: fix I/O significant decline while backend devices registering. - bcache: free heap cache_set->flush_btree in bch_journal_free. - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section. - bcache: release dc->writeback_lock properly in bch_writeback_thread(). - bcache: set max writeback rate when I/O request is idle (bsc#1064232). - bcache: simplify the calculation of the total amount of flash dirty data. - Do not report CPU affected by L1TF when ARCH_CAP_RDCL_NO bit is set (bsc#1104906). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: do not update checksum of new initialized bitmaps (bnc#1012382). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - kABI: protect struct x86_emulate_ops (kabi). - KEYS: prevent creating a different user's keyrings (bnc#1065999). - KVM: MMU: always terminate page walks at level 1 (bsc#1062604). - KVM: MMU: simplify last_pte_bitmap (bsc#1062604). - KVM: nVMX: update last_nonleaf_level when initializing nested EPT (bsc#1062604). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - updated sssbd handling (bsc#1093215, bsc#1105412). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2185=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-2185=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.146.1 kernel-default-base-3.12.61-52.146.1 kernel-default-base-debuginfo-3.12.61-52.146.1 kernel-default-debuginfo-3.12.61-52.146.1 kernel-default-debugsource-3.12.61-52.146.1 kernel-default-devel-3.12.61-52.146.1 kernel-syms-3.12.61-52.146.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.146.1 kernel-xen-base-3.12.61-52.146.1 kernel-xen-base-debuginfo-3.12.61-52.146.1 kernel-xen-debuginfo-3.12.61-52.146.1 kernel-xen-debugsource-3.12.61-52.146.1 kernel-xen-devel-3.12.61-52.146.1 kgraft-patch-3_12_61-52_146-default-1-1.5.1 kgraft-patch-3_12_61-52_146-xen-1-1.5.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.146.1 kernel-macros-3.12.61-52.146.1 kernel-source-3.12.61-52.146.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.146.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.146.1 kernel-ec2-debuginfo-3.12.61-52.146.1 kernel-ec2-debugsource-3.12.61-52.146.1 kernel-ec2-devel-3.12.61-52.146.1 kernel-ec2-extra-3.12.61-52.146.1 kernel-ec2-extra-debuginfo-3.12.61-52.146.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-10876.html https://www.suse.com/security/cve/CVE-2018-10877.html https://www.suse.com/security/cve/CVE-2018-10878.html https://www.suse.com/security/cve/CVE-2018-10879.html https://www.suse.com/security/cve/CVE-2018-10880.html https://www.suse.com/security/cve/CVE-2018-10881.html https://www.suse.com/security/cve/CVE-2018-10882.html https://www.suse.com/security/cve/CVE-2018-10883.html https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10940.html https://www.suse.com/security/cve/CVE-2018-12896.html https://www.suse.com/security/cve/CVE-2018-13093.html https://www.suse.com/security/cve/CVE-2018-14617.html https://www.suse.com/security/cve/CVE-2018-14634.html https://www.suse.com/security/cve/CVE-2018-16276.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-17182.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1062604 https://bugzilla.suse.com/1064232 https://bugzilla.suse.com/1065999 https://bugzilla.suse.com/1092903 https://bugzilla.suse.com/1093215 https://bugzilla.suse.com/1096547 https://bugzilla.suse.com/1097104 https://bugzilla.suse.com/1099811 https://bugzilla.suse.com/1099813 https://bugzilla.suse.com/1099844 https://bugzilla.suse.com/1099845 https://bugzilla.suse.com/1099846 https://bugzilla.suse.com/1099849 https://bugzilla.suse.com/1099863 https://bugzilla.suse.com/1099864 https://bugzilla.suse.com/1099922 https://bugzilla.suse.com/1100001 https://bugzilla.suse.com/1100089 https://bugzilla.suse.com/1102870 https://bugzilla.suse.com/1103445 https://bugzilla.suse.com/1104319 https://bugzilla.suse.com/1104495 https://bugzilla.suse.com/1104906 https://bugzilla.suse.com/1105322 https://bugzilla.suse.com/1105412 https://bugzilla.suse.com/1106095 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1108399 https://bugzilla.suse.com/1108912 From sle-security-updates at lists.suse.com Tue Oct 9 10:14:57 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Oct 2018 18:14:57 +0200 (CEST) Subject: SUSE-SU-2018:3084-1: important: Security update for the Linux Kernel Message-ID: <20181009161457.8EC1AFCBE@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3084-1 Rating: important References: #1012382 #1042286 #1062604 #1064232 #1065364 #1082519 #1082863 #1084536 #1085042 #1088810 #1089066 #1092903 #1094466 #1095344 #1096547 #1097104 #1099597 #1099811 #1099813 #1099844 #1099845 #1099846 #1099849 #1099863 #1099864 #1099922 #1099993 #1099999 #1100000 #1100001 #1100152 #1102517 #1102715 #1102870 #1103445 #1104319 #1104495 #1105292 #1105296 #1105322 #1105348 #1105396 #1105536 #1106016 #1106095 #1106369 #1106509 #1106511 #1106512 #1106594 #1107689 #1107735 #1107966 #1108239 #1108399 #1109333 Cross-References: CVE-2018-10853 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-10902 CVE-2018-10938 CVE-2018-10940 CVE-2018-12896 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-14617 CVE-2018-14678 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276 CVE-2018-16658 CVE-2018-17182 CVE-2018-6554 CVE-2018-6555 CVE-2018-7480 CVE-2018-7757 CVE-2018-9363 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise High Availability 12-SP2 SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 28 vulnerabilities and has 28 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. - CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest (bnc#1097104). - CVE-2018-10876: A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. (bnc#1099811) - CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. (bnc#1099846) - CVE-2018-10878: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. (bnc#1099813) - CVE-2018-10879: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. (bnc#1099844) - CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. (bnc#1099845) - CVE-2018-10881: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099864) - CVE-2018-10882: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. (bnc#1099849) - CVE-2018-10883: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099863) - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation (bnc#1105322). - CVE-2018-10938: A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw (bnc#1106016). - CVE-2018-10940: The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bnc#1092903). - CVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922). - CVE-2018-13093: There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001). - CVE-2018-13094: An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000). - CVE-2018-13095: A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999). - CVE-2018-14617: There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bnc#1102870). - CVE-2018-14678: The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S did not properly maintain RBX, which allowed local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges (bnc#1102715). - CVE-2018-15572: The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517 bnc#1105296). - CVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect calls, which made it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests (bnc#1105348). - CVE-2018-16276: Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges (bnc#1106095). - CVE-2018-16658: An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 (bnc#1107689). - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). - CVE-2018-6554: Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509). - CVE-2018-6555: The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536). - CVE-2018-9363: A buffer overflow in bluetooth HID report processing could be used by malicious bluetooth devices to crash the kernel or potentially execute code (bnc#1105292). The following security bugs were fixed: - CVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c allowed local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure (bnc#1082863). The following non-security bugs were fixed: - atm: Preserve value of skb->truesize when accounting to vcc (bsc#1089066). - bcache: avoid unncessary cache prefetch bch_btree_node_get() (bsc#1064232). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes (bsc#1064232). - bcache: display rate debug parameters to 0 when writeback is not running (bsc#1064232). - bcache: do not check return value of debugfs_create_dir() (bsc#1064232). - bcache: finish incremental GC (bsc#1064232). - bcache: fix error setting writeback_rate through sysfs interface (bsc#1064232). - bcache: fix I/O significant decline while backend devices registering (bsc#1064232). - bcache: free heap cache_set->flush_btree in bch_journal_free (bsc#1064232). - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section (bsc#1064232). - bcache: release dc->writeback_lock properly in bch_writeback_thread() (bsc#1064232). - bcache: set max writeback rate when I/O request is idle (bsc#1064232). - bcache: simplify the calculation of the total amount of flash dirty data (bsc#1064232). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: do not update checksum of new initialized bitmaps (bnc#1012382). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - ibmvnic: Include missing return code checks in reset function (bnc#1107966). - kABI: protect struct x86_emulate_ops (kabi). - kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597) - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kvm: MMU: always terminate page walks at level 1 (bsc#1062604). - kvm: MMU: simplify last_pte_bitmap (bsc#1062604). - kvm: nVMX: update last_nonleaf_level when initializing nested EPT (bsc#1062604). - kvm: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - kvm: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - net: add skb_condense() helper (bsc#1089066). - net: adjust skb->truesize in pskb_expand_head() (bsc#1089066). - net: adjust skb->truesize in ___pskb_trim() (bsc#1089066). - net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108239). - net: ena: fix device destruction to gracefully free resources (bsc#1108239). - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108239). - net: ena: fix incorrect usage of memory barriers (bsc#1108239). - net: ena: fix missing calls to READ_ONCE (bsc#1108239). - net: ena: fix missing lock during device destruction (bsc#1108239). - net: ena: fix potential double ena_destroy_device() (bsc#1108239). - net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108239). - net: ena: Fix use of uninitialized DMA address bits field (bsc#1108239). - netfilter: xt_CT: fix refcnt leak on error path (bnc#1012382 bsc#1100152). - netlink: do not enter direct reclaim from netlink_trim() (bsc#1042286). - nfs: Use an appropriate work queue for direct-write completion (bsc#1082519). - ovl: fix random return value on mount (bsc#1099993). - ovl: fix uid/gid when creating over whiteout (bsc#1099993). - ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512). - ovl: override creds with the ones from the superblock mounter (bsc#1099993). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc/livepatch: Fix livepatch stack access (bsc#1094466). - powerpc/modules: Do not try to restore r2 after a sibling call (bsc#1094466). - powerpc/tm: Avoid possible userspace r1 corruption on reclaim (bsc#1109333). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - provide special timeout module parameters for EC2 (bsc#1065364). - stop_machine: Atomically queue and wake stopper threads (git-fixes). - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - x86: Drop kernel trampoline stack. It is involved in breaking kdump/kexec infrastucture. (bsc#1099597) - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xen/blkback: do not keep persistent grants too long (bsc#1085042). - xen/blkback: move persistent grants flags to bool (bsc#1085042). - xen/blkfront: cleanup stale persistent grants (bsc#1085042). - xen/blkfront: reorder tests in xlblk_init() (bsc#1085042). - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344). - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space (bsc#1095344). - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344). - xfs: add a xfs_iext_update_extent helper (bsc#1095344). - xfs: add comments documenting the rebalance algorithm (bsc#1095344). - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344). - xfs: add xfs_trim_extent (bsc#1095344). - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344). - xfs: borrow indirect blocks from freed extent when available (bsc#1095344). - xfs: cleanup xfs_bmap_last_before (bsc#1095344). - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344). - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344). - xfs: during btree split, save new block key & ptr for future insertion (bsc#1095344). - xfs: factor out a helper to initialize a local format inode fork (bsc#1095344). - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344). - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344). - xfs: handle indlen shortage on delalloc extent merge (bsc#1095344). - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344). - xfs: improve kmem_realloc (bsc#1095344). - xfs: inline xfs_shift_file_space into callers (bsc#1095344). - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344). - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344). - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344). - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344). - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344). - xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344). - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344). - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344). - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344). - xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344). - xfs: new inode extent list lookup helpers (bsc#1095344). - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344). - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344). - xfs: provide helper for counting extents from if_bytes (bsc#1095344). - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor delalloc indlen reservation split into helper (bsc#1095344). - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: refactor xfs_bunmapi_cow (bsc#1095344). - xfs: refactor xfs_del_extent_real (bsc#1095344). - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344). - xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344). - xfs: Remove dead code from inode recover function (bsc#1105396). - xfs: remove if_rdev (bsc#1095344). - xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344). - xfs: remove support for inlining data/extents into the inode fork (bsc#1095344). - xfs: remove the never fully implemented UUID fork format (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344). - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344). - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344). - xfs: remove xfs_bmbt_get_state (bsc#1095344). - xfs: remove xfs_bmse_shift_one (bsc#1095344). - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344). - xfs: repair malformed inode items during log recovery (bsc#1105396). - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344). - xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344). - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344). - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344). - xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344). - xfs: simplify the xfs_getbmap interface (bsc#1095344). - xfs: simplify validation of the unwritten extent bit (bsc#1095344). - xfs: split indlen reservations fairly when under reserved (bsc#1095344). - xfs: split xfs_bmap_shift_extents (bsc#1095344). - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344). - xfs: update freeblocks counter after extent deletion (bsc#1095344). - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344). - xfs: use a b+tree for the in-core extent list (bsc#1095344). - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay} (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344). - xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344). - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344). - xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344). - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344). - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2188=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2188=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2188=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2188=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2018-2188=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2188=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2188=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kernel-default-4.4.121-92.95.1 kernel-default-base-4.4.121-92.95.1 kernel-default-base-debuginfo-4.4.121-92.95.1 kernel-default-debuginfo-4.4.121-92.95.1 kernel-default-debugsource-4.4.121-92.95.1 kernel-default-devel-4.4.121-92.95.1 kernel-syms-4.4.121-92.95.1 - SUSE OpenStack Cloud 7 (x86_64): kgraft-patch-4_4_121-92_95-default-1-3.4.1 lttng-modules-2.7.1-9.6.1 lttng-modules-debugsource-2.7.1-9.6.1 lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1 lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1 - SUSE OpenStack Cloud 7 (noarch): kernel-devel-4.4.121-92.95.1 kernel-macros-4.4.121-92.95.1 kernel-source-4.4.121-92.95.1 - SUSE OpenStack Cloud 7 (s390x): kernel-default-man-4.4.121-92.95.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kernel-default-4.4.121-92.95.1 kernel-default-base-4.4.121-92.95.1 kernel-default-base-debuginfo-4.4.121-92.95.1 kernel-default-debuginfo-4.4.121-92.95.1 kernel-default-debugsource-4.4.121-92.95.1 kernel-default-devel-4.4.121-92.95.1 kernel-syms-4.4.121-92.95.1 kgraft-patch-4_4_121-92_95-default-1-3.4.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-devel-4.4.121-92.95.1 kernel-macros-4.4.121-92.95.1 kernel-source-4.4.121-92.95.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): lttng-modules-2.7.1-9.6.1 lttng-modules-debugsource-2.7.1-9.6.1 lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1 lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kernel-default-4.4.121-92.95.1 kernel-default-base-4.4.121-92.95.1 kernel-default-base-debuginfo-4.4.121-92.95.1 kernel-default-debuginfo-4.4.121-92.95.1 kernel-default-debugsource-4.4.121-92.95.1 kernel-default-devel-4.4.121-92.95.1 kernel-syms-4.4.121-92.95.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_95-default-1-3.4.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): lttng-modules-2.7.1-9.6.1 lttng-modules-debugsource-2.7.1-9.6.1 lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1 lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-devel-4.4.121-92.95.1 kernel-macros-4.4.121-92.95.1 kernel-source-4.4.121-92.95.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): kernel-default-man-4.4.121-92.95.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.95.1 kernel-default-base-4.4.121-92.95.1 kernel-default-base-debuginfo-4.4.121-92.95.1 kernel-default-debuginfo-4.4.121-92.95.1 kernel-default-debugsource-4.4.121-92.95.1 kernel-default-devel-4.4.121-92.95.1 kernel-syms-4.4.121-92.95.1 lttng-modules-2.7.1-9.6.1 lttng-modules-debugsource-2.7.1-9.6.1 lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1 lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.95.1 kernel-macros-4.4.121-92.95.1 kernel-source-4.4.121-92.95.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.121-92.95.1 cluster-md-kmp-default-debuginfo-4.4.121-92.95.1 cluster-network-kmp-default-4.4.121-92.95.1 cluster-network-kmp-default-debuginfo-4.4.121-92.95.1 dlm-kmp-default-4.4.121-92.95.1 dlm-kmp-default-debuginfo-4.4.121-92.95.1 gfs2-kmp-default-4.4.121-92.95.1 gfs2-kmp-default-debuginfo-4.4.121-92.95.1 kernel-default-debuginfo-4.4.121-92.95.1 kernel-default-debugsource-4.4.121-92.95.1 ocfs2-kmp-default-4.4.121-92.95.1 ocfs2-kmp-default-debuginfo-4.4.121-92.95.1 - SUSE Enterprise Storage 4 (noarch): kernel-devel-4.4.121-92.95.1 kernel-macros-4.4.121-92.95.1 kernel-source-4.4.121-92.95.1 - SUSE Enterprise Storage 4 (x86_64): kernel-default-4.4.121-92.95.1 kernel-default-base-4.4.121-92.95.1 kernel-default-base-debuginfo-4.4.121-92.95.1 kernel-default-debuginfo-4.4.121-92.95.1 kernel-default-debugsource-4.4.121-92.95.1 kernel-default-devel-4.4.121-92.95.1 kernel-syms-4.4.121-92.95.1 kgraft-patch-4_4_121-92_95-default-1-3.4.1 lttng-modules-2.7.1-9.6.1 lttng-modules-debugsource-2.7.1-9.6.1 lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1 lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.121-92.95.1 kernel-default-debuginfo-4.4.121-92.95.1 kernel-default-debugsource-4.4.121-92.95.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-10876.html https://www.suse.com/security/cve/CVE-2018-10877.html https://www.suse.com/security/cve/CVE-2018-10878.html https://www.suse.com/security/cve/CVE-2018-10879.html https://www.suse.com/security/cve/CVE-2018-10880.html https://www.suse.com/security/cve/CVE-2018-10881.html https://www.suse.com/security/cve/CVE-2018-10882.html https://www.suse.com/security/cve/CVE-2018-10883.html https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10938.html https://www.suse.com/security/cve/CVE-2018-10940.html https://www.suse.com/security/cve/CVE-2018-12896.html https://www.suse.com/security/cve/CVE-2018-13093.html https://www.suse.com/security/cve/CVE-2018-13094.html https://www.suse.com/security/cve/CVE-2018-13095.html https://www.suse.com/security/cve/CVE-2018-14617.html https://www.suse.com/security/cve/CVE-2018-14678.html https://www.suse.com/security/cve/CVE-2018-15572.html https://www.suse.com/security/cve/CVE-2018-15594.html https://www.suse.com/security/cve/CVE-2018-16276.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-17182.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://www.suse.com/security/cve/CVE-2018-7480.html https://www.suse.com/security/cve/CVE-2018-7757.html https://www.suse.com/security/cve/CVE-2018-9363.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1062604 https://bugzilla.suse.com/1064232 https://bugzilla.suse.com/1065364 https://bugzilla.suse.com/1082519 https://bugzilla.suse.com/1082863 https://bugzilla.suse.com/1084536 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1088810 https://bugzilla.suse.com/1089066 https://bugzilla.suse.com/1092903 https://bugzilla.suse.com/1094466 https://bugzilla.suse.com/1095344 https://bugzilla.suse.com/1096547 https://bugzilla.suse.com/1097104 https://bugzilla.suse.com/1099597 https://bugzilla.suse.com/1099811 https://bugzilla.suse.com/1099813 https://bugzilla.suse.com/1099844 https://bugzilla.suse.com/1099845 https://bugzilla.suse.com/1099846 https://bugzilla.suse.com/1099849 https://bugzilla.suse.com/1099863 https://bugzilla.suse.com/1099864 https://bugzilla.suse.com/1099922 https://bugzilla.suse.com/1099993 https://bugzilla.suse.com/1099999 https://bugzilla.suse.com/1100000 https://bugzilla.suse.com/1100001 https://bugzilla.suse.com/1100152 https://bugzilla.suse.com/1102517 https://bugzilla.suse.com/1102715 https://bugzilla.suse.com/1102870 https://bugzilla.suse.com/1103445 https://bugzilla.suse.com/1104319 https://bugzilla.suse.com/1104495 https://bugzilla.suse.com/1105292 https://bugzilla.suse.com/1105296 https://bugzilla.suse.com/1105322 https://bugzilla.suse.com/1105348 https://bugzilla.suse.com/1105396 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1106016 https://bugzilla.suse.com/1106095 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1106512 https://bugzilla.suse.com/1106594 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1107735 https://bugzilla.suse.com/1107966 https://bugzilla.suse.com/1108239 https://bugzilla.suse.com/1108399 https://bugzilla.suse.com/1109333 From sle-security-updates at lists.suse.com Tue Oct 9 10:27:26 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Oct 2018 18:27:26 +0200 (CEST) Subject: SUSE-SU-2018:3088-1: important: Security update for the Linux Kernel Message-ID: <20181009162726.3AF06FCBE@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3088-1 Rating: important References: #1045538 #1048185 #1050381 #1050431 #1057199 #1060245 #1064861 #1068032 #1080157 #1087081 #1092772 #1092903 #1093666 #1096547 #1098822 #1099922 #1100132 #1100705 #1102517 #1102870 #1103119 #1104481 #1104684 #1104818 #1104901 #1105100 #1105322 #1105348 #1105536 #1105723 #1106095 #1106105 #1106199 #1106202 #1106206 #1106209 #1106212 #1106369 #1106509 #1106511 #1106609 #1106886 #1106930 #1106995 #1107001 #1107064 #1107071 #1107650 #1107689 #1107735 #1107949 #1108096 #1108170 #1108823 #1108912 Cross-References: CVE-2018-10902 CVE-2018-10940 CVE-2018-12896 CVE-2018-14617 CVE-2018-14634 CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 43 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912) - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) - CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095) - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-15594: Ensure correct handling of indirect calls, to prevent attackers for conducting Spectre-v2 attacks against paravirtual guests (bsc#1105348) - CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517) - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322). - CVE-2018-14734: ucma_leave_multicast accessed a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bsc#1103119) The following non-security bugs were fixed: - ACPI: APEI / ERST: Fix missing error handling in erst_reader() (bsc#1045538). - ALSA: fm801: propagate TUNER_ONLY bit when autodetected (bsc#1045538). - ALSA: pcm: Fix snd_pcm_hw_params struct copy in compat mode (bsc#1045538). - ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() (bsc#1045538). - ALSA: pcm: fix fifo_size frame calculation (bsc#1045538). - ALSA: snd-aoa: add of_node_put() in error path (bsc#1045538). - ALSA: usb-audio: Add sanity checks in v2 clock parsers (bsc#1045538). - ALSA: usb-audio: Add sanity checks to FE parser (bsc#1045538). - ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute (bsc#1045538). - ALSA: usb-audio: Fix bogus error return in snd_usb_create_stream() (bsc#1045538). - ALSA: usb-audio: Fix parameter block size for UAC2 control requests (bsc#1045538). - ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit (bsc#1045538). - ALSA: usb-audio: Fix potential out-of-bound access at parsing SU (bsc#1045538). - ALSA: usb-audio: Set correct type for some UAC2 mixer controls (bsc#1045538). - ASoC: blackfin: Fix missing break (bsc#1045538). - Enforce module signatures if the kernel is locked down (bsc#1093666). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - PCI: Fix TI816X class code quirk (bsc#1050431). - Refresh patches.xen/xen3-x86-l1tf-04-protect-PROT_NONE-ptes.patch (bsc#1105100). - TPM: Zero buffer whole after copying to userspace (bsc#1050381). - USB: serial: io_ti: fix NULL-deref in interrupt callback (bsc#1106609). - USB: serial: sierra: fix potential deadlock at close (bsc#1100132). - applicom: dereferencing NULL on error path (git-fixes). - ath5k: Change led pin configuration for compaq c700 laptop (bsc#1048185). - base: make module_create_drivers_dir race-free (git-fixes). - block: fix an error code in add_partition() (bsc#1106209). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (bsc#1108096). - btrfs: scrub: Do not use inode pages for device replace (bsc#1107949). - dasd: Add IFCC notice message (bnc#1104481, LTC#170484). - drm/i915: Remove bogus __init annotation from DMI callbacks (bsc#1106886). - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bsc#1106886). - drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve() (bsc#1106886). - drm: crtc: integer overflow in drm_property_create_blob() (bsc#1106886). - fbdev: omapfb: off by one in omapfb_register_client() (bsc#1106886). - iommu/amd: Finish TLB flush in amd_iommu_unmap() (bsc#1106105). - iommu/amd: Fix the left value check of cmd buffer (bsc#1106105). - iommu/amd: Free domain id when free a domain of struct dma_ops_domain (bsc#1106105). - iommu/amd: Update Alias-DTE in update_device_table() (bsc#1106105). - iommu/vt-d: Do not over-free page table directories (bsc#1106105). - iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105). - ipv6: Regenerate host route according to node pointer upon loopback up (bsc#1100705). - ipv6: correctly add local routes when lo goes up (bsc#1100705). - ipv6: introduce ip6_rt_put() (bsc#1100705). - ipv6: reallocate addrconf router for ipv6 address when lo device up (bsc#1100705). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - mm/hugetlb: add migration/hwpoisoned entry check in hugetlb_change_protection (bnc#1107071). - mm/mempolicy.c: avoid use uninitialized preferred_node (bnc#1107064). - modsign: log module name in the event of an error (bsc#1093666). - modsign: print module name along with error message (bsc#1093666). - module: make it clear when we're handling the module copy in info->hdr (bsc#1093666). - module: setup load info before module_sig_check() (bsc#1093666). - nbd: ratelimit error msgs after socket close (bsc#1106206). - ncpfs: return proper error from NCP_IOC_SETROOT ioctl (bsc#1106199). - perf/x86/intel: Add cpu_(prepare|starting|dying) for core_pmu (bsc#1104901). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes). - powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772, bsc#1107650). - powerpc/fadump: exclude memory holes while reserving memory in second kernel (bsc#1092772, bsc#1107650). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc/lib: Fix off-by-one in alternate feature patching (bsc#1064861). - powerpc/lib: Fix the feature fixup tests to actually work (bsc#1064861). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc: make feature-fixup tests fortify-safe (bsc#1064861). - ptrace: fix PTRACE_LISTEN race corrupting task->state (bnc#1107001). - qlge: Fix netdev features configuration (bsc#1098822). - resource: fix integer overflow at reallocation (bsc#1045538). - rpm/kernel-docs.spec.in: Expand kernel tree directly from sources (bsc#1057199) - s390/ftrace: use expoline for indirect branches (bnc#1106930, LTC#171029). - s390/kernel: use expoline for indirect branches (bnc#1106930, LTC#171029). - s390/qeth: do not clobber buffer on async TX completion (bnc#1060245, LTC#170349). - s390: Correct register corruption in critical section cleanup (bnc#1106930, LTC#171029). - s390: add assembler macros for CPU alternatives (bnc#1106930, LTC#171029). - s390: detect etoken facility (bnc#1106930, LTC#171029). - s390: move expoline assembler macros to a header (bnc#1106930, LTC#171029). - s390: move spectre sysfs attribute code (bnc#1106930, LTC#171029). - s390: remove indirect branch from do_softirq_own_stack (bnc#1106930, LTC#171029). - sys: do not hold uts_sem while accessing userspace memory (bnc#1106995). - tpm: fix race condition in tpm_common_write() (bsc#1050381). - tracing/blktrace: Fix to allow setting same value (bsc#1106212). - tty: vt, fix bogus division in csi_J (git-fixes). - tty: vt, return error when con_startup fails (git-fixes). - uml: fix hostfs mknod() (bsc#1106202). - usb: audio-v2: Correct the comment for struct uac_clock_selector_descriptor (bsc#1045538). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). - x86/init: fix build with CONFIG_SWAP=n (bsc#1105723). - x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y (bsc#1106105). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/vdso: Fix vDSO build if a retpoline is emitted (git-fixes). - xen x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - xen x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen, x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - xen: x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-linux-kernel-13810=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-linux-kernel-13810=1 Package List: - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): kernel-rt-3.0.101.rt130-69.36.1 kernel-rt-base-3.0.101.rt130-69.36.1 kernel-rt-devel-3.0.101.rt130-69.36.1 kernel-rt_trace-3.0.101.rt130-69.36.1 kernel-rt_trace-base-3.0.101.rt130-69.36.1 kernel-rt_trace-devel-3.0.101.rt130-69.36.1 kernel-source-rt-3.0.101.rt130-69.36.1 kernel-syms-rt-3.0.101.rt130-69.36.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): kernel-rt-debuginfo-3.0.101.rt130-69.36.1 kernel-rt-debugsource-3.0.101.rt130-69.36.1 kernel-rt_debug-debuginfo-3.0.101.rt130-69.36.1 kernel-rt_debug-debugsource-3.0.101.rt130-69.36.1 kernel-rt_trace-debuginfo-3.0.101.rt130-69.36.1 kernel-rt_trace-debugsource-3.0.101.rt130-69.36.1 References: https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10940.html https://www.suse.com/security/cve/CVE-2018-12896.html https://www.suse.com/security/cve/CVE-2018-14617.html https://www.suse.com/security/cve/CVE-2018-14634.html https://www.suse.com/security/cve/CVE-2018-14734.html https://www.suse.com/security/cve/CVE-2018-15572.html https://www.suse.com/security/cve/CVE-2018-15594.html https://www.suse.com/security/cve/CVE-2018-16276.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://bugzilla.suse.com/1045538 https://bugzilla.suse.com/1048185 https://bugzilla.suse.com/1050381 https://bugzilla.suse.com/1050431 https://bugzilla.suse.com/1057199 https://bugzilla.suse.com/1060245 https://bugzilla.suse.com/1064861 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1080157 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1092772 https://bugzilla.suse.com/1092903 https://bugzilla.suse.com/1093666 https://bugzilla.suse.com/1096547 https://bugzilla.suse.com/1098822 https://bugzilla.suse.com/1099922 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1100705 https://bugzilla.suse.com/1102517 https://bugzilla.suse.com/1102870 https://bugzilla.suse.com/1103119 https://bugzilla.suse.com/1104481 https://bugzilla.suse.com/1104684 https://bugzilla.suse.com/1104818 https://bugzilla.suse.com/1104901 https://bugzilla.suse.com/1105100 https://bugzilla.suse.com/1105322 https://bugzilla.suse.com/1105348 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1105723 https://bugzilla.suse.com/1106095 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106199 https://bugzilla.suse.com/1106202 https://bugzilla.suse.com/1106206 https://bugzilla.suse.com/1106209 https://bugzilla.suse.com/1106212 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1106609 https://bugzilla.suse.com/1106886 https://bugzilla.suse.com/1106930 https://bugzilla.suse.com/1106995 https://bugzilla.suse.com/1107001 https://bugzilla.suse.com/1107064 https://bugzilla.suse.com/1107071 https://bugzilla.suse.com/1107650 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1107735 https://bugzilla.suse.com/1107949 https://bugzilla.suse.com/1108096 https://bugzilla.suse.com/1108170 https://bugzilla.suse.com/1108823 https://bugzilla.suse.com/1108912 From sle-security-updates at lists.suse.com Thu Oct 11 01:08:25 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Oct 2018 09:08:25 +0200 (CEST) Subject: SUSE-SU-2018:3095-1: moderate: Security update for ImageMagick Message-ID: <20181011070825.2F611FCD2@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3095-1 Rating: moderate References: #1050129 #1105592 #1106989 #1107604 #1107609 #1107612 #1107616 #1107619 #1108282 #1108283 Cross-References: CVE-2017-11532 CVE-2018-16413 CVE-2018-16640 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has one errata is now available. Description: This update for ImageMagick fixes the following security issues: - CVE-2017-11532: Prevent a memory leak vulnerability in the WriteMPCImage() function in coders/mpc.c via a crafted file allowing for DoS (bsc#1050129) - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283) - CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file (bsc#1108282) - CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616) - CVE-2018-16640: Prevent memory leak in the function ReadOneJNGImage (bsc#1107619) - CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612) - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609) - CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604) - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989) This update also relaxes the restrictions of use of Postscript like formats to "write" only. (bsc#1105592) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2195=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2195=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2195=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2195=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.79.1 ImageMagick-debuginfo-6.8.8.1-71.79.1 ImageMagick-debugsource-6.8.8.1-71.79.1 libMagick++-6_Q16-3-6.8.8.1-71.79.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.79.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.79.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.79.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.79.1 ImageMagick-debuginfo-6.8.8.1-71.79.1 ImageMagick-debugsource-6.8.8.1-71.79.1 ImageMagick-devel-6.8.8.1-71.79.1 libMagick++-6_Q16-3-6.8.8.1-71.79.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.79.1 libMagick++-devel-6.8.8.1-71.79.1 perl-PerlMagick-6.8.8.1-71.79.1 perl-PerlMagick-debuginfo-6.8.8.1-71.79.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.79.1 ImageMagick-debugsource-6.8.8.1-71.79.1 libMagickCore-6_Q16-1-6.8.8.1-71.79.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.79.1 libMagickWand-6_Q16-1-6.8.8.1-71.79.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.79.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.79.1 ImageMagick-debuginfo-6.8.8.1-71.79.1 ImageMagick-debugsource-6.8.8.1-71.79.1 libMagick++-6_Q16-3-6.8.8.1-71.79.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.79.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.79.1 libMagickCore-6_Q16-1-6.8.8.1-71.79.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.79.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.79.1 libMagickWand-6_Q16-1-6.8.8.1-71.79.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.79.1 References: https://www.suse.com/security/cve/CVE-2017-11532.html https://www.suse.com/security/cve/CVE-2018-16413.html https://www.suse.com/security/cve/CVE-2018-16640.html https://www.suse.com/security/cve/CVE-2018-16642.html https://www.suse.com/security/cve/CVE-2018-16643.html https://www.suse.com/security/cve/CVE-2018-16644.html https://www.suse.com/security/cve/CVE-2018-16645.html https://www.suse.com/security/cve/CVE-2018-16749.html https://www.suse.com/security/cve/CVE-2018-16750.html https://bugzilla.suse.com/1050129 https://bugzilla.suse.com/1105592 https://bugzilla.suse.com/1106989 https://bugzilla.suse.com/1107604 https://bugzilla.suse.com/1107609 https://bugzilla.suse.com/1107612 https://bugzilla.suse.com/1107616 https://bugzilla.suse.com/1107619 https://bugzilla.suse.com/1108282 https://bugzilla.suse.com/1108283 From sle-security-updates at lists.suse.com Thu Oct 11 13:08:05 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Oct 2018 21:08:05 +0200 (CEST) Subject: SUSE-SU-2018:3100-1: important: Security update for the Linux Kernel Message-ID: <20181011190805.0FE85FCD2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3100-1 Rating: important References: #1108399 #1109967 Cross-References: CVE-2018-17182 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-17182: An issue was discovered in the Linux kernel The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). The following non-security bugs were fixed: - x86/fpu: Do not do __thread_fpu_end() if use_eager_fpu() (bnc#1109967). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-20181003-13812=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-20181003-13812=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-20181003-13812=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-20181003-13812=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-108.77.1 kernel-default-base-3.0.101-108.77.1 kernel-default-devel-3.0.101-108.77.1 kernel-source-3.0.101-108.77.1 kernel-syms-3.0.101-108.77.1 kernel-trace-3.0.101-108.77.1 kernel-trace-base-3.0.101-108.77.1 kernel-trace-devel-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-108.77.1 kernel-ec2-base-3.0.101-108.77.1 kernel-ec2-devel-3.0.101-108.77.1 kernel-xen-3.0.101-108.77.1 kernel-xen-base-3.0.101-108.77.1 kernel-xen-devel-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-108.77.1 kernel-bigmem-base-3.0.101-108.77.1 kernel-bigmem-devel-3.0.101-108.77.1 kernel-ppc64-3.0.101-108.77.1 kernel-ppc64-base-3.0.101-108.77.1 kernel-ppc64-devel-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-108.77.1 kernel-pae-base-3.0.101-108.77.1 kernel-pae-devel-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.77.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.77.1 kernel-default-debugsource-3.0.101-108.77.1 kernel-trace-debuginfo-3.0.101-108.77.1 kernel-trace-debugsource-3.0.101-108.77.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.77.1 kernel-trace-devel-debuginfo-3.0.101-108.77.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.77.1 kernel-ec2-debugsource-3.0.101-108.77.1 kernel-xen-debuginfo-3.0.101-108.77.1 kernel-xen-debugsource-3.0.101-108.77.1 kernel-xen-devel-debuginfo-3.0.101-108.77.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.77.1 kernel-bigmem-debugsource-3.0.101-108.77.1 kernel-ppc64-debuginfo-3.0.101-108.77.1 kernel-ppc64-debugsource-3.0.101-108.77.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.77.1 kernel-pae-debugsource-3.0.101-108.77.1 kernel-pae-devel-debuginfo-3.0.101-108.77.1 References: https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1108399 https://bugzilla.suse.com/1109967 From sle-security-updates at lists.suse.com Thu Oct 11 13:08:49 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Oct 2018 21:08:49 +0200 (CEST) Subject: SUSE-SU-2018:3101-1: important: Security update for apache2 Message-ID: <20181011190849.D312EFCD2@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3101-1 Rating: important References: #1109961 Cross-References: CVE-2018-11763 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961) Bug fixes: - consider also patterns in APACHE_CONF_INCLUDE_DIRS as documentation says (patch Juergen Gleiss) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-2201=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): apache2-2.4.33-3.6.1 apache2-debuginfo-2.4.33-3.6.1 apache2-debugsource-2.4.33-3.6.1 apache2-devel-2.4.33-3.6.1 apache2-prefork-2.4.33-3.6.1 apache2-prefork-debuginfo-2.4.33-3.6.1 apache2-utils-2.4.33-3.6.1 apache2-utils-debuginfo-2.4.33-3.6.1 apache2-worker-2.4.33-3.6.1 apache2-worker-debuginfo-2.4.33-3.6.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): apache2-doc-2.4.33-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-11763.html https://bugzilla.suse.com/1109961 From sle-security-updates at lists.suse.com Thu Oct 11 16:08:04 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Oct 2018 00:08:04 +0200 (CEST) Subject: SUSE-SU-2018:3102-1: moderate: Security update for libX11 and libxcb Message-ID: <20181011220804.4E079FCD2@maintenance.suse.de> SUSE Security Update: Security update for libX11 and libxcb ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3102-1 Rating: moderate References: #1094327 #1102062 #1102068 #1102073 Cross-References: CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for libX11 and libxcb fixes the following issue: libX11: These security issues were fixed: - CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact (bsc#1102062). - CVE-2018-14600: The function XListExtensions interpreted a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution (bsc#1102068). - CVE-2018-14598: A malicious server could have sent a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault) (bsc#1102073). This non-security issue was fixed: - Make use of the new 64-bit sequence number API in XCB 1.11.1 to avoid the 32-bit sequence number wrap in libX11 (bsc#1094327). libxcb: - Expose 64-bit sequence number from XCB API so that Xlib and others can use it even on 32-bit environment. (bsc#1094327) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2202=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2202=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2202=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libX11-debugsource-1.6.2-12.5.1 libX11-devel-1.6.2-12.5.1 libxcb-composite0-1.10-4.3.1 libxcb-composite0-debuginfo-1.10-4.3.1 libxcb-damage0-1.10-4.3.1 libxcb-damage0-debuginfo-1.10-4.3.1 libxcb-debugsource-1.10-4.3.1 libxcb-devel-1.10-4.3.1 libxcb-dpms0-1.10-4.3.1 libxcb-dpms0-debuginfo-1.10-4.3.1 libxcb-dri3-0-1.10-4.3.1 libxcb-dri3-0-debuginfo-1.10-4.3.1 libxcb-present0-1.10-4.3.1 libxcb-present0-debuginfo-1.10-4.3.1 libxcb-record0-1.10-4.3.1 libxcb-record0-debuginfo-1.10-4.3.1 libxcb-res0-1.10-4.3.1 libxcb-res0-debuginfo-1.10-4.3.1 libxcb-screensaver0-1.10-4.3.1 libxcb-screensaver0-debuginfo-1.10-4.3.1 libxcb-xevie0-1.10-4.3.1 libxcb-xevie0-debuginfo-1.10-4.3.1 libxcb-xinerama0-1.10-4.3.1 libxcb-xinerama0-debuginfo-1.10-4.3.1 libxcb-xprint0-1.10-4.3.1 libxcb-xprint0-debuginfo-1.10-4.3.1 libxcb-xtest0-1.10-4.3.1 libxcb-xtest0-debuginfo-1.10-4.3.1 libxcb-xvmc0-1.10-4.3.1 libxcb-xvmc0-debuginfo-1.10-4.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): libxcb-devel-doc-1.10-4.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.2-12.5.1 libX11-6-debuginfo-1.6.2-12.5.1 libX11-debugsource-1.6.2-12.5.1 libX11-xcb1-1.6.2-12.5.1 libX11-xcb1-debuginfo-1.6.2-12.5.1 libxcb-debugsource-1.10-4.3.1 libxcb-dri2-0-1.10-4.3.1 libxcb-dri2-0-debuginfo-1.10-4.3.1 libxcb-dri3-0-1.10-4.3.1 libxcb-dri3-0-debuginfo-1.10-4.3.1 libxcb-glx0-1.10-4.3.1 libxcb-glx0-debuginfo-1.10-4.3.1 libxcb-present0-1.10-4.3.1 libxcb-present0-debuginfo-1.10-4.3.1 libxcb-randr0-1.10-4.3.1 libxcb-randr0-debuginfo-1.10-4.3.1 libxcb-render0-1.10-4.3.1 libxcb-render0-debuginfo-1.10-4.3.1 libxcb-shape0-1.10-4.3.1 libxcb-shape0-debuginfo-1.10-4.3.1 libxcb-shm0-1.10-4.3.1 libxcb-shm0-debuginfo-1.10-4.3.1 libxcb-sync1-1.10-4.3.1 libxcb-sync1-debuginfo-1.10-4.3.1 libxcb-xf86dri0-1.10-4.3.1 libxcb-xf86dri0-debuginfo-1.10-4.3.1 libxcb-xfixes0-1.10-4.3.1 libxcb-xfixes0-debuginfo-1.10-4.3.1 libxcb-xinerama0-1.10-4.3.1 libxcb-xinerama0-debuginfo-1.10-4.3.1 libxcb-xkb1-1.10-4.3.1 libxcb-xkb1-debuginfo-1.10-4.3.1 libxcb-xv0-1.10-4.3.1 libxcb-xv0-debuginfo-1.10-4.3.1 libxcb1-1.10-4.3.1 libxcb1-debuginfo-1.10-4.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libX11-6-32bit-1.6.2-12.5.1 libX11-6-debuginfo-32bit-1.6.2-12.5.1 libX11-xcb1-32bit-1.6.2-12.5.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.5.1 libxcb-dri2-0-32bit-1.10-4.3.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.3.1 libxcb-dri3-0-32bit-1.10-4.3.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.3.1 libxcb-glx0-32bit-1.10-4.3.1 libxcb-glx0-debuginfo-32bit-1.10-4.3.1 libxcb-present0-32bit-1.10-4.3.1 libxcb-present0-debuginfo-32bit-1.10-4.3.1 libxcb-render0-32bit-1.10-4.3.1 libxcb-render0-debuginfo-32bit-1.10-4.3.1 libxcb-shm0-32bit-1.10-4.3.1 libxcb-shm0-debuginfo-32bit-1.10-4.3.1 libxcb-sync1-32bit-1.10-4.3.1 libxcb-sync1-debuginfo-32bit-1.10-4.3.1 libxcb-xfixes0-32bit-1.10-4.3.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.3.1 libxcb-xkb1-32bit-1.10-4.3.1 libxcb-xkb1-debuginfo-32bit-1.10-4.3.1 libxcb1-32bit-1.10-4.3.1 libxcb1-debuginfo-32bit-1.10-4.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): libX11-data-1.6.2-12.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libX11-6-1.6.2-12.5.1 libX11-6-32bit-1.6.2-12.5.1 libX11-6-debuginfo-1.6.2-12.5.1 libX11-6-debuginfo-32bit-1.6.2-12.5.1 libX11-debugsource-1.6.2-12.5.1 libX11-xcb1-1.6.2-12.5.1 libX11-xcb1-32bit-1.6.2-12.5.1 libX11-xcb1-debuginfo-1.6.2-12.5.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.5.1 libxcb-debugsource-1.10-4.3.1 libxcb-dri2-0-1.10-4.3.1 libxcb-dri2-0-32bit-1.10-4.3.1 libxcb-dri2-0-debuginfo-1.10-4.3.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.3.1 libxcb-dri3-0-1.10-4.3.1 libxcb-dri3-0-32bit-1.10-4.3.1 libxcb-dri3-0-debuginfo-1.10-4.3.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.3.1 libxcb-glx0-1.10-4.3.1 libxcb-glx0-32bit-1.10-4.3.1 libxcb-glx0-debuginfo-1.10-4.3.1 libxcb-glx0-debuginfo-32bit-1.10-4.3.1 libxcb-present0-1.10-4.3.1 libxcb-present0-32bit-1.10-4.3.1 libxcb-present0-debuginfo-1.10-4.3.1 libxcb-present0-debuginfo-32bit-1.10-4.3.1 libxcb-randr0-1.10-4.3.1 libxcb-randr0-debuginfo-1.10-4.3.1 libxcb-render0-1.10-4.3.1 libxcb-render0-32bit-1.10-4.3.1 libxcb-render0-debuginfo-1.10-4.3.1 libxcb-render0-debuginfo-32bit-1.10-4.3.1 libxcb-shape0-1.10-4.3.1 libxcb-shape0-debuginfo-1.10-4.3.1 libxcb-shm0-1.10-4.3.1 libxcb-shm0-32bit-1.10-4.3.1 libxcb-shm0-debuginfo-1.10-4.3.1 libxcb-shm0-debuginfo-32bit-1.10-4.3.1 libxcb-sync1-1.10-4.3.1 libxcb-sync1-32bit-1.10-4.3.1 libxcb-sync1-debuginfo-1.10-4.3.1 libxcb-sync1-debuginfo-32bit-1.10-4.3.1 libxcb-xf86dri0-1.10-4.3.1 libxcb-xf86dri0-debuginfo-1.10-4.3.1 libxcb-xfixes0-1.10-4.3.1 libxcb-xfixes0-32bit-1.10-4.3.1 libxcb-xfixes0-debuginfo-1.10-4.3.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.3.1 libxcb-xinerama0-1.10-4.3.1 libxcb-xinerama0-debuginfo-1.10-4.3.1 libxcb-xkb1-1.10-4.3.1 libxcb-xkb1-32bit-1.10-4.3.1 libxcb-xkb1-debuginfo-1.10-4.3.1 libxcb-xkb1-debuginfo-32bit-1.10-4.3.1 libxcb-xv0-1.10-4.3.1 libxcb-xv0-debuginfo-1.10-4.3.1 libxcb1-1.10-4.3.1 libxcb1-32bit-1.10-4.3.1 libxcb1-debuginfo-1.10-4.3.1 libxcb1-debuginfo-32bit-1.10-4.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libX11-data-1.6.2-12.5.1 References: https://www.suse.com/security/cve/CVE-2018-14598.html https://www.suse.com/security/cve/CVE-2018-14599.html https://www.suse.com/security/cve/CVE-2018-14600.html https://bugzilla.suse.com/1094327 https://bugzilla.suse.com/1102062 https://bugzilla.suse.com/1102068 https://bugzilla.suse.com/1102073 From sle-security-updates at lists.suse.com Fri Oct 12 07:12:47 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Oct 2018 15:12:47 +0200 (CEST) Subject: SUSE-SU-2018:3118-1: moderate: Security update for axis Message-ID: <20181012131247.00D5CFCD2@maintenance.suse.de> SUSE Security Update: Security update for axis ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3118-1 Rating: moderate References: #1103658 Cross-References: CVE-2018-8032 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for axis fixes the following security issue: - CVE-2018-8032: Prevent cross-site scripting (XSS) attack in the default servlet/services (bsc#1103658). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2205=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): axis-1.4-290.3.1 References: https://www.suse.com/security/cve/CVE-2018-8032.html https://bugzilla.suse.com/1103658 From sle-security-updates at lists.suse.com Fri Oct 12 07:13:16 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Oct 2018 15:13:16 +0200 (CEST) Subject: SUSE-SU-2018:3119-1: moderate: Security update for axis Message-ID: <20181012131316.904B9FCD2@maintenance.suse.de> SUSE Security Update: Security update for axis ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3119-1 Rating: moderate References: #1103658 Cross-References: CVE-2018-8032 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for axis fixes the following security issue: - CVE-2018-8032: Prevent cross-site scripting (XSS) attack in the default servlet/services (bsc#1103658). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-axis-13813=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): axis-1.4-236.236.44.9.1 References: https://www.suse.com/security/cve/CVE-2018-8032.html https://bugzilla.suse.com/1103658 From sle-security-updates at lists.suse.com Fri Oct 12 07:14:24 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Oct 2018 15:14:24 +0200 (CEST) Subject: SUSE-SU-2018:3121-1: moderate: Security update for axis Message-ID: <20181012131424.32B97FCD2@maintenance.suse.de> SUSE Security Update: Security update for axis ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3121-1 Rating: moderate References: #1103658 Cross-References: CVE-2018-8032 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for axis fixes the following security issue: - CVE-2018-8032: Prevent cross-site scripting (XSS) attack in the default servlet/services (bsc#1103658). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2211=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): axis-1.4-5.3.1 References: https://www.suse.com/security/cve/CVE-2018-8032.html https://bugzilla.suse.com/1103658 From sle-security-updates at lists.suse.com Fri Oct 12 07:14:56 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Oct 2018 15:14:56 +0200 (CEST) Subject: SUSE-SU-2018:3122-1: important: Security update for texlive Message-ID: <20181012131456.D3BC3FCD2@maintenance.suse.de> SUSE Security Update: Security update for texlive ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3122-1 Rating: important References: #1109673 Cross-References: CVE-2018-17407 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for texlive fixes the following issue: - CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (bsc#1109673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2204=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libkpathsea6-6.2.3-11.8.4 libkpathsea6-debuginfo-6.2.3-11.8.4 libptexenc1-1.3.5-11.8.4 libptexenc1-debuginfo-1.3.5-11.8.4 libsynctex1-1.18-11.8.4 libsynctex1-debuginfo-1.18-11.8.4 libtexlua52-5-5.2.4-11.8.4 libtexlua52-5-debuginfo-5.2.4-11.8.4 texlive-2017.20170520-11.8.4 texlive-a2ping-bin-2017.20170520.svn27321-11.8.4 texlive-accfonts-bin-2017.20170520.svn12688-11.8.4 texlive-adhocfilelist-bin-2017.20170520.svn28038-11.8.4 texlive-afm2pl-bin-2017.20170520.svn44143-11.8.4 texlive-afm2pl-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-aleph-bin-2017.20170520.svn44143-11.8.4 texlive-aleph-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-amstex-bin-2017.20170520.svn3006-11.8.4 texlive-arara-bin-2017.20170520.svn29036-11.8.4 texlive-asymptote-bin-2017.20170520.svn43843-11.8.4 texlive-asymptote-bin-debuginfo-2017.20170520.svn43843-11.8.4 texlive-authorindex-bin-2017.20170520.svn18790-11.8.4 texlive-autosp-bin-2017.20170520.svn44143-11.8.4 texlive-autosp-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-bibexport-bin-2017.20170520.svn16219-11.8.4 texlive-bibtex-bin-2017.20170520.svn44143-11.8.4 texlive-bibtex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-bibtex8-bin-2017.20170520.svn44143-11.8.4 texlive-bibtex8-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-bibtexu-bin-2017.20170520.svn44143-11.8.4 texlive-bibtexu-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-bin-devel-2017.20170520-11.8.4 texlive-bundledoc-bin-2017.20170520.svn17794-11.8.4 texlive-cachepic-bin-2017.20170520.svn15543-11.8.4 texlive-checkcites-bin-2017.20170520.svn25623-11.8.4 texlive-checklistings-bin-2017.20170520.svn38300-11.8.4 texlive-chktex-bin-2017.20170520.svn44143-11.8.4 texlive-chktex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-cjk-gs-integrate-bin-2017.20170520.svn37223-11.8.4 texlive-cjkutils-bin-2017.20170520.svn44143-11.8.4 texlive-cjkutils-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-context-bin-2017.20170520.svn34112-11.8.4 texlive-convbkmk-bin-2017.20170520.svn30408-11.8.4 texlive-crossrefware-bin-2017.20170520.svn43866-11.8.4 texlive-cslatex-bin-2017.20170520.svn3006-11.8.4 texlive-csplain-bin-2017.20170520.svn33902-11.8.4 texlive-ctanify-bin-2017.20170520.svn24061-11.8.4 texlive-ctanupload-bin-2017.20170520.svn23866-11.8.4 texlive-ctie-bin-2017.20170520.svn44143-11.8.4 texlive-ctie-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-cweb-bin-2017.20170520.svn44143-11.8.4 texlive-cweb-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-cyrillic-bin-bin-2017.20170520.svn29741-11.8.4 texlive-de-macro-bin-2017.20170520.svn17399-11.8.4 texlive-debuginfo-2017.20170520-11.8.4 texlive-debugsource-2017.20170520-11.8.4 texlive-detex-bin-2017.20170520.svn44143-11.8.4 texlive-detex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-dosepsbin-bin-2017.20170520.svn24759-11.8.4 texlive-dtl-bin-2017.20170520.svn44143-11.8.4 texlive-dtl-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-dtxgen-bin-2017.20170520.svn29031-11.8.4 texlive-dviasm-bin-2017.20170520.svn8329-11.8.4 texlive-dvicopy-bin-2017.20170520.svn44143-11.8.4 texlive-dvicopy-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-dvidvi-bin-2017.20170520.svn44143-11.8.4 texlive-dvidvi-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-dviinfox-bin-2017.20170520.svn44515-11.8.4 texlive-dviljk-bin-2017.20170520.svn44143-11.8.4 texlive-dviljk-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-dvipdfmx-bin-2017.20170520.svn40273-11.8.4 texlive-dvipng-bin-2017.20170520.svn44143-11.8.4 texlive-dvipng-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-dvipos-bin-2017.20170520.svn44143-11.8.4 texlive-dvipos-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-dvips-bin-2017.20170520.svn44143-11.8.4 texlive-dvips-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-dvisvgm-bin-2017.20170520.svn40987-11.8.4 texlive-dvisvgm-bin-debuginfo-2017.20170520.svn40987-11.8.4 texlive-ebong-bin-2017.20170520.svn21000-11.8.4 texlive-eplain-bin-2017.20170520.svn3006-11.8.4 texlive-epspdf-bin-2017.20170520.svn29050-11.8.4 texlive-epstopdf-bin-2017.20170520.svn18336-11.8.4 texlive-exceltex-bin-2017.20170520.svn25860-11.8.4 texlive-fig4latex-bin-2017.20170520.svn14752-11.8.4 texlive-findhyph-bin-2017.20170520.svn14758-11.8.4 texlive-fontinst-bin-2017.20170520.svn29741-11.8.4 texlive-fontools-bin-2017.20170520.svn25997-11.8.4 texlive-fontware-bin-2017.20170520.svn44143-11.8.4 texlive-fontware-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-fragmaster-bin-2017.20170520.svn13663-11.8.4 texlive-getmap-bin-2017.20170520.svn34971-11.8.4 texlive-glossaries-bin-2017.20170520.svn37813-11.8.4 texlive-gregoriotex-bin-2017.20170520.svn44143-11.8.4 texlive-gregoriotex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-gsftopk-bin-2017.20170520.svn44143-11.8.4 texlive-gsftopk-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-jadetex-bin-2017.20170520.svn3006-11.8.4 texlive-kotex-utils-bin-2017.20170520.svn32101-11.8.4 texlive-kpathsea-bin-2017.20170520.svn44143-11.8.4 texlive-kpathsea-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-kpathsea-devel-6.2.3-11.8.4 texlive-lacheck-bin-2017.20170520.svn44143-11.8.4 texlive-lacheck-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-latex-bin-bin-2017.20170520.svn14050-11.8.4 texlive-latex-git-log-bin-2017.20170520.svn30983-11.8.4 texlive-latex-papersize-bin-2017.20170520.svn42296-11.8.4 texlive-latex2man-bin-2017.20170520.svn13663-11.8.4 texlive-latex2nemeth-bin-2017.20170520.svn42300-11.8.4 texlive-latexdiff-bin-2017.20170520.svn16420-11.8.4 texlive-latexfileversion-bin-2017.20170520.svn25012-11.8.4 texlive-latexindent-bin-2017.20170520.svn32150-11.8.4 texlive-latexmk-bin-2017.20170520.svn10937-11.8.4 texlive-latexpand-bin-2017.20170520.svn27025-11.8.4 texlive-lcdftypetools-bin-2017.20170520.svn44143-11.8.4 texlive-lcdftypetools-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-lilyglyphs-bin-2017.20170520.svn31696-11.8.4 texlive-listbib-bin-2017.20170520.svn26126-11.8.4 texlive-listings-ext-bin-2017.20170520.svn15093-11.8.4 texlive-lollipop-bin-2017.20170520.svn41465-11.8.4 texlive-ltxfileinfo-bin-2017.20170520.svn29005-11.8.4 texlive-ltximg-bin-2017.20170520.svn32346-11.8.4 texlive-lua2dox-bin-2017.20170520.svn29053-11.8.4 texlive-luaotfload-bin-2017.20170520.svn34647-11.8.4 texlive-luatex-bin-2017.20170520.svn44549-11.8.4 texlive-luatex-bin-debuginfo-2017.20170520.svn44549-11.8.4 texlive-lwarp-bin-2017.20170520.svn43292-11.8.4 texlive-m-tx-bin-2017.20170520.svn44143-11.8.4 texlive-m-tx-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-make4ht-bin-2017.20170520.svn37750-11.8.4 texlive-makedtx-bin-2017.20170520.svn38769-11.8.4 texlive-makeindex-bin-2017.20170520.svn44143-11.8.4 texlive-makeindex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-match_parens-bin-2017.20170520.svn23500-11.8.4 texlive-mathspic-bin-2017.20170520.svn23661-11.8.4 texlive-metafont-bin-2017.20170520.svn44143-11.8.4 texlive-metafont-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-metapost-bin-2017.20170520.svn44143-11.8.4 texlive-metapost-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-mex-bin-2017.20170520.svn3006-11.8.4 texlive-mf2pt1-bin-2017.20170520.svn23406-11.8.4 texlive-mflua-bin-2017.20170520.svn44143-11.8.4 texlive-mflua-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-mfware-bin-2017.20170520.svn44143-11.8.4 texlive-mfware-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-mkgrkindex-bin-2017.20170520.svn14428-11.8.4 texlive-mkjobtexmf-bin-2017.20170520.svn8457-11.8.4 texlive-mkpic-bin-2017.20170520.svn33688-11.8.4 texlive-mltex-bin-2017.20170520.svn3006-11.8.4 texlive-mptopdf-bin-2017.20170520.svn18674-11.8.4 texlive-multibibliography-bin-2017.20170520.svn30534-11.8.4 texlive-musixtex-bin-2017.20170520.svn37026-11.8.4 texlive-musixtnt-bin-2017.20170520.svn44143-11.8.4 texlive-musixtnt-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-omegaware-bin-2017.20170520.svn44143-11.8.4 texlive-omegaware-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-patgen-bin-2017.20170520.svn44143-11.8.4 texlive-patgen-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-pax-bin-2017.20170520.svn10843-11.8.4 texlive-pdfbook2-bin-2017.20170520.svn37537-11.8.4 texlive-pdfcrop-bin-2017.20170520.svn14387-11.8.4 texlive-pdfjam-bin-2017.20170520.svn17868-11.8.4 texlive-pdflatexpicscale-bin-2017.20170520.svn41779-11.8.4 texlive-pdftex-bin-2017.20170520.svn44143-11.8.4 texlive-pdftex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-pdftools-bin-2017.20170520.svn44143-11.8.4 texlive-pdftools-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-pdfxup-bin-2017.20170520.svn40690-11.8.4 texlive-pedigree-perl-bin-2017.20170520.svn25962-11.8.4 texlive-perltex-bin-2017.20170520.svn16181-11.8.4 texlive-petri-nets-bin-2017.20170520.svn39165-11.8.4 texlive-pfarrei-bin-2017.20170520.svn29348-11.8.4 texlive-pkfix-bin-2017.20170520.svn13364-11.8.4 texlive-pkfix-helper-bin-2017.20170520.svn13663-11.8.4 texlive-platex-bin-2017.20170520.svn22859-11.8.4 texlive-pmx-bin-2017.20170520.svn44143-11.8.4 texlive-pmx-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-pmxchords-bin-2017.20170520.svn32405-11.8.4 texlive-ps2pk-bin-2017.20170520.svn44143-11.8.4 texlive-ps2pk-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-pst-pdf-bin-2017.20170520.svn7838-11.8.4 texlive-pst2pdf-bin-2017.20170520.svn29333-11.8.4 texlive-pstools-bin-2017.20170520.svn44143-11.8.4 texlive-pstools-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-ptex-bin-2017.20170520.svn44143-11.8.4 texlive-ptex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-ptex-fontmaps-bin-2017.20170520.svn44206-11.8.4 texlive-ptex2pdf-bin-2017.20170520.svn29335-11.8.4 texlive-ptexenc-devel-1.3.5-11.8.4 texlive-purifyeps-bin-2017.20170520.svn13663-11.8.4 texlive-pygmentex-bin-2017.20170520.svn34996-11.8.4 texlive-pythontex-bin-2017.20170520.svn31638-11.8.4 texlive-rubik-bin-2017.20170520.svn32919-11.8.4 texlive-seetexk-bin-2017.20170520.svn44143-11.8.4 texlive-seetexk-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-splitindex-bin-2017.20170520.svn29688-11.8.4 texlive-srcredact-bin-2017.20170520.svn38710-11.8.4 texlive-sty2dtx-bin-2017.20170520.svn21215-11.8.4 texlive-svn-multi-bin-2017.20170520.svn13663-11.8.4 texlive-synctex-bin-2017.20170520.svn44143-11.8.4 texlive-synctex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-synctex-devel-1.18-11.8.4 texlive-tetex-bin-2017.20170520.svn43957-11.8.4 texlive-tex-bin-2017.20170520.svn44143-11.8.4 texlive-tex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-tex4ebook-bin-2017.20170520.svn37771-11.8.4 texlive-tex4ht-bin-2017.20170520.svn44143-11.8.4 texlive-tex4ht-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-texconfig-bin-2017.20170520.svn29741-11.8.4 texlive-texcount-bin-2017.20170520.svn13013-11.8.4 texlive-texdef-bin-2017.20170520.svn21802-11.8.4 texlive-texdiff-bin-2017.20170520.svn15506-11.8.4 texlive-texdirflatten-bin-2017.20170520.svn12782-11.8.4 texlive-texdoc-bin-2017.20170520.svn29741-11.8.4 texlive-texfot-bin-2017.20170520.svn33155-11.8.4 texlive-texliveonfly-bin-2017.20170520.svn24062-11.8.4 texlive-texloganalyser-bin-2017.20170520.svn13663-11.8.4 texlive-texlua-devel-5.2.4-11.8.4 texlive-texosquery-bin-2017.20170520.svn43596-11.8.4 texlive-texsis-bin-2017.20170520.svn3006-11.8.4 texlive-texware-bin-2017.20170520.svn44143-11.8.4 texlive-texware-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-thumbpdf-bin-2017.20170520.svn6898-11.8.4 texlive-tie-bin-2017.20170520.svn44143-11.8.4 texlive-tie-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-tpic2pdftex-bin-2017.20170520.svn29741-11.8.4 texlive-ttfutils-bin-2017.20170520.svn44143-11.8.4 texlive-ttfutils-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-typeoutfileinfo-bin-2017.20170520.svn25648-11.8.4 texlive-ulqda-bin-2017.20170520.svn13663-11.8.4 texlive-uplatex-bin-2017.20170520.svn26326-11.8.4 texlive-uptex-bin-2017.20170520.svn44143-11.8.4 texlive-uptex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-urlbst-bin-2017.20170520.svn23262-11.8.4 texlive-velthuis-bin-2017.20170520.svn44143-11.8.4 texlive-velthuis-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-vlna-bin-2017.20170520.svn44143-11.8.4 texlive-vlna-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-vpe-bin-2017.20170520.svn6897-11.8.4 texlive-web-bin-2017.20170520.svn44143-11.8.4 texlive-web-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-xdvi-bin-2017.20170520.svn44143-11.8.4 texlive-xdvi-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-xetex-bin-2017.20170520.svn44361-11.8.4 texlive-xetex-bin-debuginfo-2017.20170520.svn44361-11.8.4 texlive-xmltex-bin-2017.20170520.svn3006-11.8.4 texlive-yplan-bin-2017.20170520.svn34398-11.8.4 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 x86_64): libtexluajit2-2.1.0beta2-11.8.4 libtexluajit2-debuginfo-2.1.0beta2-11.8.4 texlive-texluajit-devel-2.1.0beta2-11.8.4 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): perl-biber-2017.20170520.svn30357-11.8.4 texlive-biber-bin-2017.20170520.svn42679-11.8.4 texlive-diadia-bin-2017.20170520.svn37645-11.8.4 References: https://www.suse.com/security/cve/CVE-2018-17407.html https://bugzilla.suse.com/1109673 From sle-security-updates at lists.suse.com Mon Oct 15 07:09:14 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Oct 2018 15:09:14 +0200 (CEST) Subject: SUSE-SU-2018:3146-1: moderate: Security update for libtirpc Message-ID: <20181015130914.90CA1FEDA@maintenance.suse.de> SUSE Security Update: Security update for libtirpc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3146-1 Rating: moderate References: #1106517 #1106519 #968175 Cross-References: CVE-2018-14621 CVE-2018-14622 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libtirpc fixes the following issues: Security issues fixed: - CVE-2018-14621: libtirpc: Infinite loop in EMFILE case in svc_vc.c (bsc#1106519) - CVE-2018-14622: libtirpc: Segmentation fault in makefd_xprt return value in svc_vc.c (bsc#1106517) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libtirpc-13816=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libtirpc-13816=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libtirpc-13816=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtirpc-devel-0.2.1-1.13.6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtirpc1-0.2.1-1.13.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtirpc-debuginfo-0.2.1-1.13.6.1 libtirpc-debugsource-0.2.1-1.13.6.1 References: https://www.suse.com/security/cve/CVE-2018-14621.html https://www.suse.com/security/cve/CVE-2018-14622.html https://bugzilla.suse.com/1106517 https://bugzilla.suse.com/1106519 https://bugzilla.suse.com/968175 From sle-security-updates at lists.suse.com Mon Oct 15 10:10:27 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Oct 2018 18:10:27 +0200 (CEST) Subject: SUSE-SU-2018:3150-1: important: Security update for git Message-ID: <20181015161027.9E58BFEDA@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3150-1 Rating: important References: #1110949 Cross-References: CVE-2018-17456 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for git fixes the following issues: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. (boo#1110949). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2232=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2232=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): git-2.16.4-3.6.1 git-arch-2.16.4-3.6.1 git-cvs-2.16.4-3.6.1 git-daemon-2.16.4-3.6.1 git-daemon-debuginfo-2.16.4-3.6.1 git-debuginfo-2.16.4-3.6.1 git-debugsource-2.16.4-3.6.1 git-email-2.16.4-3.6.1 git-gui-2.16.4-3.6.1 git-svn-2.16.4-3.6.1 git-svn-debuginfo-2.16.4-3.6.1 git-web-2.16.4-3.6.1 gitk-2.16.4-3.6.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): git-doc-2.16.4-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): git-core-2.16.4-3.6.1 git-core-debuginfo-2.16.4-3.6.1 git-debuginfo-2.16.4-3.6.1 git-debugsource-2.16.4-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-17456.html https://bugzilla.suse.com/1110949 From sle-security-updates at lists.suse.com Tue Oct 16 07:08:29 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Oct 2018 15:08:29 +0200 (CEST) Subject: SUSE-SU-2018:3156-1: moderate: Security update for python Message-ID: <20181016130829.8B917FCF0@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3156-1 Rating: moderate References: #1109847 Cross-References: CVE-2018-14647 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issue: - CVE-2018-14647: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM (bsc#1109847) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-python-13818=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-python-13818=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-python-13818=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): python-devel-2.6.9-40.21.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): python-demo-2.6.9-40.21.2 python-gdbm-2.6.9-40.21.2 python-idle-2.6.9-40.21.2 python-tk-2.6.9-40.21.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): python-doc-2.6-8.40.21.1 python-doc-pdf-2.6-8.40.21.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): python-32bit-2.6.9-40.21.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libpython2_6-1_0-2.6.9-40.21.1 python-2.6.9-40.21.2 python-base-2.6.9-40.21.1 python-curses-2.6.9-40.21.2 python-demo-2.6.9-40.21.2 python-gdbm-2.6.9-40.21.2 python-idle-2.6.9-40.21.2 python-tk-2.6.9-40.21.2 python-xml-2.6.9-40.21.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libpython2_6-1_0-32bit-2.6.9-40.21.1 python-32bit-2.6.9-40.21.2 python-base-32bit-2.6.9-40.21.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): python-doc-2.6-8.40.21.1 python-doc-pdf-2.6-8.40.21.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libpython2_6-1_0-x86-2.6.9-40.21.1 python-base-x86-2.6.9-40.21.1 python-x86-2.6.9-40.21.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): python-base-debuginfo-2.6.9-40.21.1 python-base-debugsource-2.6.9-40.21.1 python-debuginfo-2.6.9-40.21.2 python-debugsource-2.6.9-40.21.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): python-base-debuginfo-32bit-2.6.9-40.21.1 python-debuginfo-32bit-2.6.9-40.21.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): python-base-debuginfo-x86-2.6.9-40.21.1 python-debuginfo-x86-2.6.9-40.21.2 References: https://www.suse.com/security/cve/CVE-2018-14647.html https://bugzilla.suse.com/1109847 From sle-security-updates at lists.suse.com Tue Oct 16 07:09:40 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Oct 2018 15:09:40 +0200 (CEST) Subject: SUSE-SU-2018:3158-1: important: Security update for the Linux Kernel Message-ID: <20181016130940.98B22FCB4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3158-1 Rating: important References: #1012382 #1031392 #1051510 #1055120 #1061840 #1065729 #1082519 #1085030 #1090078 #1094244 #1098782 #1101669 #1102495 #1103269 #1103405 #1103587 #1103636 #1104888 #1105190 #1105795 #1106105 #1106240 #1106948 #1107783 #1107829 #1107928 #1107947 #1108096 #1108170 #1108281 #1108323 #1108399 #1108823 #1109244 #1109333 #1109336 #1109337 #1109603 #1109806 #1109859 #1109979 #1109992 #1110006 #1110301 #1110363 #1110639 #1110642 #1110643 #1110644 #1110645 #1110646 #1110647 #1110649 #1110650 Cross-References: CVE-2018-14633 CVE-2018-17182 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has 52 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable (bnc#1107829). The following non-security bugs were fixed: - alsa: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path (bsc#1051510). - alsa: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping (bsc#1051510). - alsa: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO (bsc#1051510). - alsa: fireworks: fix memory leak of response buffer at error path (bsc#1051510). - alsa: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bsc#1051510). - alsa: msnd: Fix the default sample sizes (bsc#1051510). - alsa: pcm: Fix snd_interval_refine first/last with open min/max (bsc#1051510). - alsa: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro (bsc#1051510). - ASoC: cs4265: fix MMTLR Data switch control (bsc#1051510). - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs (bsc#1051510). - ASoC: rt5514: Add the I2S ASRC support (bsc#1051510). - ASoC: rt5514: Add the missing register in the readable table (bsc#1051510). - ASoC: rt5514: Eliminate the noise in the ASRC case (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied (bsc#1051510). - ax88179_178a: Check for supported Wake-on-LAN modes (bsc#1051510). - block, dax: remove dead code in blkdev_writepages() (bsc#1104888). - block: fix warning when I/O elevator is changed as request_queue is being removed (bsc#1109979). - block: Invalidate cache on discard v2 (bsc#1109992). - block: pass inclusive 'lend' parameter to truncate_inode_pages_range (bsc#1109992). - block: properly protect the 'queue' kobj in blk_unregister_queue (bsc#1109979). - bluetooth: Add a new Realtek 8723DE ID 0bda:b009 (bsc#1051510). - bluetooth: btsdio: Do not bind to non-removable BCM43430 (bsc#1103587). - bluetooth: Use lock_sock_nested in bt_accept_enqueue (bsc#1051510). - btrfs: add a comp_refs() helper (dependency for bsc#1031392). - btrfs: add tracepoints for outstanding extents mods (dependency for bsc#1031392). - btrfs: check-integrity: Fix NULL pointer dereference for degraded mount (bsc#1107947). - btrfs: cleanup extent locking sequence (dependency for bsc#1031392). - btrfs: delayed-inode: Remove wrong qgroup meta reservation calls (bsc#1031392). - btrfs: delayed-inode: Use new qgroup meta rsv for delayed inode and item (bsc#1031392). - btrfs: fix data corruption when deduplicating between different files (bsc#1110647). - btrfs: fix duplicate extents after fsync of file with prealloc extents (bsc#1110644). - btrfs: fix fsync after hole punching when using no-holes feature (bsc#1110642). - btrfs: fix loss of prealloc extents past i_size after fsync log replay (bsc#1110643). - btrfs: fix return value on rename exchange failure (bsc#1110645). - btrfs: fix send failure when root has deleted files still open (bsc#1110650). - btrfs: Fix wrong btrfs_delalloc_release_extents parameter (bsc#1031392). - btrfs: log csums for all modified extents (bsc#1110639). - btrfs: make the delalloc block rsv per inode (dependency for bsc#1031392). - btrfs: qgroup: Add quick exit for non-fs extents (dependency for bsc#1031392). - btrfs: qgroup: Cleanup btrfs_qgroup_prepare_account_extents function (dependency for bsc#1031392). - btrfs: qgroup: Cleanup the remaining old reservation counters (bsc#1031392). - btrfs: qgroup: Commit transaction in advance to reduce early EDQUOT (bsc#1031392). - btrfs: qgroup: Do not use root->qgroup_meta_rsv for qgroup (bsc#1031392). - btrfs: qgroup: Fix qgroup reserved space underflow by only freeing reserved ranges (dependency for bsc#1031392). - btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered write and quotas being enabled (dependency for bsc#1031392). - btrfs: qgroup: Fix wrong qgroup reservation update for relationship modification (bsc#1031392). - btrfs: qgroup: Introduce extent changeset for qgroup reserve functions (dependency for bsc#1031392). - btrfs: qgroup: Introduce function to convert META_PREALLOC into META_PERTRANS (bsc#1031392). - btrfs: qgroup: Introduce helpers to update and access new qgroup rsv (bsc#1031392). - btrfs: qgroup: Make qgroup_reserve and its callers to use separate reservation type (bsc#1031392). - btrfs: qgroup: Return actually freed bytes for qgroup release or free data (dependency for bsc#1031392). - btrfs: qgroup: Skeleton to support separate qgroup reservation type (bsc#1031392). - btrfs: qgroup: Split meta rsv type into meta_prealloc and meta_pertrans (bsc#1031392). - btrfs: qgroup: Update trace events for metadata reservation (bsc#1031392). - btrfs: qgroup: Update trace events to use new separate rsv types (bsc#1031392). - btrfs: qgroup: Use independent and accurate per inode qgroup rsv (bsc#1031392). - btrfs: qgroup: Use root::qgroup_meta_rsv_* to record qgroup meta reserved space (bsc#1031392). - btrfs: qgroup: Use separate meta reservation type for delalloc (bsc#1031392). - btrfs: remove type argument from comp_tree_refs (dependency for bsc#1031392). - btrfs: Remove unused parameters from various functions (bsc#1110649). - btrfs: rework outstanding_extents (dependency for bsc#1031392). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (follow up for bsc#1108096). - btrfs: scrub: Do not use inode pages for device replace (follow up for bsc#1108096). - btrfs: switch args for comp_*_refs (dependency for bsc#1031392). - btrfs: sync log after logging new name (bsc#1110646). - btrfs: tests/qgroup: Fix wrong tree backref level (bsc#1107928). - cfg80211: reg: Init wiphy_idx in regulatory_hint_core() (bsc#1051510). - coresight: Handle errors in finding input/output ports (bsc#1051510). - crypto: clarify licensing of OpenSSL asm code (). - crypto: sharah - Unregister correct algorithms for SAHARA 3 (bsc#1051510). - crypto: skcipher - Fix -Wstringop-truncation warnings (bsc#1051510). - dax: Introduce a ->copy_to_iter dax operation (bsc#1098782). - dax: Make extension of dax_operations transparent (bsc#1098782). - dax: remove default copy_from_iter fallback (bsc#1098782). patches.drivers/dax-remove-the-pmem_dax_ops-flush-abstraction.patch: Refresh - dax: Report bytes remaining in dax_iomap_actor() (bsc#1098782). - dax: require 'struct page' by default for filesystem dax (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh - dax: store pfns in the radix (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh - device-dax: Add missing address_space_operations (bsc#1107783). - device-dax: Enable page_mapping() (bsc#1107783). - device-dax: Set page->index (bsc#1107783). - doc/README.SUSE: Remove mentions of cloneconfig (bsc#1103636). - ext2: auto disable dax instead of failing mount (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - ext2, dax: introduce ext2_dax_aops (bsc#1104888). - ext4: auto disable dax instead of failing mount (bsc#1104888 ). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - ext4, dax: add ext4_bmap to ext4_dax_aops (bsc#1104888). - ext4, dax: introduce ext4_dax_aops (bsc#1104888). - ext4, dax: set ext4_dax_aops for dax files (bsc#1104888). - fbdev: Distinguish between interlaced and progressive modes (bsc#1051510). - fbdev/via: fix defined but not used warning (bsc#1051510). - filesystem-dax: Introduce dax_lock_mapping_entry() (bsc#1107783). patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - filesystem-dax: Set page->index (bsc#1107783). - Fix buggy backport in patches.fixes/dax-check-for-queue_flag_dax-in-bdev_dax_supported.patch (bsc#1109859) - Fix kexec forbidding kernels signed with keys in the secondary keyring to boot (bsc#1110006). - Fix sorted section Merge commits 862a718e83 and 8aa4d41564 had conflicts with (apparently) bad resolution which introduced disorder in the sorted section. - fs, dax: prepare for dax-specific address_space_operations (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - fs, dax: use page->mapping to warn if truncate collides with a busy page (bsc#1104888). - gpiolib: Mark gpio_suffixes array with __maybe_unused (bsc#1051510). - gpio: pxa: Fix potential NULL dereference (bsc#1051510). - gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes (bsc#1051510). - HID: hid-ntrig: add error handling for sysfs_create_group (bsc#1051510). - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus (bsc#1051510). - Input: elantech - enable middle button of touchpad on ThinkPad P72 (bsc#1051510). - input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - intel_th: Fix device removal logic (bsc#1051510). - iommu/amd: Return devid as alias for ACPI HID devices (bsc#1106105). - ioremap: Update pgtable free interfaces with addr (bsc#1110006). - ipc/shm: fix shmat() nil address after round-down when remapping (bsc#1090078). - KABI: move the new handler to end of machdep_calls and hide it from genksyms (bsc#1094244). - kprobes/x86: Release insn_slot in failure path (bsc#1110006). - KVM: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix() (bsc#1061840, git-fixes). - KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr (bsc#1106240). - KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault (bsc#1106240). - KVM: x86: Do not re-{try,execute} after failed emulation in L2 (bsc#1106240). - KVM: x86: Invert emulation re-execute behavior to make it opt-in (bsc#1106240). - KVM: x86: Merge EMULTYPE_RETRY and EMULTYPE_ALLOW_REEXECUTE (bsc#1106240). - lan78xx: Check for supported Wake-on-LAN modes (bsc#1051510). - lib/iov_iter: Fix pipe handling in _copy_to_iter_mcsafe() (bsc#1098782). - libnvdimm, pmem: Fix memcpy_mcsafe() return code handling in nsio_rw_bytes() (bsc#1098782). - libnvdimm, pmem: Restore page attributes when clearing errors (bsc#1107783). - Limit kernel-source build to architectures for which we build binaries (bsc#1108281). - mac80211: fix pending queue hang due to TX_DROP (bsc#1051510). - mac80211: restrict delayed tailroom needed decrement (bsc#1051510). - mei: bus: type promotion bug in mei_nfc_if_version() (bsc#1051510). - mei: ignore not found client in the enumeration (bsc#1051510). - mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - mfd: ti_am335x_tscadc: Fix struct clk memory leak (bsc#1051510). - mmc: sdhci: do not try to use 3.3V signaling if not supported (bsc#1051510). - mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips (bsc#1051510). - mm, dax: introduce pfn_t_special() (bsc#1104888). - mm, madvise_inject_error: Disable MADV_SOFT_OFFLINE for ZONE_DEVICE pages (bsc#1107783). - mm, madvise_inject_error: Let memory_failure() optionally take a page reference (bsc#1107783). - mm, memory_failure: Collect mapping size in collect_procs() (bsc#1107783). - mm, memory_failure: Teach memory_failure() about dev_pagemap pages (bsc#1107783). - mm, numa: Migrate pages to local nodes quicker early in the lifetime of a task (bnc#1101669 optimise numa balancing for fast migrate). - mm, numa: Remove rate-limiting of automatic numa balancing migration (bnc#1101669 optimise numa balancing for fast migrate). - mm, numa: Remove rate-limiting of automatic numa balancing migration kabi (bnc#1101669 optimise numa balancing for fast migrate). - mm/vmalloc: add interfaces to free unmapped page table (bsc#1110006). - NFC: Fix possible memory corruption when handling SHDLC I-Frame commands (bsc#1051510). - nfs/filelayout: fix oops when freeing filelayout segment (bsc#1105190). - NFS/filelayout: Fix racy setting of fl->dsaddr in filelayout_check_deviceid() (bsc#1105190). - NFS: Use an appropriate work queue for direct-write completion (bsc#1082519). - parport: sunbpp: fix error return code (bsc#1051510). - PCI: aardvark: Size bridges before resources allocation (bsc#1109806). - PCI: designware: Fix I/O space page leak (bsc#1109806). - PCI: faraday: Add missing of_node_put() (bsc#1109806). - PCI: faraday: Fix I/O space page leak (bsc#1109806). - PCI/portdrv: Compute MSI/MSI-X IRQ vectors after final allocation (bsc#1109806). - PCI/portdrv: Factor out Interrupt Message Number lookup (bsc#1109806). - PCI: versatile: Fix I/O space page leak (bsc#1109806). - PCI: xgene: Fix I/O space page leak (bsc#1109806). - PCI: xilinx: Add missing of_node_put() (bsc#1109806). - PCI: xilinx-nwl: Add missing of_node_put() (bsc#1109806). - pinctrl: cannonlake: Fix HOSTSW_OWN register offset of H variant (bsc#1051510). - platform/x86: alienware-wmi: Correct a memory leak (bsc#1051510). - platform/x86: toshiba_acpi: Fix defined but not used build warnings (bsc#1051510). - pmem: Switch to copy_to_iter_mcsafe() (bsc#1098782). - powernv/pseries: consolidate code for mce early handling (bsc#1094244). - powerpc/fadump: cleanup crash memory ranges support (bsc#1103269). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc: Fix size calculation using resource_size() (bnc#1012382). - powerpc: KABI add aux_ptr to hole in paca_struct to extend it with additional members (bsc#1094244). - powerpc: KABI: move mce_data_buf into paca_aux (bsc#1094244). - powerpc/numa: Use associativity if VPHN hcall is successful (bsc#1110363). - powerpc/pkeys: Fix reading of ibm, processor-storage-keys property (bsc#1109244). - powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large address range (bsc#1055120). - powerpc/pseries: Defer the logging of rtas error to irq work queue (bsc#1094244). - powerpc/pseries: Define MCE error event section (bsc#1094244). - powerpc/pseries: Disable CPU hotplug across migrations (bsc#1065729). - powerpc/pseries: Display machine check error details (bsc#1094244). - powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244). - Refresh patches.kabi/KABI-move-mce_data_buf-into-paca_aux.patch - powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337). - powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495, bsc#1109337). - powerpc/tm: Avoid possible userspace r1 corruption on reclaim (bsc#1109333). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - powerpc/xive: Fix trying to "push" an already active pool VP (bsc#1085030, git-fixes). - r8152: Check for supported Wake-on-LAN Modes (bsc#1051510). - README.BRANCH: SLE15-SP1 branch maintainer changes Add ptesarik as co-maintainer, keep tiwai as the primary maintainer - regulator: fix crash caused by null driver data (bsc#1051510). - rename/renumber hv patches to simplify upcoming upstream merges No code changes. - Revert "btrfs: qgroups: Retry after commit on getting EDQUOT" (bsc#1031392). - Revert "ipc/shm: Fix shmat mmap nil-page protection" (bsc#1090078). - rpm/mkspec: build dtbs for architectures marked -!needs_updating - rpm/mkspec: fix ppc64 kernel-source build. - s390/crypto: Fix return code checking in cbc_paes_crypt() (bnc#1108323, LTC#171709). - s390/pci: fix out of bounds access during irq setup (bnc#1108323, LTC#171068). - s390/qdio: reset old sbal_state flags (LTC#171525, bsc#1106948). - s390/qeth: use vzalloc for QUERY OAT buffer (LTC#171527, bsc#1106948). - sched/fair: Fix bandwidth timer clock drift condition (Git-fixes). - sched/numa: Avoid task migration for small NUMA improvement (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Pass destination CPU as a parameter to migrate_task_rq (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Pass destination CPU as a parameter to migrate_task_rq kabi (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Reset scan rate whenever task moves across nodes (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop multiple tasks from moving to the CPU at the same time (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop multiple tasks from moving to the CPU at the same time kabi (bnc#1101669 optimise numa balancing for fast migrate). - scsi: hisi_sas: Add a flag to filter PHY events during reset (). - scsi: hisi_sas: add memory barrier in task delivery function (). - scsi: hisi_sas: Add missing PHY spinlock init (). - scsi: hisi_sas: Add SATA FIS check for v3 hw (). - scsi: hisi_sas: Adjust task reject period during host reset (). - scsi: hisi_sas: Drop hisi_sas_slot_abort() (). - scsi: hisi_sas: Fix the conflict between dev gone and host reset (). - scsi: hisi_sas: Fix the failure of recovering PHY from STP link timeout (). - scsi: hisi_sas: Implement handlers of PCIe FLR for v3 hw (). - scsi: hisi_sas: Only process broadcast change in phy_bcast_v3_hw() (). - scsi: hisi_sas: Pre-allocate slot DMA buffers (). - scsi: hisi_sas: Release all remaining resources in clear nexus ha (). - scsi: hisi_sas: relocate some common code for v3 hw (). - scsi: hisi_sas: tidy channel interrupt handler for v3 hw (). - scsi: hisi_sas: Tidy hisi_sas_task_prep() (). - scsi: hisi_sas: tidy host controller reset function a bit (). - scsi: hisi_sas: Update a couple of register settings for v3 hw (). - scsi: hisi_sas: Use dmam_alloc_coherent() (). - scsi: ipr: System hung while dlpar adding primary ipr adapter back (bsc#1109336). - smsc75xx: Check for Wake-on-LAN modes (bsc#1051510). - smsc95xx: Check for Wake-on-LAN modes (bsc#1051510). - sort series.conf I didn't want to, but he made me do it. - sr9800: Check for supported Wake-on-LAN modes (bsc#1051510). - sr: get/drop reference to device in revalidate and check_events (bsc#1109979). - supported.conf: add test_syctl to new kselftests-kmp package As per we will require new FATE requests per each new selftest driver. We do not want to support these module on production runs but we do want to support them for QA / testing uses. The compromise is to package them into its own package, this will be the kselftests-kmp package. Selftests can also be used as proof of concept vehicle for issues by customers or ourselves. Vanilla kernels do not get test_sysctl given that driver was using built-in defaults, this also means we cannot run sefltests on config/s390x/zfcpdump which does not enable modules. Likeweise, since we had to *change* the kernel for test_syctl, it it also means we can't test test_syctl with vanilla kernels. It should be possible with other selftests drivers if they are present in vanilla kernels though. - uio, lib: Fix CONFIG_ARCH_HAS_UACCESS_MCSAFE compilation (bsc#1098782). - VFS: do not test owner for NFS in set_posix_acl() (bsc#1103405). - video: goldfishfb: fix memory leak on driver remove (bsc#1051510). - watchdog: Mark watchdog touch functions as notrace (git-fixes). - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() (bsc#1051510). - x86/apic: Fix restoring boot IRQ mode in reboot and kexec/kdump (bsc#1110006). - x86/apic: Split disable_IO_APIC() into two functions to fix CONFIG_KEXEC_JUMP=y (bsc#1110006). - x86/apic: Split out restore_boot_irq_mode() from disable_IO_APIC() (bsc#1110006). - x86/apic/vector: Fix off by one in error path (bsc#1110006). - x86/asm/memcpy_mcsafe: Add labels for __memcpy_mcsafe() write fault handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Add write-protection-fault handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Define copy_to_iter_mcsafe() (bsc#1098782). - x86/asm/memcpy_mcsafe: Fix copy_to_user_mcsafe() exception handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Provide original memcpy_mcsafe_unrolled (bsc#1098782). - x86/asm/memcpy_mcsafe: Remove loop unrolling (bsc#1098782). - x86/asm/memcpy_mcsafe: Return bytes remaining (bsc#1098782). - x86/boot: Fix kexec booting failure in the SEV bit detection code (bsc#1110301). - x86/build/64: Force the linker to use 2MB page size (bsc#1109603). - x86/dumpstack: Save first regs set for the executive summary (bsc#1110006). - x86/dumpstack: Unify show_regs() (bsc#1110006). - x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit() (bsc#1110006). - x86/espfix/64: Fix espfix double-fault handling on 5-level systems (bsc#1110006). - x86/idt: Load idt early in start_secondary (bsc#1110006). - x86/kexec: Avoid double free_page() upon do_kexec_load() failure (bsc#1110006). - x86/mce: Fix set_mce_nospec() to avoid #GP fault (bsc#1107783). - x86/mce: Improve error message when kernel cannot recover (bsc#1110006). - x86/mce: Improve error message when kernel cannot recover (bsc#1110301). - x86/memory_failure: Introduce {set, clear}_mce_nospec() (bsc#1107783). - x86-memory_failure-Introduce-set-clear-_mce_nospec.patch: Fixup compilation breakage on s390 and arm due to missing clear_mce_nospec(). - x86/mm: Add TLB purge to free pmd/pte page interfaces (bsc#1110006). - x86/mm: Disable ioremap free page handling on x86-PAE (bsc#1110006). - x86/mm: Drop TS_COMPAT on 64-bit exec() syscall (bsc#1110006). - x86/mm: Expand static page table for fixmap space (bsc#1110006). - x86/mm: Fix ELF_ET_DYN_BASE for 5-level paging (bsc#1110006). - x86/mm: implement free pmd/pte page interfaces (bsc#1110006). - x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses (bsc#1107783). - x86/mpx: Do not allow MPX if we have mappings above 47-bit (bsc#1110006). - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110006). - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110301). - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bsc#1110006). - x86/pkeys: Do not special case protection key 0 (bsc#1110006). - x86/pkeys: Override pkey when moving away from PROT_EXEC (bsc#1110006). - x86/process: Do not mix user/kernel regs in 64bit __show_regs() (bsc#1110006). - x86/process: Re-export start_thread() (bsc#1110006). - x86/vdso: Fix lsl operand order (bsc#1110006). - x86/vdso: Fix lsl operand order (bsc#1110301). - xen: issue warning message when out of grant maptrack entries (bsc#1105795). - xfs, dax: introduce xfs_dax_aops (bsc#1104888). - xhci: Fix use after free for URB cancellation on a reallocated endpoint (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-2241=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-25.22.1 kernel-default-debugsource-4.12.14-25.22.1 kernel-default-livepatch-4.12.14-25.22.1 kernel-livepatch-4_12_14-25_22-default-1-1.3.1 kernel-livepatch-4_12_14-25_22-default-debuginfo-1-1.3.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1031392 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055120 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1082519 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1090078 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1098782 https://bugzilla.suse.com/1101669 https://bugzilla.suse.com/1102495 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1103405 https://bugzilla.suse.com/1103587 https://bugzilla.suse.com/1103636 https://bugzilla.suse.com/1104888 https://bugzilla.suse.com/1105190 https://bugzilla.suse.com/1105795 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106948 https://bugzilla.suse.com/1107783 https://bugzilla.suse.com/1107829 https://bugzilla.suse.com/1107928 https://bugzilla.suse.com/1107947 https://bugzilla.suse.com/1108096 https://bugzilla.suse.com/1108170 https://bugzilla.suse.com/1108281 https://bugzilla.suse.com/1108323 https://bugzilla.suse.com/1108399 https://bugzilla.suse.com/1108823 https://bugzilla.suse.com/1109244 https://bugzilla.suse.com/1109333 https://bugzilla.suse.com/1109336 https://bugzilla.suse.com/1109337 https://bugzilla.suse.com/1109603 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1109859 https://bugzilla.suse.com/1109979 https://bugzilla.suse.com/1109992 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1110301 https://bugzilla.suse.com/1110363 https://bugzilla.suse.com/1110639 https://bugzilla.suse.com/1110642 https://bugzilla.suse.com/1110643 https://bugzilla.suse.com/1110644 https://bugzilla.suse.com/1110645 https://bugzilla.suse.com/1110646 https://bugzilla.suse.com/1110647 https://bugzilla.suse.com/1110649 https://bugzilla.suse.com/1110650 From sle-security-updates at lists.suse.com Tue Oct 16 07:20:00 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Oct 2018 15:20:00 +0200 (CEST) Subject: SUSE-SU-2018:3159-1: important: Security update for the Linux Kernel Message-ID: <20181016132000.126DDFCB4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3159-1 Rating: important References: #1012382 #1031392 #1051510 #1055120 #1061840 #1065729 #1082519 #1085030 #1090078 #1094244 #1098782 #1101669 #1102495 #1103269 #1103405 #1103587 #1103636 #1104888 #1105190 #1105795 #1106105 #1106240 #1106948 #1107783 #1107829 #1107928 #1107947 #1108096 #1108170 #1108281 #1108323 #1108399 #1108823 #1109244 #1109333 #1109336 #1109337 #1109603 #1109806 #1109859 #1109979 #1109992 #1110006 #1110301 #1110363 #1110639 #1110642 #1110643 #1110644 #1110645 #1110646 #1110647 #1110649 #1110650 Cross-References: CVE-2018-14633 CVE-2018-17182 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has 52 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable (bnc#1107829). The following non-security bugs were fixed: - alsa: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path (bsc#1051510). - alsa: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping (bsc#1051510). - alsa: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO (bsc#1051510). - alsa: fireworks: fix memory leak of response buffer at error path (bsc#1051510). - alsa: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bsc#1051510). - alsa: msnd: Fix the default sample sizes (bsc#1051510). - alsa: pcm: Fix snd_interval_refine first/last with open min/max (bsc#1051510). - alsa: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro (bsc#1051510). - ASoC: cs4265: fix MMTLR Data switch control (bsc#1051510). - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs (bsc#1051510). - ASoC: rt5514: Add the I2S ASRC support (bsc#1051510). - ASoC: rt5514: Add the missing register in the readable table (bsc#1051510). - ASoC: rt5514: Eliminate the noise in the ASRC case (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied (bsc#1051510). - ax88179_178a: Check for supported Wake-on-LAN modes (bsc#1051510). - block, dax: remove dead code in blkdev_writepages() (bsc#1104888). - block: fix warning when I/O elevator is changed as request_queue is being removed (bsc#1109979). - block: Invalidate cache on discard v2 (bsc#1109992). - block: pass inclusive 'lend' parameter to truncate_inode_pages_range (bsc#1109992). - block: properly protect the 'queue' kobj in blk_unregister_queue (bsc#1109979). - bluetooth: Add a new Realtek 8723DE ID 0bda:b009 (bsc#1051510). - bluetooth: btsdio: Do not bind to non-removable BCM43430 (bsc#1103587). - bluetooth: Use lock_sock_nested in bt_accept_enqueue (bsc#1051510). - btrfs: add a comp_refs() helper (dependency for bsc#1031392). - btrfs: add tracepoints for outstanding extents mods (dependency for bsc#1031392). - btrfs: check-integrity: Fix NULL pointer dereference for degraded mount (bsc#1107947). - btrfs: cleanup extent locking sequence (dependency for bsc#1031392). - btrfs: delayed-inode: Remove wrong qgroup meta reservation calls (bsc#1031392). - btrfs: delayed-inode: Use new qgroup meta rsv for delayed inode and item (bsc#1031392). - btrfs: fix data corruption when deduplicating between different files (bsc#1110647). - btrfs: fix duplicate extents after fsync of file with prealloc extents (bsc#1110644). - btrfs: fix fsync after hole punching when using no-holes feature (bsc#1110642). - btrfs: fix loss of prealloc extents past i_size after fsync log replay (bsc#1110643). - btrfs: fix return value on rename exchange failure (bsc#1110645). - btrfs: fix send failure when root has deleted files still open (bsc#1110650). - btrfs: Fix wrong btrfs_delalloc_release_extents parameter (bsc#1031392). - btrfs: log csums for all modified extents (bsc#1110639). - btrfs: make the delalloc block rsv per inode (dependency for bsc#1031392). - btrfs: qgroup: Add quick exit for non-fs extents (dependency for bsc#1031392). - btrfs: qgroup: Cleanup btrfs_qgroup_prepare_account_extents function (dependency for bsc#1031392). - btrfs: qgroup: Cleanup the remaining old reservation counters (bsc#1031392). - btrfs: qgroup: Commit transaction in advance to reduce early EDQUOT (bsc#1031392). - btrfs: qgroup: Do not use root->qgroup_meta_rsv for qgroup (bsc#1031392). - btrfs: qgroup: Fix qgroup reserved space underflow by only freeing reserved ranges (dependency for bsc#1031392). - btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered write and quotas being enabled (dependency for bsc#1031392). - btrfs: qgroup: Fix wrong qgroup reservation update for relationship modification (bsc#1031392). - btrfs: qgroup: Introduce extent changeset for qgroup reserve functions (dependency for bsc#1031392). - btrfs: qgroup: Introduce function to convert META_PREALLOC into META_PERTRANS (bsc#1031392). - btrfs: qgroup: Introduce helpers to update and access new qgroup rsv (bsc#1031392). - btrfs: qgroup: Make qgroup_reserve and its callers to use separate reservation type (bsc#1031392). - btrfs: qgroup: Return actually freed bytes for qgroup release or free data (dependency for bsc#1031392). - btrfs: qgroup: Skeleton to support separate qgroup reservation type (bsc#1031392). - btrfs: qgroup: Split meta rsv type into meta_prealloc and meta_pertrans (bsc#1031392). - btrfs: qgroup: Update trace events for metadata reservation (bsc#1031392). - btrfs: qgroup: Update trace events to use new separate rsv types (bsc#1031392). - btrfs: qgroup: Use independent and accurate per inode qgroup rsv (bsc#1031392). - btrfs: qgroup: Use root::qgroup_meta_rsv_* to record qgroup meta reserved space (bsc#1031392). - btrfs: qgroup: Use separate meta reservation type for delalloc (bsc#1031392). - btrfs: remove type argument from comp_tree_refs (dependency for bsc#1031392). - btrfs: Remove unused parameters from various functions (bsc#1110649). - btrfs: rework outstanding_extents (dependency for bsc#1031392). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (follow up for bsc#1108096). - btrfs: scrub: Do not use inode pages for device replace (follow up for bsc#1108096). - btrfs: switch args for comp_*_refs (dependency for bsc#1031392). - btrfs: sync log after logging new name (bsc#1110646). - btrfs: tests/qgroup: Fix wrong tree backref level (bsc#1107928). - cfg80211: reg: Init wiphy_idx in regulatory_hint_core() (bsc#1051510). - coresight: Handle errors in finding input/output ports (bsc#1051510). - crypto: clarify licensing of OpenSSL asm code (). - crypto: sharah - Unregister correct algorithms for SAHARA 3 (bsc#1051510). - crypto: skcipher - Fix -Wstringop-truncation warnings (bsc#1051510). - dax: Introduce a ->copy_to_iter dax operation (bsc#1098782). - dax: Make extension of dax_operations transparent (bsc#1098782). - dax: remove default copy_from_iter fallback (bsc#1098782). patches.drivers/dax-remove-the-pmem_dax_ops-flush-abstraction.patch: Refresh - dax: Report bytes remaining in dax_iomap_actor() (bsc#1098782). - dax: require 'struct page' by default for filesystem dax (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh - dax: store pfns in the radix (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh - device-dax: Add missing address_space_operations (bsc#1107783). - device-dax: Enable page_mapping() (bsc#1107783). - device-dax: Set page->index (bsc#1107783). - doc/README.SUSE: Remove mentions of cloneconfig (bsc#1103636). - ext2: auto disable dax instead of failing mount (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - ext2, dax: introduce ext2_dax_aops (bsc#1104888). - ext4: auto disable dax instead of failing mount (bsc#1104888 ). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - ext4, dax: add ext4_bmap to ext4_dax_aops (bsc#1104888). - ext4, dax: introduce ext4_dax_aops (bsc#1104888). - ext4, dax: set ext4_dax_aops for dax files (bsc#1104888). - fbdev: Distinguish between interlaced and progressive modes (bsc#1051510). - fbdev/via: fix defined but not used warning (bsc#1051510). - filesystem-dax: Introduce dax_lock_mapping_entry() (bsc#1107783). patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - filesystem-dax: Set page->index (bsc#1107783). - Fix buggy backport in patches.fixes/dax-check-for-queue_flag_dax-in-bdev_dax_supported.patch (bsc#1109859) - Fix kexec forbidding kernels signed with keys in the secondary keyring to boot (bsc#1110006). - Fix sorted section Merge commits 862a718e83 and 8aa4d41564 had conflicts with (apparently) bad resolution which introduced disorder in the sorted section. - fs, dax: prepare for dax-specific address_space_operations (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - fs, dax: use page->mapping to warn if truncate collides with a busy page (bsc#1104888). - gpiolib: Mark gpio_suffixes array with __maybe_unused (bsc#1051510). - gpio: pxa: Fix potential NULL dereference (bsc#1051510). - gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes (bsc#1051510). - HID: hid-ntrig: add error handling for sysfs_create_group (bsc#1051510). - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus (bsc#1051510). - Input: elantech - enable middle button of touchpad on ThinkPad P72 (bsc#1051510). - input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - intel_th: Fix device removal logic (bsc#1051510). - iommu/amd: Return devid as alias for ACPI HID devices (bsc#1106105). - ioremap: Update pgtable free interfaces with addr (bsc#1110006). - ipc/shm: fix shmat() nil address after round-down when remapping (bsc#1090078). - KABI: move the new handler to end of machdep_calls and hide it from genksyms (bsc#1094244). - kprobes/x86: Release insn_slot in failure path (bsc#1110006). - KVM: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix() (bsc#1061840, git-fixes). - KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr (bsc#1106240). - KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault (bsc#1106240). - KVM: x86: Do not re-{try,execute} after failed emulation in L2 (bsc#1106240). - KVM: x86: Invert emulation re-execute behavior to make it opt-in (bsc#1106240). - KVM: x86: Merge EMULTYPE_RETRY and EMULTYPE_ALLOW_REEXECUTE (bsc#1106240). - lan78xx: Check for supported Wake-on-LAN modes (bsc#1051510). - lib/iov_iter: Fix pipe handling in _copy_to_iter_mcsafe() (bsc#1098782). - libnvdimm, pmem: Fix memcpy_mcsafe() return code handling in nsio_rw_bytes() (bsc#1098782). - libnvdimm, pmem: Restore page attributes when clearing errors (bsc#1107783). - Limit kernel-source build to architectures for which we build binaries (bsc#1108281). - mac80211: fix pending queue hang due to TX_DROP (bsc#1051510). - mac80211: restrict delayed tailroom needed decrement (bsc#1051510). - mei: bus: type promotion bug in mei_nfc_if_version() (bsc#1051510). - mei: ignore not found client in the enumeration (bsc#1051510). - mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - mfd: ti_am335x_tscadc: Fix struct clk memory leak (bsc#1051510). - mmc: sdhci: do not try to use 3.3V signaling if not supported (bsc#1051510). - mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips (bsc#1051510). - mm, dax: introduce pfn_t_special() (bsc#1104888). - mm, madvise_inject_error: Disable MADV_SOFT_OFFLINE for ZONE_DEVICE pages (bsc#1107783). - mm, madvise_inject_error: Let memory_failure() optionally take a page reference (bsc#1107783). - mm, memory_failure: Collect mapping size in collect_procs() (bsc#1107783). - mm, memory_failure: Teach memory_failure() about dev_pagemap pages (bsc#1107783). - mm, numa: Migrate pages to local nodes quicker early in the lifetime of a task (bnc#1101669 optimise numa balancing for fast migrate). - mm, numa: Remove rate-limiting of automatic numa balancing migration (bnc#1101669 optimise numa balancing for fast migrate). - mm, numa: Remove rate-limiting of automatic numa balancing migration kabi (bnc#1101669 optimise numa balancing for fast migrate). - mm/vmalloc: add interfaces to free unmapped page table (bsc#1110006). - NFC: Fix possible memory corruption when handling SHDLC I-Frame commands (bsc#1051510). - nfs/filelayout: fix oops when freeing filelayout segment (bsc#1105190). - NFS/filelayout: Fix racy setting of fl->dsaddr in filelayout_check_deviceid() (bsc#1105190). - NFS: Use an appropriate work queue for direct-write completion (bsc#1082519). - parport: sunbpp: fix error return code (bsc#1051510). - PCI: aardvark: Size bridges before resources allocation (bsc#1109806). - PCI: designware: Fix I/O space page leak (bsc#1109806). - PCI: faraday: Add missing of_node_put() (bsc#1109806). - PCI: faraday: Fix I/O space page leak (bsc#1109806). - PCI/portdrv: Compute MSI/MSI-X IRQ vectors after final allocation (bsc#1109806). - PCI/portdrv: Factor out Interrupt Message Number lookup (bsc#1109806). - PCI: versatile: Fix I/O space page leak (bsc#1109806). - PCI: xgene: Fix I/O space page leak (bsc#1109806). - PCI: xilinx: Add missing of_node_put() (bsc#1109806). - PCI: xilinx-nwl: Add missing of_node_put() (bsc#1109806). - pinctrl: cannonlake: Fix HOSTSW_OWN register offset of H variant (bsc#1051510). - platform/x86: alienware-wmi: Correct a memory leak (bsc#1051510). - platform/x86: toshiba_acpi: Fix defined but not used build warnings (bsc#1051510). - pmem: Switch to copy_to_iter_mcsafe() (bsc#1098782). - powernv/pseries: consolidate code for mce early handling (bsc#1094244). - powerpc/fadump: cleanup crash memory ranges support (bsc#1103269). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc: Fix size calculation using resource_size() (bnc#1012382). - powerpc: KABI add aux_ptr to hole in paca_struct to extend it with additional members (bsc#1094244). - powerpc: KABI: move mce_data_buf into paca_aux (bsc#1094244). - powerpc/numa: Use associativity if VPHN hcall is successful (bsc#1110363). - powerpc/pkeys: Fix reading of ibm, processor-storage-keys property (bsc#1109244). - powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large address range (bsc#1055120). - powerpc/pseries: Defer the logging of rtas error to irq work queue (bsc#1094244). - powerpc/pseries: Define MCE error event section (bsc#1094244). - powerpc/pseries: Disable CPU hotplug across migrations (bsc#1065729). - powerpc/pseries: Display machine check error details (bsc#1094244). - powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244). - Refresh patches.kabi/KABI-move-mce_data_buf-into-paca_aux.patch - powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337). - powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495, bsc#1109337). - powerpc/tm: Avoid possible userspace r1 corruption on reclaim (bsc#1109333). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - powerpc/xive: Fix trying to "push" an already active pool VP (bsc#1085030, git-fixes). - r8152: Check for supported Wake-on-LAN Modes (bsc#1051510). - README.BRANCH: SLE15-SP1 branch maintainer changes Add ptesarik as co-maintainer, keep tiwai as the primary maintainer - regulator: fix crash caused by null driver data (bsc#1051510). - rename/renumber hv patches to simplify upcoming upstream merges No code changes. - Revert "btrfs: qgroups: Retry after commit on getting EDQUOT" (bsc#1031392). - Revert "ipc/shm: Fix shmat mmap nil-page protection" (bsc#1090078). - rpm/mkspec: build dtbs for architectures marked -!needs_updating - rpm/mkspec: fix ppc64 kernel-source build. - s390/crypto: Fix return code checking in cbc_paes_crypt() (bnc#1108323, LTC#171709). - s390/pci: fix out of bounds access during irq setup (bnc#1108323, LTC#171068). - s390/qdio: reset old sbal_state flags (LTC#171525, bsc#1106948). - s390/qeth: use vzalloc for QUERY OAT buffer (LTC#171527, bsc#1106948). - sched/fair: Fix bandwidth timer clock drift condition (Git-fixes). - sched/numa: Avoid task migration for small NUMA improvement (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Pass destination CPU as a parameter to migrate_task_rq (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Pass destination CPU as a parameter to migrate_task_rq kabi (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Reset scan rate whenever task moves across nodes (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop multiple tasks from moving to the CPU at the same time (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop multiple tasks from moving to the CPU at the same time kabi (bnc#1101669 optimise numa balancing for fast migrate). - scsi: hisi_sas: Add a flag to filter PHY events during reset (). - scsi: hisi_sas: add memory barrier in task delivery function (). - scsi: hisi_sas: Add missing PHY spinlock init (). - scsi: hisi_sas: Add SATA FIS check for v3 hw (). - scsi: hisi_sas: Adjust task reject period during host reset (). - scsi: hisi_sas: Drop hisi_sas_slot_abort() (). - scsi: hisi_sas: Fix the conflict between dev gone and host reset (). - scsi: hisi_sas: Fix the failure of recovering PHY from STP link timeout (). - scsi: hisi_sas: Implement handlers of PCIe FLR for v3 hw (). - scsi: hisi_sas: Only process broadcast change in phy_bcast_v3_hw() (). - scsi: hisi_sas: Pre-allocate slot DMA buffers (). - scsi: hisi_sas: Release all remaining resources in clear nexus ha (). - scsi: hisi_sas: relocate some common code for v3 hw (). - scsi: hisi_sas: tidy channel interrupt handler for v3 hw (). - scsi: hisi_sas: Tidy hisi_sas_task_prep() (). - scsi: hisi_sas: tidy host controller reset function a bit (). - scsi: hisi_sas: Update a couple of register settings for v3 hw (). - scsi: hisi_sas: Use dmam_alloc_coherent() (). - scsi: ipr: System hung while dlpar adding primary ipr adapter back (bsc#1109336). - smsc75xx: Check for Wake-on-LAN modes (bsc#1051510). - smsc95xx: Check for Wake-on-LAN modes (bsc#1051510). - sort series.conf I didn't want to, but he made me do it. - sr9800: Check for supported Wake-on-LAN modes (bsc#1051510). - sr: get/drop reference to device in revalidate and check_events (bsc#1109979). - supported.conf: add test_syctl to new kselftests-kmp package As per we will require new FATE requests per each new selftest driver. We do not want to support these module on production runs but we do want to support them for QA / testing uses. The compromise is to package them into its own package, this will be the kselftests-kmp package. Selftests can also be used as proof of concept vehicle for issues by customers or ourselves. Vanilla kernels do not get test_sysctl given that driver was using built-in defaults, this also means we cannot run sefltests on config/s390x/zfcpdump which does not enable modules. Likeweise, since we had to *change* the kernel for test_syctl, it it also means we can't test test_syctl with vanilla kernels. It should be possible with other selftests drivers if they are present in vanilla kernels though. - uio, lib: Fix CONFIG_ARCH_HAS_UACCESS_MCSAFE compilation (bsc#1098782). - VFS: do not test owner for NFS in set_posix_acl() (bsc#1103405). - video: goldfishfb: fix memory leak on driver remove (bsc#1051510). - watchdog: Mark watchdog touch functions as notrace (git-fixes). - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() (bsc#1051510). - x86/apic: Fix restoring boot IRQ mode in reboot and kexec/kdump (bsc#1110006). - x86/apic: Split disable_IO_APIC() into two functions to fix CONFIG_KEXEC_JUMP=y (bsc#1110006). - x86/apic: Split out restore_boot_irq_mode() from disable_IO_APIC() (bsc#1110006). - x86/apic/vector: Fix off by one in error path (bsc#1110006). - x86/asm/memcpy_mcsafe: Add labels for __memcpy_mcsafe() write fault handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Add write-protection-fault handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Define copy_to_iter_mcsafe() (bsc#1098782). - x86/asm/memcpy_mcsafe: Fix copy_to_user_mcsafe() exception handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Provide original memcpy_mcsafe_unrolled (bsc#1098782). - x86/asm/memcpy_mcsafe: Remove loop unrolling (bsc#1098782). - x86/asm/memcpy_mcsafe: Return bytes remaining (bsc#1098782). - x86/boot: Fix kexec booting failure in the SEV bit detection code (bsc#1110301). - x86/build/64: Force the linker to use 2MB page size (bsc#1109603). - x86/dumpstack: Save first regs set for the executive summary (bsc#1110006). - x86/dumpstack: Unify show_regs() (bsc#1110006). - x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit() (bsc#1110006). - x86/espfix/64: Fix espfix double-fault handling on 5-level systems (bsc#1110006). - x86/idt: Load idt early in start_secondary (bsc#1110006). - x86/kexec: Avoid double free_page() upon do_kexec_load() failure (bsc#1110006). - x86/mce: Fix set_mce_nospec() to avoid #GP fault (bsc#1107783). - x86/mce: Improve error message when kernel cannot recover (bsc#1110006). - x86/mce: Improve error message when kernel cannot recover (bsc#1110301). - x86/memory_failure: Introduce {set, clear}_mce_nospec() (bsc#1107783). - x86-memory_failure-Introduce-set-clear-_mce_nospec.patch: Fixup compilation breakage on s390 and arm due to missing clear_mce_nospec(). - x86/mm: Add TLB purge to free pmd/pte page interfaces (bsc#1110006). - x86/mm: Disable ioremap free page handling on x86-PAE (bsc#1110006). - x86/mm: Drop TS_COMPAT on 64-bit exec() syscall (bsc#1110006). - x86/mm: Expand static page table for fixmap space (bsc#1110006). - x86/mm: Fix ELF_ET_DYN_BASE for 5-level paging (bsc#1110006). - x86/mm: implement free pmd/pte page interfaces (bsc#1110006). - x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses (bsc#1107783). - x86/mpx: Do not allow MPX if we have mappings above 47-bit (bsc#1110006). - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110006). - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110301). - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bsc#1110006). - x86/pkeys: Do not special case protection key 0 (bsc#1110006). - x86/pkeys: Override pkey when moving away from PROT_EXEC (bsc#1110006). - x86/process: Do not mix user/kernel regs in 64bit __show_regs() (bsc#1110006). - x86/process: Re-export start_thread() (bsc#1110006). - x86/vdso: Fix lsl operand order (bsc#1110006). - x86/vdso: Fix lsl operand order (bsc#1110301). - xen: issue warning message when out of grant maptrack entries (bsc#1105795). - xfs, dax: introduce xfs_dax_aops (bsc#1104888). - xhci: Fix use after free for URB cancellation on a reallocated endpoint (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-2241=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2241=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2241=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2241=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-2241=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-25.22.1 kernel-default-debugsource-4.12.14-25.22.1 kernel-default-extra-4.12.14-25.22.1 kernel-default-extra-debuginfo-4.12.14-25.22.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-25.22.1 kernel-default-debugsource-4.12.14-25.22.1 reiserfs-kmp-default-4.12.14-25.22.1 reiserfs-kmp-default-debuginfo-4.12.14-25.22.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-25.22.1 kernel-obs-build-debugsource-4.12.14-25.22.1 kernel-syms-4.12.14-25.22.1 kernel-vanilla-base-4.12.14-25.22.1 kernel-vanilla-base-debuginfo-4.12.14-25.22.1 kernel-vanilla-debuginfo-4.12.14-25.22.1 kernel-vanilla-debugsource-4.12.14-25.22.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-25.22.2 kernel-source-4.12.14-25.22.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-25.22.1 kernel-default-debuginfo-4.12.14-25.22.1 kernel-default-debugsource-4.12.14-25.22.1 kernel-default-devel-4.12.14-25.22.1 kernel-default-devel-debuginfo-4.12.14-25.22.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-25.22.1 kernel-macros-4.12.14-25.22.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-25.22.1 kernel-zfcpdump-4.12.14-25.22.1 kernel-zfcpdump-debuginfo-4.12.14-25.22.1 kernel-zfcpdump-debugsource-4.12.14-25.22.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-25.22.1 cluster-md-kmp-default-debuginfo-4.12.14-25.22.1 dlm-kmp-default-4.12.14-25.22.1 dlm-kmp-default-debuginfo-4.12.14-25.22.1 gfs2-kmp-default-4.12.14-25.22.1 gfs2-kmp-default-debuginfo-4.12.14-25.22.1 kernel-default-debuginfo-4.12.14-25.22.1 kernel-default-debugsource-4.12.14-25.22.1 ocfs2-kmp-default-4.12.14-25.22.1 ocfs2-kmp-default-debuginfo-4.12.14-25.22.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1031392 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055120 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1082519 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1090078 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1098782 https://bugzilla.suse.com/1101669 https://bugzilla.suse.com/1102495 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1103405 https://bugzilla.suse.com/1103587 https://bugzilla.suse.com/1103636 https://bugzilla.suse.com/1104888 https://bugzilla.suse.com/1105190 https://bugzilla.suse.com/1105795 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106948 https://bugzilla.suse.com/1107783 https://bugzilla.suse.com/1107829 https://bugzilla.suse.com/1107928 https://bugzilla.suse.com/1107947 https://bugzilla.suse.com/1108096 https://bugzilla.suse.com/1108170 https://bugzilla.suse.com/1108281 https://bugzilla.suse.com/1108323 https://bugzilla.suse.com/1108399 https://bugzilla.suse.com/1108823 https://bugzilla.suse.com/1109244 https://bugzilla.suse.com/1109333 https://bugzilla.suse.com/1109336 https://bugzilla.suse.com/1109337 https://bugzilla.suse.com/1109603 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1109859 https://bugzilla.suse.com/1109979 https://bugzilla.suse.com/1109992 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1110301 https://bugzilla.suse.com/1110363 https://bugzilla.suse.com/1110639 https://bugzilla.suse.com/1110642 https://bugzilla.suse.com/1110643 https://bugzilla.suse.com/1110644 https://bugzilla.suse.com/1110645 https://bugzilla.suse.com/1110646 https://bugzilla.suse.com/1110647 https://bugzilla.suse.com/1110649 https://bugzilla.suse.com/1110650 From sle-security-updates at lists.suse.com Tue Oct 16 07:28:48 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Oct 2018 15:28:48 +0200 (CEST) Subject: SUSE-SU-2018:3161-1: moderate: Security update for samba Message-ID: <20181016132848.73B57FCF0@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3161-1 Rating: moderate References: #1068059 #1087931 #1095057 #1102230 #1110943 Cross-References: CVE-2018-10919 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: Samba was updated to 4.6.15, bringing bug and security fixes. (bsc#1110943) Following security issues were fixed: - CVE-2018-10919: Fix unauthorized attribute access via searches. (bsc#1095057); Non-security bugs fixed: - Fix ctdb_mutex_ceph_rados_helper deadlock (bsc#1102230). - Allow idmap_rid to have primary group other than "Domain Users" (bsc#1087931). - winbind: avoid using fstrcpy in _dual_init_connection. - Fix ntlm authentications with "winbind use default domain = yes" (bsc#1068059). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2242=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2242=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-2242=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2242=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-2242=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libndr-devel-4.6.16+git.124.aee309c5c18-3.32.1 libndr-krb5pac-devel-4.6.16+git.124.aee309c5c18-3.32.1 libndr-nbt-devel-4.6.16+git.124.aee309c5c18-3.32.1 libndr-standard-devel-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-util-devel-4.6.16+git.124.aee309c5c18-3.32.1 libsmbclient-devel-4.6.16+git.124.aee309c5c18-3.32.1 libwbclient-devel-4.6.16+git.124.aee309c5c18-3.32.1 samba-core-devel-4.6.16+git.124.aee309c5c18-3.32.1 samba-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-debugsource-4.6.16+git.124.aee309c5c18-3.32.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc-binding0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc0-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libndr-krb5pac0-4.6.16+git.124.aee309c5c18-3.32.1 libndr-krb5pac0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libndr-nbt0-4.6.16+git.124.aee309c5c18-3.32.1 libndr-nbt0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libndr-standard0-4.6.16+git.124.aee309c5c18-3.32.1 libndr-standard0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libndr0-4.6.16+git.124.aee309c5c18-3.32.1 libndr0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libnetapi0-4.6.16+git.124.aee309c5c18-3.32.1 libnetapi0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-credentials0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-credentials0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-errors0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-errors0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-hostconfig0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-hostconfig0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-passdb0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-passdb0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-util0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-util0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamdb0-4.6.16+git.124.aee309c5c18-3.32.1 libsamdb0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsmbclient0-4.6.16+git.124.aee309c5c18-3.32.1 libsmbclient0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsmbconf0-4.6.16+git.124.aee309c5c18-3.32.1 libsmbconf0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsmbldap0-4.6.16+git.124.aee309c5c18-3.32.1 libsmbldap0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libtevent-util0-4.6.16+git.124.aee309c5c18-3.32.1 libtevent-util0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libwbclient0-4.6.16+git.124.aee309c5c18-3.32.1 libwbclient0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-4.6.16+git.124.aee309c5c18-3.32.1 samba-client-4.6.16+git.124.aee309c5c18-3.32.1 samba-client-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-debugsource-4.6.16+git.124.aee309c5c18-3.32.1 samba-libs-4.6.16+git.124.aee309c5c18-3.32.1 samba-libs-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-winbind-4.6.16+git.124.aee309c5c18-3.32.1 samba-winbind-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-krb5pac0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-nbt0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-standard0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-standard0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libnetapi0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libnetapi0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-credentials0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-errors0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-hostconfig0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-passdb0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-util0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-util0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamdb0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamdb0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbclient0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbclient0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbconf0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbconf0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbldap0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbldap0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libtevent-util0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libtevent-util0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libwbclient0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libwbclient0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-client-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-client-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-libs-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-libs-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-winbind-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-winbind-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): samba-doc-4.6.16+git.124.aee309c5c18-3.32.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ctdb-4.6.16+git.124.aee309c5c18-3.32.1 ctdb-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-debugsource-4.6.16+git.124.aee309c5c18-3.32.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc-binding0-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc-binding0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc0-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libndr-krb5pac0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-krb5pac0-4.6.16+git.124.aee309c5c18-3.32.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-krb5pac0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libndr-nbt0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-nbt0-4.6.16+git.124.aee309c5c18-3.32.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-nbt0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libndr-standard0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-standard0-4.6.16+git.124.aee309c5c18-3.32.1 libndr-standard0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-standard0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libndr0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr0-4.6.16+git.124.aee309c5c18-3.32.1 libndr0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libnetapi0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libnetapi0-4.6.16+git.124.aee309c5c18-3.32.1 libnetapi0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libnetapi0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-credentials0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-credentials0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-credentials0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-errors0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-errors0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-errors0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-hostconfig0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-hostconfig0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-hostconfig0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-passdb0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-passdb0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-passdb0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-util0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-util0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-util0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-util0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamdb0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamdb0-4.6.16+git.124.aee309c5c18-3.32.1 libsamdb0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamdb0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsmbclient0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbclient0-4.6.16+git.124.aee309c5c18-3.32.1 libsmbclient0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbclient0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsmbconf0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbconf0-4.6.16+git.124.aee309c5c18-3.32.1 libsmbconf0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbconf0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsmbldap0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbldap0-4.6.16+git.124.aee309c5c18-3.32.1 libsmbldap0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbldap0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libtevent-util0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libtevent-util0-4.6.16+git.124.aee309c5c18-3.32.1 libtevent-util0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libtevent-util0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libwbclient0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libwbclient0-4.6.16+git.124.aee309c5c18-3.32.1 libwbclient0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libwbclient0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-4.6.16+git.124.aee309c5c18-3.32.1 samba-client-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-client-4.6.16+git.124.aee309c5c18-3.32.1 samba-client-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-client-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-debugsource-4.6.16+git.124.aee309c5c18-3.32.1 samba-libs-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-libs-4.6.16+git.124.aee309c5c18-3.32.1 samba-libs-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-libs-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-winbind-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-winbind-4.6.16+git.124.aee309c5c18-3.32.1 samba-winbind-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-winbind-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): samba-doc-4.6.16+git.124.aee309c5c18-3.32.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ctdb-4.6.16+git.124.aee309c5c18-3.32.1 ctdb-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-ceph-4.6.16+git.124.aee309c5c18-3.32.1 samba-ceph-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-debugsource-4.6.16+git.124.aee309c5c18-3.32.1 References: https://www.suse.com/security/cve/CVE-2018-10919.html https://bugzilla.suse.com/1068059 https://bugzilla.suse.com/1087931 https://bugzilla.suse.com/1095057 https://bugzilla.suse.com/1102230 https://bugzilla.suse.com/1110943 From sle-security-updates at lists.suse.com Tue Oct 16 10:09:00 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Oct 2018 18:09:00 +0200 (CEST) Subject: SUSE-SU-2018:3162-1: important: Security update for libssh Message-ID: <20181016160900.89A82F7C0@maintenance.suse.de> SUSE Security Update: Security update for libssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3162-1 Rating: important References: #1108020 Cross-References: CVE-2018-10933 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libssh fixes the following issues: - CVE-2018-10933: Fixed a server mode authentication bypass (bsc#1108020). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2244=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libssh-debugsource-0.7.5-6.3.1 libssh-devel-0.7.5-6.3.1 libssh4-0.7.5-6.3.1 libssh4-debuginfo-0.7.5-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libssh4-32bit-0.7.5-6.3.1 libssh4-32bit-debuginfo-0.7.5-6.3.1 References: https://www.suse.com/security/cve/CVE-2018-10933.html https://bugzilla.suse.com/1108020 From sle-security-updates at lists.suse.com Tue Oct 16 10:10:13 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Oct 2018 18:10:13 +0200 (CEST) Subject: SUSE-SU-2018:3164-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP3) Message-ID: <20181016161013.384FFF7C0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3164-1 Rating: important References: #1107832 #1110233 Cross-References: CVE-2018-14633 CVE-2018-17182 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.131-94_29 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-2250=1 SUSE-SLE-Live-Patching-12-SP3-2018-2251=1 SUSE-SLE-Live-Patching-12-SP3-2018-2252=1 SUSE-SLE-Live-Patching-12-SP3-2018-2253=1 SUSE-SLE-Live-Patching-12-SP3-2018-2254=1 SUSE-SLE-Live-Patching-12-SP3-2018-2255=1 SUSE-SLE-Live-Patching-12-SP3-2018-2256=1 SUSE-SLE-Live-Patching-12-SP3-2018-2257=1 SUSE-SLE-Live-Patching-12-SP3-2018-2258=1 SUSE-SLE-Live-Patching-12-SP3-2018-2259=1 SUSE-SLE-Live-Patching-12-SP3-2018-2260=1 SUSE-SLE-Live-Patching-12-SP3-2018-2261=1 SUSE-SLE-Live-Patching-12-SP3-2018-2262=1 SUSE-SLE-Live-Patching-12-SP3-2018-2263=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_103-6_33-default-10-2.1 kgraft-patch-4_4_103-6_33-default-debuginfo-10-2.1 kgraft-patch-4_4_103-6_38-default-10-2.1 kgraft-patch-4_4_103-6_38-default-debuginfo-10-2.1 kgraft-patch-4_4_114-94_11-default-8-2.1 kgraft-patch-4_4_114-94_11-default-debuginfo-8-2.1 kgraft-patch-4_4_114-94_14-default-8-2.1 kgraft-patch-4_4_114-94_14-default-debuginfo-8-2.1 kgraft-patch-4_4_120-94_17-default-7-2.1 kgraft-patch-4_4_120-94_17-default-debuginfo-7-2.1 kgraft-patch-4_4_126-94_22-default-7-2.1 kgraft-patch-4_4_126-94_22-default-debuginfo-7-2.1 kgraft-patch-4_4_131-94_29-default-5-2.1 kgraft-patch-4_4_131-94_29-default-debuginfo-5-2.1 kgraft-patch-4_4_132-94_33-default-5-2.1 kgraft-patch-4_4_132-94_33-default-debuginfo-5-2.1 kgraft-patch-4_4_138-94_39-default-4-2.1 kgraft-patch-4_4_138-94_39-default-debuginfo-4-2.1 kgraft-patch-4_4_140-94_42-default-4-2.1 kgraft-patch-4_4_140-94_42-default-debuginfo-4-2.1 kgraft-patch-4_4_143-94_47-default-3-2.1 kgraft-patch-4_4_143-94_47-default-debuginfo-3-2.1 kgraft-patch-4_4_155-94_50-default-2-2.1 kgraft-patch-4_4_155-94_50-default-debuginfo-2-2.1 kgraft-patch-4_4_92-6_30-default-10-2.1 kgraft-patch-4_4_92-6_30-default-debuginfo-10-2.1 - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_92-6_18-default-11-2.1 kgraft-patch-4_4_92-6_18-default-debuginfo-11-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1107832 https://bugzilla.suse.com/1110233 From sle-security-updates at lists.suse.com Tue Oct 16 13:08:51 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Oct 2018 21:08:51 +0200 (CEST) Subject: SUSE-SU-2018:3170-1: moderate: Security update for binutils Message-ID: <20181016190851.B3D9DF7C0@maintenance.suse.de> SUSE Security Update: Security update for binutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3170-1 Rating: moderate References: #1065643 #1065689 #1065693 #1068640 #1068643 #1068887 #1068888 #1068950 #1069176 #1069202 #1075418 #1077745 #1079103 #1079741 #1080556 #1081527 #1083528 #1083532 #1085784 #1086608 #1086784 #1086786 #1086788 #1090997 #1091015 #1091365 #1091368 Cross-References: CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves 25 vulnerabilities and has two fixes is now available. Description: This update for binutils to version 2.31 fixes the following issues: These security issues were fixed: - CVE-2017-15996: readelf allowed remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggered a buffer overflow on fuzzed archive header (bsc#1065643) - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd) mishandled NULL files in a .debug_line file table, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename (bsc#1065689) - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd) miscalculated DW_FORM_ref_addr die refs in the case of a relocatable object file, which allowed remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash) (bsc#1065693) - CVE-2017-16826: The coff_slurp_line_table function the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068640) - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate size and offset values in the data dictionary, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068643) - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did not validate the symbol count, which allowed remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file (bsc#1068887) - CVE-2017-16830: The print_gnu_property_note function did not have integer-overflow protection on 32-bit platforms, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068888) - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary File Descriptor (BFD) library (aka libbfd) did not prevent negative pointers, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068950) - CVE-2017-16828: The display_debug_frames function allowed remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069176) - CVE-2017-16827: The aout_get_external_symbols function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069202) - CVE-2018-6323: The elf_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) had an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1077745) - CVE-2018-6543: Prevent integer overflow in the function load_specific_debug_section() which resulted in `malloc()` with 0 size. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1079103) - CVE-2018-6759: The bfd_get_debug_link_info_1 function in the Binary File Descriptor (BFD) library (aka libbfd) had an unchecked strnlen operation. Remote attackers could have leveraged this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file (bsc#1079741) - CVE-2018-6872: The elf_parse_notes function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment (bsc#1080556) - CVE-2018-7208: In the coff_pointerize_aux function in the Binary File Descriptor (BFD) library (aka libbfd) an index was not validated, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object (bsc#1081527) - CVE-2018-7570: The assign_file_positions_for_non_load_sections function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy (bsc#1083528) - CVE-2018-7569: The Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm (bsc#1083532) - CVE-2018-8945: The bfd_section_from_shdr function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (segmentation fault) via a large attribute section (bsc#1086608) - CVE-2018-7643: The display_debug_ranges function allowed remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump (bsc#1086784) - CVE-2018-7642: The swap_std_reloc_in function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy (bsc#1086786) - CVE-2018-7568: The parse_die function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm (bsc#1086788) - CVE-2018-10373: concat_filename in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new (bsc#1090997) - CVE-2018-10372: process_cu_tu_index allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf (bsc#1091015) - CVE-2018-10535: The ignore_section_sym function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy (bsc#1091365) - CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in the Binary File Descriptor (BFD) library (aka libbfd) processesed a negative Data Directory size with an unbounded loop that increased the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeded its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c (bsc#1091368) These non-security issues were fixed: - The AArch64 port now supports showing disassembly notes which are emitted when inconsistencies are found with the instruction that may result in the instruction being invalid. These can be turned on with the option -M notes to objdump. - The AArch64 port now emits warnings when a combination of an instruction and a named register could be invalid. - Added O modifier to ar to display member offsets inside an archive - The ADR and ADRL pseudo-instructions supported by the ARM assembler now only set the bottom bit of the address of thumb function symbols if the -mthumb-interwork command line option is active. - Add --generate-missing-build-notes=[yes|no] option to create (or not) GNU Build Attribute notes if none are present in the input sources. Add a --enable-generate-build-notes=[yes|no] configure time option to set the default behaviour. Set the default if the configure option is not used to "no". - Remove -mold-gcc command-line option for x86 targets. - Add -O[2|s] command-line options to x86 assembler to enable alternate shorter instruction encoding. - Add support for .nops directive. It is currently supported only for x86 targets. - Speed up direct linking with DLLs for Cygwin and Mingw targets. - Add a configure option --enable-separate-code to decide whether -z separate-code should be enabled in ELF linker by default. Default to yes for Linux/x86 targets. Note that -z separate-code can increase disk and memory size. - RISC-V: Fix symbol address problem with versioned symbols - Restore riscv64-elf cross prefix via symlinks - Fix pacemaker libqb problem with section start/stop symbols - RISC-V: Don't enable relaxation in relocatable link - Prevent linking faiures on i386 with assertion (bsc#1085784) - Fix symbol size bug when relaxation deletes bytes - Add --debug-dump=links option to readelf and --dwarf=links option to objdump which displays the contents of any .gnu_debuglink or .gnu_debugaltlink sections. Add a --debug-dump=follow-links option to readelf and a --dwarf=follow-links option to objdump which causes indirect links into separate debug info files to be followed when dumping other DWARF sections. - Add support for loaction views in DWARF debug line information. - Add -z separate-code to generate separate code PT_LOAD segment. - Add "-z undefs" command line option as the inverse of the "-z defs" option. - Add -z globalaudit command line option to force audit libraries to be run for every dynamic object loaded by an executable - provided that the loader supports this functionality. - Tighten linker script grammar around file name specifiers to prevent the use of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These would previously be accepted but had no effect. - The EXCLUDE_FILE directive can now be placed within any SORT_* directive within input section lists. - Fix linker relaxation with --wrap Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2265=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2265=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): binutils-debugsource-2.31-6.3.1 binutils-devel-32bit-2.31-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): binutils-2.31-6.3.1 binutils-debuginfo-2.31-6.3.1 binutils-debugsource-2.31-6.3.1 binutils-devel-2.31-6.3.1 References: https://www.suse.com/security/cve/CVE-2017-15938.html https://www.suse.com/security/cve/CVE-2017-15939.html https://www.suse.com/security/cve/CVE-2017-15996.html https://www.suse.com/security/cve/CVE-2017-16826.html https://www.suse.com/security/cve/CVE-2017-16827.html https://www.suse.com/security/cve/CVE-2017-16828.html https://www.suse.com/security/cve/CVE-2017-16829.html https://www.suse.com/security/cve/CVE-2017-16830.html https://www.suse.com/security/cve/CVE-2017-16831.html https://www.suse.com/security/cve/CVE-2017-16832.html https://www.suse.com/security/cve/CVE-2018-10372.html https://www.suse.com/security/cve/CVE-2018-10373.html https://www.suse.com/security/cve/CVE-2018-10534.html https://www.suse.com/security/cve/CVE-2018-10535.html https://www.suse.com/security/cve/CVE-2018-6323.html https://www.suse.com/security/cve/CVE-2018-6543.html https://www.suse.com/security/cve/CVE-2018-6759.html https://www.suse.com/security/cve/CVE-2018-6872.html https://www.suse.com/security/cve/CVE-2018-7208.html https://www.suse.com/security/cve/CVE-2018-7568.html https://www.suse.com/security/cve/CVE-2018-7569.html https://www.suse.com/security/cve/CVE-2018-7570.html https://www.suse.com/security/cve/CVE-2018-7642.html https://www.suse.com/security/cve/CVE-2018-7643.html https://www.suse.com/security/cve/CVE-2018-8945.html https://bugzilla.suse.com/1065643 https://bugzilla.suse.com/1065689 https://bugzilla.suse.com/1065693 https://bugzilla.suse.com/1068640 https://bugzilla.suse.com/1068643 https://bugzilla.suse.com/1068887 https://bugzilla.suse.com/1068888 https://bugzilla.suse.com/1068950 https://bugzilla.suse.com/1069176 https://bugzilla.suse.com/1069202 https://bugzilla.suse.com/1075418 https://bugzilla.suse.com/1077745 https://bugzilla.suse.com/1079103 https://bugzilla.suse.com/1079741 https://bugzilla.suse.com/1080556 https://bugzilla.suse.com/1081527 https://bugzilla.suse.com/1083528 https://bugzilla.suse.com/1083532 https://bugzilla.suse.com/1085784 https://bugzilla.suse.com/1086608 https://bugzilla.suse.com/1086784 https://bugzilla.suse.com/1086786 https://bugzilla.suse.com/1086788 https://bugzilla.suse.com/1090997 https://bugzilla.suse.com/1091015 https://bugzilla.suse.com/1091365 https://bugzilla.suse.com/1091368 From sle-security-updates at lists.suse.com Tue Oct 16 16:08:06 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Oct 2018 00:08:06 +0200 (CEST) Subject: SUSE-SU-2018:3171-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP1) Message-ID: <20181016220806.79317F7C0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3171-1 Rating: important References: #1107832 #1108963 #1110233 Cross-References: CVE-2018-14633 CVE-2018-14634 CVE-2018-17182 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_82 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14634: An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable (bsc#1108963). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2266=1 SUSE-SLE-SERVER-12-SP1-2018-2267=1 SUSE-SLE-SERVER-12-SP1-2018-2268=1 SUSE-SLE-SERVER-12-SP1-2018-2269=1 SUSE-SLE-SERVER-12-SP1-2018-2270=1 SUSE-SLE-SERVER-12-SP1-2018-2271=1 SUSE-SLE-SERVER-12-SP1-2018-2272=1 SUSE-SLE-SERVER-12-SP1-2018-2273=1 SUSE-SLE-SERVER-12-SP1-2018-2275=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_63-default-10-2.1 kgraft-patch-3_12_74-60_64_63-xen-10-2.1 kgraft-patch-3_12_74-60_64_66-default-9-2.1 kgraft-patch-3_12_74-60_64_66-xen-9-2.1 kgraft-patch-3_12_74-60_64_69-default-8-2.1 kgraft-patch-3_12_74-60_64_69-xen-8-2.1 kgraft-patch-3_12_74-60_64_82-default-8-2.1 kgraft-patch-3_12_74-60_64_82-xen-8-2.1 kgraft-patch-3_12_74-60_64_85-default-8-2.1 kgraft-patch-3_12_74-60_64_85-xen-8-2.1 kgraft-patch-3_12_74-60_64_88-default-6-2.1 kgraft-patch-3_12_74-60_64_88-xen-6-2.1 kgraft-patch-3_12_74-60_64_93-default-5-2.1 kgraft-patch-3_12_74-60_64_93-xen-5-2.1 kgraft-patch-3_12_74-60_64_96-default-5-2.1 kgraft-patch-3_12_74-60_64_96-xen-5-2.1 kgraft-patch-3_12_74-60_64_99-default-4-2.1 kgraft-patch-3_12_74-60_64_99-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-14634.html https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1107832 https://bugzilla.suse.com/1108963 https://bugzilla.suse.com/1110233 From sle-security-updates at lists.suse.com Tue Oct 16 16:11:58 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Oct 2018 00:11:58 +0200 (CEST) Subject: SUSE-SU-2018:3172-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP1) Message-ID: <20181016221158.06A9BFC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3172-1 Rating: important References: #1102682 #1107832 #1110233 Cross-References: CVE-2018-14633 CVE-2018-17182 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_104 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2274=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_104-default-2-2.1 kgraft-patch-3_12_74-60_64_104-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-17182.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1107832 https://bugzilla.suse.com/1110233 From sle-security-updates at lists.suse.com Tue Oct 16 16:12:53 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Oct 2018 00:12:53 +0200 (CEST) Subject: SUSE-SU-2018:3173-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) Message-ID: <20181016221253.9662EFC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3173-1 Rating: important References: #1107832 #1110233 Cross-References: CVE-2018-14633 CVE-2018-17182 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.121-92_80 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2276=1 SUSE-SLE-SAP-12-SP2-2018-2277=1 SUSE-SLE-SAP-12-SP2-2018-2278=1 SUSE-SLE-SAP-12-SP2-2018-2279=1 SUSE-SLE-SAP-12-SP2-2018-2280=1 SUSE-SLE-SAP-12-SP2-2018-2281=1 SUSE-SLE-SAP-12-SP2-2018-2282=1 SUSE-SLE-SAP-12-SP2-2018-2283=1 SUSE-SLE-SAP-12-SP2-2018-2284=1 SUSE-SLE-SAP-12-SP2-2018-2285=1 SUSE-SLE-SAP-12-SP2-2018-2286=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2276=1 SUSE-SLE-SERVER-12-SP2-2018-2277=1 SUSE-SLE-SERVER-12-SP2-2018-2278=1 SUSE-SLE-SERVER-12-SP2-2018-2279=1 SUSE-SLE-SERVER-12-SP2-2018-2280=1 SUSE-SLE-SERVER-12-SP2-2018-2281=1 SUSE-SLE-SERVER-12-SP2-2018-2282=1 SUSE-SLE-SERVER-12-SP2-2018-2283=1 SUSE-SLE-SERVER-12-SP2-2018-2284=1 SUSE-SLE-SERVER-12-SP2-2018-2285=1 SUSE-SLE-SERVER-12-SP2-2018-2286=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_103-92_53-default-10-2.1 kgraft-patch-4_4_103-92_56-default-10-2.1 kgraft-patch-4_4_114-92_64-default-8-2.1 kgraft-patch-4_4_114-92_67-default-8-2.1 kgraft-patch-4_4_120-92_70-default-7-2.1 kgraft-patch-4_4_121-92_73-default-6-2.1 kgraft-patch-4_4_121-92_80-default-6-2.1 kgraft-patch-4_4_121-92_85-default-4-2.1 kgraft-patch-4_4_121-92_92-default-4-2.1 kgraft-patch-4_4_90-92_45-default-11-2.1 kgraft-patch-4_4_90-92_50-default-11-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_103-92_53-default-10-2.1 kgraft-patch-4_4_103-92_56-default-10-2.1 kgraft-patch-4_4_114-92_64-default-8-2.1 kgraft-patch-4_4_114-92_67-default-8-2.1 kgraft-patch-4_4_120-92_70-default-7-2.1 kgraft-patch-4_4_121-92_73-default-6-2.1 kgraft-patch-4_4_121-92_80-default-6-2.1 kgraft-patch-4_4_121-92_85-default-4-2.1 kgraft-patch-4_4_121-92_92-default-4-2.1 kgraft-patch-4_4_90-92_45-default-11-2.1 kgraft-patch-4_4_90-92_50-default-11-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1107832 https://bugzilla.suse.com/1110233 From sle-security-updates at lists.suse.com Wed Oct 17 04:11:15 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Oct 2018 12:11:15 +0200 (CEST) Subject: SUSE-SU-2018:3191-1: moderate: Security update for ImageMagick Message-ID: <20181017101115.81094FC98@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3191-1 Rating: moderate References: #1098545 #1098546 #1110746 #1110747 #1111069 #1111072 Cross-References: CVE-2017-13058 CVE-2018-12599 CVE-2018-12600 CVE-2018-17965 CVE-2018-17966 CVE-2018-18016 CVE-2018-18024 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (bsc#1111069) - CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072). - CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747). - CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746). - CVE-2018-12600: ReadDIBImage and WriteDIBImage allowed attackers to cause an out of bounds write via a crafted file. (bsc#1098545) - CVE-2018-12599: ReadBMPImage and WriteBMPImage allowed attackers to cause an out of bounds write via a crafted file. (bsc#1098546) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2287=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2287=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2287=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2287=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.82.1 ImageMagick-debuginfo-6.8.8.1-71.82.1 ImageMagick-debugsource-6.8.8.1-71.82.1 libMagick++-6_Q16-3-6.8.8.1-71.82.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.82.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.82.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.82.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.82.1 ImageMagick-debuginfo-6.8.8.1-71.82.1 ImageMagick-debugsource-6.8.8.1-71.82.1 ImageMagick-devel-6.8.8.1-71.82.1 libMagick++-6_Q16-3-6.8.8.1-71.82.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.82.1 libMagick++-devel-6.8.8.1-71.82.1 perl-PerlMagick-6.8.8.1-71.82.1 perl-PerlMagick-debuginfo-6.8.8.1-71.82.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.82.1 ImageMagick-debugsource-6.8.8.1-71.82.1 libMagickCore-6_Q16-1-6.8.8.1-71.82.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.82.1 libMagickWand-6_Q16-1-6.8.8.1-71.82.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.82.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.82.1 ImageMagick-debuginfo-6.8.8.1-71.82.1 ImageMagick-debugsource-6.8.8.1-71.82.1 libMagick++-6_Q16-3-6.8.8.1-71.82.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.82.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.82.1 libMagickCore-6_Q16-1-6.8.8.1-71.82.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.82.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.82.1 libMagickWand-6_Q16-1-6.8.8.1-71.82.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.82.1 References: https://www.suse.com/security/cve/CVE-2017-13058.html https://www.suse.com/security/cve/CVE-2018-12599.html https://www.suse.com/security/cve/CVE-2018-12600.html https://www.suse.com/security/cve/CVE-2018-17965.html https://www.suse.com/security/cve/CVE-2018-17966.html https://www.suse.com/security/cve/CVE-2018-18016.html https://www.suse.com/security/cve/CVE-2018-18024.html https://bugzilla.suse.com/1098545 https://bugzilla.suse.com/1098546 https://bugzilla.suse.com/1110746 https://bugzilla.suse.com/1110747 https://bugzilla.suse.com/1111069 https://bugzilla.suse.com/1111072 From sle-security-updates at lists.suse.com Wed Oct 17 13:26:14 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Oct 2018 21:26:14 +0200 (CEST) Subject: SUSE-SU-2018:3207-1: moderate: Security update for binutils Message-ID: <20181017192614.05109FCB4@maintenance.suse.de> SUSE Security Update: Security update for binutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3207-1 Rating: moderate References: #1029907 #1029908 #1029909 #1030296 #1030297 #1030298 #1030584 #1030585 #1030588 #1030589 #1031590 #1031593 #1031595 #1031638 #1031644 #1031656 #1037052 #1037057 #1037061 #1037066 #1037273 #1044891 #1044897 #1044901 #1044909 #1044925 #1044927 #1065643 #1065689 #1065693 #1068640 #1068643 #1068887 #1068888 #1068950 #1069176 #1069202 #1074741 #1077745 #1079103 #1079741 #1080556 #1081527 #1083528 #1083532 #1085784 #1086608 #1086784 #1086786 #1086788 #1090997 #1091015 #1091365 #1091368 Cross-References: CVE-2014-9939 CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8396 CVE-2017-8421 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 52 vulnerabilities and has two fixes is now available. Description: This update for binutils to 2.31 fixes the following issues: These security issues were fixed: - CVE-2017-15996: readelf allowed remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggered a buffer overflow on fuzzed archive header (bsc#1065643). - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd) mishandled NULL files in a .debug_line file table, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename (bsc#1065689). - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd) miscalculated DW_FORM_ref_addr die refs in the case of a relocatable object file, which allowed remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash) (bsc#1065693). - CVE-2017-16826: The coff_slurp_line_table function the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068640). - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate size and offset values in the data dictionary, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068643). - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did not validate the symbol count, which allowed remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file (bsc#1068887). - CVE-2017-16830: The print_gnu_property_note function did not have integer-overflow protection on 32-bit platforms, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068888). - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary File Descriptor (BFD) library (aka libbfd) did not prevent negative pointers, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068950). - CVE-2017-16828: The display_debug_frames function allowed remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069176). - CVE-2017-16827: The aout_get_external_symbols function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069202). - CVE-2018-6323: The elf_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) had an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1077745). - CVE-2018-6543: Prevent integer overflow in the function load_specific_debug_section() which resulted in `malloc()` with 0 size. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1079103). - CVE-2018-6759: The bfd_get_debug_link_info_1 function in the Binary File Descriptor (BFD) library (aka libbfd) had an unchecked strnlen operation. Remote attackers could have leveraged this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file (bsc#1079741). - CVE-2018-6872: The elf_parse_notes function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment (bsc#1080556). - CVE-2018-7208: In the coff_pointerize_aux function in the Binary File Descriptor (BFD) library (aka libbfd) an index was not validated, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object (bsc#1081527). - CVE-2018-7570: The assign_file_positions_for_non_load_sections function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy (bsc#1083528). - CVE-2018-7569: The Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm (bsc#1083532). - CVE-2018-8945: The bfd_section_from_shdr function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (segmentation fault) via a large attribute section (bsc#1086608). - CVE-2018-7643: The display_debug_ranges function allowed remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump (bsc#1086784). - CVE-2018-7642: The swap_std_reloc_in function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy (bsc#1086786). - CVE-2018-7568: The parse_die function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm (bsc#1086788). - CVE-2018-10373: concat_filename in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new (bsc#1090997). - CVE-2018-10372: process_cu_tu_index allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf (bsc#1091015). - CVE-2018-10535: The ignore_section_sym function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy (bsc#1091365). - CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in the Binary File Descriptor (BFD) library (aka libbfd) processesed a negative Data Directory size with an unbounded loop that increased the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeded its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c (bsc#1091368). These non-security issues were fixed: - The AArch64 port now supports showing disassembly notes which are emitted when inconsistencies are found with the instruction that may result in the instruction being invalid. These can be turned on with the option -M notes to objdump. - The AArch64 port now emits warnings when a combination of an instruction and a named register could be invalid. - Added O modifier to ar to display member offsets inside an archive - The ADR and ADRL pseudo-instructions supported by the ARM assembler now only set the bottom bit of the address of thumb function symbols if the -mthumb-interwork command line option is active. - Add --generate-missing-build-notes=[yes|no] option to create (or not) GNU Build Attribute notes if none are present in the input sources. Add a --enable-generate-build-notes=[yes|no] configure time option to set the default behaviour. Set the default if the configure option is not used to "no". - Remove -mold-gcc command-line option for x86 targets. - Add -O[2|s] command-line options to x86 assembler to enable alternate shorter instruction encoding. - Add support for .nops directive. It is currently supported only for x86 targets. - Speed up direct linking with DLLs for Cygwin and Mingw targets. - Add a configure option --enable-separate-code to decide whether -z separate-code should be enabled in ELF linker by default. Default to yes for Linux/x86 targets. Note that -z separate-code can increase disk and memory size. - RISC-V: Fix symbol address problem with versioned symbols - Restore riscv64-elf cross prefix via symlinks - RISC-V: Don't enable relaxation in relocatable link - Prevent linking faiures on i386 with assertion (bsc#1085784) - Fix symbol size bug when relaxation deletes bytes - Add --debug-dump=links option to readelf and --dwarf=links option to objdump which displays the contents of any .gnu_debuglink or .gnu_debugaltlink sections. Add a --debug-dump=follow-links option to readelf and a --dwarf=follow-links option to objdump which causes indirect links into separate debug info files to be followed when dumping other DWARF sections. - Add support for loaction views in DWARF debug line information. - Add -z separate-code to generate separate code PT_LOAD segment. - Add "-z undefs" command line option as the inverse of the "-z defs" option. - Add -z globalaudit command line option to force audit libraries to be run for every dynamic object loaded by an executable - provided that the loader supports this functionality. - Tighten linker script grammar around file name specifiers to prevent the use of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These would previously be accepted but had no effect. - The EXCLUDE_FILE directive can now be placed within any SORT_* directive within input section lists. - Fix linker relaxation with --wrap - Add arm-none-eabi symlinks (bsc#1074741) Former updates of binutils also fixed the following security issues, for which there was not CVE assigned at the time the update was released or no mapping between code change and CVE existed: - CVE-2014-9939: Prevent stack buffer overflow when printing bad bytes in Intel Hex objects (bsc#1030296). - CVE-2017-7225: The find_nearest_line function in addr2line did not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash (bsc#1030585). - CVE-2017-7224: The find_nearest_line function in objdump was vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash (bsc#1030588). - CVE-2017-7223: GNU assembler in was vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash (bsc#1030589). - CVE-2017-7226: The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to a heap-based buffer over-read of size 4049 because it used the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well (bsc#1030584). - CVE-2017-7299: The Binary File Descriptor (BFD) library (aka libbfd) had an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) did not check the format of the input file trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash (bsc#1031644). - CVE-2017-7300: The Binary File Descriptor (BFD) library (aka libbfd) had an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash (bsc#1031656). - CVE-2017-7302: The Binary File Descriptor (BFD) library (aka libbfd) had a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability caused Binutils utilities like strip to crash (bsc#1031595). - CVE-2017-7303: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers attempting to match them. This vulnerability caused Binutils utilities like strip to crash (bsc#1031593). - CVE-2017-7301: The Binary File Descriptor (BFD) library (aka libbfd) had an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it did not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash (bsc#1031638). - CVE-2017-7304: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field attempting to follow it. This vulnerability caused Binutils utilities like strip to crash (bsc#1031590). - CVE-2017-8392: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash (bsc#1037052). - CVE-2017-8393: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash (bsc#1037057). - CVE-2017-8394: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash (bsc#1037061). - CVE-2017-8396: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash (bsc#1037066). - CVE-2017-8421: The function coff_set_alignment_hook in Binary File Descriptor (BFD) library (aka libbfd) had a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file (bsc#1037273). - CVE-2017-9746: The disassemble_bytes function in objdump.c allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution (bsc#1044891). - CVE-2017-9747: The ieee_archive_p function in the Binary File Descriptor (BFD) library (aka libbfd) might have allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044897). - CVE-2017-9748: The ieee_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) might have allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044901). - CVE-2017-9750: opcodes/rx-decode.opc lacked bounds checks for certain scale arrays, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044909). - CVE-2017-9755: Not considering the the number of registers for bnd mode allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044925). - CVE-2017-9756: The aarch64_ext_ldst_reglist function allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044927). - CVE-2017-7209: The dump_section_as_bytes function in readelf accessed a NULL pointer while reading section contents in a corrupt binary, leading to a program crash (bsc#1030298). - CVE-2017-6965: readelf wrote to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow (bsc#1029909). - CVE-2017-6966: readelf had a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations (bsc#1029908). - CVE-2017-6969: readelf was vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well (bsc#1029907). - CVE-2017-7210: objdump was vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash (bsc#1030297). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2297=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2297=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2297=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2297=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2297=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2297=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2297=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2297=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2297=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2297=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2297=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 binutils-devel-2.31-9.26.1 cross-ppc-binutils-2.31-9.26.1 cross-ppc-binutils-debuginfo-2.31-9.26.1 cross-ppc-binutils-debugsource-2.31-9.26.1 cross-spu-binutils-2.31-9.26.1 cross-spu-binutils-debuginfo-2.31-9.26.1 cross-spu-binutils-debugsource-2.31-9.26.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le x86_64): binutils-gold-2.31-9.26.1 binutils-gold-debuginfo-2.31-9.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 - SUSE Enterprise Storage 4 (x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 References: https://www.suse.com/security/cve/CVE-2014-9939.html https://www.suse.com/security/cve/CVE-2017-15938.html https://www.suse.com/security/cve/CVE-2017-15939.html https://www.suse.com/security/cve/CVE-2017-15996.html https://www.suse.com/security/cve/CVE-2017-16826.html https://www.suse.com/security/cve/CVE-2017-16827.html https://www.suse.com/security/cve/CVE-2017-16828.html https://www.suse.com/security/cve/CVE-2017-16829.html https://www.suse.com/security/cve/CVE-2017-16830.html https://www.suse.com/security/cve/CVE-2017-16831.html https://www.suse.com/security/cve/CVE-2017-16832.html https://www.suse.com/security/cve/CVE-2017-6965.html https://www.suse.com/security/cve/CVE-2017-6966.html https://www.suse.com/security/cve/CVE-2017-6969.html https://www.suse.com/security/cve/CVE-2017-7209.html https://www.suse.com/security/cve/CVE-2017-7210.html https://www.suse.com/security/cve/CVE-2017-7223.html https://www.suse.com/security/cve/CVE-2017-7224.html https://www.suse.com/security/cve/CVE-2017-7225.html https://www.suse.com/security/cve/CVE-2017-7226.html https://www.suse.com/security/cve/CVE-2017-7299.html https://www.suse.com/security/cve/CVE-2017-7300.html https://www.suse.com/security/cve/CVE-2017-7301.html https://www.suse.com/security/cve/CVE-2017-7302.html https://www.suse.com/security/cve/CVE-2017-7303.html https://www.suse.com/security/cve/CVE-2017-7304.html https://www.suse.com/security/cve/CVE-2017-8392.html https://www.suse.com/security/cve/CVE-2017-8393.html https://www.suse.com/security/cve/CVE-2017-8394.html https://www.suse.com/security/cve/CVE-2017-8396.html https://www.suse.com/security/cve/CVE-2017-8421.html https://www.suse.com/security/cve/CVE-2017-9746.html https://www.suse.com/security/cve/CVE-2017-9747.html https://www.suse.com/security/cve/CVE-2017-9748.html https://www.suse.com/security/cve/CVE-2017-9750.html https://www.suse.com/security/cve/CVE-2017-9755.html https://www.suse.com/security/cve/CVE-2017-9756.html https://www.suse.com/security/cve/CVE-2018-10372.html https://www.suse.com/security/cve/CVE-2018-10373.html https://www.suse.com/security/cve/CVE-2018-10534.html https://www.suse.com/security/cve/CVE-2018-10535.html https://www.suse.com/security/cve/CVE-2018-6323.html https://www.suse.com/security/cve/CVE-2018-6543.html https://www.suse.com/security/cve/CVE-2018-6759.html https://www.suse.com/security/cve/CVE-2018-6872.html https://www.suse.com/security/cve/CVE-2018-7208.html https://www.suse.com/security/cve/CVE-2018-7568.html https://www.suse.com/security/cve/CVE-2018-7569.html https://www.suse.com/security/cve/CVE-2018-7570.html https://www.suse.com/security/cve/CVE-2018-7642.html https://www.suse.com/security/cve/CVE-2018-7643.html https://www.suse.com/security/cve/CVE-2018-8945.html https://bugzilla.suse.com/1029907 https://bugzilla.suse.com/1029908 https://bugzilla.suse.com/1029909 https://bugzilla.suse.com/1030296 https://bugzilla.suse.com/1030297 https://bugzilla.suse.com/1030298 https://bugzilla.suse.com/1030584 https://bugzilla.suse.com/1030585 https://bugzilla.suse.com/1030588 https://bugzilla.suse.com/1030589 https://bugzilla.suse.com/1031590 https://bugzilla.suse.com/1031593 https://bugzilla.suse.com/1031595 https://bugzilla.suse.com/1031638 https://bugzilla.suse.com/1031644 https://bugzilla.suse.com/1031656 https://bugzilla.suse.com/1037052 https://bugzilla.suse.com/1037057 https://bugzilla.suse.com/1037061 https://bugzilla.suse.com/1037066 https://bugzilla.suse.com/1037273 https://bugzilla.suse.com/1044891 https://bugzilla.suse.com/1044897 https://bugzilla.suse.com/1044901 https://bugzilla.suse.com/1044909 https://bugzilla.suse.com/1044925 https://bugzilla.suse.com/1044927 https://bugzilla.suse.com/1065643 https://bugzilla.suse.com/1065689 https://bugzilla.suse.com/1065693 https://bugzilla.suse.com/1068640 https://bugzilla.suse.com/1068643 https://bugzilla.suse.com/1068887 https://bugzilla.suse.com/1068888 https://bugzilla.suse.com/1068950 https://bugzilla.suse.com/1069176 https://bugzilla.suse.com/1069202 https://bugzilla.suse.com/1074741 https://bugzilla.suse.com/1077745 https://bugzilla.suse.com/1079103 https://bugzilla.suse.com/1079741 https://bugzilla.suse.com/1080556 https://bugzilla.suse.com/1081527 https://bugzilla.suse.com/1083528 https://bugzilla.suse.com/1083532 https://bugzilla.suse.com/1085784 https://bugzilla.suse.com/1086608 https://bugzilla.suse.com/1086784 https://bugzilla.suse.com/1086786 https://bugzilla.suse.com/1086788 https://bugzilla.suse.com/1090997 https://bugzilla.suse.com/1091015 https://bugzilla.suse.com/1091365 https://bugzilla.suse.com/1091368 From sle-security-updates at lists.suse.com Thu Oct 18 07:08:24 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 15:08:24 +0200 (CEST) Subject: SUSE-SU-2018:3219-1: moderate: Security update for fuse Message-ID: <20181018130824.F30D9FC98@maintenance.suse.de> SUSE Security Update: Security update for fuse ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3219-1 Rating: moderate References: #1101797 Cross-References: CVE-2018-10906 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for fuse fixes the following security issue: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2299=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2299=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2299=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2299=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): fuse-debuginfo-2.9.3-6.3.1 fuse-debugsource-2.9.3-6.3.1 fuse-devel-2.9.3-6.3.1 fuse-devel-static-2.9.3-6.3.1 libulockmgr1-2.9.3-6.3.1 libulockmgr1-debuginfo-2.9.3-6.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): fuse-2.9.3-6.3.1 fuse-debuginfo-2.9.3-6.3.1 fuse-debugsource-2.9.3-6.3.1 libfuse2-2.9.3-6.3.1 libfuse2-debuginfo-2.9.3-6.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): fuse-2.9.3-6.3.1 fuse-debuginfo-2.9.3-6.3.1 fuse-debugsource-2.9.3-6.3.1 libfuse2-2.9.3-6.3.1 libfuse2-debuginfo-2.9.3-6.3.1 - SUSE CaaS Platform ALL (x86_64): fuse-debuginfo-2.9.3-6.3.1 fuse-debugsource-2.9.3-6.3.1 libfuse2-2.9.3-6.3.1 libfuse2-debuginfo-2.9.3-6.3.1 - SUSE CaaS Platform 3.0 (x86_64): fuse-debuginfo-2.9.3-6.3.1 fuse-debugsource-2.9.3-6.3.1 libfuse2-2.9.3-6.3.1 libfuse2-debuginfo-2.9.3-6.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): fuse-debuginfo-2.9.3-6.3.1 fuse-debugsource-2.9.3-6.3.1 libfuse2-2.9.3-6.3.1 libfuse2-debuginfo-2.9.3-6.3.1 References: https://www.suse.com/security/cve/CVE-2018-10906.html https://bugzilla.suse.com/1101797 From sle-security-updates at lists.suse.com Thu Oct 18 10:08:17 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:08:17 +0200 (CEST) Subject: SUSE-SU-2018:2322-2: important: Security update for MozillaFirefox Message-ID: <20181018160817.76811F7C0@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2322-2 Rating: important References: #1098998 Cross-References: CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-5156 CVE-2018-5188 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox to version ESR 52.9 fixes the following issues: - CVE-2018-5188: Various memory safety bugs (bsc#1098998) - CVE-2018-12368: No warning when opening executable SettingContent-ms files - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture - CVE-2018-12359: Buffer overflow using computed size of canvas element Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1560=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-52.9.0esr-109.38.2 MozillaFirefox-debuginfo-52.9.0esr-109.38.2 MozillaFirefox-debugsource-52.9.0esr-109.38.2 MozillaFirefox-devel-52.9.0esr-109.38.2 References: https://www.suse.com/security/cve/CVE-2018-12359.html https://www.suse.com/security/cve/CVE-2018-12360.html https://www.suse.com/security/cve/CVE-2018-12362.html https://www.suse.com/security/cve/CVE-2018-12363.html https://www.suse.com/security/cve/CVE-2018-12364.html https://www.suse.com/security/cve/CVE-2018-12365.html https://www.suse.com/security/cve/CVE-2018-12366.html https://www.suse.com/security/cve/CVE-2018-12368.html https://www.suse.com/security/cve/CVE-2018-5156.html https://www.suse.com/security/cve/CVE-2018-5188.html https://bugzilla.suse.com/1098998 From sle-security-updates at lists.suse.com Thu Oct 18 10:08:54 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:08:54 +0200 (CEST) Subject: SUSE-SU-2018:2902-2: important: Security update for yast2-smt Message-ID: <20181018160854.AAFF3F7C0@maintenance.suse.de> SUSE Security Update: Security update for yast2-smt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2902-2 Rating: important References: #1037811 #1097560 #977043 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update fixes the following issues in yast2-smt: - Explicitly mention "Organization Credentials" (fate#321759) - Rearrange the SMT set-up dialog (bsc#977043) - Added missing translation marks (bsc#1037811) - Remove cron job rescheduling (bsc#1097560) This update is a requirement for the security update for SMT. Because of that it is tagged as security to ensure that all users, even those that only install security updates, install it. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2059=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): yast2-smt-3.0.14-17.3.2 References: https://bugzilla.suse.com/1037811 https://bugzilla.suse.com/1097560 https://bugzilla.suse.com/977043 From sle-security-updates at lists.suse.com Thu Oct 18 10:10:14 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:10:14 +0200 (CEST) Subject: SUSE-SU-2018:1887-2: moderate: Security update for openssl Message-ID: <20181018161014.CFA84F7C0@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1887-2 Rating: moderate References: #1097158 #1097624 #1098592 Cross-References: CVE-2018-0732 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1276=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): openssl-doc-1.0.2j-60.30.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libopenssl-devel-1.0.2j-60.30.1 libopenssl1_0_0-1.0.2j-60.30.1 libopenssl1_0_0-32bit-1.0.2j-60.30.1 libopenssl1_0_0-debuginfo-1.0.2j-60.30.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.30.1 libopenssl1_0_0-hmac-1.0.2j-60.30.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.30.1 openssl-1.0.2j-60.30.1 openssl-debuginfo-1.0.2j-60.30.1 openssl-debugsource-1.0.2j-60.30.1 References: https://www.suse.com/security/cve/CVE-2018-0732.html https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1097624 https://bugzilla.suse.com/1098592 From sle-security-updates at lists.suse.com Thu Oct 18 10:11:04 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:11:04 +0200 (CEST) Subject: SUSE-SU-2018:1571-2: moderate: Security update for kernel-firmware Message-ID: <20181018161104.65849F7C0@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1571-2 Rating: moderate References: #1095735 Cross-References: CVE-2017-5715 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kernel-firmware fixes the following issues: This security issue was fixed: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1095735) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1090=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-firmware-20170530-21.22.1 ucode-amd-20170530-21.22.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1095735 From sle-security-updates at lists.suse.com Thu Oct 18 10:11:35 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:11:35 +0200 (CEST) Subject: SUSE-SU-2018:1698-2: important: Security update for gpg2 Message-ID: <20181018161135.D2D52F7C0@maintenance.suse.de> SUSE Security Update: Security update for gpg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1698-2 Rating: important References: #1096745 Cross-References: CVE-2018-12020 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gpg2 fixes the following security issue: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option (bsc#1096745) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1141=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): gpg2-lang-2.0.24-9.3.1 References: https://www.suse.com/security/cve/CVE-2018-12020.html https://bugzilla.suse.com/1096745 From sle-security-updates at lists.suse.com Thu Oct 18 10:12:48 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:12:48 +0200 (CEST) Subject: SUSE-SU-2018:2891-2: moderate: Security update for wireshark Message-ID: <20181018161248.B176BF7C0@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2891-2 Rating: moderate References: #1094301 #1101776 #1101777 #1101786 #1101788 #1101791 #1101794 #1101800 #1101802 #1101804 #1101810 #1106514 Cross-References: CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. Description: This update for wireshark to version 2.4.9 fixes the following issues: Wireshark was updated to 2.4.9 (bsc#1094301, bsc#1106514). Security issues fixed: - CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44) - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45) - CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46) - CVE-2018-11355: Fix RTCP dissector crash (bsc#1094301). - CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802) - CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794) - CVE-2018-11362: Fix LDSS dissector crash (bsc#1094301). - CVE-2018-11361: Fix IEEE 802.11 dissector crash (bsc#1094301). - CVE-2018-11360: Fix GSM A DTAP dissector crash (bsc#1094301). - CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777) - CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786) - CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804) - CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776) - CVE-2018-11358: Fix Q.931 dissector crash (bsc#1094301). - CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788) - CVE-2018-11359: Fix multiple dissectors crashs (bsc#1094301). - CVE-2018-11356: Fix DNS dissector crash (bsc#1094301). - CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810) - CVE-2018-11357: Fix multiple dissectors that could consume excessive memory (bsc#1094301). - CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791) - CVE-2018-11354: Fix IEEE 1905.1a dissector crash (bsc#1094301). - CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.9.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2051=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libwireshark9-2.4.9-48.29.1 libwireshark9-debuginfo-2.4.9-48.29.1 libwiretap7-2.4.9-48.29.1 libwiretap7-debuginfo-2.4.9-48.29.1 libwscodecs1-2.4.9-48.29.1 libwscodecs1-debuginfo-2.4.9-48.29.1 libwsutil8-2.4.9-48.29.1 libwsutil8-debuginfo-2.4.9-48.29.1 wireshark-2.4.9-48.29.1 wireshark-debuginfo-2.4.9-48.29.1 wireshark-debugsource-2.4.9-48.29.1 wireshark-gtk-2.4.9-48.29.1 wireshark-gtk-debuginfo-2.4.9-48.29.1 References: https://www.suse.com/security/cve/CVE-2018-11354.html https://www.suse.com/security/cve/CVE-2018-11355.html https://www.suse.com/security/cve/CVE-2018-11356.html https://www.suse.com/security/cve/CVE-2018-11357.html https://www.suse.com/security/cve/CVE-2018-11358.html https://www.suse.com/security/cve/CVE-2018-11359.html https://www.suse.com/security/cve/CVE-2018-11360.html https://www.suse.com/security/cve/CVE-2018-11361.html https://www.suse.com/security/cve/CVE-2018-11362.html https://www.suse.com/security/cve/CVE-2018-14339.html https://www.suse.com/security/cve/CVE-2018-14340.html https://www.suse.com/security/cve/CVE-2018-14341.html https://www.suse.com/security/cve/CVE-2018-14342.html https://www.suse.com/security/cve/CVE-2018-14343.html https://www.suse.com/security/cve/CVE-2018-14344.html https://www.suse.com/security/cve/CVE-2018-14367.html https://www.suse.com/security/cve/CVE-2018-14368.html https://www.suse.com/security/cve/CVE-2018-14369.html https://www.suse.com/security/cve/CVE-2018-14370.html https://www.suse.com/security/cve/CVE-2018-16056.html https://www.suse.com/security/cve/CVE-2018-16057.html https://www.suse.com/security/cve/CVE-2018-16058.html https://bugzilla.suse.com/1094301 https://bugzilla.suse.com/1101776 https://bugzilla.suse.com/1101777 https://bugzilla.suse.com/1101786 https://bugzilla.suse.com/1101788 https://bugzilla.suse.com/1101791 https://bugzilla.suse.com/1101794 https://bugzilla.suse.com/1101800 https://bugzilla.suse.com/1101802 https://bugzilla.suse.com/1101804 https://bugzilla.suse.com/1101810 https://bugzilla.suse.com/1106514 From sle-security-updates at lists.suse.com Thu Oct 18 10:14:50 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:14:50 +0200 (CEST) Subject: SUSE-SU-2018:1935-2: important: Recommended update for ucode-intel Message-ID: <20181018161450.D5FFDF7C0@maintenance.suse.de> SUSE Security Update: Recommended update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1935-2 Rating: important References: #1087082 #1087083 #1096141 #1100147 Cross-References: CVE-2018-3639 CVE-2018-3640 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: The Intel CPU microcode bundle was updated to the 20180703 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083). More information on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-D ata-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx - Add a new style supplements for the recent kernels. (bsc#1096141) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1308=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-3640.html https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087083 https://bugzilla.suse.com/1096141 https://bugzilla.suse.com/1100147 From sle-security-updates at lists.suse.com Thu Oct 18 10:18:17 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:18:17 +0200 (CEST) Subject: SUSE-SU-2018:1690-2: important: Security update for java-1_8_0-openjdk Message-ID: <20181018161817.36BB4F7C0@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1690-2 Rating: important References: #1087066 #1090023 #1090024 #1090025 #1090026 #1090027 #1090028 #1090029 #1090030 #1090032 #1090033 Cross-References: CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 10 vulnerabilities and has one errata is now available. Description: This update for java-1_8_0-openjdk to version 8u171 fixes the following issues: These security issues were fixed: - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries - S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability - S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability - S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability - S8189989, CVE-2018-2798, bsc#1090028: Improve container portability - S8189993, CVE-2018-2799, bsc#1090029: Improve document portability - S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms - S8190478: Improved interface method selection - S8190877: Better handling of abstract classes - S8191696: Better mouse positioning - S8192025, CVE-2018-2814, bsc#1090032: Less referential references - S8192030: Better MTSchema support - S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation - S8193409: Improve AES supporting classes - S8193414: Improvements in MethodType lookups - S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For other changes please consult the changelog. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1134=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-openjdk-1.8.0.171-27.19.1 java-1_8_0-openjdk-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-debugsource-1.8.0.171-27.19.1 java-1_8_0-openjdk-demo-1.8.0.171-27.19.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-devel-1.8.0.171-27.19.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.171-27.19.1 References: https://www.suse.com/security/cve/CVE-2018-2790.html https://www.suse.com/security/cve/CVE-2018-2794.html https://www.suse.com/security/cve/CVE-2018-2795.html https://www.suse.com/security/cve/CVE-2018-2796.html https://www.suse.com/security/cve/CVE-2018-2797.html https://www.suse.com/security/cve/CVE-2018-2798.html https://www.suse.com/security/cve/CVE-2018-2799.html https://www.suse.com/security/cve/CVE-2018-2800.html https://www.suse.com/security/cve/CVE-2018-2814.html https://www.suse.com/security/cve/CVE-2018-2815.html https://bugzilla.suse.com/1087066 https://bugzilla.suse.com/1090023 https://bugzilla.suse.com/1090024 https://bugzilla.suse.com/1090025 https://bugzilla.suse.com/1090026 https://bugzilla.suse.com/1090027 https://bugzilla.suse.com/1090028 https://bugzilla.suse.com/1090029 https://bugzilla.suse.com/1090030 https://bugzilla.suse.com/1090032 https://bugzilla.suse.com/1090033 From sle-security-updates at lists.suse.com Thu Oct 18 10:20:04 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:20:04 +0200 (CEST) Subject: SUSE-SU-2018:1972-2: important: Security update for perl Message-ID: <20181018162004.5773FF7C0@maintenance.suse.de> SUSE Security Update: Security update for perl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1972-2 Rating: important References: #1068565 #1082216 #1082233 #1082234 #1096718 Cross-References: CVE-2018-12015 CVE-2018-6797 CVE-2018-6798 CVE-2018-6913 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for perl fixes the following issues: These security issue were fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). - CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234). - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) This non-security issue was fixed: - fix debugger crash in tab completion with Term::ReadLine::Gnu [bsc#1068565] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1328=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): perl-doc-5.18.2-12.14.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): perl-32bit-5.18.2-12.14.1 perl-5.18.2-12.14.1 perl-base-5.18.2-12.14.1 perl-base-debuginfo-5.18.2-12.14.1 perl-debuginfo-32bit-5.18.2-12.14.1 perl-debuginfo-5.18.2-12.14.1 perl-debugsource-5.18.2-12.14.1 References: https://www.suse.com/security/cve/CVE-2018-12015.html https://www.suse.com/security/cve/CVE-2018-6797.html https://www.suse.com/security/cve/CVE-2018-6798.html https://www.suse.com/security/cve/CVE-2018-6913.html https://bugzilla.suse.com/1068565 https://bugzilla.suse.com/1082216 https://bugzilla.suse.com/1082233 https://bugzilla.suse.com/1082234 https://bugzilla.suse.com/1096718 From sle-security-updates at lists.suse.com Thu Oct 18 10:21:13 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:21:13 +0200 (CEST) Subject: SUSE-SU-2018:3207-2: moderate: Security update for binutils Message-ID: <20181018162113.DA0DBF7C0@maintenance.suse.de> SUSE Security Update: Security update for binutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3207-2 Rating: moderate References: #1029907 #1029908 #1029909 #1030296 #1030297 #1030298 #1030584 #1030585 #1030588 #1030589 #1031590 #1031593 #1031595 #1031638 #1031644 #1031656 #1037052 #1037057 #1037061 #1037066 #1037273 #1044891 #1044897 #1044901 #1044909 #1044925 #1044927 #1065643 #1065689 #1065693 #1068640 #1068643 #1068887 #1068888 #1068950 #1069176 #1069202 #1074741 #1077745 #1079103 #1079741 #1080556 #1081527 #1083528 #1083532 #1085784 #1086608 #1086784 #1086786 #1086788 #1090997 #1091015 #1091365 #1091368 Cross-References: CVE-2014-9939 CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8396 CVE-2017-8421 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 52 vulnerabilities and has two fixes is now available. Description: This update for binutils to 2.31 fixes the following issues: These security issues were fixed: - CVE-2017-15996: readelf allowed remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggered a buffer overflow on fuzzed archive header (bsc#1065643). - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd) mishandled NULL files in a .debug_line file table, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename (bsc#1065689). - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd) miscalculated DW_FORM_ref_addr die refs in the case of a relocatable object file, which allowed remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash) (bsc#1065693). - CVE-2017-16826: The coff_slurp_line_table function the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068640). - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate size and offset values in the data dictionary, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068643). - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did not validate the symbol count, which allowed remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file (bsc#1068887). - CVE-2017-16830: The print_gnu_property_note function did not have integer-overflow protection on 32-bit platforms, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068888). - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary File Descriptor (BFD) library (aka libbfd) did not prevent negative pointers, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068950). - CVE-2017-16828: The display_debug_frames function allowed remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069176). - CVE-2017-16827: The aout_get_external_symbols function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069202). - CVE-2018-6323: The elf_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) had an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1077745). - CVE-2018-6543: Prevent integer overflow in the function load_specific_debug_section() which resulted in `malloc()` with 0 size. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1079103). - CVE-2018-6759: The bfd_get_debug_link_info_1 function in the Binary File Descriptor (BFD) library (aka libbfd) had an unchecked strnlen operation. Remote attackers could have leveraged this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file (bsc#1079741). - CVE-2018-6872: The elf_parse_notes function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment (bsc#1080556). - CVE-2018-7208: In the coff_pointerize_aux function in the Binary File Descriptor (BFD) library (aka libbfd) an index was not validated, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object (bsc#1081527). - CVE-2018-7570: The assign_file_positions_for_non_load_sections function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy (bsc#1083528). - CVE-2018-7569: The Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm (bsc#1083532). - CVE-2018-8945: The bfd_section_from_shdr function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (segmentation fault) via a large attribute section (bsc#1086608). - CVE-2018-7643: The display_debug_ranges function allowed remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump (bsc#1086784). - CVE-2018-7642: The swap_std_reloc_in function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy (bsc#1086786). - CVE-2018-7568: The parse_die function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm (bsc#1086788). - CVE-2018-10373: concat_filename in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new (bsc#1090997). - CVE-2018-10372: process_cu_tu_index allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf (bsc#1091015). - CVE-2018-10535: The ignore_section_sym function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy (bsc#1091365). - CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in the Binary File Descriptor (BFD) library (aka libbfd) processesed a negative Data Directory size with an unbounded loop that increased the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeded its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c (bsc#1091368). These non-security issues were fixed: - The AArch64 port now supports showing disassembly notes which are emitted when inconsistencies are found with the instruction that may result in the instruction being invalid. These can be turned on with the option -M notes to objdump. - The AArch64 port now emits warnings when a combination of an instruction and a named register could be invalid. - Added O modifier to ar to display member offsets inside an archive - The ADR and ADRL pseudo-instructions supported by the ARM assembler now only set the bottom bit of the address of thumb function symbols if the -mthumb-interwork command line option is active. - Add --generate-missing-build-notes=[yes|no] option to create (or not) GNU Build Attribute notes if none are present in the input sources. Add a --enable-generate-build-notes=[yes|no] configure time option to set the default behaviour. Set the default if the configure option is not used to "no". - Remove -mold-gcc command-line option for x86 targets. - Add -O[2|s] command-line options to x86 assembler to enable alternate shorter instruction encoding. - Add support for .nops directive. It is currently supported only for x86 targets. - Speed up direct linking with DLLs for Cygwin and Mingw targets. - Add a configure option --enable-separate-code to decide whether -z separate-code should be enabled in ELF linker by default. Default to yes for Linux/x86 targets. Note that -z separate-code can increase disk and memory size. - RISC-V: Fix symbol address problem with versioned symbols - Restore riscv64-elf cross prefix via symlinks - RISC-V: Don't enable relaxation in relocatable link - Prevent linking faiures on i386 with assertion (bsc#1085784) - Fix symbol size bug when relaxation deletes bytes - Add --debug-dump=links option to readelf and --dwarf=links option to objdump which displays the contents of any .gnu_debuglink or .gnu_debugaltlink sections. Add a --debug-dump=follow-links option to readelf and a --dwarf=follow-links option to objdump which causes indirect links into separate debug info files to be followed when dumping other DWARF sections. - Add support for loaction views in DWARF debug line information. - Add -z separate-code to generate separate code PT_LOAD segment. - Add "-z undefs" command line option as the inverse of the "-z defs" option. - Add -z globalaudit command line option to force audit libraries to be run for every dynamic object loaded by an executable - provided that the loader supports this functionality. - Tighten linker script grammar around file name specifiers to prevent the use of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These would previously be accepted but had no effect. - The EXCLUDE_FILE directive can now be placed within any SORT_* directive within input section lists. - Fix linker relaxation with --wrap - Add arm-none-eabi symlinks (bsc#1074741) Former updates of binutils also fixed the following security issues, for which there was not CVE assigned at the time the update was released or no mapping between code change and CVE existed: - CVE-2014-9939: Prevent stack buffer overflow when printing bad bytes in Intel Hex objects (bsc#1030296). - CVE-2017-7225: The find_nearest_line function in addr2line did not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash (bsc#1030585). - CVE-2017-7224: The find_nearest_line function in objdump was vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash (bsc#1030588). - CVE-2017-7223: GNU assembler in was vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash (bsc#1030589). - CVE-2017-7226: The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to a heap-based buffer over-read of size 4049 because it used the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well (bsc#1030584). - CVE-2017-7299: The Binary File Descriptor (BFD) library (aka libbfd) had an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) did not check the format of the input file trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash (bsc#1031644). - CVE-2017-7300: The Binary File Descriptor (BFD) library (aka libbfd) had an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash (bsc#1031656). - CVE-2017-7302: The Binary File Descriptor (BFD) library (aka libbfd) had a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability caused Binutils utilities like strip to crash (bsc#1031595). - CVE-2017-7303: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers attempting to match them. This vulnerability caused Binutils utilities like strip to crash (bsc#1031593). - CVE-2017-7301: The Binary File Descriptor (BFD) library (aka libbfd) had an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it did not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash (bsc#1031638). - CVE-2017-7304: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field attempting to follow it. This vulnerability caused Binutils utilities like strip to crash (bsc#1031590). - CVE-2017-8392: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash (bsc#1037052). - CVE-2017-8393: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash (bsc#1037057). - CVE-2017-8394: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash (bsc#1037061). - CVE-2017-8396: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash (bsc#1037066). - CVE-2017-8421: The function coff_set_alignment_hook in Binary File Descriptor (BFD) library (aka libbfd) had a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file (bsc#1037273). - CVE-2017-9746: The disassemble_bytes function in objdump.c allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution (bsc#1044891). - CVE-2017-9747: The ieee_archive_p function in the Binary File Descriptor (BFD) library (aka libbfd) might have allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044897). - CVE-2017-9748: The ieee_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) might have allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044901). - CVE-2017-9750: opcodes/rx-decode.opc lacked bounds checks for certain scale arrays, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044909). - CVE-2017-9755: Not considering the the number of registers for bnd mode allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044925). - CVE-2017-9756: The aarch64_ext_ldst_reglist function allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044927). - CVE-2017-7209: The dump_section_as_bytes function in readelf accessed a NULL pointer while reading section contents in a corrupt binary, leading to a program crash (bsc#1030298). - CVE-2017-6965: readelf wrote to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow (bsc#1029909). - CVE-2017-6966: readelf had a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations (bsc#1029908). - CVE-2017-6969: readelf was vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well (bsc#1029907). - CVE-2017-7210: objdump was vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash (bsc#1030297). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2297=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 References: https://www.suse.com/security/cve/CVE-2014-9939.html https://www.suse.com/security/cve/CVE-2017-15938.html https://www.suse.com/security/cve/CVE-2017-15939.html https://www.suse.com/security/cve/CVE-2017-15996.html https://www.suse.com/security/cve/CVE-2017-16826.html https://www.suse.com/security/cve/CVE-2017-16827.html https://www.suse.com/security/cve/CVE-2017-16828.html https://www.suse.com/security/cve/CVE-2017-16829.html https://www.suse.com/security/cve/CVE-2017-16830.html https://www.suse.com/security/cve/CVE-2017-16831.html https://www.suse.com/security/cve/CVE-2017-16832.html https://www.suse.com/security/cve/CVE-2017-6965.html https://www.suse.com/security/cve/CVE-2017-6966.html https://www.suse.com/security/cve/CVE-2017-6969.html https://www.suse.com/security/cve/CVE-2017-7209.html https://www.suse.com/security/cve/CVE-2017-7210.html https://www.suse.com/security/cve/CVE-2017-7223.html https://www.suse.com/security/cve/CVE-2017-7224.html https://www.suse.com/security/cve/CVE-2017-7225.html https://www.suse.com/security/cve/CVE-2017-7226.html https://www.suse.com/security/cve/CVE-2017-7299.html https://www.suse.com/security/cve/CVE-2017-7300.html https://www.suse.com/security/cve/CVE-2017-7301.html https://www.suse.com/security/cve/CVE-2017-7302.html https://www.suse.com/security/cve/CVE-2017-7303.html https://www.suse.com/security/cve/CVE-2017-7304.html https://www.suse.com/security/cve/CVE-2017-8392.html https://www.suse.com/security/cve/CVE-2017-8393.html https://www.suse.com/security/cve/CVE-2017-8394.html https://www.suse.com/security/cve/CVE-2017-8396.html https://www.suse.com/security/cve/CVE-2017-8421.html https://www.suse.com/security/cve/CVE-2017-9746.html https://www.suse.com/security/cve/CVE-2017-9747.html https://www.suse.com/security/cve/CVE-2017-9748.html https://www.suse.com/security/cve/CVE-2017-9750.html https://www.suse.com/security/cve/CVE-2017-9755.html https://www.suse.com/security/cve/CVE-2017-9756.html https://www.suse.com/security/cve/CVE-2018-10372.html https://www.suse.com/security/cve/CVE-2018-10373.html https://www.suse.com/security/cve/CVE-2018-10534.html https://www.suse.com/security/cve/CVE-2018-10535.html https://www.suse.com/security/cve/CVE-2018-6323.html https://www.suse.com/security/cve/CVE-2018-6543.html https://www.suse.com/security/cve/CVE-2018-6759.html https://www.suse.com/security/cve/CVE-2018-6872.html https://www.suse.com/security/cve/CVE-2018-7208.html https://www.suse.com/security/cve/CVE-2018-7568.html https://www.suse.com/security/cve/CVE-2018-7569.html https://www.suse.com/security/cve/CVE-2018-7570.html https://www.suse.com/security/cve/CVE-2018-7642.html https://www.suse.com/security/cve/CVE-2018-7643.html https://www.suse.com/security/cve/CVE-2018-8945.html https://bugzilla.suse.com/1029907 https://bugzilla.suse.com/1029908 https://bugzilla.suse.com/1029909 https://bugzilla.suse.com/1030296 https://bugzilla.suse.com/1030297 https://bugzilla.suse.com/1030298 https://bugzilla.suse.com/1030584 https://bugzilla.suse.com/1030585 https://bugzilla.suse.com/1030588 https://bugzilla.suse.com/1030589 https://bugzilla.suse.com/1031590 https://bugzilla.suse.com/1031593 https://bugzilla.suse.com/1031595 https://bugzilla.suse.com/1031638 https://bugzilla.suse.com/1031644 https://bugzilla.suse.com/1031656 https://bugzilla.suse.com/1037052 https://bugzilla.suse.com/1037057 https://bugzilla.suse.com/1037061 https://bugzilla.suse.com/1037066 https://bugzilla.suse.com/1037273 https://bugzilla.suse.com/1044891 https://bugzilla.suse.com/1044897 https://bugzilla.suse.com/1044901 https://bugzilla.suse.com/1044909 https://bugzilla.suse.com/1044925 https://bugzilla.suse.com/1044927 https://bugzilla.suse.com/1065643 https://bugzilla.suse.com/1065689 https://bugzilla.suse.com/1065693 https://bugzilla.suse.com/1068640 https://bugzilla.suse.com/1068643 https://bugzilla.suse.com/1068887 https://bugzilla.suse.com/1068888 https://bugzilla.suse.com/1068950 https://bugzilla.suse.com/1069176 https://bugzilla.suse.com/1069202 https://bugzilla.suse.com/1074741 https://bugzilla.suse.com/1077745 https://bugzilla.suse.com/1079103 https://bugzilla.suse.com/1079741 https://bugzilla.suse.com/1080556 https://bugzilla.suse.com/1081527 https://bugzilla.suse.com/1083528 https://bugzilla.suse.com/1083532 https://bugzilla.suse.com/1085784 https://bugzilla.suse.com/1086608 https://bugzilla.suse.com/1086784 https://bugzilla.suse.com/1086786 https://bugzilla.suse.com/1086788 https://bugzilla.suse.com/1090997 https://bugzilla.suse.com/1091015 https://bugzilla.suse.com/1091365 https://bugzilla.suse.com/1091368 From sle-security-updates at lists.suse.com Thu Oct 18 10:31:06 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:31:06 +0200 (CEST) Subject: SUSE-SU-2018:3220-1: moderate: Security update for zziplib Message-ID: <20181018163106.1A5C5F7C0@maintenance.suse.de> SUSE Security Update: Security update for zziplib ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3220-1 Rating: moderate References: #1110687 Cross-References: CVE-2018-17828 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for zziplib fixes the following issues: - CVE-2018-17828: Remove any "../" components from pathnames of extracted files to avoid path traversal during unpacking. (bsc#1110687) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2302=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libzzip-0-13-0.13.69-3.3.1 libzzip-0-13-debuginfo-0.13.69-3.3.1 zziplib-debugsource-0.13.69-3.3.1 zziplib-devel-0.13.69-3.3.1 zziplib-devel-debuginfo-0.13.69-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-17828.html https://bugzilla.suse.com/1110687 From sle-security-updates at lists.suse.com Thu Oct 18 10:33:26 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:33:26 +0200 (CEST) Subject: SUSE-SU-2018:1401-2: moderate: Security update for icu Message-ID: <20181018163326.1B8FCF7C0@maintenance.suse.de> SUSE Security Update: Security update for icu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1401-2 Rating: moderate References: #1034674 #1034678 #1067203 #1072193 #1077999 #1087932 #929629 #990636 Cross-References: CVE-2014-8146 CVE-2014-8147 CVE-2016-6293 CVE-2017-14952 CVE-2017-15422 CVE-2017-17484 CVE-2017-7867 CVE-2017-7868 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: icu was updated to fix two security issues. These security issues were fixed: - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) for C/C++ did not ensure that there is a '\0' character at the end of a certain temporary array, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument (bsc#990636). - CVE-2017-7868: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function (bsc#1034674) - CVE-2017-7867: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function (bsc#1034678) - CVE-2017-14952: Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ allowed remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue (bnc#1067203) - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allowed remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC (bnc#1072193) - CVE-2017-15422: An integer overflow in icu during persian calendar date processing could lead to incorrect years shown (bnc#1077999) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-979=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): icu-debuginfo-52.1-8.7.1 icu-debugsource-52.1-8.7.1 libicu-doc-52.1-8.7.1 libicu52_1-32bit-52.1-8.7.1 libicu52_1-52.1-8.7.1 libicu52_1-data-52.1-8.7.1 libicu52_1-debuginfo-32bit-52.1-8.7.1 libicu52_1-debuginfo-52.1-8.7.1 References: https://www.suse.com/security/cve/CVE-2014-8146.html https://www.suse.com/security/cve/CVE-2014-8147.html https://www.suse.com/security/cve/CVE-2016-6293.html https://www.suse.com/security/cve/CVE-2017-14952.html https://www.suse.com/security/cve/CVE-2017-15422.html https://www.suse.com/security/cve/CVE-2017-17484.html https://www.suse.com/security/cve/CVE-2017-7867.html https://www.suse.com/security/cve/CVE-2017-7868.html https://bugzilla.suse.com/1034674 https://bugzilla.suse.com/1034678 https://bugzilla.suse.com/1067203 https://bugzilla.suse.com/1072193 https://bugzilla.suse.com/1077999 https://bugzilla.suse.com/1087932 https://bugzilla.suse.com/929629 https://bugzilla.suse.com/990636 From sle-security-updates at lists.suse.com Thu Oct 18 10:35:38 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:35:38 +0200 (CEST) Subject: SUSE-SU-2018:2632-2: important: Security update for dovecot22 Message-ID: <20181018163538.281F4F7C0@maintenance.suse.de> SUSE Security Update: Security update for dovecot22 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2632-2 Rating: important References: #1082828 Cross-References: CVE-2017-15130 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dovecot22 fixes the following issues: Security issue fixed: - CVE-2017-15130: Fixed a potential denial of service via TLS SNI config lookups, which would slow the process down and could have led to exhaustive memory allocation and/or process restarts (bsc#1082828) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1844=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): dovecot22-2.2.31-19.11.1 dovecot22-backend-mysql-2.2.31-19.11.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.11.1 dovecot22-backend-pgsql-2.2.31-19.11.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.11.1 dovecot22-backend-sqlite-2.2.31-19.11.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.11.1 dovecot22-debuginfo-2.2.31-19.11.1 dovecot22-debugsource-2.2.31-19.11.1 References: https://www.suse.com/security/cve/CVE-2017-15130.html https://bugzilla.suse.com/1082828 From sle-security-updates at lists.suse.com Thu Oct 18 10:40:56 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:40:56 +0200 (CEST) Subject: SUSE-SU-2018:1661-2: moderate: Security update for ucode-intel Message-ID: <20181018164056.F2A25F7C0@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1661-2 Rating: moderate References: #1091836 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for ucode-intel fixes the following issues: Update to version 20180425 (bsc#1091836) Fix provided for: - GLK B0 6-7a-1/01 0000001e->00000022 Pentium Silver N/J5xxx, Celeron N/J4xxx - Name microcodes which are not allowed to load late with a *.early suffix Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1126=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ucode-intel-20180425-13.20.1 ucode-intel-debuginfo-20180425-13.20.1 ucode-intel-debugsource-20180425-13.20.1 References: https://bugzilla.suse.com/1091836 From sle-security-updates at lists.suse.com Thu Oct 18 10:41:28 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:41:28 +0200 (CEST) Subject: SUSE-SU-2018:2339-2: moderate: Security update for samba Message-ID: <20181018164128.4F2DEF7C0@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2339-2 Rating: moderate References: #1081741 #1103411 Cross-References: CVE-2018-1050 CVE-2018-10858 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for samba fixes the following issues: The following security issues were fixed: - CVE-2018-1050: Fixed denial of service vulnerability when SPOOLSS is run externally (bsc#1081741). - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1574=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libdcerpc-atsvc0-4.2.4-28.29.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.29.1 References: https://www.suse.com/security/cve/CVE-2018-1050.html https://www.suse.com/security/cve/CVE-2018-10858.html https://bugzilla.suse.com/1081741 https://bugzilla.suse.com/1103411 From sle-security-updates at lists.suse.com Thu Oct 18 10:42:07 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:42:07 +0200 (CEST) Subject: SUSE-SU-2018:1161-2: moderate: Security update for apache2 Message-ID: <20181018164207.64548F7C0@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1161-2 Rating: moderate References: #1086774 #1086775 #1086813 #1086814 #1086817 #1086820 Cross-References: CVE-2017-15710 CVE-2017-15715 CVE-2018-1283 CVE-2018-1301 CVE-2018-1302 CVE-2018-1303 CVE-2018-1312 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for apache2 fixes the following issues: * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header leading to unexpected behavior [bsc#1086814]. * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, a specially crafted request could lead to remote denial of service. [bsc#1086817] * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read while preparing data to be cached in shared memory.[bsc#1086813] * CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774] * CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775] * CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. [bsc#1086820] * CVE-2018-1302: when an HTTP/2 stream was destroyed after being handled, it could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. [bsc#1086820] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-803=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-2.4.23-29.18.2 apache2-debuginfo-2.4.23-29.18.2 apache2-debugsource-2.4.23-29.18.2 apache2-example-pages-2.4.23-29.18.2 apache2-prefork-2.4.23-29.18.2 apache2-prefork-debuginfo-2.4.23-29.18.2 apache2-utils-2.4.23-29.18.2 apache2-utils-debuginfo-2.4.23-29.18.2 apache2-worker-2.4.23-29.18.2 apache2-worker-debuginfo-2.4.23-29.18.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apache2-doc-2.4.23-29.18.2 References: https://www.suse.com/security/cve/CVE-2017-15710.html https://www.suse.com/security/cve/CVE-2017-15715.html https://www.suse.com/security/cve/CVE-2018-1283.html https://www.suse.com/security/cve/CVE-2018-1301.html https://www.suse.com/security/cve/CVE-2018-1302.html https://www.suse.com/security/cve/CVE-2018-1303.html https://www.suse.com/security/cve/CVE-2018-1312.html https://bugzilla.suse.com/1086774 https://bugzilla.suse.com/1086775 https://bugzilla.suse.com/1086813 https://bugzilla.suse.com/1086814 https://bugzilla.suse.com/1086817 https://bugzilla.suse.com/1086820 From sle-security-updates at lists.suse.com Thu Oct 18 10:43:22 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:43:22 +0200 (CEST) Subject: SUSE-SU-2018:1764-2: important: Security update for java-1_7_1-ibm Message-ID: <20181018164322.6F562F7C0@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1764-2 Rating: important References: #1085449 #1093311 Cross-References: CVE-2018-1417 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: IBM Java was updated to 7.1.4.25 [bsc#1093311, bsc#1085449]: Security fixes: - CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1185=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23.1 References: https://www.suse.com/security/cve/CVE-2018-1417.html https://www.suse.com/security/cve/CVE-2018-2783.html https://www.suse.com/security/cve/CVE-2018-2790.html https://www.suse.com/security/cve/CVE-2018-2794.html https://www.suse.com/security/cve/CVE-2018-2795.html https://www.suse.com/security/cve/CVE-2018-2796.html https://www.suse.com/security/cve/CVE-2018-2797.html https://www.suse.com/security/cve/CVE-2018-2798.html https://www.suse.com/security/cve/CVE-2018-2799.html https://www.suse.com/security/cve/CVE-2018-2800.html https://www.suse.com/security/cve/CVE-2018-2814.html https://bugzilla.suse.com/1085449 https://bugzilla.suse.com/1093311 From sle-security-updates at lists.suse.com Thu Oct 18 10:44:06 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:44:06 +0200 (CEST) Subject: SUSE-SU-2018:1855-2: important: Security update for the Linux Kernel Message-ID: <20181018164406.56171F7C0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1855-2 Rating: important References: #1068032 #1079152 #1082962 #1083650 #1083900 #1085185 #1086400 #1087007 #1087012 #1087036 #1087086 #1087095 #1089895 #1090534 #1090955 #1092497 #1092552 #1092813 #1092904 #1094033 #1094353 #1094823 #1095042 #1096140 #1096242 #1096281 #1096728 #1097356 #973378 Cross-References: CVE-2017-13305 CVE-2017-18241 CVE-2017-18249 CVE-2018-1000199 CVE-2018-1000204 CVE-2018-1065 CVE-2018-1092 CVE-2018-1093 CVE-2018-1094 CVE-2018-1130 CVE-2018-3665 CVE-2018-5803 CVE-2018-5848 CVE-2018-7492 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 15 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356) - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728). - CVE-2017-18249: The add_free_nid function did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036) - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) - CVE-2017-18241: Prevent a NULL pointer dereference by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400) - CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353). - CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c did not validate bitmap block numbers (bsc#1087095). - CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007). - CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012). - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904). - CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability (bsc#1083650). - CVE-2018-5803: Prevent error in the "_sctp_make_chunk()" function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900). - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962). - CVE-2018-1000199: Prevent vulnerability in modify_user_hw_breakpoint() that could have caused a crash and possibly memory corruption (bsc#1089895). The following non-security bugs were fixed: - ALSA: timer: Fix pause event notification (bsc#973378). - Fix excessive newline in /proc/*/status (bsc#1094823). - Fix the patch content (bsc#1085185) - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - Revert "bs-upload-kernel: do not set %opensuse_bs" This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821. - ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552). - ipv6: omit traffic class when calculating flow hash (bsc#1095042). - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1096281). - x86/bugs: Respect retpoline command line option (bsc#1068032). - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813) - xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955, bsc#1090534). - xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534). - xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1251=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.85.1 kernel-default-base-4.4.121-92.85.1 kernel-default-base-debuginfo-4.4.121-92.85.1 kernel-default-debuginfo-4.4.121-92.85.1 kernel-default-debugsource-4.4.121-92.85.1 kernel-default-devel-4.4.121-92.85.1 kernel-syms-4.4.121-92.85.1 kgraft-patch-4_4_121-92_85-default-1-3.5.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.85.1 kernel-macros-4.4.121-92.85.1 kernel-source-4.4.121-92.85.1 References: https://www.suse.com/security/cve/CVE-2017-13305.html https://www.suse.com/security/cve/CVE-2017-18241.html https://www.suse.com/security/cve/CVE-2017-18249.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://www.suse.com/security/cve/CVE-2018-1000204.html https://www.suse.com/security/cve/CVE-2018-1065.html https://www.suse.com/security/cve/CVE-2018-1092.html https://www.suse.com/security/cve/CVE-2018-1093.html https://www.suse.com/security/cve/CVE-2018-1094.html https://www.suse.com/security/cve/CVE-2018-1130.html https://www.suse.com/security/cve/CVE-2018-3665.html https://www.suse.com/security/cve/CVE-2018-5803.html https://www.suse.com/security/cve/CVE-2018-5848.html https://www.suse.com/security/cve/CVE-2018-7492.html https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1079152 https://bugzilla.suse.com/1082962 https://bugzilla.suse.com/1083650 https://bugzilla.suse.com/1083900 https://bugzilla.suse.com/1085185 https://bugzilla.suse.com/1086400 https://bugzilla.suse.com/1087007 https://bugzilla.suse.com/1087012 https://bugzilla.suse.com/1087036 https://bugzilla.suse.com/1087086 https://bugzilla.suse.com/1087095 https://bugzilla.suse.com/1089895 https://bugzilla.suse.com/1090534 https://bugzilla.suse.com/1090955 https://bugzilla.suse.com/1092497 https://bugzilla.suse.com/1092552 https://bugzilla.suse.com/1092813 https://bugzilla.suse.com/1092904 https://bugzilla.suse.com/1094033 https://bugzilla.suse.com/1094353 https://bugzilla.suse.com/1094823 https://bugzilla.suse.com/1095042 https://bugzilla.suse.com/1096140 https://bugzilla.suse.com/1096242 https://bugzilla.suse.com/1096281 https://bugzilla.suse.com/1096728 https://bugzilla.suse.com/1097356 https://bugzilla.suse.com/973378 From sle-security-updates at lists.suse.com Thu Oct 18 10:50:19 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:50:19 +0200 (CEST) Subject: SUSE-SU-2018:2825-2: moderate: Security update for gnutls Message-ID: <20181018165019.60631FC98@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2825-2 Rating: moderate References: #1047002 #1105437 #1105459 #1105460 Cross-References: CVE-2017-10790 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for gnutls fixes the following issues: This update for gnutls fixes the following issues: Security issues fixed: - Improved mitigations against Lucky 13 class of attacks - "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846, bsc#1105460) - HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845, bsc#1105459) - HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844, bsc#1105437) - The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (CVE-2017-10790, bsc#1047002) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1977=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gnutls-3.2.15-18.6.1 gnutls-debuginfo-3.2.15-18.6.1 gnutls-debugsource-3.2.15-18.6.1 libgnutls-openssl27-3.2.15-18.6.1 libgnutls-openssl27-debuginfo-3.2.15-18.6.1 libgnutls28-3.2.15-18.6.1 libgnutls28-32bit-3.2.15-18.6.1 libgnutls28-debuginfo-3.2.15-18.6.1 libgnutls28-debuginfo-32bit-3.2.15-18.6.1 References: https://www.suse.com/security/cve/CVE-2017-10790.html https://www.suse.com/security/cve/CVE-2018-10844.html https://www.suse.com/security/cve/CVE-2018-10845.html https://www.suse.com/security/cve/CVE-2018-10846.html https://bugzilla.suse.com/1047002 https://bugzilla.suse.com/1105437 https://bugzilla.suse.com/1105459 https://bugzilla.suse.com/1105460 From sle-security-updates at lists.suse.com Thu Oct 18 10:51:15 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:51:15 +0200 (CEST) Subject: SUSE-SU-2018:1362-2: important: Security update for qemu Message-ID: <20181018165115.0F2E6F7C0@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1362-2 Rating: important References: #1079405 #1092885 Cross-References: CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for qemu fixes several issues. This security issue was fixed: - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named "ssbd" to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature. spec-ctrl and ssbd support is also required in the host. This feature was added: - Add support for block resize support for xen disks through the monitor This non-security issue was fixed: - bsc#1079405: Add new look up path "sys/class/tpm" for tpm cancel path based on Linux 4.0 change Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-946=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): qemu-ipxe-1.0.0-41.40.1 qemu-seabios-1.9.1-41.40.1 qemu-sgabios-8-41.40.1 qemu-vgabios-1.9.1-41.40.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): qemu-2.6.2-41.40.1 qemu-block-curl-2.6.2-41.40.1 qemu-block-curl-debuginfo-2.6.2-41.40.1 qemu-block-rbd-2.6.2-41.40.1 qemu-block-rbd-debuginfo-2.6.2-41.40.1 qemu-block-ssh-2.6.2-41.40.1 qemu-block-ssh-debuginfo-2.6.2-41.40.1 qemu-debugsource-2.6.2-41.40.1 qemu-guest-agent-2.6.2-41.40.1 qemu-guest-agent-debuginfo-2.6.2-41.40.1 qemu-kvm-2.6.2-41.40.1 qemu-lang-2.6.2-41.40.1 qemu-tools-2.6.2-41.40.1 qemu-tools-debuginfo-2.6.2-41.40.1 qemu-x86-2.6.2-41.40.1 qemu-x86-debuginfo-2.6.2-41.40.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1079405 https://bugzilla.suse.com/1092885 From sle-security-updates at lists.suse.com Thu Oct 18 10:51:56 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:51:56 +0200 (CEST) Subject: SUSE-SU-2018:1614-2: important: Security update for libvirt Message-ID: <20181018165156.BF761F7C0@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1614-2 Rating: important References: #1092885 Cross-References: CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libvirt fixes the following issues: - CVE-2018-3639: cpu: add support for 'ssbd' and 'virt-ssbd' CPUID feature bits pass through (bsc#1092885) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1100=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libvirt-2.0.0-27.42.1 libvirt-client-2.0.0-27.42.1 libvirt-client-debuginfo-2.0.0-27.42.1 libvirt-daemon-2.0.0-27.42.1 libvirt-daemon-config-network-2.0.0-27.42.1 libvirt-daemon-config-nwfilter-2.0.0-27.42.1 libvirt-daemon-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-interface-2.0.0-27.42.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-libxl-2.0.0-27.42.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-lxc-2.0.0-27.42.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-network-2.0.0-27.42.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-nodedev-2.0.0-27.42.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-nwfilter-2.0.0-27.42.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-qemu-2.0.0-27.42.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-secret-2.0.0-27.42.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-storage-2.0.0-27.42.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.42.1 libvirt-daemon-hooks-2.0.0-27.42.1 libvirt-daemon-lxc-2.0.0-27.42.1 libvirt-daemon-qemu-2.0.0-27.42.1 libvirt-daemon-xen-2.0.0-27.42.1 libvirt-debugsource-2.0.0-27.42.1 libvirt-doc-2.0.0-27.42.1 libvirt-lock-sanlock-2.0.0-27.42.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.42.1 libvirt-nss-2.0.0-27.42.1 libvirt-nss-debuginfo-2.0.0-27.42.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1092885 From sle-security-updates at lists.suse.com Thu Oct 18 11:01:21 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:01:21 +0200 (CEST) Subject: SUSE-SU-2018:1398-2: moderate: Security update for bash Message-ID: <20181018170121.E7979F7C0@maintenance.suse.de> SUSE Security Update: Security update for bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1398-2 Rating: moderate References: #1000396 #1001299 #1086247 Cross-References: CVE-2016-0634 CVE-2016-7543 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for bash fixes the following issues: Security issues fixed: - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed (bsc#1001299) - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed (bsc#1000396) Non-security issues fixed: - Fix repeating self-calling of traps due the combination of a non-interactive shell, a trap handler for SIGINT, an external process in the trap handler, and a SIGINT within the trap after the external process runs. (bsc#1086247) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-977=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bash-4.3-83.10.1 bash-debuginfo-4.3-83.10.1 bash-debugsource-4.3-83.10.1 libreadline6-32bit-6.3-83.10.1 libreadline6-6.3-83.10.1 libreadline6-debuginfo-32bit-6.3-83.10.1 libreadline6-debuginfo-6.3-83.10.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): bash-doc-4.3-83.10.1 readline-doc-6.3-83.10.1 References: https://www.suse.com/security/cve/CVE-2016-0634.html https://www.suse.com/security/cve/CVE-2016-7543.html https://bugzilla.suse.com/1000396 https://bugzilla.suse.com/1001299 https://bugzilla.suse.com/1086247 From sle-security-updates at lists.suse.com Thu Oct 18 11:04:48 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:04:48 +0200 (CEST) Subject: SUSE-SU-2018:1327-2: moderate: Security update for curl Message-ID: <20181018170448.43B67F7C0@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1327-2 Rating: moderate References: #1086825 #1092098 Cross-References: CVE-2018-1000301 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for curl fixes several issues: Security issues fixed: - CVE-2018-1000301: Fixed a RTSP bad headers buffer over-read could crash the curl client (bsc#1092098) Non security issues fixed: - If the DEFAULT_SUSE cipher list is not available use the HIGH cipher alias before failing. (bsc#1086825) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-939=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): curl-7.37.0-37.23.1 curl-debuginfo-7.37.0-37.23.1 curl-debugsource-7.37.0-37.23.1 libcurl4-32bit-7.37.0-37.23.1 libcurl4-7.37.0-37.23.1 libcurl4-debuginfo-32bit-7.37.0-37.23.1 libcurl4-debuginfo-7.37.0-37.23.1 References: https://www.suse.com/security/cve/CVE-2018-1000301.html https://bugzilla.suse.com/1086825 https://bugzilla.suse.com/1092098 From sle-security-updates at lists.suse.com Thu Oct 18 11:06:06 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:06:06 +0200 (CEST) Subject: SUSE-SU-2018:1566-2: important: Security update for git Message-ID: <20181018170606.BFFFCF7C0@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1566-2 Rating: important References: #1095218 #1095219 Cross-References: CVE-2018-11233 CVE-2018-11235 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for git fixes several issues. These security issues were fixed: - CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory (bsc#1095218) - CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository (bsc#1095219) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1080=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): git-doc-2.12.3-27.14.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): git-core-2.12.3-27.14.1 git-core-debuginfo-2.12.3-27.14.1 git-debugsource-2.12.3-27.14.1 References: https://www.suse.com/security/cve/CVE-2018-11233.html https://www.suse.com/security/cve/CVE-2018-11235.html https://bugzilla.suse.com/1095218 https://bugzilla.suse.com/1095219 From sle-security-updates at lists.suse.com Thu Oct 18 11:07:42 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:07:42 +0200 (CEST) Subject: SUSE-SU-2018:2631-2: moderate: Security update for libvirt Message-ID: <20181018170742.58B1BF7C0@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2631-2 Rating: moderate References: #1079869 #1091427 #1094325 #1094725 #1100112 #959329 Cross-References: CVE-2017-5715 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for libvirt fixes the following issues: This new feature was added: - bsc#1094325, bsc#1094725: libxl: Enable virsh blockresize for XEN guests This security issue was fixed: - CVE-2017-5715: Additional fixes for the Spectre patches (bsc#1079869) These non-security issues were fixed: - bsc#1100112: schema: allow any strings in smbios entry qemu: escape smbios entry strings - bsc#1091427: libxl: fix segfault in libxlReconnectDomain - bsc#959329: libxl: don't set hasManagedSave when performing save Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1843=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libvirt-2.0.0-27.45.1 libvirt-client-2.0.0-27.45.1 libvirt-client-debuginfo-2.0.0-27.45.1 libvirt-daemon-2.0.0-27.45.1 libvirt-daemon-config-network-2.0.0-27.45.1 libvirt-daemon-config-nwfilter-2.0.0-27.45.1 libvirt-daemon-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-interface-2.0.0-27.45.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-libxl-2.0.0-27.45.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-lxc-2.0.0-27.45.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-network-2.0.0-27.45.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-qemu-2.0.0-27.45.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-secret-2.0.0-27.45.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-storage-2.0.0-27.45.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.45.1 libvirt-daemon-hooks-2.0.0-27.45.1 libvirt-daemon-lxc-2.0.0-27.45.1 libvirt-daemon-qemu-2.0.0-27.45.1 libvirt-daemon-xen-2.0.0-27.45.1 libvirt-debugsource-2.0.0-27.45.1 libvirt-doc-2.0.0-27.45.1 libvirt-lock-sanlock-2.0.0-27.45.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.45.1 libvirt-nss-2.0.0-27.45.1 libvirt-nss-debuginfo-2.0.0-27.45.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1079869 https://bugzilla.suse.com/1091427 https://bugzilla.suse.com/1094325 https://bugzilla.suse.com/1094725 https://bugzilla.suse.com/1100112 https://bugzilla.suse.com/959329 From sle-security-updates at lists.suse.com Thu Oct 18 11:11:08 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:11:08 +0200 (CEST) Subject: SUSE-SU-2018:2779-2: important: Security update for openslp Message-ID: <20181018171108.9CF94F7C0@maintenance.suse.de> SUSE Security Update: Security update for openslp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2779-2 Rating: important References: #1090638 Cross-References: CVE-2017-17833 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1942=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): openslp-2.0.0-18.15.1 openslp-32bit-2.0.0-18.15.1 openslp-debuginfo-2.0.0-18.15.1 openslp-debuginfo-32bit-2.0.0-18.15.1 openslp-debugsource-2.0.0-18.15.1 openslp-server-2.0.0-18.15.1 openslp-server-debuginfo-2.0.0-18.15.1 References: https://www.suse.com/security/cve/CVE-2017-17833.html https://bugzilla.suse.com/1090638 From sle-security-updates at lists.suse.com Thu Oct 18 11:12:31 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:12:31 +0200 (CEST) Subject: SUSE-SU-2018:3074-2: moderate: Security update for postgresql10 Message-ID: <20181018171231.7B213F7C0@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3074-2 Rating: moderate References: #1108308 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for brings postgresql10 version 10.5 to SUSE Linux Enterprise 12 SP3. (FATE#325659 bnc#1108308) This release marks the change of the versioning scheme for PostgreSQL to a "x.y" format. This means the next minor releases of PostgreSQL will be 10.1, 10.2, ... and the next major release will be 11. * Logical Replication Logical replication extends the current replication features of PostgreSQL with the ability to send modifications on a per-database and per-table level to different PostgreSQL databases. Users can now fine-tune the data replicated to various database clusters and will have the ability to perform zero-downtime upgrades to future major PostgreSQL versions. * Declarative Table Partitioning Table partitioning has existed for years in PostgreSQL but required a user to maintain a nontrivial set of rules and triggers for the partitioning to work. PostgreSQL 10 introduces a table partitioning syntax that lets users easily create and maintain range and list partitioned tables. * Improved Query Parallelism PostgreSQL 10 provides better support for parallelized queries by allowing more parts of the query execution process to be parallelized. Improvements include additional types of data scans that are parallelized as well as optimizations when the data is recombined, such as pre-sorting. These enhancements allow results to be returned more quickly. * Quorum Commit for Synchronous Replication PostgreSQL 10 introduces quorum commit for synchronous replication, which allows for flexibility in how a primary database receives acknowledgement that changes were successfully written to remote replicas. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2176=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-contrib-10.5-1.3.2 postgresql10-contrib-debuginfo-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 postgresql10-server-10.5-1.3.2 postgresql10-server-debuginfo-10.5-1.3.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): postgresql-init-10-17.20.1 postgresql10-docs-10.5-1.3.2 References: https://bugzilla.suse.com/1108308 From sle-security-updates at lists.suse.com Thu Oct 18 11:13:03 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:13:03 +0200 (CEST) Subject: SUSE-SU-2018:2649-2: important: Security update for java-1_7_1-ibm Message-ID: <20181018171303.01598F7C0@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2649-2 Rating: important References: #1104668 Cross-References: CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: Security issues fixed: - CVE-2018-1517: Fixed a flaw in the java.math component in IBM SDK, which may allow an attacker to inflict a denial-of-service attack with specially crafted String data. - CVE-2018-1656: Protect against path traversal attacks when extracting compressed dump files. - CVE-2018-2940: Fixed an easily exploitable vulnerability in the libraries subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to unauthorized read access. - CVE-2018-2952: Fixed an easily exploitable vulnerability in the concurrency subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to denial of service. - CVE-2018-2973: Fixed a difficult to exploit vulnerability in the JSSE subcomponent, which allowed unauthenticated attackers with network access via SSL/TLS to compromise the Java SE, leading to unauthorized creation, deletion or modification access to critical data. - CVE-2018-12539: Fixed a vulnerability in which users other than the process owner may be able to use Java Attach API to connect to the IBM JVM on the same machine and use Attach API operations, including the ability to execute untrusted arbitrary code. Other changes made: - Various JIT/JVM crash fixes - Version update to 7.1.4.30 (bsc#1104668) You can find detailed information about this update [here](https://developer.ibm.com/javasdk/support/security-vulnerabilities/# IBM_Security_Update_August_2018). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1858=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-alsa-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-devel-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-plugin-1.7.1_sr4.30-38.26.1 References: https://www.suse.com/security/cve/CVE-2018-12539.html https://www.suse.com/security/cve/CVE-2018-1517.html https://www.suse.com/security/cve/CVE-2018-1656.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2973.html https://bugzilla.suse.com/1104668 From sle-security-updates at lists.suse.com Thu Oct 18 11:14:02 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:14:02 +0200 (CEST) Subject: SUSE-SU-2018:2716-2: important: Security update for libzypp, zypper Message-ID: <20181018171402.C27DBF7C0@maintenance.suse.de> SUSE Security Update: Security update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2716-2 Rating: important References: #1036304 #1045735 #1049825 #1070851 #1076192 #1079334 #1088705 #1091624 #1092413 #1096803 #1099847 #1100028 #1101349 #1102429 Cross-References: CVE-2017-9269 CVE-2018-7685 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves two vulnerabilities and has 12 fixes is now available. Description: This update for libzypp, zypper provides the following fixes: Update libzypp to version 16.17.20 Security issues fixed: - PackageProvider: Validate delta rpms before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) - PackageProvider: Validate downloaded rpm package signatures before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) Other bugs fixed: - lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304) - Handle http error 502 Bad Gateway in curl backend (bsc#1070851) - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - libzypp-devel should not require cmake (bsc#1101349) - HardLocksFile: Prevent against empty commit without Target having been been loaded (bsc#1096803) - Avoid zombie tar processes (bsc#1076192) Update to zypper to version 1.13.45 Security issue fixed: - Improve signature check callback messages (bsc#1045735, CVE-2017-9269) - add/modify repo: Add options to tune the GPG check settings (bsc#1045735, CVE-2017-9269) Other bugs fixed: - XML attribute `packages-to-change` added (bsc#1102429) - man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028) - Prevent nested calls to exit() if aborted by a signal (bsc#1092413) - ansi.h: Prevent ESC sequence strings from going out of scope (bsc#1092413) - Fix: zypper bash completion expands non-existing options (bsc#1049825) - do not recommend cron (bsc#1079334) - Improve signature check callback messages (bsc#1045735) - add/modify repo: Add options to tune the GPG check settings (bsc#1045735) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1905=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libzypp-16.17.20-27.52.1 libzypp-debuginfo-16.17.20-27.52.1 libzypp-debugsource-16.17.20-27.52.1 zypper-1.13.45-18.33.1 zypper-debuginfo-1.13.45-18.33.1 zypper-debugsource-1.13.45-18.33.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): zypper-log-1.13.45-18.33.1 References: https://www.suse.com/security/cve/CVE-2017-9269.html https://www.suse.com/security/cve/CVE-2018-7685.html https://bugzilla.suse.com/1036304 https://bugzilla.suse.com/1045735 https://bugzilla.suse.com/1049825 https://bugzilla.suse.com/1070851 https://bugzilla.suse.com/1076192 https://bugzilla.suse.com/1079334 https://bugzilla.suse.com/1088705 https://bugzilla.suse.com/1091624 https://bugzilla.suse.com/1092413 https://bugzilla.suse.com/1096803 https://bugzilla.suse.com/1099847 https://bugzilla.suse.com/1100028 https://bugzilla.suse.com/1101349 https://bugzilla.suse.com/1102429 From sle-security-updates at lists.suse.com Thu Oct 18 11:16:46 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:16:46 +0200 (CEST) Subject: SUSE-SU-2018:3066-2: moderate: Security update for qpdf Message-ID: <20181018171646.59510F7C0@maintenance.suse.de> SUSE Security Update: Security update for qpdf ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3066-2 Rating: moderate References: #1040311 #1040312 #1040313 #1050577 #1050578 #1050579 #1050581 #1055960 Cross-References: CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 CVE-2017-12595 CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for qpdf fixes the following issues: qpdf was updated to 7.1.1. Security issues fixed: - CVE-2017-11627: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050577). - CVE-2017-11625: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050579). - CVE-2017-11626: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050578). - CVE-2017-11624: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050581). - CVE-2017-12595: Stack overflow when processing deeply nested arrays and dictionaries (bsc#1055960). - CVE-2017-9209: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040312). - CVE-2017-9210: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040313). - CVE-2017-9208: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040311). * Check release notes for detailed bug fixes. * http://qpdf.sourceforge.net/files/qpdf-manual.html#ref.release-notes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2169=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): cups-filters-1.0.58-15.2.1 cups-filters-cups-browsed-1.0.58-15.2.1 cups-filters-cups-browsed-debuginfo-1.0.58-15.2.1 cups-filters-debuginfo-1.0.58-15.2.1 cups-filters-debugsource-1.0.58-15.2.1 cups-filters-foomatic-rip-1.0.58-15.2.1 cups-filters-foomatic-rip-debuginfo-1.0.58-15.2.1 cups-filters-ghostscript-1.0.58-15.2.1 cups-filters-ghostscript-debuginfo-1.0.58-15.2.1 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 References: https://www.suse.com/security/cve/CVE-2017-11624.html https://www.suse.com/security/cve/CVE-2017-11625.html https://www.suse.com/security/cve/CVE-2017-11626.html https://www.suse.com/security/cve/CVE-2017-11627.html https://www.suse.com/security/cve/CVE-2017-12595.html https://www.suse.com/security/cve/CVE-2017-9208.html https://www.suse.com/security/cve/CVE-2017-9209.html https://www.suse.com/security/cve/CVE-2017-9210.html https://bugzilla.suse.com/1040311 https://bugzilla.suse.com/1040312 https://bugzilla.suse.com/1040313 https://bugzilla.suse.com/1050577 https://bugzilla.suse.com/1050578 https://bugzilla.suse.com/1050579 https://bugzilla.suse.com/1050581 https://bugzilla.suse.com/1055960 From sle-security-updates at lists.suse.com Thu Oct 18 11:18:45 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:18:45 +0200 (CEST) Subject: SUSE-SU-2018:2973-2: moderate: Security update for qemu Message-ID: <20181018171845.B9A2AF7C0@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2973-2 Rating: moderate References: #1092885 #1096223 #1098735 Cross-References: CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for qemu fixes the following security issues: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2116=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): qemu-2.6.2-41.43.3 qemu-block-curl-2.6.2-41.43.3 qemu-block-curl-debuginfo-2.6.2-41.43.3 qemu-block-rbd-2.6.2-41.43.3 qemu-block-rbd-debuginfo-2.6.2-41.43.3 qemu-block-ssh-2.6.2-41.43.3 qemu-block-ssh-debuginfo-2.6.2-41.43.3 qemu-debugsource-2.6.2-41.43.3 qemu-guest-agent-2.6.2-41.43.3 qemu-guest-agent-debuginfo-2.6.2-41.43.3 qemu-kvm-2.6.2-41.43.3 qemu-lang-2.6.2-41.43.3 qemu-tools-2.6.2-41.43.3 qemu-tools-debuginfo-2.6.2-41.43.3 qemu-x86-2.6.2-41.43.3 qemu-x86-debuginfo-2.6.2-41.43.3 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): qemu-ipxe-1.0.0-41.43.3 qemu-seabios-1.9.1-41.43.3 qemu-sgabios-8-41.43.3 qemu-vgabios-1.9.1-41.43.3 References: https://www.suse.com/security/cve/CVE-2018-11806.html https://www.suse.com/security/cve/CVE-2018-12617.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1092885 https://bugzilla.suse.com/1096223 https://bugzilla.suse.com/1098735 From sle-security-updates at lists.suse.com Thu Oct 18 11:19:33 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:19:33 +0200 (CEST) Subject: SUSE-SU-2018:2331-2: important: Security update to ucode-intel Message-ID: <20181018171933.25B19F7C0@maintenance.suse.de> SUSE Security Update: Security update to ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2331-2 Rating: important References: #1087082 #1087083 #1089343 #1104134 Cross-References: CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1573=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-3640.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087083 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1104134 From sle-security-updates at lists.suse.com Thu Oct 18 11:22:09 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:22:09 +0200 (CEST) Subject: SUSE-SU-2018:1699-2: important: Security update for xen Message-ID: <20181018172209.04EADF7C0@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1699-2 Rating: important References: #1027519 #1074562 #1086039 #1092631 Cross-References: CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for xen fixes several issues. This feature was added: - Added support for qemu monitor command These security issues were fixed: - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). This non-security issue was fixed: - bsc#1086039 - Dom0 does not represent DomU cpu flags Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1142=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.5_04-43.33.1 xen-debugsource-4.7.5_04-43.33.1 xen-doc-html-4.7.5_04-43.33.1 xen-libs-32bit-4.7.5_04-43.33.1 xen-libs-4.7.5_04-43.33.1 xen-libs-debuginfo-32bit-4.7.5_04-43.33.1 xen-libs-debuginfo-4.7.5_04-43.33.1 xen-tools-4.7.5_04-43.33.1 xen-tools-debuginfo-4.7.5_04-43.33.1 xen-tools-domU-4.7.5_04-43.33.1 xen-tools-domU-debuginfo-4.7.5_04-43.33.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2017-5754.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1074562 https://bugzilla.suse.com/1086039 https://bugzilla.suse.com/1092631 From sle-security-updates at lists.suse.com Thu Oct 18 11:23:45 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:23:45 +0200 (CEST) Subject: SUSE-SU-2018:2815-2: moderate: Security update for apache2 Message-ID: <20181018172345.8F8DFF7C0@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2815-2 Rating: moderate References: #1016715 #1104826 Cross-References: CVE-2016-4975 CVE-2016-8743 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. (bsc#1016715) - CVE-2016-4975: Fixed possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes which prohibit CR or LF injection into the "Location" or other outbound header key or value. (bsc#1104826) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1970=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apache2-doc-2.4.23-29.24.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-2.4.23-29.24.1 apache2-debuginfo-2.4.23-29.24.1 apache2-debugsource-2.4.23-29.24.1 apache2-example-pages-2.4.23-29.24.1 apache2-prefork-2.4.23-29.24.1 apache2-prefork-debuginfo-2.4.23-29.24.1 apache2-utils-2.4.23-29.24.1 apache2-utils-debuginfo-2.4.23-29.24.1 apache2-worker-2.4.23-29.24.1 apache2-worker-debuginfo-2.4.23-29.24.1 References: https://www.suse.com/security/cve/CVE-2016-4975.html https://www.suse.com/security/cve/CVE-2016-8743.html https://bugzilla.suse.com/1016715 https://bugzilla.suse.com/1104826 From sle-security-updates at lists.suse.com Thu Oct 18 11:28:36 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:28:36 +0200 (CEST) Subject: SUSE-SU-2018:1783-2: important: Security update for MozillaFirefox Message-ID: <20181018172836.05B3FF7C0@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1783-2 Rating: important References: #1096449 Cross-References: CVE-2018-6126 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaFirefox fixes the following security issue: - CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG with Skia (bsc#1096449). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1205=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-52.8.1esr-109.34.1 MozillaFirefox-debuginfo-52.8.1esr-109.34.1 MozillaFirefox-debugsource-52.8.1esr-109.34.1 MozillaFirefox-devel-52.8.1esr-109.34.1 References: https://www.suse.com/security/cve/CVE-2018-6126.html https://bugzilla.suse.com/1096449 From sle-security-updates at lists.suse.com Thu Oct 18 11:29:07 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:29:07 +0200 (CEST) Subject: SUSE-SU-2018:1765-2: moderate: Security update for ntp Message-ID: <20181018172907.9292BF7C0@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1765-2 Rating: moderate References: #1077445 #1082063 #1082210 #1083417 #1083420 #1083422 #1083424 #1083426 Cross-References: CVE-2016-1549 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 6 vulnerabilities and has two fixes is now available. Description: This update for ntp fixes the following issues: - Update to 4.2.8p11 (bsc#1082210): * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. (bsc#1083426) * CVE-2018-7170: Multiple authenticated ephemeral associations. (bsc#1083424) * CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state. (bsc#1083422) * CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association. (bsc#1083420) * CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit.(bsc#1083417) - Don't use libevent's cached time stamps in sntp. (bsc#1077445) This update is a reissue of the previous update with LTSS channels included. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1188=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ntp-4.2.8p11-64.5.1 ntp-debuginfo-4.2.8p11-64.5.1 ntp-debugsource-4.2.8p11-64.5.1 ntp-doc-4.2.8p11-64.5.1 References: https://www.suse.com/security/cve/CVE-2016-1549.html https://www.suse.com/security/cve/CVE-2018-7170.html https://www.suse.com/security/cve/CVE-2018-7182.html https://www.suse.com/security/cve/CVE-2018-7183.html https://www.suse.com/security/cve/CVE-2018-7184.html https://www.suse.com/security/cve/CVE-2018-7185.html https://bugzilla.suse.com/1077445 https://bugzilla.suse.com/1082063 https://bugzilla.suse.com/1082210 https://bugzilla.suse.com/1083417 https://bugzilla.suse.com/1083420 https://bugzilla.suse.com/1083422 https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1083426 From sle-security-updates at lists.suse.com Thu Oct 18 11:30:40 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:30:40 +0200 (CEST) Subject: SUSE-SU-2018:1692-2: important: Security update for java-1_7_0-openjdk Message-ID: <20181018173040.B403BFC98@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1692-2 Rating: important References: #1090023 #1090024 #1090025 #1090026 #1090027 #1090028 #1090029 #1090030 #1090032 #1090033 Cross-References: CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_7_0-openjdk to version 7u181 fixes the following issues: + S8162488: JDK should be updated to use LittleCMS 2.8 + S8180881: Better packaging of deserialization + S8182362: Update CipherOutputStream Usage + S8183032: Upgrade to LittleCMS 2.9 + S8189123: More consistent classloading + S8190478: Improved interface method selection + S8190877: Better handling of abstract classes + S8191696: Better mouse positioning + S8192030: Better MTSchema support + S8193409: Improve AES supporting classes + S8193414: Improvements in MethodType lookups + S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries + S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability + S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability + S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability + S8189989, CVE-2018-2798, bsc#1090028: Improve container portability + S8189993, CVE-2018-2799, bsc#1090029: Improve document portability + S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms + S8192025, CVE-2018-2814, bsc#1090032: Less referential references + S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation + S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For additional changes please consult the changelog. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1135=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_0-openjdk-1.7.0.181-43.15.2 java-1_7_0-openjdk-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-debugsource-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.181-43.15.2 References: https://www.suse.com/security/cve/CVE-2018-2790.html https://www.suse.com/security/cve/CVE-2018-2794.html https://www.suse.com/security/cve/CVE-2018-2795.html https://www.suse.com/security/cve/CVE-2018-2796.html https://www.suse.com/security/cve/CVE-2018-2797.html https://www.suse.com/security/cve/CVE-2018-2798.html https://www.suse.com/security/cve/CVE-2018-2799.html https://www.suse.com/security/cve/CVE-2018-2800.html https://www.suse.com/security/cve/CVE-2018-2814.html https://www.suse.com/security/cve/CVE-2018-2815.html https://bugzilla.suse.com/1090023 https://bugzilla.suse.com/1090024 https://bugzilla.suse.com/1090025 https://bugzilla.suse.com/1090026 https://bugzilla.suse.com/1090027 https://bugzilla.suse.com/1090028 https://bugzilla.suse.com/1090029 https://bugzilla.suse.com/1090030 https://bugzilla.suse.com/1090032 https://bugzilla.suse.com/1090033 From sle-security-updates at lists.suse.com Thu Oct 18 11:35:51 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:35:51 +0200 (CEST) Subject: SUSE-SU-2018:2323-2: moderate: Security update for clamav Message-ID: <20181018173551.BC739FCF0@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2323-2 Rating: moderate References: #1082858 #1101410 #1101412 #1101654 #1103040 Cross-References: CVE-2018-0360 CVE-2018-0361 CVE-2018-1000085 CVE-2018-14679 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - CVE-2018-1000085: Fixed a out-of-bounds heap read in XAR parser (bsc#1082858) - CVE-2018-14679: Libmspack heap buffer over-read in CHM parser (bsc#1103040) - Buffer over-read in unRAR code due to missing max value checks in table initialization - PDF parser bugs The following other changes were made: - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1561=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): clamav-0.100.1-33.15.2 clamav-debuginfo-0.100.1-33.15.2 clamav-debugsource-0.100.1-33.15.2 References: https://www.suse.com/security/cve/CVE-2018-0360.html https://www.suse.com/security/cve/CVE-2018-0361.html https://www.suse.com/security/cve/CVE-2018-1000085.html https://www.suse.com/security/cve/CVE-2018-14679.html https://bugzilla.suse.com/1082858 https://bugzilla.suse.com/1101410 https://bugzilla.suse.com/1101412 https://bugzilla.suse.com/1101654 https://bugzilla.suse.com/1103040 From sle-security-updates at lists.suse.com Thu Oct 18 11:36:58 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:36:58 +0200 (CEST) Subject: SUSE-SU-2018:1173-2: important: Security update for the Linux Kernel Message-ID: <20181018173658.E6727FCF0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1173-2 Rating: important References: #1012382 #1031717 #1046610 #1057734 #1070536 #1075428 #1076847 #1077560 #1082153 #1082299 #1083125 #1083745 #1083836 #1084353 #1084610 #1084721 #1084829 #1085042 #1085185 #1085224 #1085402 #1085404 #1086162 #1086194 #1087088 #1087260 #1087845 #1088241 #1088242 #1088600 #1088684 #1089198 #1089608 #1089644 #1089752 #1090643 Cross-References: CVE-2017-18257 CVE-2018-10087 CVE-2018-10124 CVE-2018-1087 CVE-2018-7740 CVE-2018-8043 CVE-2018-8781 CVE-2018-8822 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 27 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability that allowed local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241) - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829). - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353). - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) The following non-security bugs were fixed: - alsa: hda/realtek - Fix speaker no sound after system resume (bsc#1031717). - alsa: hda: Add a power_save blacklist (bnc#1012382). - alsa: usb-audio: Add a quirck for B&W PX headphones (bnc#1012382). - arm: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382). - arm: mvebu: Fix broken PL310_ERRATA_753970 selects (bnc#1012382). - kvm: mmu: Fix overlap between public and private memslots (bnc#1012382). - Partial revert "e1000e: Avoid receiver overrun interrupt bursts" (bsc#1075428). - Revert "e1000e: Separate signaling for link check/link up" (bsc#1075428). - Revert "led: core: Fix brightness setting when setting delay_off=0" (bnc#1012382). - Revert "watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185)." This reverts commit 5d4a2355a2a1c2ec6fdf9d18b68ca0a04ff73c70. - bpf, x64: implement retpoline for tail call (bnc#1012382). - bridge: check brport attr show in brport_show (bnc#1012382). - btrfs: Only check first key for committed tree blocks (bsc#1084721). - btrfs: Validate child tree block's level and first key (bsc#1084721). - btrfs: preserve i_mode if __btrfs_set_acl() fails (bnc#1012382). - ch9200: use skb_cow_head() to deal with cloned skbs (bsc#1088684). - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init() (bnc#1012382). - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194). - dm io: fix duplicate bio completion due to missing ref count (bnc#1012382). - drm/i915/cmdparser: Do not check past the cmd length (bsc#1031717). - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit (bsc#1031717). - e1000e: Avoid missed interrupts following ICR read (bsc#1075428). - e1000e: Avoid receiver overrun interrupt bursts (bsc#1075428). - e1000e: Fix check_for_link return value with autoneg off (bsc#1075428). - e1000e: Fix link check race condition (bsc#1075428). - e1000e: Fix queue interrupt re-raising in Other interrupt (bsc#1075428). - e1000e: Remove Other from EIAC (bsc#1075428). - fib_semantics: Do not match route with mismatching tclassid (bnc#1012382). - fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (git-fixes, bsc#1083745). - hdlc_ppp: carrier detect ok, do not turn off negotiation (bnc#1012382). - hugetlbfs: fix offset overflow in hugetlbfs mmap (bnc#1084353). - ibmvfc: Avoid unnecessary port relogin (bsc#1085404). - ibmvnic: Clear pending interrupt after device reset (bsc#1089644). - ibmvnic: Define vnic_login_client_data name field as unsized array (bsc#1089198). - ibmvnic: Disable irqs before exiting reset from closed state (bsc#1084610). - ibmvnic: Do not notify peers on parameter change resets (bsc#1089198). - ibmvnic: Do not reset CRQ for Mobility driver resets (bsc#1088600). - ibmvnic: Fix DMA mapping mistakes (bsc#1088600). - ibmvnic: Fix failover case for non-redundant configuration (bsc#1088600). - ibmvnic: Fix reset return from closed state (bsc#1084610). - ibmvnic: Fix reset scheduler error handling (bsc#1088600). - ibmvnic: Handle all login error conditions (bsc#1089198). - ibmvnic: Potential NULL dereference in clean_one_tx_pool() (bsc#1085224, git-fixes). - ibmvnic: Remove unused TSO resources in TX pool structure (bsc#1085224). - ibmvnic: Update TX pool cleaning routine (bsc#1085224). - ibmvnic: Zero used TX descriptor counter on reset (bsc#1088600). - ipv6 sit: work around bogus gcc-8 -Wrestrict warning (bnc#1012382). - kGraft: fix small race in reversion code (bsc#1083125). - kabi/severities: Ignore kgr_shadow_* kABI changes - kvm/x86: fix icebp instruction handling (bnc#1012382). - livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299 fate#313296). - livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299 fate#313296). - mac80211: do not WARN on bad WMM parameters from buggy APs (bsc#1031717). - md-cluster: fix wrong condition check in raid1_write_request (bsc#1085402). - media: au0828: fix VIDEO_V4L2 dependency (bsc#1031717). - media: cx25821: prevent out-of-bounds read on array card (bsc#1031717). - media: m88ds3103: do not call a non-initalized function (bnc#1012382). - media: s3c-camif: fix out-of-bounds array access (bsc#1031717). - mm/hugetlb.c: do not call region_abort if region_chg fails (bnc#1084353). - mpls, nospec: Sanitize array index in mpls_label_ok() (bnc#1012382). - net: fix race on decreasing number of TX queues (bnc#1012382). - net: ipv4: avoid unused variable warning for sysctl (git-fixes). - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 (bnc#1012382). - net: mpls: Pull common label check into helper (bnc#1012382). - netlink: ensure to loop over all netns in genlmsg_multicast_allns() (bnc#1012382). - nospec: Allow index argument to have const-qualified type (bnc#1012382). - perf/x86/intel: Add model number for Skylake Server to perf (FATE#321269). - powerpc/crash: Remove the test for cpu_online in the IPI callback (bsc#1088242). - powerpc: Do not send system reset request through the oops path (bsc#1088242). - powerpc: System reset avoid interleaving oops using die synchronisation (bsc#1088242). - ppp: prevent unregistered channels from connecting to PPP units (bnc#1012382). - regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write() (bsc#1031717). - regmap: Do not use format_val in regmap_bulk_read (bsc#1031717). - regmap: Fix reversed bounds check in regmap_raw_write() (bsc#1031717). - regmap: Format data for raw write in regmap_bulk_write (bsc#1031717). - rpm/config.sh: ensure sorted patches. - s390/cpuinfo: show facilities as reported by stfle (bnc#1076847, LTC#163740). - s390/qeth: fix IPA command submission race (bnc#1012382). - s390/qeth: fix SETIP command handling (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v4_get_dst (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v6_get_dst() (bnc#1012382). - sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382). - storvsc: do not schedule work elements during host reset (bsc#1070536, bsc#1057734). - storvsc_drv: use embedded work structure for host rescan (bsc#1070536, bsc#1057734). - storvsc_drv: use separate workqueue for rescan (bsc#1070536, bsc#1057734). - swap: divide-by-zero when zero length swap file on ssd (bsc#1082153). - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - udplite: fix partial checksum initialization (bnc#1012382). - watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185). - x86/apic/vector: Handle legacy irq data correctly (bnc#1012382). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86/kaiser: Duplicate cpu_tss for an entry trampoline usage (bsc#1077560 bsc#1083836). - x86/kaiser: Remove a user mapping of cpu_tss structure (bsc#1077560 bsc#1083836). - x86/kaiser: Use a per-CPU trampoline stack for kernel entry (bsc#1077560). - x86/kaiser: enforce trampoline stack alignment (bsc#1087260). - x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845). - xen-blkfront: fix mq start/stop race (bsc#1085042). - xen-netback: use skb to determine number of required guest Rx requests (bsc#1046610). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-814=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.73.1 kernel-macros-4.4.121-92.73.1 kernel-source-4.4.121-92.73.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.73.1 kernel-default-base-4.4.121-92.73.1 kernel-default-base-debuginfo-4.4.121-92.73.1 kernel-default-debuginfo-4.4.121-92.73.1 kernel-default-debugsource-4.4.121-92.73.1 kernel-default-devel-4.4.121-92.73.1 kernel-syms-4.4.121-92.73.1 kgraft-patch-4_4_121-92_73-default-1-3.3.1 References: https://www.suse.com/security/cve/CVE-2017-18257.html https://www.suse.com/security/cve/CVE-2018-10087.html https://www.suse.com/security/cve/CVE-2018-10124.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-7740.html https://www.suse.com/security/cve/CVE-2018-8043.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8822.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1031717 https://bugzilla.suse.com/1046610 https://bugzilla.suse.com/1057734 https://bugzilla.suse.com/1070536 https://bugzilla.suse.com/1075428 https://bugzilla.suse.com/1076847 https://bugzilla.suse.com/1077560 https://bugzilla.suse.com/1082153 https://bugzilla.suse.com/1082299 https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1083745 https://bugzilla.suse.com/1083836 https://bugzilla.suse.com/1084353 https://bugzilla.suse.com/1084610 https://bugzilla.suse.com/1084721 https://bugzilla.suse.com/1084829 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1085185 https://bugzilla.suse.com/1085224 https://bugzilla.suse.com/1085402 https://bugzilla.suse.com/1085404 https://bugzilla.suse.com/1086162 https://bugzilla.suse.com/1086194 https://bugzilla.suse.com/1087088 https://bugzilla.suse.com/1087260 https://bugzilla.suse.com/1087845 https://bugzilla.suse.com/1088241 https://bugzilla.suse.com/1088242 https://bugzilla.suse.com/1088600 https://bugzilla.suse.com/1088684 https://bugzilla.suse.com/1089198 https://bugzilla.suse.com/1089608 https://bugzilla.suse.com/1089644 https://bugzilla.suse.com/1089752 https://bugzilla.suse.com/1090643 From sle-security-updates at lists.suse.com Thu Oct 18 11:44:17 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:44:17 +0200 (CEST) Subject: SUSE-SU-2018:2898-2: important: Security update for smt, yast2-smt Message-ID: <20181018174417.300B5FCF0@maintenance.suse.de> SUSE Security Update: Security update for smt, yast2-smt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2898-2 Rating: important References: #1006984 #1006989 #1037811 #1097560 #1097824 #1103809 #1103810 #1104076 #977043 Cross-References: CVE-2018-12470 CVE-2018-12471 CVE-2018-12472 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves three vulnerabilities and has 6 fixes is now available. Description: This update for yast2-smt to 3.0.14 and smt to 3.0.37 fixes the following issues: These security issues were fixed in SMT: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read (bsc#1103809). - CVE-2018-12470: SQL injection in RegistrationSharing module allows remote attackers to run arbitrary SQL statements (bsc#1103810). - CVE-2018-12472: Authentication bypass in sibling check facilitated further attacks on SMT (bsc#1104076). SUSE would like to thank Jake Miller for reporting these issues to us. These non-security issues were fixed in SMT: - Fix cron jobs randomization (bsc#1097560) - Fix duplicate migration paths (bsc#1097824) This non-security issue was fixed in yast2-smt: - Remove cron job rescheduling (bsc#1097560) - Added missing translation marks (bsc#1037811) - Explicitly mention "Organization Credentials" (fate#321759) - Rearrange the SMT set-up dialog (bsc#977043) - Make the Filter button default (bsc#1006984) - Prevent exiting the repo selection dialog via hitting Enter in the repository filter (bsc#1006984) - report when error occurs during repo mirroring (bsc#1006989) - Use TextEntry-based filter for repos (fate#319777) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2056=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): res-signingkeys-3.0.37-52.23.6 smt-3.0.37-52.23.6 smt-debuginfo-3.0.37-52.23.6 smt-debugsource-3.0.37-52.23.6 smt-support-3.0.37-52.23.6 References: https://www.suse.com/security/cve/CVE-2018-12470.html https://www.suse.com/security/cve/CVE-2018-12471.html https://www.suse.com/security/cve/CVE-2018-12472.html https://bugzilla.suse.com/1006984 https://bugzilla.suse.com/1006989 https://bugzilla.suse.com/1037811 https://bugzilla.suse.com/1097560 https://bugzilla.suse.com/1097824 https://bugzilla.suse.com/1103809 https://bugzilla.suse.com/1103810 https://bugzilla.suse.com/1104076 https://bugzilla.suse.com/977043 From sle-security-updates at lists.suse.com Thu Oct 18 11:45:59 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:45:59 +0200 (CEST) Subject: SUSE-SU-2018:1781-2: important: Security update for mariadb Message-ID: <20181018174559.737A7FCF0@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1781-2 Rating: important References: #1088681 #1090518 Cross-References: CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: MariaDB was updated to 10.0.35 (bsc#1090518) Notable changes: * PCRE updated to 8.42 * XtraDB updated to 5.6.39-83.1 * TokuDB updated to 5.6.39-83.1 * InnoDB updated to 5.6.40 * The embedded server library now supports SSL when connecting to remote servers [bsc#1088681], [CVE-2018-2767] * MDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE * MDEV-14988 - innodb_read_only tries to modify files if transactions were recovered in COMMITTED state * MDEV-14773 - DROP TABLE hangs for InnoDB table with FULLTEXT index * MDEV-15723 - Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing corrupted record * fixes for the following security vulnerabilities: CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813 * Release notes and changelog: * https://kb.askmonty.org/en/mariadb-10035-release-notes * https://kb.askmonty.org/en/mariadb-10035-changelog Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1202=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libmysqlclient18-10.0.35-29.20.3 libmysqlclient18-32bit-10.0.35-29.20.3 libmysqlclient18-debuginfo-10.0.35-29.20.3 libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3 mariadb-10.0.35-29.20.3 mariadb-client-10.0.35-29.20.3 mariadb-client-debuginfo-10.0.35-29.20.3 mariadb-debuginfo-10.0.35-29.20.3 mariadb-debugsource-10.0.35-29.20.3 mariadb-errormessages-10.0.35-29.20.3 mariadb-tools-10.0.35-29.20.3 mariadb-tools-debuginfo-10.0.35-29.20.3 References: https://www.suse.com/security/cve/CVE-2018-2755.html https://www.suse.com/security/cve/CVE-2018-2761.html https://www.suse.com/security/cve/CVE-2018-2766.html https://www.suse.com/security/cve/CVE-2018-2767.html https://www.suse.com/security/cve/CVE-2018-2771.html https://www.suse.com/security/cve/CVE-2018-2781.html https://www.suse.com/security/cve/CVE-2018-2782.html https://www.suse.com/security/cve/CVE-2018-2784.html https://www.suse.com/security/cve/CVE-2018-2787.html https://www.suse.com/security/cve/CVE-2018-2813.html https://www.suse.com/security/cve/CVE-2018-2817.html https://www.suse.com/security/cve/CVE-2018-2819.html https://bugzilla.suse.com/1088681 https://bugzilla.suse.com/1090518 From sle-security-updates at lists.suse.com Thu Oct 18 11:51:05 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:51:05 +0200 (CEST) Subject: SUSE-SU-2018:1377-2: important: Security update for the Linux Kernel Message-ID: <20181018175105.AB58EFCF0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1377-2 Rating: important References: #1056427 #1068032 #1075087 #1080157 #1087082 #1090953 #1091041 #1092289 #1093215 #1094019 Cross-References: CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has 9 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2018-3639: Information leaks using "Memory Disambiguation" feature in modern CPUs were mitigated, aka "Spectre Variant 4" (bnc#1087082). A new boot commandline option was introduced, "spec_store_bypass_disable", which can have following values: - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as "prctl" above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is "seccomp", meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing: - "Vulnerable" - "Mitigation: Speculative Store Bypass disabled" - "Mitigation: Speculative Store Bypass disabled via prctl" - "Mitigation: Speculative Store Bypass disabled via prctl and seccomp" The following related and non-security bugs were fixed: - cpuid: Fix cpuid.edx.7.0 propagation to guest - ext4: Fix hole length detection in ext4_ind_map_blocks() (bsc#1090953). - ibmvnic: Clean actual number of RX or TX pools (bsc#1092289). - kvm: Introduce nopvspin kernel parameter (bsc#1056427). - kvm: Fix nopvspin static branch init usage (bsc#1056427). - powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032, bsc#1080157). - powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157). - powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032, bsc#1080157). - powerpc/64s: Enable barrier_nospec based on firmware settings (bsc#1068032, bsc#1080157). - powerpc/64s: Enhance the information in cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Enhance the information in cpu_show_spectre_v1() (bsc#1068032). - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157). - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/powernv: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Fix clearing of security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Restore default security feature flags on setup (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Differentiate enabled and patched flush types (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Move default security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032, bsc#1080157). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-956=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.80.1 kernel-macros-4.4.121-92.80.1 kernel-source-4.4.121-92.80.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.80.1 kernel-default-base-4.4.121-92.80.1 kernel-default-base-debuginfo-4.4.121-92.80.1 kernel-default-debuginfo-4.4.121-92.80.1 kernel-default-debugsource-4.4.121-92.80.1 kernel-default-devel-4.4.121-92.80.1 kernel-syms-4.4.121-92.80.1 kgraft-patch-4_4_121-92_80-default-1-3.5.2 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1056427 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1075087 https://bugzilla.suse.com/1080157 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1090953 https://bugzilla.suse.com/1091041 https://bugzilla.suse.com/1092289 https://bugzilla.suse.com/1093215 https://bugzilla.suse.com/1094019 From sle-security-updates at lists.suse.com Thu Oct 18 11:55:01 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:55:01 +0200 (CEST) Subject: SUSE-SU-2018:2530-2: moderate: Security update for openssh Message-ID: <20181018175501.25134FCF0@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2530-2 Rating: moderate References: #1076957 Cross-References: CVE-2016-10708 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssh fixes the following issues: Security issue fixed: - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1766=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): openssh-7.2p2-74.25.1 openssh-askpass-gnome-7.2p2-74.25.1 openssh-askpass-gnome-debuginfo-7.2p2-74.25.1 openssh-debuginfo-7.2p2-74.25.1 openssh-debugsource-7.2p2-74.25.1 openssh-fips-7.2p2-74.25.1 openssh-helpers-7.2p2-74.25.1 openssh-helpers-debuginfo-7.2p2-74.25.1 References: https://www.suse.com/security/cve/CVE-2016-10708.html https://bugzilla.suse.com/1076957 From sle-security-updates at lists.suse.com Thu Oct 18 11:55:34 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:55:34 +0200 (CEST) Subject: SUSE-SU-2018:3064-2: important: Security update for java-1_8_0-openjdk Message-ID: <20181018175534.6D7D2FCF0@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3064-2 Rating: important References: #1101644 #1101645 #1101651 #1101656 #1106812 Cross-References: CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645) - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656) These non-security issues were fixed: - Improve desktop file usage - Better Internet address support - speculative traps break when classes are redefined - sun/security/pkcs11/ec/ReadCertificates.java fails intermittently - Clean up code that saves the previous versions of redefined classes - Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links - RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid - NMT is not enabled if NMT option is specified after class path specifiers - EndEntityChecker should not process custom extensions after PKIX validation - SupportedDSAParamGen.java failed with timeout - Montgomery multiply intrinsic should use correct name - When determining the ciphersuite lists, there is no debug output for disabled suites. - sun/security/mscapi/SignedObjectChain.java fails on Windows - On Windows Swing changes keyboard layout on a window activation - IfNode::range_check_trap_proj() should handler dying subgraph with single if proj - Even better Internet address support - Newlines in JAXB string values of SOAP-requests are escaped to " " - TestFlushableGZIPOutputStream failing with IndexOutOfBoundsException - Unable to use JDWP API in JDK 8 to debug JDK 9 VM - Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3 - Performance drop with Java JDK 1.8.0_162-b32 - Upgrade time-zone data to tzdata2018d - Fix potential crash in BufImg_SetupICM - JDK 8u181 l10n resource file update - Remove debug print statements from RMI fix - (tz) Upgrade time-zone data to tzdata2018e - ObjectInputStream filterCheck method throws NullPointerException - adjust reflective access checks Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2168=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-openjdk-1.8.0.181-27.26.2 java-1_8_0-openjdk-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-debugsource-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-27.26.2 References: https://www.suse.com/security/cve/CVE-2018-2938.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2973.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1101644 https://bugzilla.suse.com/1101645 https://bugzilla.suse.com/1101651 https://bugzilla.suse.com/1101656 https://bugzilla.suse.com/1106812 From sle-security-updates at lists.suse.com Thu Oct 18 11:56:37 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:56:37 +0200 (CEST) Subject: SUSE-SU-2018:2928-2: moderate: Security update for openssl Message-ID: <20181018175637.D5383FCF0@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2928-2 Rating: moderate References: #1089039 #1101246 #1101470 #1104789 #1106197 #997043 Cross-References: CVE-2018-0737 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for openssl fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) These non-security issues were fixed: - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) - Fixed path to the engines which are under /lib64 on SLE-12 (bsc#1101246, bsc#997043) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2069=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libopenssl-devel-1.0.2j-60.39.1 libopenssl1_0_0-1.0.2j-60.39.1 libopenssl1_0_0-32bit-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.39.1 libopenssl1_0_0-hmac-1.0.2j-60.39.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.39.1 openssl-1.0.2j-60.39.1 openssl-debuginfo-1.0.2j-60.39.1 openssl-debugsource-1.0.2j-60.39.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): openssl-doc-1.0.2j-60.39.1 References: https://www.suse.com/security/cve/CVE-2018-0737.html https://bugzilla.suse.com/1089039 https://bugzilla.suse.com/1101246 https://bugzilla.suse.com/1101470 https://bugzilla.suse.com/1104789 https://bugzilla.suse.com/1106197 https://bugzilla.suse.com/997043 From sle-security-updates at lists.suse.com Thu Oct 18 11:58:46 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:58:46 +0200 (CEST) Subject: SUSE-SU-2018:1997-2: important: Security update for shadow Message-ID: <20181018175846.C72B7FCF0@maintenance.suse.de> SUSE Security Update: Security update for shadow ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1997-2 Rating: important References: #1099310 Cross-References: CVE-2016-6252 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for shadow fixes the following issues: - CVE-2016-6252: Incorrect integer handling could results in local privilege escalation (bsc#1099310) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1351=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): shadow-4.2.1-27.9.1 shadow-debuginfo-4.2.1-27.9.1 shadow-debugsource-4.2.1-27.9.1 References: https://www.suse.com/security/cve/CVE-2016-6252.html https://bugzilla.suse.com/1099310 From sle-security-updates at lists.suse.com Thu Oct 18 11:59:17 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:59:17 +0200 (CEST) Subject: SUSE-SU-2018:1562-2: important: Security update for glibc Message-ID: <20181018175917.D468FFCF0@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1562-2 Rating: important References: #1086690 #1094150 #1094154 #1094161 Cross-References: CVE-2017-18269 CVE-2018-11236 CVE-2018-11237 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for glibc fixes the following issues: - CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary (bsc#1094150) - CVE-2018-11236: Fix overflow in path length computation (bsc#1094161) - CVE-2018-11237: Don't write beyond buffer destination in __mempcpy_avx512_no_vzeroupper (bsc#1094154) Non security bugs fixed: - Fix crash in resolver on memory allocation failure (bsc#1086690) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1077=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): glibc-html-2.22-62.13.2 glibc-i18ndata-2.22-62.13.2 glibc-info-2.22-62.13.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): glibc-2.22-62.13.2 glibc-32bit-2.22-62.13.2 glibc-debuginfo-2.22-62.13.2 glibc-debuginfo-32bit-2.22-62.13.2 glibc-debugsource-2.22-62.13.2 glibc-devel-2.22-62.13.2 glibc-devel-32bit-2.22-62.13.2 glibc-devel-debuginfo-2.22-62.13.2 glibc-devel-debuginfo-32bit-2.22-62.13.2 glibc-locale-2.22-62.13.2 glibc-locale-32bit-2.22-62.13.2 glibc-locale-debuginfo-2.22-62.13.2 glibc-locale-debuginfo-32bit-2.22-62.13.2 glibc-profile-2.22-62.13.2 glibc-profile-32bit-2.22-62.13.2 nscd-2.22-62.13.2 nscd-debuginfo-2.22-62.13.2 References: https://www.suse.com/security/cve/CVE-2017-18269.html https://www.suse.com/security/cve/CVE-2018-11236.html https://www.suse.com/security/cve/CVE-2018-11237.html https://bugzilla.suse.com/1086690 https://bugzilla.suse.com/1094150 https://bugzilla.suse.com/1094154 https://bugzilla.suse.com/1094161 From sle-security-updates at lists.suse.com Thu Oct 18 12:00:16 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:00:16 +0200 (CEST) Subject: SUSE-SU-2018:2975-2: important: Security update for ghostscript Message-ID: <20181018180016.8000CFCF0@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2975-2 Rating: important References: #1106171 #1106172 #1106173 #1106195 #1107410 #1107411 #1107412 #1107413 #1107420 #1107421 #1107422 #1107423 #1107426 #1107581 #1108027 #1109105 Cross-References: CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 CVE-2018-17183 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (bsc#1109105) - CVE-2018-15909: Prevent type confusion using the .shfill operator that could have been used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (bsc#1106172). - CVE-2018-15908: Prevent attackers that are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (bsc#1106171). - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams parameter that could have been used to crash the interpreter or execute code (bsc#1106173). - CVE-2018-15911: Prevent use uninitialized memory access in the aesdecode operator that could have been used to crash the interpreter or potentially execute code (bsc#1106195). - CVE-2018-16513: Prevent a type confusion in the setcolor function that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107412). - CVE-2018-16509: Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be have been used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction (bsc#1107410). - CVE-2018-16510: Incorrect exec stack handling in the "CS" and "SC" PDF primitives could have been used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact (bsc#1107411). - CVE-2018-16542: Prevent attackers able to supply crafted PostScript files from using insufficient interpreter stack-size checking during error handling to crash the interpreter (bsc#1107413). - CVE-2018-16541: Prevent attackers able to supply crafted PostScript files from using incorrect free logic in pagedevice replacement to crash the interpreter (bsc#1107421). - CVE-2018-16540: Prevent use-after-free in copydevice handling that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107420). - CVE-2018-16539: Prevent attackers able to supply crafted PostScript files from using incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable (bsc#1107422). - CVE-2018-16543: gssetresolution and gsgetresolution allowed attackers to have an unspecified impact (bsc#1107423). - CVE-2018-16511: A type confusion in "ztype" could have been used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107426). - CVE-2018-16585: The .setdistillerkeys PostScript command was accepted even though it is not intended for use during document processing (e.g., after the startup phase). This lead to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107581). - CVE-2018-16802: Incorrect "restoration of privilege" checking when running out of stack during exception handling could have been used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509 (bsc#1108027). These non-security issues were fixed: * Fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files). * Avoid that ps2epsi fails with 'Error: /undefined in --setpagedevice--' For additional changes please check http://www.ghostscript.com/doc/9.25/News.htm and the changes file of the package. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2121=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 References: https://www.suse.com/security/cve/CVE-2018-15908.html https://www.suse.com/security/cve/CVE-2018-15909.html https://www.suse.com/security/cve/CVE-2018-15910.html https://www.suse.com/security/cve/CVE-2018-15911.html https://www.suse.com/security/cve/CVE-2018-16509.html https://www.suse.com/security/cve/CVE-2018-16510.html https://www.suse.com/security/cve/CVE-2018-16511.html https://www.suse.com/security/cve/CVE-2018-16513.html https://www.suse.com/security/cve/CVE-2018-16539.html https://www.suse.com/security/cve/CVE-2018-16540.html https://www.suse.com/security/cve/CVE-2018-16541.html https://www.suse.com/security/cve/CVE-2018-16542.html https://www.suse.com/security/cve/CVE-2018-16543.html https://www.suse.com/security/cve/CVE-2018-16585.html https://www.suse.com/security/cve/CVE-2018-16802.html https://www.suse.com/security/cve/CVE-2018-17183.html https://bugzilla.suse.com/1106171 https://bugzilla.suse.com/1106172 https://bugzilla.suse.com/1106173 https://bugzilla.suse.com/1106195 https://bugzilla.suse.com/1107410 https://bugzilla.suse.com/1107411 https://bugzilla.suse.com/1107412 https://bugzilla.suse.com/1107413 https://bugzilla.suse.com/1107420 https://bugzilla.suse.com/1107421 https://bugzilla.suse.com/1107422 https://bugzilla.suse.com/1107423 https://bugzilla.suse.com/1107426 https://bugzilla.suse.com/1107581 https://bugzilla.suse.com/1108027 https://bugzilla.suse.com/1109105 From sle-security-updates at lists.suse.com Thu Oct 18 12:04:11 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:04:11 +0200 (CEST) Subject: SUSE-SU-2018:2320-2: important: Security update for samba Message-ID: <20181018180411.B1212FCF0@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2320-2 Rating: important References: #1054849 #1103411 Cross-References: CVE-2018-10858 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for samba fixes the following issues: The following security vulnerability was fixed: - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) The following other bugs were fixed: - Fix libnss_wins.so.2 link libreplace with rpath (bsc#1054849) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1557=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libdcerpc-binding0-32bit-4.4.2-38.20.1 libdcerpc-binding0-4.4.2-38.20.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.20.1 libdcerpc-binding0-debuginfo-4.4.2-38.20.1 libdcerpc0-32bit-4.4.2-38.20.1 libdcerpc0-4.4.2-38.20.1 libdcerpc0-debuginfo-32bit-4.4.2-38.20.1 libdcerpc0-debuginfo-4.4.2-38.20.1 libndr-krb5pac0-32bit-4.4.2-38.20.1 libndr-krb5pac0-4.4.2-38.20.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.20.1 libndr-krb5pac0-debuginfo-4.4.2-38.20.1 libndr-nbt0-32bit-4.4.2-38.20.1 libndr-nbt0-4.4.2-38.20.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.20.1 libndr-nbt0-debuginfo-4.4.2-38.20.1 libndr-standard0-32bit-4.4.2-38.20.1 libndr-standard0-4.4.2-38.20.1 libndr-standard0-debuginfo-32bit-4.4.2-38.20.1 libndr-standard0-debuginfo-4.4.2-38.20.1 libndr0-32bit-4.4.2-38.20.1 libndr0-4.4.2-38.20.1 libndr0-debuginfo-32bit-4.4.2-38.20.1 libndr0-debuginfo-4.4.2-38.20.1 libnetapi0-32bit-4.4.2-38.20.1 libnetapi0-4.4.2-38.20.1 libnetapi0-debuginfo-32bit-4.4.2-38.20.1 libnetapi0-debuginfo-4.4.2-38.20.1 libsamba-credentials0-32bit-4.4.2-38.20.1 libsamba-credentials0-4.4.2-38.20.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.20.1 libsamba-credentials0-debuginfo-4.4.2-38.20.1 libsamba-errors0-32bit-4.4.2-38.20.1 libsamba-errors0-4.4.2-38.20.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.20.1 libsamba-errors0-debuginfo-4.4.2-38.20.1 libsamba-hostconfig0-32bit-4.4.2-38.20.1 libsamba-hostconfig0-4.4.2-38.20.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.20.1 libsamba-hostconfig0-debuginfo-4.4.2-38.20.1 libsamba-passdb0-32bit-4.4.2-38.20.1 libsamba-passdb0-4.4.2-38.20.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.20.1 libsamba-passdb0-debuginfo-4.4.2-38.20.1 libsamba-util0-32bit-4.4.2-38.20.1 libsamba-util0-4.4.2-38.20.1 libsamba-util0-debuginfo-32bit-4.4.2-38.20.1 libsamba-util0-debuginfo-4.4.2-38.20.1 libsamdb0-32bit-4.4.2-38.20.1 libsamdb0-4.4.2-38.20.1 libsamdb0-debuginfo-32bit-4.4.2-38.20.1 libsamdb0-debuginfo-4.4.2-38.20.1 libsmbclient0-32bit-4.4.2-38.20.1 libsmbclient0-4.4.2-38.20.1 libsmbclient0-debuginfo-32bit-4.4.2-38.20.1 libsmbclient0-debuginfo-4.4.2-38.20.1 libsmbconf0-32bit-4.4.2-38.20.1 libsmbconf0-4.4.2-38.20.1 libsmbconf0-debuginfo-32bit-4.4.2-38.20.1 libsmbconf0-debuginfo-4.4.2-38.20.1 libsmbldap0-32bit-4.4.2-38.20.1 libsmbldap0-4.4.2-38.20.1 libsmbldap0-debuginfo-32bit-4.4.2-38.20.1 libsmbldap0-debuginfo-4.4.2-38.20.1 libtevent-util0-32bit-4.4.2-38.20.1 libtevent-util0-4.4.2-38.20.1 libtevent-util0-debuginfo-32bit-4.4.2-38.20.1 libtevent-util0-debuginfo-4.4.2-38.20.1 libwbclient0-32bit-4.4.2-38.20.1 libwbclient0-4.4.2-38.20.1 libwbclient0-debuginfo-32bit-4.4.2-38.20.1 libwbclient0-debuginfo-4.4.2-38.20.1 samba-4.4.2-38.20.1 samba-client-32bit-4.4.2-38.20.1 samba-client-4.4.2-38.20.1 samba-client-debuginfo-32bit-4.4.2-38.20.1 samba-client-debuginfo-4.4.2-38.20.1 samba-debuginfo-4.4.2-38.20.1 samba-debugsource-4.4.2-38.20.1 samba-libs-32bit-4.4.2-38.20.1 samba-libs-4.4.2-38.20.1 samba-libs-debuginfo-32bit-4.4.2-38.20.1 samba-libs-debuginfo-4.4.2-38.20.1 samba-winbind-32bit-4.4.2-38.20.1 samba-winbind-4.4.2-38.20.1 samba-winbind-debuginfo-32bit-4.4.2-38.20.1 samba-winbind-debuginfo-4.4.2-38.20.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): samba-doc-4.4.2-38.20.1 References: https://www.suse.com/security/cve/CVE-2018-10858.html https://bugzilla.suse.com/1054849 https://bugzilla.suse.com/1103411 From sle-security-updates at lists.suse.com Thu Oct 18 12:04:57 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:04:57 +0200 (CEST) Subject: SUSE-SU-2018:2410-2: important: Security update for xen Message-ID: <20181018180457.17437FCF0@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2410-2 Rating: important References: #1027519 #1091107 #1103276 Cross-References: CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for xen fixes the following security issues: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - Incorrect MSR_DEBUGCTL handling let guests enable BTS allowing a malicious or buggy guest administrator can lock up the entire host (bsc#1103276) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1664=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_04-43.39.1 xen-debugsource-4.7.6_04-43.39.1 xen-doc-html-4.7.6_04-43.39.1 xen-libs-32bit-4.7.6_04-43.39.1 xen-libs-4.7.6_04-43.39.1 xen-libs-debuginfo-32bit-4.7.6_04-43.39.1 xen-libs-debuginfo-4.7.6_04-43.39.1 xen-tools-4.7.6_04-43.39.1 xen-tools-debuginfo-4.7.6_04-43.39.1 xen-tools-domU-4.7.6_04-43.39.1 xen-tools-domU-debuginfo-4.7.6_04-43.39.1 References: https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1091107 https://bugzilla.suse.com/1103276 From sle-security-updates at lists.suse.com Thu Oct 18 12:06:25 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:06:25 +0200 (CEST) Subject: SUSE-SU-2018:2991-2: important: Security update for openslp Message-ID: <20181018180625.9E6D7FCF0@maintenance.suse.de> SUSE Security Update: Security update for openslp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2991-2 Rating: important References: #1090638 Cross-References: CVE-2017-17833 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2132=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): openslp-2.0.0-18.17.1 openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-server-2.0.0-18.17.1 openslp-server-debuginfo-2.0.0-18.17.1 References: https://www.suse.com/security/cve/CVE-2017-17833.html https://bugzilla.suse.com/1090638 From sle-security-updates at lists.suse.com Thu Oct 18 12:06:57 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:06:57 +0200 (CEST) Subject: SUSE-SU-2018:2081-2: important: Security update for xen Message-ID: <20181018180657.4B4C4FCF0@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2081-2 Rating: important References: #1027519 #1087289 #1094725 #1095242 #1096224 #1097521 #1097522 #1097523 Cross-References: CVE-2018-11806 CVE-2018-12891 CVE-2018-12892 CVE-2018-12893 CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 5 vulnerabilities and has three fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2018-12891: Fix preemption checks bypass in x86 PV MM handling (XSA-264) (bsc#1097521). - CVE-2018-12892: Fix libxl failure to honour readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523). - CVE-2018-12893: Fix #DB exception safety check that could be triggered by a guest (XSA-265) (bsc#1097522). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). - CVE-2018-3665: Fix lazy FP Save/Restore (XSA-267) (bsc#1095242). Bug fixes: - bsc#1027519: Update to Xen 4.7.6 bug fix only release. - bsc#1087289: Xen BUG at sched_credit.c:1663. - bsc#1094725: `virsh blockresize` does not work with Xen qdisks. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1414=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_02-43.36.1 xen-debugsource-4.7.6_02-43.36.1 xen-doc-html-4.7.6_02-43.36.1 xen-libs-32bit-4.7.6_02-43.36.1 xen-libs-4.7.6_02-43.36.1 xen-libs-debuginfo-32bit-4.7.6_02-43.36.1 xen-libs-debuginfo-4.7.6_02-43.36.1 xen-tools-4.7.6_02-43.36.1 xen-tools-debuginfo-4.7.6_02-43.36.1 xen-tools-domU-4.7.6_02-43.36.1 xen-tools-domU-debuginfo-4.7.6_02-43.36.1 References: https://www.suse.com/security/cve/CVE-2018-11806.html https://www.suse.com/security/cve/CVE-2018-12891.html https://www.suse.com/security/cve/CVE-2018-12892.html https://www.suse.com/security/cve/CVE-2018-12893.html https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1087289 https://bugzilla.suse.com/1094725 https://bugzilla.suse.com/1095242 https://bugzilla.suse.com/1096224 https://bugzilla.suse.com/1097521 https://bugzilla.suse.com/1097522 https://bugzilla.suse.com/1097523 From sle-security-updates at lists.suse.com Thu Oct 18 12:09:10 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:09:10 +0200 (CEST) Subject: SUSE-SU-2018:2344-2: important: Security update for the Linux Kernel Message-ID: <20181018180910.C0B4CFCF0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2344-2 Rating: important References: #1064232 #1076110 #1083635 #1085042 #1086652 #1087081 #1089343 #1090123 #1091171 #1094248 #1096130 #1096480 #1096978 #1097140 #1097551 #1098016 #1098425 #1098435 #1099924 #1100089 #1100416 #1100418 #1100491 #1101557 #1102340 #1102851 #1103097 #1103119 #1103580 Cross-References: CVE-2017-18344 CVE-2018-13053 CVE-2018-13405 CVE-2018-13406 CVE-2018-14734 CVE-2018-3620 CVE-2018-3646 CVE-2018-5390 CVE-2018-5391 CVE-2018-5814 CVE-2018-9385 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 18 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-5390 aka "SegmentSmack": The Linux Kernel can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bnc#1102340). - CVE-2018-5391 aka "FragmentSmack": A flaw in the IP packet reassembly could be used by remote attackers to consume lots of CPU time (bnc#1103097). - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 bnc#1103580). - CVE-2018-9385: When printing the "driver_override" option from with-in the amba driver, a very long line could expose one additional uninitialized byte (bnc#1100491). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 1100418). - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). The following non-security bugs were fixed: - Add support for 5,25,50, and 100G to 802.3ad bonding driver (bsc#1096978) - bcache: add backing_request_endio() for bi_end_io (bsc#1064232). - bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1064232). - bcache: add io_disable to struct cached_dev (bsc#1064232). - bcache: add journal statistic (bsc#1076110). - bcache: Add __printf annotation to __bch_check_keys() (bsc#1064232). - bcache: add stop_when_cache_set_failed option to backing device (bsc#1064232). - bcache: add wait_for_kthread_stop() in bch_allocator_thread() (bsc#1064232). - bcache: Annotate switch fall-through (bsc#1064232). - bcache: closures: move control bits one bit right (bsc#1076110). - bcache: correct flash only vols (check all uuids) (bsc#1064232). - bcache: count backing device I/O error for writeback I/O (bsc#1064232). - bcache: do not attach backing with duplicate UUID (bsc#1076110). - bcache: Fix a compiler warning in bcache_device_init() (bsc#1064232). - bcache: fix cached_dev->count usage for bch_cache_set_error() (bsc#1064232). - bcache: fix crashes in duplicate cache device register (bsc#1076110). - bcache: fix error return value in memory shrink (bsc#1064232). - bcache: fix for allocator and register thread race (bsc#1076110). - bcache: fix for data collapse after re-attaching an attached device (bsc#1076110). - bcache: fix high CPU occupancy during journal (bsc#1076110). - bcache: Fix, improve efficiency of closure_sync() (bsc#1076110). - bcache: fix inaccurate io state for detached bcache devices (bsc#1064232). - bcache: fix incorrect sysfs output value of strip size (bsc#1064232). - bcache: Fix indentation (bsc#1064232). - bcache: fix kcrashes with fio in RAID5 backend dev (bsc#1076110). - bcache: Fix kernel-doc warnings (bsc#1064232). - bcache: fix misleading error message in bch_count_io_errors() (bsc#1064232). - bcache: fix using of loop variable in memory shrink (bsc#1064232). - bcache: fix writeback target calc on large devices (bsc#1076110). - bcache: fix wrong return value in bch_debug_init() (bsc#1076110). - bcache: mark closure_sync() __sched (bsc#1076110). - bcache: move closure debug file into debug directory (bsc#1064232). - bcache: properly set task state in bch_writeback_thread() (bsc#1064232). - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set (bsc#1064232). - bcache: reduce cache_set devices iteration by devices_max_used (bsc#1064232). - bcache: Reduce the number of sparse complaints about lock imbalances (bsc#1064232). - bcache: Remove an unused variable (bsc#1064232). - bcache: ret IOERR when read meets metadata error (bsc#1076110). - bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n (bsc#1064232). - bcache: return attach error when no cache set exist (bsc#1076110). - bcache: segregate flash only volume write streams (bsc#1076110). - bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1064232). - bcache: set dc->io_disable to true in conditional_stop_bcache_device() (bsc#1064232). - bcache: set error_limit correctly (bsc#1064232). - bcache: set writeback_rate_update_seconds in range [1, 60] seconds (bsc#1064232). - bcache: stop bcache device when backing device is offline (bsc#1064232). - bcache: stop dc->writeback_rate_update properly (bsc#1064232). - bcache: stop writeback thread after detaching (bsc#1076110). - bcache: store disk name in struct cache and struct cached_dev (bsc#1064232). - bcache: Suppress more warnings about set-but-not-used variables (bsc#1064232). - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set (bsc#1064232). - bcache: Use PTR_ERR_OR_ZERO() (bsc#1076110). - bpf: properly enforce index mask to prevent out-of-bounds speculation (bsc#1098425). - cifs: Check for timeout on Negotiate stage (bsc#1091171). - cifs: fix bad/NULL ptr dereferencing in SMB2_sess_setup() (bsc#1090123). - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - ext4: fix unsupported feature message formatting (bsc#1098435). - Hang/soft lockup in d_invalidate with simultaneous calls (bsc#1094248, bsc at 1097140). - ixgbe: fix possible race in reset subtask (bsc#1101557). - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557). - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557). - ixgbe: use atomic bitwise operations when handling reset requests (bsc#1101557). - kabi/severities: add PASS to drivers/md/bcache/*, no one uses bcache kernel module. - procfs: add tunable for fd/fdinfo dentry retention (bsc#1086652). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). - signals: avoid unnecessary taking of sighand->siglock (bsc#1096130). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). Update config files. - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/mm: Simplify p[g4um]d_page() macros (1087081). - x86/pti: do not report XenPV as vulnerable (bsc#1097551). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - xen/grant-table: log the lack of grants (bnc#1085042). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1603=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.92.1 kernel-macros-4.4.121-92.92.1 kernel-source-4.4.121-92.92.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.92.1 kernel-default-base-4.4.121-92.92.1 kernel-default-base-debuginfo-4.4.121-92.92.1 kernel-default-debuginfo-4.4.121-92.92.1 kernel-default-debugsource-4.4.121-92.92.1 kernel-default-devel-4.4.121-92.92.1 kernel-syms-4.4.121-92.92.1 kgraft-patch-4_4_121-92_92-default-1-3.7.1 lttng-modules-2.7.1-9.4.1 lttng-modules-debugsource-2.7.1-9.4.1 lttng-modules-kmp-default-2.7.1_k4.4.121_92.92-9.4.1 lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.92-9.4.1 References: https://www.suse.com/security/cve/CVE-2017-18344.html https://www.suse.com/security/cve/CVE-2018-13053.html https://www.suse.com/security/cve/CVE-2018-13405.html https://www.suse.com/security/cve/CVE-2018-13406.html https://www.suse.com/security/cve/CVE-2018-14734.html https://www.suse.com/security/cve/CVE-2018-3620.html https://www.suse.com/security/cve/CVE-2018-3646.html https://www.suse.com/security/cve/CVE-2018-5390.html https://www.suse.com/security/cve/CVE-2018-5391.html https://www.suse.com/security/cve/CVE-2018-5814.html https://www.suse.com/security/cve/CVE-2018-9385.html https://bugzilla.suse.com/1064232 https://bugzilla.suse.com/1076110 https://bugzilla.suse.com/1083635 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1086652 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1090123 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1094248 https://bugzilla.suse.com/1096130 https://bugzilla.suse.com/1096480 https://bugzilla.suse.com/1096978 https://bugzilla.suse.com/1097140 https://bugzilla.suse.com/1097551 https://bugzilla.suse.com/1098016 https://bugzilla.suse.com/1098425 https://bugzilla.suse.com/1098435 https://bugzilla.suse.com/1099924 https://bugzilla.suse.com/1100089 https://bugzilla.suse.com/1100416 https://bugzilla.suse.com/1100418 https://bugzilla.suse.com/1100491 https://bugzilla.suse.com/1101557 https://bugzilla.suse.com/1102340 https://bugzilla.suse.com/1102851 https://bugzilla.suse.com/1103097 https://bugzilla.suse.com/1103119 https://bugzilla.suse.com/1103580 From sle-security-updates at lists.suse.com Thu Oct 18 12:14:28 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:14:28 +0200 (CEST) Subject: SUSE-SU-2018:2839-2: moderate: Security update for java-1_8_0-ibm Message-ID: <20181018181428.22529FCF0@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2839-2 Rating: moderate References: #1104668 Cross-References: CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2964 CVE-2018-2973 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_8_0-ibm to 8.0.5.20 fixes the following security issues: - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1104668) - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1104668) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1104668) - CVE-2018-2964: Vulnerability in subcomponent: Deployment. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. (bsc#1104668) - CVE-2016-0705: Prevent double free in the dsa_priv_decode function that allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key (bsc#1104668) - CVE-2017-3732: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668) - CVE-2017-3736: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668) - CVE-2018-1517: Unspecified vulnerability (bsc#1104668) - CVE-2018-1656: Unspecified vulnerability (bsc#1104668) - CVE-2018-12539: Users other than the process owner might have been able to use Java Attach API to connect to an IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code (bsc#1104668) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1987=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-alsa-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-devel-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-plugin-1.8.0_sr5.20-30.36.1 References: https://www.suse.com/security/cve/CVE-2016-0705.html https://www.suse.com/security/cve/CVE-2017-3732.html https://www.suse.com/security/cve/CVE-2017-3736.html https://www.suse.com/security/cve/CVE-2018-12539.html https://www.suse.com/security/cve/CVE-2018-1517.html https://www.suse.com/security/cve/CVE-2018-1656.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2964.html https://www.suse.com/security/cve/CVE-2018-2973.html https://bugzilla.suse.com/1104668 From sle-security-updates at lists.suse.com Thu Oct 18 12:15:03 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:15:03 +0200 (CEST) Subject: SUSE-SU-2018:1738-2: important: Security update for java-1_8_0-ibm Message-ID: <20181018181503.6C496FD03@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1738-2 Rating: important References: #1085449 #1093311 Cross-References: CVE-2018-1417 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2825 CVE-2018-2826 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: IBM Java was updated to version 8.0.5.15 [bsc#1093311, bsc#1085449] Security fixes: - CVE-2018-2826 CVE-2018-2825 CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 - Removed translations in the java-1_8_0-ibm-devel-32bit package as they conflict with those in java-1_8_0-ibm-devel. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1176=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-alsa-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-devel-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-plugin-1.8.0_sr5.15-30.33.1 References: https://www.suse.com/security/cve/CVE-2018-1417.html https://www.suse.com/security/cve/CVE-2018-2783.html https://www.suse.com/security/cve/CVE-2018-2790.html https://www.suse.com/security/cve/CVE-2018-2794.html https://www.suse.com/security/cve/CVE-2018-2795.html https://www.suse.com/security/cve/CVE-2018-2796.html https://www.suse.com/security/cve/CVE-2018-2797.html https://www.suse.com/security/cve/CVE-2018-2798.html https://www.suse.com/security/cve/CVE-2018-2799.html https://www.suse.com/security/cve/CVE-2018-2800.html https://www.suse.com/security/cve/CVE-2018-2814.html https://www.suse.com/security/cve/CVE-2018-2825.html https://www.suse.com/security/cve/CVE-2018-2826.html https://bugzilla.suse.com/1085449 https://bugzilla.suse.com/1093311 From sle-security-updates at lists.suse.com Thu Oct 18 12:16:31 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:16:31 +0200 (CEST) Subject: SUSE-SU-2018:3230-1: important: Security update for xen Message-ID: <20181018181631.30BC9FCF0@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3230-1 Rating: important References: #1027519 #1086039 #1089152 #1089635 #1090820 #1090822 #1090823 Cross-References: CVE-2017-5754 CVE-2018-10471 CVE-2018-10472 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635). These non-security issues were fixed: - bsc#1086039: Ensure that Dom0 does represent DomU cpu flags correctly - bsc#1027519: Fixed shadow mode guests Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-841=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.5_02-43.30.1 xen-debugsource-4.7.5_02-43.30.1 xen-doc-html-4.7.5_02-43.30.1 xen-libs-32bit-4.7.5_02-43.30.1 xen-libs-4.7.5_02-43.30.1 xen-libs-debuginfo-32bit-4.7.5_02-43.30.1 xen-libs-debuginfo-4.7.5_02-43.30.1 xen-tools-4.7.5_02-43.30.1 xen-tools-debuginfo-4.7.5_02-43.30.1 xen-tools-domU-4.7.5_02-43.30.1 xen-tools-domU-debuginfo-4.7.5_02-43.30.1 References: https://www.suse.com/security/cve/CVE-2017-5754.html https://www.suse.com/security/cve/CVE-2018-10471.html https://www.suse.com/security/cve/CVE-2018-10472.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1086039 https://bugzilla.suse.com/1089152 https://bugzilla.suse.com/1089635 https://bugzilla.suse.com/1090820 https://bugzilla.suse.com/1090822 https://bugzilla.suse.com/1090823 From sle-security-updates at lists.suse.com Thu Oct 18 12:19:07 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:19:07 +0200 (CEST) Subject: SUSE-SU-2018:1334-2: important: Security update for MozillaFirefox Message-ID: <20181018181907.DC145FCF0@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1334-2 Rating: important References: #1092548 Cross-References: CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox to the ESR 52.8 release fixes the following issues: Mozil to Firefox ESR 52.8 (bsc#1092548) Security issues fixed: - MFSA 2018-12/CVE-2018-5159: Integer overflow and out-of-bounds write in Skia - MFSA 2018-12/CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer - MFSA 2018-12/CVE-2018-5168: Lightweight themes can be installed without user interaction - MFSA 2018-12/CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 - MFSA 2018-12/CVE-2018-5155: Use-after-free with SVG animations and text paths - MFSA 2018-12/CVE-2018-5183: Backport critical security fixes in Skia - MFSA 2018-12/CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files - MFSA 2018-12/CVE-2018-5154: Use-after-free with SVG animations and clip paths - MFSA 2018-12/CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-943=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-52.8.0esr-109.31.2 MozillaFirefox-debuginfo-52.8.0esr-109.31.2 MozillaFirefox-debugsource-52.8.0esr-109.31.2 MozillaFirefox-devel-52.8.0esr-109.31.2 References: https://www.suse.com/security/cve/CVE-2018-5150.html https://www.suse.com/security/cve/CVE-2018-5154.html https://www.suse.com/security/cve/CVE-2018-5155.html https://www.suse.com/security/cve/CVE-2018-5157.html https://www.suse.com/security/cve/CVE-2018-5158.html https://www.suse.com/security/cve/CVE-2018-5159.html https://www.suse.com/security/cve/CVE-2018-5168.html https://www.suse.com/security/cve/CVE-2018-5174.html https://www.suse.com/security/cve/CVE-2018-5178.html https://www.suse.com/security/cve/CVE-2018-5183.html https://bugzilla.suse.com/1092548 From sle-security-updates at lists.suse.com Thu Oct 18 16:13:28 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Oct 2018 00:13:28 +0200 (CEST) Subject: SUSE-SU-2018:3238-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 12) Message-ID: <20181018221328.6BE70FCF0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 36 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3238-1 Rating: important References: #1107832 #1108963 #1110233 Cross-References: CVE-2018-14633 CVE-2018-14634 CVE-2018-17182 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_136 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14634: An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable (bsc#1108963). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2308=1 SUSE-SLE-SERVER-12-2018-2309=1 SUSE-SLE-SERVER-12-2018-2310=1 SUSE-SLE-SERVER-12-2018-2311=1 SUSE-SLE-SERVER-12-2018-2312=1 SUSE-SLE-SERVER-12-2018-2313=1 SUSE-SLE-SERVER-12-2018-2314=1 SUSE-SLE-SERVER-12-2018-2315=1 SUSE-SLE-SERVER-12-2018-2316=1 SUSE-SLE-SERVER-12-2018-2317=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_101-default-10-2.1 kgraft-patch-3_12_61-52_101-xen-10-2.1 kgraft-patch-3_12_61-52_106-default-10-2.1 kgraft-patch-3_12_61-52_106-xen-10-2.1 kgraft-patch-3_12_61-52_111-default-9-2.1 kgraft-patch-3_12_61-52_111-xen-9-2.1 kgraft-patch-3_12_61-52_119-default-9-2.1 kgraft-patch-3_12_61-52_119-xen-9-2.1 kgraft-patch-3_12_61-52_122-default-9-2.1 kgraft-patch-3_12_61-52_122-xen-9-2.1 kgraft-patch-3_12_61-52_125-default-8-2.1 kgraft-patch-3_12_61-52_125-xen-8-2.1 kgraft-patch-3_12_61-52_128-default-6-2.1 kgraft-patch-3_12_61-52_128-xen-6-2.1 kgraft-patch-3_12_61-52_133-default-5-2.1 kgraft-patch-3_12_61-52_133-xen-5-2.1 kgraft-patch-3_12_61-52_136-default-5-2.1 kgraft-patch-3_12_61-52_136-xen-5-2.1 kgraft-patch-3_12_61-52_141-default-4-2.1 kgraft-patch-3_12_61-52_141-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-14634.html https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1107832 https://bugzilla.suse.com/1108963 https://bugzilla.suse.com/1110233 From sle-security-updates at lists.suse.com Fri Oct 19 07:08:21 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Oct 2018 15:08:21 +0200 (CEST) Subject: SUSE-SU-2018:3240-1: moderate: Security update for nagios Message-ID: <20181019130821.542B5FFD6@maintenance.suse.de> SUSE Security Update: Security update for nagios ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3240-1 Rating: moderate References: #1011630 #1018047 Cross-References: CVE-2016-10089 CVE-2016-8641 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nagios fixes the following issues: - CVE-2016-8641 / CVE-2016-10089: fixed possible symlink attacks for files/directories created by root (bsc#1011630 / bsc#1018047) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-nagios-13820=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-nagios-13820=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-nagios-13820=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): nagios-devel-3.0.6-1.25.36.3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): nagios-3.0.6-1.25.36.3.1 nagios-www-3.0.6-1.25.36.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): nagios-3.0.6-1.25.36.3.1 nagios-www-3.0.6-1.25.36.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): nagios-debuginfo-3.0.6-1.25.36.3.1 nagios-debugsource-3.0.6-1.25.36.3.1 References: https://www.suse.com/security/cve/CVE-2016-10089.html https://www.suse.com/security/cve/CVE-2016-8641.html https://bugzilla.suse.com/1011630 https://bugzilla.suse.com/1018047 From sle-security-updates at lists.suse.com Fri Oct 19 10:24:29 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:24:29 +0200 (CEST) Subject: SUSE-SU-2018:3247-1: important: Security update for MozillaThunderbird Message-ID: <20181019162429.EA4CAFFD6@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3247-1 Rating: important References: #1066489 #1084603 #1098998 #1107343 #1107772 #1109363 #1109379 Cross-References: CVE-2017-16541 CVE-2018-12359 CVE-2018-12360 CVE-2018-12361 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12367 CVE-2018-12371 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12383 CVE-2018-12385 CVE-2018-5156 CVE-2018-5187 CVE-2018-5188 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. Description: This update for MozillaThunderbird to version 60.2.1 fixes the following issues: Update to Thunderbird 60.2.1: * Calendar: Default values for the first day of the week and working days are now derived from the selected datetime formatting locale * Calendar: Switch to a Photon-style icon set for all platforms * Fix multiple requests for master password when Google Mail or Calendar OAuth2 is enabled * Fix scrollbar of the address entry auto-complete popup * Fix security info dialog in compose window not showing certificate status * Fix links in the Add-on Manager's search results and theme browsing tabs that opened in external browser * Fix localization not showing the localized name for the "Drafts" and "Sent" folders for certain IMAP providers * Fix replying to a message with an empty subject which inserted Re: twice * Fix spellcheck marks disappeaing erroneously for words with an apostrophe * Calendar: First day of the week can now be set * Calendar: Several fixes related to cutting/deleting of events and email schedulin These security issues were fixed: - CVE-2018-12359: Prevent buffer overflow using computed size of canvas element (bsc#1098998). - CVE-2018-12360: Prevent use-after-free when using focus() (bsc#1098998). - CVE-2018-12361: Prevent integer overflow in SwizzleData (bsc#1098998). - CVE-2018-12362: Prevent integer overflow in SSSE3 scaler (bsc#1098998). - CVE-2018-5156: Prevent media recorder segmentation fault when track type is changed during capture (bsc#1098998). - CVE-2018-12363: Prevent use-after-free when appending DOM nodes (bsc#1098998). - CVE-2018-12364: Prevent CSRF attacks through 307 redirects and NPAPI plugins (bsc#1098998). - CVE-2018-12365: Prevent compromised IPC child process listing local filenames (bsc#1098998). - CVE-2018-12371: Prevent integer overflow in Skia library during edge builder allocation (bsc#1098998). - CVE-2018-12366: Prevent invalid data handling during QCMS transformations (bsc#1098998). - CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming (bsc#1098998). - CVE-2018-5187: Various memory safety bugs (bsc#1098998). - CVE-2018-5188: Various memory safety bugs (bsc#1098998). - CVE-2018-12377: Prevent use-after-free in refresh driver timers (bsc#1107343) - CVE-2018-12378: Prevent use-after-free in IndexedDB (bsc#1107343) - CVE-2017-16541: Prevent proxy bypass using automount and autofs (bsc#1066489) - CVE-2018-12376: Fixed various memory safety bugs (bsc#1107343) - CVE-2018-12385: Fixed crash in TransportSecurityInfo due to cached data (bsc#1109363) - CVE-2018-12383: Fixed that setting a master password did not delete unencrypted previously stored passwords (bsc#1107343) These can not, in general, be exploited through email, but are potential risks in browser or browser-like contexts. These non-security issues were fixed: - Storing of remote content settings fixed (bsc#1084603) - Improved message handling and composing - Improved handling of message templates - Support for OAuth2 and FIDO U2F - Various Calendar improvements - Various fixes and changes to e-mail workflow - Various IMAP fixes - Native desktop notifications - Fix date display issues (bsc#1109379) - Fix start-up crash due to folder name with special characters (bsc#1107772) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-2333=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): MozillaThunderbird-60.2.1-3.13.1 MozillaThunderbird-debuginfo-60.2.1-3.13.1 MozillaThunderbird-debugsource-60.2.1-3.13.1 MozillaThunderbird-translations-common-60.2.1-3.13.1 MozillaThunderbird-translations-other-60.2.1-3.13.1 References: https://www.suse.com/security/cve/CVE-2017-16541.html https://www.suse.com/security/cve/CVE-2018-12359.html https://www.suse.com/security/cve/CVE-2018-12360.html https://www.suse.com/security/cve/CVE-2018-12361.html https://www.suse.com/security/cve/CVE-2018-12362.html https://www.suse.com/security/cve/CVE-2018-12363.html https://www.suse.com/security/cve/CVE-2018-12364.html https://www.suse.com/security/cve/CVE-2018-12365.html https://www.suse.com/security/cve/CVE-2018-12366.html https://www.suse.com/security/cve/CVE-2018-12367.html https://www.suse.com/security/cve/CVE-2018-12371.html https://www.suse.com/security/cve/CVE-2018-12376.html https://www.suse.com/security/cve/CVE-2018-12377.html https://www.suse.com/security/cve/CVE-2018-12378.html https://www.suse.com/security/cve/CVE-2018-12383.html https://www.suse.com/security/cve/CVE-2018-12385.html https://www.suse.com/security/cve/CVE-2018-5156.html https://www.suse.com/security/cve/CVE-2018-5187.html https://www.suse.com/security/cve/CVE-2018-5188.html https://bugzilla.suse.com/1066489 https://bugzilla.suse.com/1084603 https://bugzilla.suse.com/1098998 https://bugzilla.suse.com/1107343 https://bugzilla.suse.com/1107772 https://bugzilla.suse.com/1109363 https://bugzilla.suse.com/1109379 From sle-security-updates at lists.suse.com Fri Oct 19 10:27:32 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:27:32 +0200 (CEST) Subject: SUSE-SU-2018:3249-1: important: Security update for haproxy Message-ID: <20181019162732.85359FFD7@maintenance.suse.de> SUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3249-1 Rating: important References: #1094846 #1100787 #1108683 Cross-References: CVE-2018-11469 CVE-2018-14645 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for haproxy to version 1.8.14 fixes the following issues: These security issues were fixed: - CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an out-of-bounds read in hpack_valid_idx() that resulted in a remote crash and denial of service (bsc#1108683) - CVE-2018-11469: Incorrect caching of responses to requests including an Authorization header allowed attackers to achieve information disclosure via an unauthenticated remote request (bsc#1094846). These non-security issues were fixed: - Require apparmor-abstractions to reduce dependencies (bsc#1100787) - hpack: fix improper sign check on the header index value - cli: make sure the "getsock" command is only called on connections - tools: fix set_net_port() / set_host_port() on IPv4 - patterns: fix possible double free when reloading a pattern list - server: Crash when setting FQDN via CLI. - kqueue: Don't reset the changes number by accident. - snapshot: take the proxy's lock while dumping errors - http/threads: atomically increment the error snapshot ID - dns: check and link servers' resolvers right after config parsing - h2: fix risk of memory leak on malformated wrapped frames - session: fix reporting of handshake processing time in the logs - stream: use atomic increments for the request counter - thread: implement HA_ATOMIC_XADD() - ECC cert should work with TLS < v1.2 and openssl >= 1.1.1 - dns/server: fix incomatibility between SRV resolution and server state file - hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP returns 0. - thread: lua: Wrong SSL context initialization. - hlua: Make sure we drain the output buffer when done. - lua: reset lua transaction between http requests - mux_pt: dereference the connection with care in mux_pt_wake() - lua: Bad HTTP client request duration. - unix: provide a ->drain() function - Fix spelling error in configuration doc - cli/threads: protect some server commands against concurrent operations - cli/threads: protect all "proxy" commands against concurrent updates - lua: socket timeouts are not applied - ssl: Use consistent naming for TLS protocols - dns: explain set server ... fqdn requires resolver - map: fix map_regm with backref - ssl: loading dh param from certifile causes unpredictable error. - ssl: fix missing error loading a keytype cert from a bundle. - ssl: empty connections reported as errors. - cli: make "show fd" thread-safe - hathreads: implement a more flexible rendez-vous point - threads: fix the no-thread case after the change to the sync point - threads: add more consistency between certain variables in no-thread case - threads: fix the double CAS implementation for ARMv7 - threads: Introduce double-width CAS on x86_64 and arm. - lua: possible CLOSE-WAIT state with '\n' headers For additional changes please refer to the changelog. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-2332=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): haproxy-1.8.14~git0.52e4d43b-3.3.2 haproxy-debuginfo-1.8.14~git0.52e4d43b-3.3.2 haproxy-debugsource-1.8.14~git0.52e4d43b-3.3.2 References: https://www.suse.com/security/cve/CVE-2018-11469.html https://www.suse.com/security/cve/CVE-2018-14645.html https://bugzilla.suse.com/1094846 https://bugzilla.suse.com/1100787 https://bugzilla.suse.com/1108683 From sle-security-updates at lists.suse.com Fri Oct 19 10:28:18 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:28:18 +0200 (CEST) Subject: SUSE-SU-2018:3250-1: moderate: Security update for clamav Message-ID: <20181019162818.8227AFFD6@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3250-1 Rating: moderate References: #1103040 #1104457 #1110723 Cross-References: CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-15378 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for clamav fixes the following issues: clamav was updated to version 0.100.2. Following security issues were fixed: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) Following non-security issues were addressed: - Make freshclam more robust against lagging signature mirrors. - On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2335=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): clamav-0.100.2-3.6.4 clamav-debuginfo-0.100.2-3.6.4 clamav-debugsource-0.100.2-3.6.4 clamav-devel-0.100.2-3.6.4 libclamav7-0.100.2-3.6.4 libclamav7-debuginfo-0.100.2-3.6.4 libclammspack0-0.100.2-3.6.4 libclammspack0-debuginfo-0.100.2-3.6.4 References: https://www.suse.com/security/cve/CVE-2018-14680.html https://www.suse.com/security/cve/CVE-2018-14681.html https://www.suse.com/security/cve/CVE-2018-14682.html https://www.suse.com/security/cve/CVE-2018-15378.html https://bugzilla.suse.com/1103040 https://bugzilla.suse.com/1104457 https://bugzilla.suse.com/1110723 From sle-security-updates at lists.suse.com Fri Oct 19 10:30:29 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:30:29 +0200 (CEST) Subject: SUSE-SU-2018:3253-1: important: Security update for libssh Message-ID: <20181019163029.1B467FFD6@maintenance.suse.de> SUSE Security Update: Security update for libssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3253-1 Rating: important References: #1108020 Cross-References: CVE-2018-10933 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libssh fixes the following issues: Security issue fixed: - CVE-2018-10933: Fixed a server mode authentication bypass (bsc#1108020). Non security issue fixed: - Fix popd syntax to be compatible with newer versions of the bash shell. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2320=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2320=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2320=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libssh-debugsource-0.6.3-12.6.1 libssh4-0.6.3-12.6.1 libssh4-debuginfo-0.6.3-12.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libssh-debugsource-0.6.3-12.6.1 libssh-devel-0.6.3-12.6.1 libssh-devel-doc-0.6.3-12.6.1 libssh4-0.6.3-12.6.1 libssh4-debuginfo-0.6.3-12.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libssh-debugsource-0.6.3-12.6.1 libssh4-0.6.3-12.6.1 libssh4-debuginfo-0.6.3-12.6.1 References: https://www.suse.com/security/cve/CVE-2018-10933.html https://bugzilla.suse.com/1108020 From sle-security-updates at lists.suse.com Fri Oct 19 13:08:02 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Oct 2018 21:08:02 +0200 (CEST) Subject: SUSE-SU-2018:3260-1: moderate: Security update for fuse Message-ID: <20181019190802.BACB9FFD6@maintenance.suse.de> SUSE Security Update: Security update for fuse ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3260-1 Rating: moderate References: #1101797 Cross-References: CVE-2018-10906 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for fuse fixes the following issues: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2340=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): fuse-2.9.7-3.3.1 fuse-debuginfo-2.9.7-3.3.1 fuse-debugsource-2.9.7-3.3.1 fuse-devel-2.9.7-3.3.1 fuse-doc-2.9.7-3.3.1 libfuse2-2.9.7-3.3.1 libfuse2-debuginfo-2.9.7-3.3.1 libulockmgr1-2.9.7-3.3.1 libulockmgr1-debuginfo-2.9.7-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-10906.html https://bugzilla.suse.com/1101797 From sle-security-updates at lists.suse.com Fri Oct 19 13:08:34 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Oct 2018 21:08:34 +0200 (CEST) Subject: SUSE-SU-2018:3261-1: moderate: Security update for tomcat Message-ID: <20181019190834.BA8DEFFD6@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3261-1 Rating: moderate References: #1078677 #1082480 #1082481 #1093697 #1102379 #1102400 #1110850 Cross-References: CVE-2017-15706 CVE-2018-11784 CVE-2018-1304 CVE-2018-1305 CVE-2018-1336 CVE-2018-8014 CVE-2018-8034 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for tomcat fixes the following issues: Version update to 7.0.90: - Another bugfix release, for full details see: https://tomcat.apache.org/tomcat-7.0-doc/changelog.html Security issues fixed: - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. (bsc#1110850) - CVE-2017-15706: As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.(bsc#1078677) - CVE-2018-1304: The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. (bsc#1082480) - CVE-2018-1305: Security constraints defined by annotations of Servlets in Apache Tomcat were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.(bsc#1082481) - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. (bsc#1102400) - CVE-2018-8014: Fixed default settings for the CORS filter, which were insecure and enabled 'supportsCredentials' for all origins. (bsc#1093697) - CVE-2018-8034: Fixed the host name verification when using TLS with the WebSocket client, which was not enabled by default. (bsc#1102379) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2339=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (noarch): tomcat-7.0.90-7.23.1 tomcat-admin-webapps-7.0.90-7.23.1 tomcat-docs-webapp-7.0.90-7.23.1 tomcat-el-2_2-api-7.0.90-7.23.1 tomcat-javadoc-7.0.90-7.23.1 tomcat-jsp-2_2-api-7.0.90-7.23.1 tomcat-lib-7.0.90-7.23.1 tomcat-servlet-3_0-api-7.0.90-7.23.1 tomcat-webapps-7.0.90-7.23.1 References: https://www.suse.com/security/cve/CVE-2017-15706.html https://www.suse.com/security/cve/CVE-2018-11784.html https://www.suse.com/security/cve/CVE-2018-1304.html https://www.suse.com/security/cve/CVE-2018-1305.html https://www.suse.com/security/cve/CVE-2018-1336.html https://www.suse.com/security/cve/CVE-2018-8014.html https://www.suse.com/security/cve/CVE-2018-8034.html https://bugzilla.suse.com/1078677 https://bugzilla.suse.com/1082480 https://bugzilla.suse.com/1082481 https://bugzilla.suse.com/1093697 https://bugzilla.suse.com/1102379 https://bugzilla.suse.com/1102400 https://bugzilla.suse.com/1110850 From sle-security-updates at lists.suse.com Mon Oct 22 07:08:30 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:08:30 +0200 (CEST) Subject: SUSE-SU-2018:3265-1: important: Security update for the Linux Kernel (Live Patch 38 for SLE 12) Message-ID: <20181022130830.B6235FFD5@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 38 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3265-1 Rating: important References: #1102682 #1107832 Cross-References: CVE-2018-14633 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_146 fixes several issues. The following security issues were fixed: - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2355=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_146-default-2-2.1 kgraft-patch-3_12_61-52_146-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1107832 From sle-security-updates at lists.suse.com Mon Oct 22 07:11:42 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:11:42 +0200 (CEST) Subject: SUSE-SU-2018:3268-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP3) Message-ID: <20181022131142.1EB6AFFD5@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3268-1 Rating: important References: #1107832 Cross-References: CVE-2018-14633 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.156-94_61 fixes one issue. The following security issue was fixed: - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-2362=1 SUSE-SLE-Live-Patching-12-SP3-2018-2363=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_156-94_57-default-2-2.1 kgraft-patch-4_4_156-94_57-default-debuginfo-2-2.1 kgraft-patch-4_4_156-94_61-default-2-2.1 kgraft-patch-4_4_156-94_61-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://bugzilla.suse.com/1107832 From sle-security-updates at lists.suse.com Mon Oct 22 07:12:16 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:12:16 +0200 (CEST) Subject: SUSE-SU-2018:3269-1: Security update for GraphicsMagick Message-ID: <20181022131216.98BE7FFD6@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3269-1 Rating: low References: #1106855 #1107604 #1107609 #1107612 #1107616 #1107619 #1108282 #1108283 #1110746 #1110747 #1111069 #1111072 Cross-References: CVE-2018-16323 CVE-2018-16640 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 CVE-2018-17965 CVE-2018-17966 CVE-2018-18016 CVE-2018-18024 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following security issue: - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283) - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855) - CVE-2018-16640: Prevent memory leak in the function ReadOneJNGImage (bsc#1107619). - CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616). - CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612). - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609). - CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604). - CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (bsc#1111069) - CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072). - CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747). - CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746). - CVE-2018-16749: A missing NULL check in ReadOneJNGImage allowed remote attackers to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. (bsc#1108282) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-13827=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-13827=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-13827=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-78.72.1 libGraphicsMagick2-1.2.5-78.72.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-78.72.1 libGraphicsMagick2-1.2.5-78.72.1 perl-GraphicsMagick-1.2.5-78.72.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-78.72.1 GraphicsMagick-debugsource-1.2.5-78.72.1 References: https://www.suse.com/security/cve/CVE-2018-16323.html https://www.suse.com/security/cve/CVE-2018-16640.html https://www.suse.com/security/cve/CVE-2018-16642.html https://www.suse.com/security/cve/CVE-2018-16643.html https://www.suse.com/security/cve/CVE-2018-16644.html https://www.suse.com/security/cve/CVE-2018-16645.html https://www.suse.com/security/cve/CVE-2018-16749.html https://www.suse.com/security/cve/CVE-2018-16750.html https://www.suse.com/security/cve/CVE-2018-17965.html https://www.suse.com/security/cve/CVE-2018-17966.html https://www.suse.com/security/cve/CVE-2018-18016.html https://www.suse.com/security/cve/CVE-2018-18024.html https://bugzilla.suse.com/1106855 https://bugzilla.suse.com/1107604 https://bugzilla.suse.com/1107609 https://bugzilla.suse.com/1107612 https://bugzilla.suse.com/1107616 https://bugzilla.suse.com/1107619 https://bugzilla.suse.com/1108282 https://bugzilla.suse.com/1108283 https://bugzilla.suse.com/1110746 https://bugzilla.suse.com/1110747 https://bugzilla.suse.com/1111069 https://bugzilla.suse.com/1111072 From sle-security-updates at lists.suse.com Mon Oct 22 07:16:22 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:16:22 +0200 (CEST) Subject: SUSE-SU-2018:3272-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15) Message-ID: <20181022131622.C2672FFD5@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 4 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3272-1 Rating: important References: #1107832 #1110233 Cross-References: CVE-2018-14633 CVE-2018-17182 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-25_16 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-2357=1 SUSE-SLE-Module-Live-Patching-15-2018-2358=1 SUSE-SLE-Module-Live-Patching-15-2018-2359=1 SUSE-SLE-Module-Live-Patching-15-2018-2360=1 SUSE-SLE-Module-Live-Patching-15-2018-2361=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-23-default-5-13.2 kernel-livepatch-4_12_14-23-default-debuginfo-5-13.2 kernel-livepatch-4_12_14-25_16-default-3-2.1 kernel-livepatch-4_12_14-25_16-default-debuginfo-3-2.1 kernel-livepatch-4_12_14-25_19-default-2-2.1 kernel-livepatch-4_12_14-25_19-default-debuginfo-2-2.1 kernel-livepatch-4_12_14-25_3-default-5-2.1 kernel-livepatch-4_12_14-25_3-default-debuginfo-5-2.1 kernel-livepatch-4_12_14-25_6-default-5-2.1 kernel-livepatch-4_12_14-25_6-default-debuginfo-5-2.1 kernel-livepatch-SLE15_Update_0-debugsource-5-13.2 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1107832 https://bugzilla.suse.com/1110233 From sle-security-updates at lists.suse.com Mon Oct 22 07:20:12 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:20:12 +0200 (CEST) Subject: SUSE-SU-2018:3277-1: moderate: Security update for Xerces-c Message-ID: <20181022132012.790B8FFD5@maintenance.suse.de> SUSE Security Update: Security update for Xerces-c ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3277-1 Rating: moderate References: #1083630 #985860 Cross-References: CVE-2016-4463 CVE-2017-12627 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for Xerces-c fixes the following issues: - CVE-2017-12627: Processing of external DTD paths could have resulted in a null pointer dereference under certain conditions (bsc#1083630). - CVE-2016-4463: Prevent stack-based buffer overflow that allowed context-dependent attackers to cause a denial of service via a deeply nested DTD (bsc#985860). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-Xerces-c-13828=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-Xerces-c-13828=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): Xerces-c-2.8.0-29.17.5.1 libXerces-c-devel-2.8.0-29.17.5.1 libXerces-c28-2.8.0-29.17.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): Xerces-c-debuginfo-2.8.0-29.17.5.1 Xerces-c-debugsource-2.8.0-29.17.5.1 References: https://www.suse.com/security/cve/CVE-2016-4463.html https://www.suse.com/security/cve/CVE-2017-12627.html https://bugzilla.suse.com/1083630 https://bugzilla.suse.com/985860 From sle-security-updates at lists.suse.com Mon Oct 22 07:20:56 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:20:56 +0200 (CEST) Subject: SUSE-SU-2018:3278-1: moderate: Security update for udisks2 Message-ID: <20181022132056.C8640FFD5@maintenance.suse.de> SUSE Security Update: Security update for udisks2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3278-1 Rating: moderate References: #1091274 #1109406 Cross-References: CVE-2018-17336 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for udisks2 fixes the following issues: Following security issues was fixed: - CVE-2018-17336: A format string vulnerability in udisks_log (bsc#1109406) Following non-security issues were fixed: - strip trailing newline from sysfs raid level information (bsc#1091274) - Fix watcher error for non-redundant raid devices. (bsc#1091274) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2356=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libudisks2-0-2.6.5-3.7.2 libudisks2-0-debuginfo-2.6.5-3.7.2 typelib-1_0-UDisks-2_0-2.6.5-3.7.2 udisks2-2.6.5-3.7.2 udisks2-debuginfo-2.6.5-3.7.2 udisks2-debugsource-2.6.5-3.7.2 udisks2-devel-2.6.5-3.7.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): udisks2-lang-2.6.5-3.7.2 References: https://www.suse.com/security/cve/CVE-2018-17336.html https://bugzilla.suse.com/1091274 https://bugzilla.suse.com/1109406 From sle-security-updates at lists.suse.com Mon Oct 22 10:09:43 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Oct 2018 18:09:43 +0200 (CEST) Subject: SUSE-SU-2018:3282-1: important: Security update for wireshark Message-ID: <20181022160943.7F6D0FFD6@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3282-1 Rating: important References: #1111647 Cross-References: CVE-2018-12086 CVE-2018-18227 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for wireshark fixes the following issues: Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed: - CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) - CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2364=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2364=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.10-3.12.2 wireshark-debugsource-2.4.10-3.12.2 wireshark-devel-2.4.10-3.12.2 wireshark-ui-qt-2.4.10-3.12.2 wireshark-ui-qt-debuginfo-2.4.10-3.12.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.10-3.12.2 libwireshark9-debuginfo-2.4.10-3.12.2 libwiretap7-2.4.10-3.12.2 libwiretap7-debuginfo-2.4.10-3.12.2 libwscodecs1-2.4.10-3.12.2 libwscodecs1-debuginfo-2.4.10-3.12.2 libwsutil8-2.4.10-3.12.2 libwsutil8-debuginfo-2.4.10-3.12.2 wireshark-2.4.10-3.12.2 wireshark-debuginfo-2.4.10-3.12.2 wireshark-debugsource-2.4.10-3.12.2 References: https://www.suse.com/security/cve/CVE-2018-12086.html https://www.suse.com/security/cve/CVE-2018-18227.html https://bugzilla.suse.com/1111647 From sle-security-updates at lists.suse.com Mon Oct 22 10:12:14 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Oct 2018 18:12:14 +0200 (CEST) Subject: SUSE-SU-2018:3286-1: moderate: Security update for rpm Message-ID: <20181022161214.82D49FFD5@maintenance.suse.de> SUSE Security Update: Security update for rpm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3286-1 Rating: moderate References: #1077692 #943457 Cross-References: CVE-2017-7500 CVE-2017-7501 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rpm fixes the following issues: These security issues were fixed: - CVE-2017-7500: rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination (bsc#943457). - CVE-2017-7501: rpm used temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation (bsc#943457) This non-security issue was fixed: - Use ksym-provides tool [bsc#1077692] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2373=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2373=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2373=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2373=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): rpm-debuginfo-4.11.2-16.16.1 rpm-debugsource-4.11.2-16.16.1 rpm-devel-4.11.2-16.16.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): python3-rpm-4.11.2-16.16.1 python3-rpm-debuginfo-4.11.2-16.16.1 python3-rpm-debugsource-4.11.2-16.16.1 rpm-4.11.2-16.16.1 rpm-build-4.11.2-16.16.1 rpm-build-debuginfo-4.11.2-16.16.1 rpm-debuginfo-4.11.2-16.16.1 rpm-debugsource-4.11.2-16.16.1 rpm-python-4.11.2-16.16.1 rpm-python-debuginfo-4.11.2-16.16.1 rpm-python-debugsource-4.11.2-16.16.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): rpm-32bit-4.11.2-16.16.1 rpm-debuginfo-32bit-4.11.2-16.16.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): rpm-32bit-4.11.2-16.16.1 rpm-4.11.2-16.16.1 rpm-build-4.11.2-16.16.1 rpm-build-debuginfo-4.11.2-16.16.1 rpm-debuginfo-32bit-4.11.2-16.16.1 rpm-debuginfo-4.11.2-16.16.1 rpm-debugsource-4.11.2-16.16.1 rpm-python-4.11.2-16.16.1 rpm-python-debuginfo-4.11.2-16.16.1 rpm-python-debugsource-4.11.2-16.16.1 - SUSE CaaS Platform ALL (x86_64): rpm-4.11.2-16.16.1 rpm-debuginfo-4.11.2-16.16.1 rpm-debugsource-4.11.2-16.16.1 rpm-python-4.11.2-16.16.1 rpm-python-debuginfo-4.11.2-16.16.1 rpm-python-debugsource-4.11.2-16.16.1 - SUSE CaaS Platform 3.0 (x86_64): rpm-4.11.2-16.16.1 rpm-debuginfo-4.11.2-16.16.1 rpm-debugsource-4.11.2-16.16.1 rpm-python-4.11.2-16.16.1 rpm-python-debuginfo-4.11.2-16.16.1 rpm-python-debugsource-4.11.2-16.16.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): rpm-4.11.2-16.16.1 rpm-debuginfo-4.11.2-16.16.1 rpm-debugsource-4.11.2-16.16.1 rpm-python-4.11.2-16.16.1 rpm-python-debuginfo-4.11.2-16.16.1 rpm-python-debugsource-4.11.2-16.16.1 References: https://www.suse.com/security/cve/CVE-2017-7500.html https://www.suse.com/security/cve/CVE-2017-7501.html https://bugzilla.suse.com/1077692 https://bugzilla.suse.com/943457 From sle-security-updates at lists.suse.com Mon Oct 22 10:13:10 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Oct 2018 18:13:10 +0200 (CEST) Subject: SUSE-SU-2018:3287-1: important: Security update for postgresql94 Message-ID: <20181022161310.6B6A0FFD5@maintenance.suse.de> SUSE Security Update: Security update for postgresql94 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3287-1 Rating: important References: #1104199 Cross-References: CVE-2018-10915 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql94 fixes the following issues: postgresql was updated to 9.4.19: https://www.postgresql.org/docs/current/static/release-9-4-19.html * CVE-2018-10915, bsc#1104199: Fix failure to reset libpq's state fully between connection attempts. postgresql was updated to 9.4.18: - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-9-4-18.html A dump/restore is not required for those running 9.4.X. However, if the function marking mistakes mentioned in the first changelog entry below affect you, you will want to take steps to correct your database catalogs. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-postgresql94-13829=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-postgresql94-13829=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-postgresql94-13829=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): postgresql94-devel-9.4.19-0.23.19.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libecpg6-9.4.19-0.23.19.1 libpq5-9.4.19-0.23.19.1 postgresql94-9.4.19-0.23.19.1 postgresql94-contrib-9.4.19-0.23.19.1 postgresql94-docs-9.4.19-0.23.19.1 postgresql94-server-9.4.19-0.23.19.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libpq5-32bit-9.4.19-0.23.19.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): postgresql94-debuginfo-9.4.19-0.23.19.1 postgresql94-debugsource-9.4.19-0.23.19.1 postgresql94-libs-debuginfo-9.4.19-0.23.19.1 postgresql94-libs-debugsource-9.4.19-0.23.19.1 References: https://www.suse.com/security/cve/CVE-2018-10915.html https://bugzilla.suse.com/1104199 From sle-security-updates at lists.suse.com Mon Oct 22 13:08:12 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Oct 2018 21:08:12 +0200 (CEST) Subject: SUSE-SU-2018:3289-1: moderate: Security update for tiff Message-ID: <20181022190812.72CF6FFD5@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3289-1 Rating: moderate References: #1106853 #1108627 #1108637 #1110358 Cross-References: CVE-2017-11613 CVE-2017-9935 CVE-2018-16335 CVE-2018-17100 CVE-2018-17101 CVE-2018-17795 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637) - CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627) - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358) - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2375=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2375=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2375=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-44.24.1 tiff-debuginfo-4.0.9-44.24.1 tiff-debugsource-4.0.9-44.24.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.24.1 libtiff5-debuginfo-4.0.9-44.24.1 tiff-4.0.9-44.24.1 tiff-debuginfo-4.0.9-44.24.1 tiff-debugsource-4.0.9-44.24.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libtiff5-32bit-4.0.9-44.24.1 libtiff5-debuginfo-32bit-4.0.9-44.24.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libtiff5-32bit-4.0.9-44.24.1 libtiff5-4.0.9-44.24.1 libtiff5-debuginfo-32bit-4.0.9-44.24.1 libtiff5-debuginfo-4.0.9-44.24.1 tiff-debuginfo-4.0.9-44.24.1 tiff-debugsource-4.0.9-44.24.1 References: https://www.suse.com/security/cve/CVE-2017-11613.html https://www.suse.com/security/cve/CVE-2017-9935.html https://www.suse.com/security/cve/CVE-2018-16335.html https://www.suse.com/security/cve/CVE-2018-17100.html https://www.suse.com/security/cve/CVE-2018-17101.html https://www.suse.com/security/cve/CVE-2018-17795.html https://bugzilla.suse.com/1106853 https://bugzilla.suse.com/1108627 https://bugzilla.suse.com/1108637 https://bugzilla.suse.com/1110358 From sle-security-updates at lists.suse.com Mon Oct 22 13:09:10 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Oct 2018 21:09:10 +0200 (CEST) Subject: SUSE-SU-2018:3290-1: moderate: Security update for pam_pkcs11 Message-ID: <20181022190910.83CEBFFD5@maintenance.suse.de> SUSE Security Update: Security update for pam_pkcs11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3290-1 Rating: moderate References: #1105012 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for pam_pkcs11 fixes the following security issues: - It was possible to replay an authentication by using a specially prepared smartcard or token (bsc#1105012) - Prevent buffer overflow if a user has a home directory with a length of more than 512 bytes (bsc#1105012) - Memory not cleaned properly before free() (bsc#1105012) This non-security issue was fixed: - Fix segfault and fetch problems when checking CRLs Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2374=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): pam_pkcs11-0.6.9-3.3.3 pam_pkcs11-debuginfo-0.6.9-3.3.3 pam_pkcs11-debugsource-0.6.9-3.3.3 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): pam_pkcs11-32bit-0.6.9-3.3.3 pam_pkcs11-32bit-debuginfo-0.6.9-3.3.3 References: https://bugzilla.suse.com/1105012 From sle-security-updates at lists.suse.com Tue Oct 23 07:13:32 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Oct 2018 15:13:32 +0200 (CEST) Subject: SUSE-SU-2018:3311-1: moderate: Security update for pam_pkcs11 Message-ID: <20181023131332.8D9EEFFD5@maintenance.suse.de> SUSE Security Update: Security update for pam_pkcs11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3311-1 Rating: moderate References: #1049219 #1105012 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for pam_pkcs11 provides the following fixes: Security issues fixed (bsc#1105012): - Fixed a logic bug in pampkcs11.c, leading to an authentication replay vulnerability - Fixed a stack-based buffer overflow in opensshmapper.c - Make sure memory is properly cleaned before invoking free() Other changes: - Add a systemd service file. (bsc#1049219) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2378=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2378=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): pam_pkcs11-0.6.8-7.5.1 pam_pkcs11-debuginfo-0.6.8-7.5.1 pam_pkcs11-debugsource-0.6.8-7.5.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): pam_pkcs11-32bit-0.6.8-7.5.1 pam_pkcs11-debuginfo-32bit-0.6.8-7.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): pam_pkcs11-0.6.8-7.5.1 pam_pkcs11-32bit-0.6.8-7.5.1 pam_pkcs11-debuginfo-0.6.8-7.5.1 pam_pkcs11-debuginfo-32bit-0.6.8-7.5.1 pam_pkcs11-debugsource-0.6.8-7.5.1 References: https://bugzilla.suse.com/1049219 https://bugzilla.suse.com/1105012 From sle-security-updates at lists.suse.com Tue Oct 23 07:18:36 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Oct 2018 15:18:36 +0200 (CEST) Subject: SUSE-SU-2018:3318-1: moderate: Security update for apache-pdfbox Message-ID: <20181023131836.7C872FFD5@maintenance.suse.de> SUSE Security Update: Security update for apache-pdfbox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3318-1 Rating: moderate References: #1099721 #1111009 Cross-References: CVE-2018-11797 CVE-2018-8036 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for apache-pdfbox fixes the following security issue: - CVE-2018-8036: A crafted file could have triggered an infinite loop which lead to DoS (bsc#1099721). - CVE-2018-11797: A carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. (bsc#1111009): Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2391=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): apache-pdfbox-1.8.12-3.5.4 References: https://www.suse.com/security/cve/CVE-2018-11797.html https://www.suse.com/security/cve/CVE-2018-8036.html https://bugzilla.suse.com/1099721 https://bugzilla.suse.com/1111009 From sle-security-updates at lists.suse.com Tue Oct 23 07:19:17 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Oct 2018 15:19:17 +0200 (CEST) Subject: SUSE-SU-2018:3319-1: important: Security update for net-snmp Message-ID: <20181023131917.7E323FFD5@maintenance.suse.de> SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3319-1 Rating: important References: #1111122 Cross-References: CVE-2018-18065 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for net-snmp fixes the following issues: - CVE-2018-18065: _set_key in agent/helpers/table_container.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (bsc#1111122) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2390=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libsnmp30-5.7.2.1-4.9.1 libsnmp30-debuginfo-5.7.2.1-4.9.1 net-snmp-5.7.2.1-4.9.1 net-snmp-debuginfo-5.7.2.1-4.9.1 net-snmp-debugsource-5.7.2.1-4.9.1 perl-SNMP-5.7.2.1-4.9.1 perl-SNMP-debuginfo-5.7.2.1-4.9.1 snmp-mibs-5.7.2.1-4.9.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libsnmp30-32bit-5.7.2.1-4.9.1 libsnmp30-debuginfo-32bit-5.7.2.1-4.9.1 References: https://www.suse.com/security/cve/CVE-2018-18065.html https://bugzilla.suse.com/1111122 From sle-security-updates at lists.suse.com Tue Oct 23 10:08:38 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Oct 2018 18:08:38 +0200 (CEST) Subject: SUSE-SU-2018:0810-2: moderate: Security update for dhcp Message-ID: <20181023160838.53426FC98@maintenance.suse.de> SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0810-2 Rating: moderate References: #1083302 #1083303 Cross-References: CVE-2018-5732 CVE-2018-5733 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for dhcp fixes the following issues: Security issues fixed: - CVE-2018-5733: reference count overflow in dhcpd (bsc#1083303). - CVE-2018-5732: buffer overflow in dhclient (bsc#1083302). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-dhcp-13533=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-dhcp-13533=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-dhcp-13533=1 Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): dhcp-4.2.4.P2-0.28.8.1 dhcp-client-4.2.4.P2-0.28.8.1 dhcp-relay-4.2.4.P2-0.28.8.1 dhcp-server-4.2.4.P2-0.28.8.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): dhcp-4.2.4.P2-0.28.8.1 dhcp-client-4.2.4.P2-0.28.8.1 dhcp-relay-4.2.4.P2-0.28.8.1 dhcp-server-4.2.4.P2-0.28.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): dhcp-debuginfo-4.2.4.P2-0.28.8.1 dhcp-debugsource-4.2.4.P2-0.28.8.1 References: https://www.suse.com/security/cve/CVE-2018-5732.html https://www.suse.com/security/cve/CVE-2018-5733.html https://bugzilla.suse.com/1083302 https://bugzilla.suse.com/1083303 From sle-security-updates at lists.suse.com Tue Oct 23 10:09:24 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Oct 2018 18:09:24 +0200 (CEST) Subject: SUSE-SU-2018:3327-1: moderate: Security update for tiff Message-ID: <20181023160924.59F9DFEAD@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3327-1 Rating: moderate References: #1092480 #1106853 #1108627 #1108637 #1110358 Cross-References: CVE-2018-10779 CVE-2018-16335 CVE-2018-17100 CVE-2018-17101 CVE-2018-17795 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for tiff fixes the following issues: Security issue fixed: - CVE-2018-10779: TIFFWriteScanline in tif_write.c had a heap-based buffer over-read, as demonstrated by bmp2tiff.(bsc#1092480) - CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637) - CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627) - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358) - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2392=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2392=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): libtiff5-32bit-4.0.9-5.14.1 libtiff5-32bit-debuginfo-4.0.9-5.14.1 tiff-debugsource-4.0.9-5.14.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-5.14.1 libtiff5-4.0.9-5.14.1 libtiff5-debuginfo-4.0.9-5.14.1 tiff-debuginfo-4.0.9-5.14.1 tiff-debugsource-4.0.9-5.14.1 References: https://www.suse.com/security/cve/CVE-2018-10779.html https://www.suse.com/security/cve/CVE-2018-16335.html https://www.suse.com/security/cve/CVE-2018-17100.html https://www.suse.com/security/cve/CVE-2018-17101.html https://www.suse.com/security/cve/CVE-2018-17795.html https://bugzilla.suse.com/1092480 https://bugzilla.suse.com/1106853 https://bugzilla.suse.com/1108627 https://bugzilla.suse.com/1108637 https://bugzilla.suse.com/1110358 From sle-security-updates at lists.suse.com Tue Oct 23 10:10:49 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Oct 2018 18:10:49 +0200 (CEST) Subject: SUSE-SU-2018:3328-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP1) Message-ID: <20181023161049.30E2DFC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3328-1 Rating: important References: #1102682 #1107832 Cross-References: CVE-2018-14633 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_107 fixes several issues. The following security issues were fixed: - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2394=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_107-default-2-2.1 kgraft-patch-3_12_74-60_64_107-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1107832 From sle-security-updates at lists.suse.com Tue Oct 23 10:12:55 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Oct 2018 18:12:55 +0200 (CEST) Subject: SUSE-SU-2018:3330-1: important: Security update for ghostscript-library Message-ID: <20181023161255.D4675FC98@maintenance.suse.de> SUSE Security Update: Security update for ghostscript-library ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3330-1 Rating: important References: #1050893 #1106173 #1107410 #1107412 #1107413 #1107420 #1107421 #1107426 Cross-References: CVE-2017-9611 CVE-2018-15910 CVE-2018-16509 CVE-2018-16511 CVE-2018-16513 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for ghostscript-library fixes the following issues: - CVE-2018-16511: A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. (bsc#1107426) - CVE-2018-16540: Attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. (bsc#1107420) - CVE-2018-16541: Attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. (bsc#1107421) - CVE-2018-16542: Attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. (bsc#1107413) - CVE-2018-16509: Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. (bsc#1107410 - CVE-2018-16513: Attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. (bsc#1107412) - CVE-2018-15910: Attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. (bsc#1106173) - CVE-2017-9611: The Ins_MIRP function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. (bsc#1050893) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ghostscript-library-13830=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ghostscript-library-13830=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-ghostscript-library-13830=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-ghostscript-library-13830=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ghostscript-library-13830=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ghostscript-library-13830=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-devel-8.62-32.47.13.1 ghostscript-ijs-devel-8.62-32.47.13.1 libgimpprint-devel-4.2.7-32.47.13.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-fonts-other-8.62-32.47.13.1 ghostscript-fonts-rus-8.62-32.47.13.1 ghostscript-fonts-std-8.62-32.47.13.1 ghostscript-library-8.62-32.47.13.1 ghostscript-omni-8.62-32.47.13.1 ghostscript-x11-8.62-32.47.13.1 libgimpprint-4.2.7-32.47.13.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ghostscript-fonts-other-8.62-32.47.13.1 ghostscript-fonts-rus-8.62-32.47.13.1 ghostscript-fonts-std-8.62-32.47.13.1 ghostscript-library-8.62-32.47.13.1 ghostscript-omni-8.62-32.47.13.1 ghostscript-x11-8.62-32.47.13.1 libgimpprint-4.2.7-32.47.13.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ghostscript-fonts-other-8.62-32.47.13.1 ghostscript-fonts-rus-8.62-32.47.13.1 ghostscript-fonts-std-8.62-32.47.13.1 ghostscript-library-8.62-32.47.13.1 ghostscript-omni-8.62-32.47.13.1 ghostscript-x11-8.62-32.47.13.1 libgimpprint-4.2.7-32.47.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-library-debuginfo-8.62-32.47.13.1 ghostscript-library-debugsource-8.62-32.47.13.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ghostscript-library-debuginfo-8.62-32.47.13.1 ghostscript-library-debugsource-8.62-32.47.13.1 References: https://www.suse.com/security/cve/CVE-2017-9611.html https://www.suse.com/security/cve/CVE-2018-15910.html https://www.suse.com/security/cve/CVE-2018-16509.html https://www.suse.com/security/cve/CVE-2018-16511.html https://www.suse.com/security/cve/CVE-2018-16513.html https://www.suse.com/security/cve/CVE-2018-16540.html https://www.suse.com/security/cve/CVE-2018-16541.html https://www.suse.com/security/cve/CVE-2018-16542.html https://bugzilla.suse.com/1050893 https://bugzilla.suse.com/1106173 https://bugzilla.suse.com/1107410 https://bugzilla.suse.com/1107412 https://bugzilla.suse.com/1107413 https://bugzilla.suse.com/1107420 https://bugzilla.suse.com/1107421 https://bugzilla.suse.com/1107426 From sle-security-updates at lists.suse.com Tue Oct 23 10:14:33 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Oct 2018 18:14:33 +0200 (CEST) Subject: SUSE-SU-2018:3331-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15) Message-ID: <20181023161433.75835FC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3331-1 Rating: important References: #1107832 #1110233 Cross-References: CVE-2018-14633 CVE-2018-17182 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-25_13 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-2393=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-25_13-default-4-2.1 kernel-livepatch-4_12_14-25_13-default-debuginfo-4-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1107832 https://bugzilla.suse.com/1110233 From sle-security-updates at lists.suse.com Tue Oct 23 10:15:17 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Oct 2018 18:15:17 +0200 (CEST) Subject: SUSE-SU-2018:3332-1: moderate: Security update for xen Message-ID: <20181023161517.619DDFC98@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3332-1 Rating: moderate References: #1094508 #1103276 #1111014 Cross-References: CVE-2018-15468 CVE-2018-17963 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111014) - CVE-2018-15468: The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) could have locked up the entire host, causing a Denial of Service. (XSA-269) (bsc#1103276) Non security issues fixed: - Kernel oops in fs/dcache.c called by d_materialise_unique() (bsc#1094508) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2398=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2398=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2398=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2398=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2398=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): xen-4.7.6_05-43.42.1 xen-debugsource-4.7.6_05-43.42.1 xen-doc-html-4.7.6_05-43.42.1 xen-libs-32bit-4.7.6_05-43.42.1 xen-libs-4.7.6_05-43.42.1 xen-libs-debuginfo-32bit-4.7.6_05-43.42.1 xen-libs-debuginfo-4.7.6_05-43.42.1 xen-tools-4.7.6_05-43.42.1 xen-tools-debuginfo-4.7.6_05-43.42.1 xen-tools-domU-4.7.6_05-43.42.1 xen-tools-domU-debuginfo-4.7.6_05-43.42.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): xen-4.7.6_05-43.42.1 xen-debugsource-4.7.6_05-43.42.1 xen-doc-html-4.7.6_05-43.42.1 xen-libs-32bit-4.7.6_05-43.42.1 xen-libs-4.7.6_05-43.42.1 xen-libs-debuginfo-32bit-4.7.6_05-43.42.1 xen-libs-debuginfo-4.7.6_05-43.42.1 xen-tools-4.7.6_05-43.42.1 xen-tools-debuginfo-4.7.6_05-43.42.1 xen-tools-domU-4.7.6_05-43.42.1 xen-tools-domU-debuginfo-4.7.6_05-43.42.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): xen-4.7.6_05-43.42.1 xen-debugsource-4.7.6_05-43.42.1 xen-doc-html-4.7.6_05-43.42.1 xen-libs-32bit-4.7.6_05-43.42.1 xen-libs-4.7.6_05-43.42.1 xen-libs-debuginfo-32bit-4.7.6_05-43.42.1 xen-libs-debuginfo-4.7.6_05-43.42.1 xen-tools-4.7.6_05-43.42.1 xen-tools-debuginfo-4.7.6_05-43.42.1 xen-tools-domU-4.7.6_05-43.42.1 xen-tools-domU-debuginfo-4.7.6_05-43.42.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_05-43.42.1 xen-debugsource-4.7.6_05-43.42.1 xen-doc-html-4.7.6_05-43.42.1 xen-libs-32bit-4.7.6_05-43.42.1 xen-libs-4.7.6_05-43.42.1 xen-libs-debuginfo-32bit-4.7.6_05-43.42.1 xen-libs-debuginfo-4.7.6_05-43.42.1 xen-tools-4.7.6_05-43.42.1 xen-tools-debuginfo-4.7.6_05-43.42.1 xen-tools-domU-4.7.6_05-43.42.1 xen-tools-domU-debuginfo-4.7.6_05-43.42.1 - SUSE Enterprise Storage 4 (x86_64): xen-4.7.6_05-43.42.1 xen-debugsource-4.7.6_05-43.42.1 xen-doc-html-4.7.6_05-43.42.1 xen-libs-32bit-4.7.6_05-43.42.1 xen-libs-4.7.6_05-43.42.1 xen-libs-debuginfo-32bit-4.7.6_05-43.42.1 xen-libs-debuginfo-4.7.6_05-43.42.1 xen-tools-4.7.6_05-43.42.1 xen-tools-debuginfo-4.7.6_05-43.42.1 xen-tools-domU-4.7.6_05-43.42.1 xen-tools-domU-debuginfo-4.7.6_05-43.42.1 References: https://www.suse.com/security/cve/CVE-2018-15468.html https://www.suse.com/security/cve/CVE-2018-17963.html https://bugzilla.suse.com/1094508 https://bugzilla.suse.com/1103276 https://bugzilla.suse.com/1111014 From sle-security-updates at lists.suse.com Tue Oct 23 10:16:22 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Oct 2018 18:16:22 +0200 (CEST) Subject: SUSE-SU-2018:3333-1: important: Security update for net-snmp Message-ID: <20181023161622.5CE0FFC98@maintenance.suse.de> SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3333-1 Rating: important References: #1027353 #1081164 #1102775 #1111122 Cross-References: CVE-2018-18065 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for net-snmp fixes the following issues: Security issues fixed: - CVE-2018-18065: _set_key in agent/helpers/table_container.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (bsc#1111122) Non-security issues fixed: - swintst_rpm: Protect against unspecified Group name (bsc#1102775) - Add tsm and tlstm MIBs and the USM security module. (bsc#1081164) - Fix agentx freezing on timeout (bsc#1027353) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2396=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-7.3.1 libsnmp30-debuginfo-5.7.3-7.3.1 net-snmp-5.7.3-7.3.1 net-snmp-debuginfo-5.7.3-7.3.1 net-snmp-debugsource-5.7.3-7.3.1 net-snmp-devel-5.7.3-7.3.1 perl-SNMP-5.7.3-7.3.1 perl-SNMP-debuginfo-5.7.3-7.3.1 snmp-mibs-5.7.3-7.3.1 References: https://www.suse.com/security/cve/CVE-2018-18065.html https://bugzilla.suse.com/1027353 https://bugzilla.suse.com/1081164 https://bugzilla.suse.com/1102775 https://bugzilla.suse.com/1111122 From sle-security-updates at lists.suse.com Tue Oct 23 13:12:58 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:12:58 +0200 (CEST) Subject: SUSE-SU-2018:3342-1: moderate: Security update for ntp Message-ID: <20181023191258.0378CFC98@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3342-1 Rating: moderate References: #1083424 #1098531 #1111853 Cross-References: CVE-2018-12327 CVE-2018-7170 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2404=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2404=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2404=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2404=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2404=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2404=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2404=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2404=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 ntp-doc-4.2.8p12-64.8.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 ntp-doc-4.2.8p12-64.8.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 ntp-doc-4.2.8p12-64.8.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 ntp-doc-4.2.8p12-64.8.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 ntp-doc-4.2.8p12-64.8.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 ntp-doc-4.2.8p12-64.8.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 ntp-doc-4.2.8p12-64.8.2 - SUSE Enterprise Storage 4 (x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 ntp-doc-4.2.8p12-64.8.2 - SUSE CaaS Platform ALL (x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 - SUSE CaaS Platform 3.0 (x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 References: https://www.suse.com/security/cve/CVE-2018-12327.html https://www.suse.com/security/cve/CVE-2018-7170.html https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1098531 https://bugzilla.suse.com/1111853 From sle-security-updates at lists.suse.com Tue Oct 23 13:13:50 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:13:50 +0200 (CEST) Subject: SUSE-SU-2018:3343-1: Security update for libraw Message-ID: <20181023191350.78557FC98@maintenance.suse.de> SUSE Security Update: Security update for libraw ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3343-1 Rating: low References: #1084688 #1084690 #1084691 #1103200 #1103353 Cross-References: CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5810 CVE-2018-5813 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for libraw fixes the following issues: Security issues fixed: - CVE-2018-5800: Fixed heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function (bsc#1084691). - CVE-2018-5801: Fixed NULL pointer dereference in LibRaw::unpack function (bsc#1084690). - CVE-2018-5802: Fixed out-of-bounds read in kodak_radc_load_raw function (bsc#1084688). - CVE-2018-5813: Fixed infinite loop in the parse_minolta function (bsc#1103200) - CVE-2018-5810: Fixed a heap-based buffer overflow in rollei_load_raw (bsc#1103353) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2402=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2402=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2402=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libraw-debugsource-0.15.4-21.1 libraw9-0.15.4-21.1 libraw9-debuginfo-0.15.4-21.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libraw-debugsource-0.15.4-21.1 libraw-devel-0.15.4-21.1 libraw-devel-static-0.15.4-21.1 libraw9-0.15.4-21.1 libraw9-debuginfo-0.15.4-21.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libraw-debugsource-0.15.4-21.1 libraw9-0.15.4-21.1 libraw9-debuginfo-0.15.4-21.1 References: https://www.suse.com/security/cve/CVE-2018-5800.html https://www.suse.com/security/cve/CVE-2018-5801.html https://www.suse.com/security/cve/CVE-2018-5802.html https://www.suse.com/security/cve/CVE-2018-5810.html https://www.suse.com/security/cve/CVE-2018-5813.html https://bugzilla.suse.com/1084688 https://bugzilla.suse.com/1084690 https://bugzilla.suse.com/1084691 https://bugzilla.suse.com/1103200 https://bugzilla.suse.com/1103353 From sle-security-updates at lists.suse.com Tue Oct 23 13:17:45 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:17:45 +0200 (CEST) Subject: SUSE-SU-2018:3348-1: moderate: Security update for ImageMagick Message-ID: <20181023191745.3E1F4FCBE@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3348-1 Rating: moderate References: #1074170 #1106855 #1106989 #1107604 #1107609 #1107612 #1107616 #1108282 #1108283 #1110746 #1110747 #1111069 #1111072 Cross-References: CVE-2017-17934 CVE-2018-16323 CVE-2018-16413 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 CVE-2018-17965 CVE-2018-17966 CVE-2018-18016 CVE-2018-18024 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for ImageMagick fixes the following security issue: - CVE-2017-17934: Prevent memory leaks, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls (bsc#1074170). - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283) - CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file (bsc#1108282) - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989). - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855) - CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616) - CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612) - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609) - CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604) - CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file (bsc#1111069) - CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072) - CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747) - CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-13831=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-13831=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-13831=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-78.74.1 ImageMagick-devel-6.4.3.6-78.74.1 libMagick++-devel-6.4.3.6-78.74.1 libMagick++1-6.4.3.6-78.74.1 libMagickWand1-6.4.3.6-78.74.1 perl-PerlMagick-6.4.3.6-78.74.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-78.74.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-78.74.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-78.74.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-78.74.1 ImageMagick-debugsource-6.4.3.6-78.74.1 References: https://www.suse.com/security/cve/CVE-2017-17934.html https://www.suse.com/security/cve/CVE-2018-16323.html https://www.suse.com/security/cve/CVE-2018-16413.html https://www.suse.com/security/cve/CVE-2018-16642.html https://www.suse.com/security/cve/CVE-2018-16643.html https://www.suse.com/security/cve/CVE-2018-16644.html https://www.suse.com/security/cve/CVE-2018-16645.html https://www.suse.com/security/cve/CVE-2018-16749.html https://www.suse.com/security/cve/CVE-2018-16750.html https://www.suse.com/security/cve/CVE-2018-17965.html https://www.suse.com/security/cve/CVE-2018-17966.html https://www.suse.com/security/cve/CVE-2018-18016.html https://www.suse.com/security/cve/CVE-2018-18024.html https://bugzilla.suse.com/1074170 https://bugzilla.suse.com/1106855 https://bugzilla.suse.com/1106989 https://bugzilla.suse.com/1107604 https://bugzilla.suse.com/1107609 https://bugzilla.suse.com/1107612 https://bugzilla.suse.com/1107616 https://bugzilla.suse.com/1108282 https://bugzilla.suse.com/1108283 https://bugzilla.suse.com/1110746 https://bugzilla.suse.com/1110747 https://bugzilla.suse.com/1111069 https://bugzilla.suse.com/1111072 From sle-security-updates at lists.suse.com Tue Oct 23 13:21:24 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:21:24 +0200 (CEST) Subject: SUSE-SU-2018:3351-1: moderate: Security update for ntp Message-ID: <20181023192124.E3F97FC98@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3351-1 Rating: moderate References: #1083424 #1098531 #1111853 Cross-References: CVE-2018-12327 CVE-2018-7170 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2399=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ntp-4.2.8p12-46.29.2 ntp-debuginfo-4.2.8p12-46.29.2 ntp-debugsource-4.2.8p12-46.29.2 ntp-doc-4.2.8p12-46.29.2 References: https://www.suse.com/security/cve/CVE-2018-12327.html https://www.suse.com/security/cve/CVE-2018-7170.html https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1098531 https://bugzilla.suse.com/1111853 From sle-security-updates at lists.suse.com Tue Oct 23 13:22:19 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:22:19 +0200 (CEST) Subject: SUSE-SU-2018:3352-1: moderate: Security update for ntp Message-ID: <20181023192219.42CA3FC98@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3352-1 Rating: moderate References: #1083424 #1098531 #1111853 Cross-References: CVE-2018-12327 CVE-2018-7170 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ntp-13832=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ntp-13832=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-4.2.8p12-64.7.1 ntp-doc-4.2.8p12-64.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-debuginfo-4.2.8p12-64.7.1 ntp-debugsource-4.2.8p12-64.7.1 References: https://www.suse.com/security/cve/CVE-2018-12327.html https://www.suse.com/security/cve/CVE-2018-7170.html https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1098531 https://bugzilla.suse.com/1111853 From sle-security-updates at lists.suse.com Tue Oct 23 13:25:03 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:25:03 +0200 (CEST) Subject: SUSE-SU-2018:3356-1: moderate: Security update for ntp Message-ID: <20181023192503.EAB4AFC98@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3356-1 Rating: moderate References: #1083424 #1098531 #1111853 Cross-References: CVE-2018-12327 CVE-2018-7170 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-ntp-13833=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-ntp-13833=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ntp-13833=1 Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ntp-4.2.8p12-48.21.1 ntp-doc-4.2.8p12-48.21.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ntp-4.2.8p12-48.21.1 ntp-doc-4.2.8p12-48.21.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ntp-debuginfo-4.2.8p12-48.21.1 ntp-debugsource-4.2.8p12-48.21.1 References: https://www.suse.com/security/cve/CVE-2018-12327.html https://www.suse.com/security/cve/CVE-2018-7170.html https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1098531 https://bugzilla.suse.com/1111853 From sle-security-updates at lists.suse.com Tue Oct 23 13:25:55 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:25:55 +0200 (CEST) Subject: SUSE-SU-2018:3357-1: moderate: Security update for rust Message-ID: <20181023192555.EDB67FC98@maintenance.suse.de> SUSE Security Update: Security update for rust ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3357-1 Rating: moderate References: #1100691 Cross-References: CVE-2018-1000622 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rust fixes the following issues: - CVE-2018-1000622: rustdoc loads plugins from world writable directory allowing for arbitrary code execution This patch consists of requiring `--plugin-path` to be passed whenever `--plugin` is passed Note that rustdoc plugins will be removed entirely on 1.28.0 (bsc#1100691). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2403=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): rust-1.24.1-3.6.1 rust-debuginfo-1.24.1-3.6.1 rust-debugsource-1.24.1-3.6.1 rust-std-1.24.1-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-1000622.html https://bugzilla.suse.com/1100691 From sle-security-updates at lists.suse.com Wed Oct 24 07:13:39 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Oct 2018 15:13:39 +0200 (CEST) Subject: SUSE-SU-2018:3377-1: important: Security update for postgresql96 Message-ID: <20181024131339.898DBFC98@maintenance.suse.de> SUSE Security Update: Security update for postgresql96 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3377-1 Rating: important References: #1104199 #1104202 Cross-References: CVE-2018-10915 CVE-2018-10925 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for postgresql96 to 9.6.10 fixes the following issues: These security issues were fixed: - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could have bypassed client-side connection security features, obtain access to higher privileged connections or potentially cause other impact SQL injection, by causing the PQescape() functions to malfunction (bsc#1104199) - CVE-2018-10925: Add missing authorization check on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could have exploited this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could have exploited this to update other columns in the same table (bsc#1104202) For addition details please see https://www.postgresql.org/docs/current/static/release-9-6-10.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2427=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2427=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2427=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2427=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2427=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2427=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2427=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2427=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2427=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2427=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): postgresql96-9.6.10-3.22.7 postgresql96-contrib-9.6.10-3.22.7 postgresql96-contrib-debuginfo-9.6.10-3.22.7 postgresql96-debuginfo-9.6.10-3.22.7 postgresql96-debugsource-9.6.10-3.22.7 postgresql96-libs-debugsource-9.6.10-3.22.1 postgresql96-server-9.6.10-3.22.7 postgresql96-server-debuginfo-9.6.10-3.22.7 - SUSE OpenStack Cloud 7 (noarch): postgresql96-docs-9.6.10-3.22.7 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): postgresql96-devel-9.6.10-3.22.1 postgresql96-devel-debuginfo-9.6.10-3.22.1 postgresql96-libs-debugsource-9.6.10-3.22.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): postgresql96-9.6.10-3.22.7 postgresql96-contrib-9.6.10-3.22.7 postgresql96-contrib-debuginfo-9.6.10-3.22.7 postgresql96-debuginfo-9.6.10-3.22.7 postgresql96-debugsource-9.6.10-3.22.7 postgresql96-libs-debugsource-9.6.10-3.22.1 postgresql96-server-9.6.10-3.22.7 postgresql96-server-debuginfo-9.6.10-3.22.7 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): postgresql96-docs-9.6.10-3.22.7 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): postgresql96-9.6.10-3.22.7 postgresql96-contrib-9.6.10-3.22.7 postgresql96-contrib-debuginfo-9.6.10-3.22.7 postgresql96-debuginfo-9.6.10-3.22.7 postgresql96-debugsource-9.6.10-3.22.7 postgresql96-libs-debugsource-9.6.10-3.22.1 postgresql96-server-9.6.10-3.22.7 postgresql96-server-debuginfo-9.6.10-3.22.7 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): postgresql96-docs-9.6.10-3.22.7 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): postgresql96-9.6.10-3.22.7 postgresql96-contrib-9.6.10-3.22.7 postgresql96-contrib-debuginfo-9.6.10-3.22.7 postgresql96-debuginfo-9.6.10-3.22.7 postgresql96-debugsource-9.6.10-3.22.7 postgresql96-libs-debugsource-9.6.10-3.22.1 postgresql96-server-9.6.10-3.22.7 postgresql96-server-debuginfo-9.6.10-3.22.7 - SUSE Linux Enterprise Server 12-SP3 (noarch): postgresql96-docs-9.6.10-3.22.7 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): postgresql96-9.6.10-3.22.7 postgresql96-contrib-9.6.10-3.22.7 postgresql96-contrib-debuginfo-9.6.10-3.22.7 postgresql96-debuginfo-9.6.10-3.22.7 postgresql96-debugsource-9.6.10-3.22.7 postgresql96-libs-debugsource-9.6.10-3.22.1 postgresql96-server-9.6.10-3.22.7 postgresql96-server-debuginfo-9.6.10-3.22.7 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): postgresql96-docs-9.6.10-3.22.7 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): postgresql96-9.6.10-3.22.7 postgresql96-contrib-9.6.10-3.22.7 postgresql96-contrib-debuginfo-9.6.10-3.22.7 postgresql96-debuginfo-9.6.10-3.22.7 postgresql96-debugsource-9.6.10-3.22.7 postgresql96-libs-debugsource-9.6.10-3.22.1 postgresql96-server-9.6.10-3.22.7 postgresql96-server-debuginfo-9.6.10-3.22.7 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): postgresql96-docs-9.6.10-3.22.7 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): postgresql96-9.6.10-3.22.7 postgresql96-contrib-9.6.10-3.22.7 postgresql96-contrib-debuginfo-9.6.10-3.22.7 postgresql96-debuginfo-9.6.10-3.22.7 postgresql96-debugsource-9.6.10-3.22.7 postgresql96-server-9.6.10-3.22.7 postgresql96-server-debuginfo-9.6.10-3.22.7 - SUSE Linux Enterprise Server 12-LTSS (noarch): postgresql96-docs-9.6.10-3.22.7 - SUSE Linux Enterprise Server 12-LTSS (s390x): postgresql96-libs-debugsource-9.6.10-3.22.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): postgresql96-9.6.10-3.22.7 postgresql96-debuginfo-9.6.10-3.22.7 postgresql96-debugsource-9.6.10-3.22.7 postgresql96-libs-debugsource-9.6.10-3.22.1 - SUSE Enterprise Storage 4 (x86_64): postgresql96-9.6.10-3.22.7 postgresql96-contrib-9.6.10-3.22.7 postgresql96-contrib-debuginfo-9.6.10-3.22.7 postgresql96-debuginfo-9.6.10-3.22.7 postgresql96-debugsource-9.6.10-3.22.7 postgresql96-libs-debugsource-9.6.10-3.22.1 postgresql96-server-9.6.10-3.22.7 postgresql96-server-debuginfo-9.6.10-3.22.7 - SUSE Enterprise Storage 4 (noarch): postgresql96-docs-9.6.10-3.22.7 References: https://www.suse.com/security/cve/CVE-2018-10915.html https://www.suse.com/security/cve/CVE-2018-10925.html https://bugzilla.suse.com/1104199 https://bugzilla.suse.com/1104202 From sle-security-updates at lists.suse.com Wed Oct 24 07:15:15 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Oct 2018 15:15:15 +0200 (CEST) Subject: SUSE-SU-2018:3379-1: moderate: Security update for zziplib Message-ID: <20181024131515.61345FC98@maintenance.suse.de> SUSE Security Update: Security update for zziplib ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3379-1 Rating: moderate References: #1110687 Cross-References: CVE-2018-17828 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for zziplib fixes the following issues: - CVE-2018-17828: Remove any "../" components from pathnames of extracted files to avoid path traversal during unpacking. (bsc#1110687) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2425=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2425=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2425=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libzzip-0-13-0.13.67-10.14.1 libzzip-0-13-debuginfo-0.13.67-10.14.1 zziplib-debugsource-0.13.67-10.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libzzip-0-13-0.13.67-10.14.1 libzzip-0-13-debuginfo-0.13.67-10.14.1 zziplib-debugsource-0.13.67-10.14.1 zziplib-devel-0.13.67-10.14.1 zziplib-devel-debuginfo-0.13.67-10.14.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libzzip-0-13-0.13.67-10.14.1 libzzip-0-13-debuginfo-0.13.67-10.14.1 zziplib-debugsource-0.13.67-10.14.1 References: https://www.suse.com/security/cve/CVE-2018-17828.html https://bugzilla.suse.com/1110687 From sle-security-updates at lists.suse.com Wed Oct 24 10:42:28 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Oct 2018 18:42:28 +0200 (CEST) Subject: SUSE-SU-2018:3386-1: moderate: Security update for ntp Message-ID: <20181024164228.E3F66FC98@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3386-1 Rating: moderate References: #1083424 #1098531 #1111853 Cross-References: CVE-2018-12327 CVE-2018-7170 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2431=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): ntp-4.2.8p12-4.3.2 ntp-debuginfo-4.2.8p12-4.3.2 ntp-debugsource-4.2.8p12-4.3.2 References: https://www.suse.com/security/cve/CVE-2018-12327.html https://www.suse.com/security/cve/CVE-2018-7170.html https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1098531 https://bugzilla.suse.com/1111853 From sle-security-updates at lists.suse.com Wed Oct 24 10:43:20 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Oct 2018 18:43:20 +0200 (CEST) Subject: SUSE-SU-2018:3387-1: moderate: Security update for webkit2gtk3 Message-ID: <20181024164320.7CFCAFC98@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3387-1 Rating: moderate References: #1075775 #1077535 #1079512 #1088182 #1088932 #1092278 #1092279 #1092280 #1095611 #1096060 #1096061 #1097693 #1101999 #1102530 #1104169 Cross-References: CVE-2017-13884 CVE-2017-13885 CVE-2017-7153 CVE-2017-7160 CVE-2017-7161 CVE-2017-7165 CVE-2018-11646 CVE-2018-11712 CVE-2018-11713 CVE-2018-12911 CVE-2018-4088 CVE-2018-4096 CVE-2018-4101 CVE-2018-4113 CVE-2018-4114 CVE-2018-4117 CVE-2018-4118 CVE-2018-4119 CVE-2018-4120 CVE-2018-4121 CVE-2018-4122 CVE-2018-4125 CVE-2018-4127 CVE-2018-4128 CVE-2018-4129 CVE-2018-4133 CVE-2018-4146 CVE-2018-4161 CVE-2018-4162 CVE-2018-4163 CVE-2018-4165 CVE-2018-4190 CVE-2018-4199 CVE-2018-4200 CVE-2018-4204 CVE-2018-4218 CVE-2018-4222 CVE-2018-4232 CVE-2018-4233 CVE-2018-4246 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 40 vulnerabilities is now available. Description: This update for webkit2gtk3 to version 2.20.3 fixes the issues: The following security vulnerabilities were addressed: - CVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs (boo#1101999) - CVE-2017-13884: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1075775). - CVE-2017-13885: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1075775). - CVE-2017-7153: An unspecified issue allowed remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect (bsc#1077535). - CVE-2017-7160: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1075775). - CVE-2017-7161: An unspecified issue allowed remote attackers to execute arbitrary code via special characters that trigger command injection (bsc#1075775, bsc#1077535). - CVE-2017-7165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1075775). - CVE-2018-4088: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1075775). - CVE-2018-4096: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1075775). - CVE-2018-4200: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280). - CVE-2018-4204: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1092279). - CVE-2018-4101: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4113: An issue in the JavaScriptCore function in the "WebKit" component allowed attackers to trigger an assertion failure by leveraging improper array indexing (bsc#1088182) - CVE-2018-4114: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182) - CVE-2018-4117: An unspecified issue allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1088182, bsc#1102530). - CVE-2018-4118: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182) - CVE-2018-4119: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182) - CVE-2018-4120: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4121: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1092278). - CVE-2018-4122: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4125: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4127: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4128: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4129: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4146: An unspecified issue allowed attackers to cause a denial of service (memory corruption) via a crafted web site (bsc#1088182). - CVE-2018-4161: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4162: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4163: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch (bsc#1097693) - CVE-2018-4199: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site (bsc#1097693) - CVE-2018-4218: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free (bsc#1097693) - CVE-2018-4222: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation (bsc#1097693) - CVE-2018-4232: An unspecified issue allowed remote attackers to overwrite cookies via a crafted web site (bsc#1097693) - CVE-2018-4233: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1097693) - CVE-2018-4246: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted web site that leverages type confusion (bsc#1104169) - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL mishandled an unset pageURL, leading to an application crash (bsc#1095611) - CVE-2018-4133: A Safari cross-site scripting (XSS) vulnerability allowed remote attackers to inject arbitrary web script or HTML via a crafted URL (bsc#1088182). - CVE-2018-11713: The libsoup network backend of WebKit unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection (bsc#1096060). - CVE-2018-11712: The libsoup network backend of WebKit failed to perform TLS certificate verification for WebSocket connections (bsc#1096061). This update for webkit2gtk3 fixes the following issues: - Fixed a crash when atk_object_ref_state_set is called on an AtkObject that's being destroyed (bsc#1088932). - Fixed crash when using Wayland with QXL/virtio (bsc#1079512) - Disable Gigacage if mmap fails to allocate in Linux. - Add user agent quirk for paypal website. - Properly detect compiler flags, needed libs, and fallbacks for usage of 64-bit atomic operations. - Fix a network process crash when trying to get cookies of about:blank page. - Fix UI process crash when closing the window under Wayland. - Fix several crashes and rendering issues. - Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors. - Properly close the connection to the nested wayland compositor in the Web Process. - Avoid painting backing stores for zero-opacity layers. - Fix downloads started by context menu failing in some websites due to missing user agent HTTP header. - Fix video unpause when GStreamerGL is disabled. - Fix several GObject introspection annotations. - Update user agent quiks to fix Outlook.com and Chase.com. - Fix several crashes and rendering issues. - Improve error message when Gigacage cannot allocate virtual memory. - Add missing WebKitWebProcessEnumTypes.h to webkit-web-extension.h. - Improve web process memory monitor thresholds. - Fix a web process crash when the web view is created and destroyed quickly. - Fix a network process crash when load is cancelled while searching for stored HTTP auth credentials. - Fix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and ENABLE_XSLT are disabled. - New API to retrieve and delete cookies with WebKitCookieManager. - New web process API to detect when form is submitted via JavaScript. - Several improvements and fixes in the touch/gestures support. - Support for the ???system??? CSS font family. - Complex text rendering improvements and fixes. - More complete and spec compliant WebDriver implementation. - Ensure DNS prefetching cannot be re-enabled if disabled by settings. - Fix seek sometimes not working. - Fix rendering of emojis that were using the wrong scale factor in some cases. - Fix rendering of combining enclosed keycap. - Fix rendering scale of some layers in HiDPI. - Fix a crash in Wayland when closing the web view. - Fix crashes upower crashes when running inside a chroot or on systems with broken dbus/upower. - Fix memory leaks in GStreamer media backend when using GStreamer 1.14. - Fix several crashes and rendering issues. - Add ENABLE_ADDRESS_SANITIZER to make it easier to build with asan support. - Fix a crash a under Wayland when using mesa software rasterization. - Make fullscreen video work again. - Fix handling of missing GStreamer elements. - Fix rendering when webm video is played twice. - Fix kinetic scrolling sometimes jumping around. - Fix build with ICU configured without collation support. - WebSockets use system proxy settings now (requires libsoup 2.61.90). - Show the context menu on long-press gesture. - Add support for Shift + mouse scroll to scroll horizontally. - Fix zoom gesture to actually zoom instead of changing the page scale. - Implement support for Graphics ARIA roles. - Make sleep inhibitors work under Flatpak. - Add get element CSS value command to WebDriver. - Fix a crash aftter a swipe gesture. - Fix several crashes and rendering issues. - Fix crashes due to duplicated symbols in libjavascriptcoregtk and libwebkit2gtk. - Fix parsing of timeout values in WebDriver. - Implement get timeouts command in WebDriver. - Fix deadlock in GStreamer video sink during shutdown when accelerated compositing is disabled. - Fix several crashes and rendering issues. - Add web process API to detect when form is submitted via JavaScript. - Add new API to replace webkit_form_submission_request_get_text_fields() that is now deprecated. - Add WebKitWebView::web-process-terminated signal and deprecate web-process-crashed. - Fix rendering issues when editing text areas. - Use FastMalloc based GstAllocator for GStreamer. - Fix web process crash at startup in bmalloc. - Fix several memory leaks in GStreamer media backend. - WebKitWebDriver process no longer links to libjavascriptcoregtk. - Fix several crashes and rendering issues. - Add new API to add, retrieve and delete cookies via WebKitCookieManager. - Add functions to WebSettings to convert font sizes between points and pixels. - Ensure cookie operations take effect when they happen before a web process has been spawned. - Automatically adjust font size when GtkSettings:gtk-xft-dpi changes. - Add initial resource load statistics support. - Add API to expose availability of certain editing commands in WebKitEditorState. - Add API to query whether a WebKitNavigationAction is a redirect or not. - Improve complex text rendering. - Add support for the "system" CSS font family. - Disable USE_GSTREAMER_GL Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2432=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2432=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2432=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2432=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): libwebkit2gtk3-lang-2.20.3-2.23.8 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.20.3-2.23.8 webkit2gtk3-debugsource-2.20.3-2.23.8 webkit2gtk3-devel-2.20.3-2.23.8 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.20.3-2.23.8 libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-2.23.8 libwebkit2gtk-4_0-37-2.20.3-2.23.8 libwebkit2gtk-4_0-37-debuginfo-2.20.3-2.23.8 typelib-1_0-JavaScriptCore-4_0-2.20.3-2.23.8 typelib-1_0-WebKit2-4_0-2.20.3-2.23.8 webkit2gtk-4_0-injected-bundles-2.20.3-2.23.8 webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-2.23.8 webkit2gtk3-debugsource-2.20.3-2.23.8 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libjavascriptcoregtk-4_0-18-2.20.3-2.23.8 libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-2.23.8 libwebkit2gtk-4_0-37-2.20.3-2.23.8 libwebkit2gtk-4_0-37-debuginfo-2.20.3-2.23.8 typelib-1_0-JavaScriptCore-4_0-2.20.3-2.23.8 typelib-1_0-WebKit2-4_0-2.20.3-2.23.8 webkit2gtk-4_0-injected-bundles-2.20.3-2.23.8 webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-2.23.8 webkit2gtk3-debugsource-2.20.3-2.23.8 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libwebkit2gtk3-lang-2.20.3-2.23.8 References: https://www.suse.com/security/cve/CVE-2017-13884.html https://www.suse.com/security/cve/CVE-2017-13885.html https://www.suse.com/security/cve/CVE-2017-7153.html https://www.suse.com/security/cve/CVE-2017-7160.html https://www.suse.com/security/cve/CVE-2017-7161.html https://www.suse.com/security/cve/CVE-2017-7165.html https://www.suse.com/security/cve/CVE-2018-11646.html https://www.suse.com/security/cve/CVE-2018-11712.html https://www.suse.com/security/cve/CVE-2018-11713.html https://www.suse.com/security/cve/CVE-2018-12911.html https://www.suse.com/security/cve/CVE-2018-4088.html https://www.suse.com/security/cve/CVE-2018-4096.html https://www.suse.com/security/cve/CVE-2018-4101.html https://www.suse.com/security/cve/CVE-2018-4113.html https://www.suse.com/security/cve/CVE-2018-4114.html https://www.suse.com/security/cve/CVE-2018-4117.html https://www.suse.com/security/cve/CVE-2018-4118.html https://www.suse.com/security/cve/CVE-2018-4119.html https://www.suse.com/security/cve/CVE-2018-4120.html https://www.suse.com/security/cve/CVE-2018-4121.html https://www.suse.com/security/cve/CVE-2018-4122.html https://www.suse.com/security/cve/CVE-2018-4125.html https://www.suse.com/security/cve/CVE-2018-4127.html https://www.suse.com/security/cve/CVE-2018-4128.html https://www.suse.com/security/cve/CVE-2018-4129.html https://www.suse.com/security/cve/CVE-2018-4133.html https://www.suse.com/security/cve/CVE-2018-4146.html https://www.suse.com/security/cve/CVE-2018-4161.html https://www.suse.com/security/cve/CVE-2018-4162.html https://www.suse.com/security/cve/CVE-2018-4163.html https://www.suse.com/security/cve/CVE-2018-4165.html https://www.suse.com/security/cve/CVE-2018-4190.html https://www.suse.com/security/cve/CVE-2018-4199.html https://www.suse.com/security/cve/CVE-2018-4200.html https://www.suse.com/security/cve/CVE-2018-4204.html https://www.suse.com/security/cve/CVE-2018-4218.html https://www.suse.com/security/cve/CVE-2018-4222.html https://www.suse.com/security/cve/CVE-2018-4232.html https://www.suse.com/security/cve/CVE-2018-4233.html https://www.suse.com/security/cve/CVE-2018-4246.html https://bugzilla.suse.com/1075775 https://bugzilla.suse.com/1077535 https://bugzilla.suse.com/1079512 https://bugzilla.suse.com/1088182 https://bugzilla.suse.com/1088932 https://bugzilla.suse.com/1092278 https://bugzilla.suse.com/1092279 https://bugzilla.suse.com/1092280 https://bugzilla.suse.com/1095611 https://bugzilla.suse.com/1096060 https://bugzilla.suse.com/1096061 https://bugzilla.suse.com/1097693 https://bugzilla.suse.com/1101999 https://bugzilla.suse.com/1102530 https://bugzilla.suse.com/1104169 From sle-security-updates at lists.suse.com Wed Oct 24 10:45:55 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Oct 2018 18:45:55 +0200 (CEST) Subject: SUSE-SU-2018:3388-1: moderate: Security update for tomcat Message-ID: <20181024164555.85176FC98@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3388-1 Rating: moderate References: #1078677 #1082480 #1082481 #1093697 #1102379 #1102400 #1102410 #1110850 Cross-References: CVE-2017-15706 CVE-2018-11784 CVE-2018-1304 CVE-2018-1305 CVE-2018-1336 CVE-2018-8014 CVE-2018-8034 CVE-2018-8037 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for tomcat to version 8.0.53 fixes the following security issues: - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. (bsc#1110850) - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service (bsc#1102400) - CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default (bsc#1102379) - CVE-2018-8037: If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could have resulted in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also have resulted in a user seeing a response intended for another user (bsc#1102410) - CVE-2018-1305: Fixed late application of security constraints that can lead to resource exposure for unauthorised users (bsc#1082481). - CVE-2018-1304: Fixed incorrect handling of empty string URL in security constraints that can lead to unitended exposure of resources (bsc#1082480). - CVE-2017-15706: Fixed incorrect documentation of CGI Servlet search algorithm that may lead to misconfiguration (bsc#1078677). - CVE-2018-8014: The defaults settings for the CORS filter were insecure and enable 'supportsCredentials' for all origins (bsc#1093697). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2433=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2433=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): tomcat-8.0.53-10.35.1 tomcat-admin-webapps-8.0.53-10.35.1 tomcat-docs-webapp-8.0.53-10.35.1 tomcat-el-3_0-api-8.0.53-10.35.1 tomcat-javadoc-8.0.53-10.35.1 tomcat-jsp-2_3-api-8.0.53-10.35.1 tomcat-lib-8.0.53-10.35.1 tomcat-servlet-3_1-api-8.0.53-10.35.1 tomcat-webapps-8.0.53-10.35.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): tomcat-8.0.53-10.35.1 tomcat-admin-webapps-8.0.53-10.35.1 tomcat-docs-webapp-8.0.53-10.35.1 tomcat-el-3_0-api-8.0.53-10.35.1 tomcat-javadoc-8.0.53-10.35.1 tomcat-jsp-2_3-api-8.0.53-10.35.1 tomcat-lib-8.0.53-10.35.1 tomcat-servlet-3_1-api-8.0.53-10.35.1 tomcat-webapps-8.0.53-10.35.1 References: https://www.suse.com/security/cve/CVE-2017-15706.html https://www.suse.com/security/cve/CVE-2018-11784.html https://www.suse.com/security/cve/CVE-2018-1304.html https://www.suse.com/security/cve/CVE-2018-1305.html https://www.suse.com/security/cve/CVE-2018-1336.html https://www.suse.com/security/cve/CVE-2018-8014.html https://www.suse.com/security/cve/CVE-2018-8034.html https://www.suse.com/security/cve/CVE-2018-8037.html https://bugzilla.suse.com/1078677 https://bugzilla.suse.com/1082480 https://bugzilla.suse.com/1082481 https://bugzilla.suse.com/1093697 https://bugzilla.suse.com/1102379 https://bugzilla.suse.com/1102400 https://bugzilla.suse.com/1102410 https://bugzilla.suse.com/1110850 From sle-security-updates at lists.suse.com Wed Oct 24 10:47:26 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Oct 2018 18:47:26 +0200 (CEST) Subject: SUSE-SU-2018:3389-1: moderate: Security update for exempi Message-ID: <20181024164726.3D7DBFC98@maintenance.suse.de> SUSE Security Update: Security update for exempi ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3389-1 Rating: moderate References: #1085295 #1085297 #1085583 #1085584 #1085585 #1085589 Cross-References: CVE-2017-18233 CVE-2017-18234 CVE-2017-18236 CVE-2017-18238 CVE-2018-7728 CVE-2018-7730 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for exempi fixes the following security issues: - CVE-2017-18233: Prevent integer overflow in the Chunk class that allowed remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file (bsc#1085584). - CVE-2017-18238: The TradQT_Manager::ParseCachedBoxes function allowed remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file (bsc#1085583). - CVE-2018-7728: Fixed heap-based buffer overflow, which allowed denial of service via crafted TIFF image (bsc#1085297). - CVE-2018-7730: Fixed heap-based buffer overflow in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp (bsc#1085295). - CVE-2017-18236: The ASF_Support::ReadHeaderObject function allowed remote attackers to cause a denial of service (infinite loop) via a crafted .asf file (bsc#1085589). - CVE-2017-18234: Prevent use-after-free that allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a .pdf file containing JPEG data (bsc#1085585). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2434=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2434=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2434=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): exempi-debugsource-2.2.1-5.7.1 libexempi-devel-2.2.1-5.7.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): exempi-debugsource-2.2.1-5.7.1 libexempi3-2.2.1-5.7.1 libexempi3-debuginfo-2.2.1-5.7.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): exempi-debugsource-2.2.1-5.7.1 libexempi3-2.2.1-5.7.1 libexempi3-debuginfo-2.2.1-5.7.1 References: https://www.suse.com/security/cve/CVE-2017-18233.html https://www.suse.com/security/cve/CVE-2017-18234.html https://www.suse.com/security/cve/CVE-2017-18236.html https://www.suse.com/security/cve/CVE-2017-18238.html https://www.suse.com/security/cve/CVE-2018-7728.html https://www.suse.com/security/cve/CVE-2018-7730.html https://bugzilla.suse.com/1085295 https://bugzilla.suse.com/1085297 https://bugzilla.suse.com/1085583 https://bugzilla.suse.com/1085584 https://bugzilla.suse.com/1085585 https://bugzilla.suse.com/1085589 From sle-security-updates at lists.suse.com Wed Oct 24 10:50:39 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Oct 2018 18:50:39 +0200 (CEST) Subject: SUSE-SU-2018:3391-1: moderate: Security update for tiff Message-ID: <20181024165039.CECD5FC98@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3391-1 Rating: moderate References: #1106853 #1108627 #1108637 #1110358 Cross-References: CVE-2017-11613 CVE-2017-9935 CVE-2018-16335 CVE-2018-17100 CVE-2018-17101 CVE-2018-17795 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637) - CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627) - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358) - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-tiff-13834=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tiff-13834=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tiff-13834=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff-devel-3.8.2-141.169.19.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libtiff-devel-32bit-3.8.2-141.169.19.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff3-3.8.2-141.169.19.1 tiff-3.8.2-141.169.19.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libtiff3-32bit-3.8.2-141.169.19.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libtiff3-x86-3.8.2-141.169.19.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tiff-debuginfo-3.8.2-141.169.19.1 tiff-debugsource-3.8.2-141.169.19.1 References: https://www.suse.com/security/cve/CVE-2017-11613.html https://www.suse.com/security/cve/CVE-2017-9935.html https://www.suse.com/security/cve/CVE-2018-16335.html https://www.suse.com/security/cve/CVE-2018-17100.html https://www.suse.com/security/cve/CVE-2018-17101.html https://www.suse.com/security/cve/CVE-2018-17795.html https://bugzilla.suse.com/1106853 https://bugzilla.suse.com/1108627 https://bugzilla.suse.com/1108637 https://bugzilla.suse.com/1110358 From sle-security-updates at lists.suse.com Wed Oct 24 10:51:38 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Oct 2018 18:51:38 +0200 (CEST) Subject: SUSE-SU-2018:3392-1: moderate: Security update for python-cryptography Message-ID: <20181024165138.9020BFC98@maintenance.suse.de> SUSE Security Update: Security update for python-cryptography ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3392-1 Rating: moderate References: #1101820 Cross-References: CVE-2018-10903 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-cryptography fixes the following issues: - CVE-2018-10903: The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries could have caused key leakage (bsc#1101820). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2430=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): python-cryptography-debuginfo-2.1.4-4.3.1 python-cryptography-debugsource-2.1.4-4.3.1 python2-cryptography-2.1.4-4.3.1 python2-cryptography-debuginfo-2.1.4-4.3.1 python3-cryptography-2.1.4-4.3.1 python3-cryptography-debuginfo-2.1.4-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-10903.html https://bugzilla.suse.com/1101820 From sle-security-updates at lists.suse.com Wed Oct 24 10:52:12 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Oct 2018 18:52:12 +0200 (CEST) Subject: SUSE-SU-2018:3393-1: moderate: Security update for tomcat Message-ID: <20181024165212.CB80FFCBE@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3393-1 Rating: moderate References: #1110850 Cross-References: CVE-2018-11784 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. (bsc#1110850) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2429=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): tomcat-8.0.53-29.16.2 tomcat-admin-webapps-8.0.53-29.16.2 tomcat-docs-webapp-8.0.53-29.16.2 tomcat-el-3_0-api-8.0.53-29.16.2 tomcat-javadoc-8.0.53-29.16.2 tomcat-jsp-2_3-api-8.0.53-29.16.2 tomcat-lib-8.0.53-29.16.2 tomcat-servlet-3_1-api-8.0.53-29.16.2 tomcat-webapps-8.0.53-29.16.2 References: https://www.suse.com/security/cve/CVE-2018-11784.html https://bugzilla.suse.com/1110850 From sle-security-updates at lists.suse.com Thu Oct 25 07:13:29 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Oct 2018 15:13:29 +0200 (CEST) Subject: SUSE-SU-2018:3424-1: moderate: Security update for dom4j Message-ID: <20181025131329.72A50FD4E@maintenance.suse.de> SUSE Security Update: Security update for dom4j ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3424-1 Rating: moderate References: #1105443 Cross-References: CVE-2018-1000632 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dom4j fixes the following issues: - CVE-2018-1000632: Prevent XML injection vulnerability that allowed an attacker to tamper with XML documents (bsc#1105443) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-dom4j-13838=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): dom4j-1.6.1-8.3.8.1 References: https://www.suse.com/security/cve/CVE-2018-1000632.html https://bugzilla.suse.com/1105443 From sle-security-updates at lists.suse.com Thu Oct 25 07:17:19 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Oct 2018 15:17:19 +0200 (CEST) Subject: SUSE-SU-2018:3430-1: moderate: Security update for mercurial Message-ID: <20181025131719.49B8BFD4B@maintenance.suse.de> SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3430-1 Rating: moderate References: #1110899 Cross-References: CVE-2018-17983 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mercurial fixes the following issues: - CVE-2018-17983: Fix an out-of-bounds read during parsing of a malformed manifest entry (bsc#1110899). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2456=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): mercurial-4.5.2-3.6.1 mercurial-debuginfo-4.5.2-3.6.1 mercurial-debugsource-4.5.2-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-17983.html https://bugzilla.suse.com/1110899 From sle-security-updates at lists.suse.com Thu Oct 25 10:08:45 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Oct 2018 18:08:45 +0200 (CEST) Subject: SUSE-SU-2018:3436-1: moderate: Security update for clamav Message-ID: <20181025160845.3E443FD4B@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3436-1 Rating: moderate References: #1103040 #1104457 #1110723 Cross-References: CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-15378 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for clamav fixes the following issues: clamav was updated to version 0.100.2: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) - Make freshclam more robust against lagging signature mirrors. - On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2460=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2460=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2460=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2460=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2460=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2460=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2460=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2460=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2460=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 - SUSE Enterprise Storage 4 (x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 References: https://www.suse.com/security/cve/CVE-2018-14680.html https://www.suse.com/security/cve/CVE-2018-14681.html https://www.suse.com/security/cve/CVE-2018-14682.html https://www.suse.com/security/cve/CVE-2018-15378.html https://bugzilla.suse.com/1103040 https://bugzilla.suse.com/1104457 https://bugzilla.suse.com/1110723 From sle-security-updates at lists.suse.com Thu Oct 25 10:12:47 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Oct 2018 18:12:47 +0200 (CEST) Subject: SUSE-SU-2018:3440-1: moderate: Security update for libgit2 Message-ID: <20181025161247.6D36DFD4B@maintenance.suse.de> SUSE Security Update: Security update for libgit2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3440-1 Rating: moderate References: #1085256 #1095219 #1100612 #1100613 #1104641 Cross-References: CVE-2018-10887 CVE-2018-10888 CVE-2018-11235 CVE-2018-15501 CVE-2018-8099 Affected Products: SUSE Manager Server 3.2 SUSE Manager Server 3.1 SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for libgit2 fixes the following issues: - CVE-2018-8099: Fixed possible denial of service attack via different vectors by not being able to differentiate between these status codes (bsc#1085256). - CVE-2018-11235: With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. (bsc#1095219) - CVE-2018-10887: It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may have lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker could have used this flaw to leak memory addresses or cause a Denial of Service. (bsc#1100613) - CVE-2018-10888: A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service. (bsc#1100612) - CVE-2018-15501: A remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS. (bsc#1104641) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2018-2459=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-2459=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2459=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): libgit2-24-0.24.1-7.6.1 libgit2-24-debuginfo-0.24.1-7.6.1 libgit2-debugsource-0.24.1-7.6.1 - SUSE Manager Server 3.1 (ppc64le s390x x86_64): libgit2-24-0.24.1-7.6.1 libgit2-24-debuginfo-0.24.1-7.6.1 libgit2-debugsource-0.24.1-7.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (x86_64): libgit2-24-0.24.1-7.6.1 libgit2-24-debuginfo-0.24.1-7.6.1 libgit2-debugsource-0.24.1-7.6.1 References: https://www.suse.com/security/cve/CVE-2018-10887.html https://www.suse.com/security/cve/CVE-2018-10888.html https://www.suse.com/security/cve/CVE-2018-11235.html https://www.suse.com/security/cve/CVE-2018-15501.html https://www.suse.com/security/cve/CVE-2018-8099.html https://bugzilla.suse.com/1085256 https://bugzilla.suse.com/1095219 https://bugzilla.suse.com/1100612 https://bugzilla.suse.com/1100613 https://bugzilla.suse.com/1104641 From sle-security-updates at lists.suse.com Thu Oct 25 10:13:59 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Oct 2018 18:13:59 +0200 (CEST) Subject: SUSE-SU-2018:3441-1: moderate: Security update for clamav Message-ID: <20181025161359.F31A2FD4B@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3441-1 Rating: moderate References: #1103040 #1104457 #1110723 Cross-References: CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-15378 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for clamav fixes the following issues: Clamav was updated to version 0.100.2: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) * Make freshclam more robust against lagging signature mirrors. * On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-clamav-13841=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-clamav-13841=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-clamav-13841=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-clamav-13841=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-clamav-13841=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): clamav-0.100.2-0.20.18.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): clamav-0.100.2-0.20.18.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): clamav-0.100.2-0.20.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): clamav-debuginfo-0.100.2-0.20.18.1 clamav-debugsource-0.100.2-0.20.18.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): clamav-debuginfo-0.100.2-0.20.18.1 clamav-debugsource-0.100.2-0.20.18.1 References: https://www.suse.com/security/cve/CVE-2018-14680.html https://www.suse.com/security/cve/CVE-2018-14681.html https://www.suse.com/security/cve/CVE-2018-14682.html https://www.suse.com/security/cve/CVE-2018-15378.html https://bugzilla.suse.com/1103040 https://bugzilla.suse.com/1104457 https://bugzilla.suse.com/1110723 From sle-security-updates at lists.suse.com Thu Oct 25 10:18:45 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Oct 2018 18:18:45 +0200 (CEST) Subject: SUSE-SU-2018:3447-1: important: Security update for net-snmp Message-ID: <20181025161845.EE955FD4E@maintenance.suse.de> SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3447-1 Rating: important References: #1027353 #1081164 #1102775 #1111122 Cross-References: CVE-2018-18065 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for net-snmp fixes the following issues: Security issues fixed: - CVE-2018-18065: _set_key in agent/helpers/table_container.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (bsc#1111122) Non-security issues fixed: - swintst_rpm: Protect against unspecified Group name (bsc#1102775) - Add tsm and tlstm MIBs and the USM security module. (bsc#1081164) - Fix agentx freezing on timeout (bsc#1027353) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2461=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2461=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2461=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2461=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2461=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2461=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2461=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2461=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2461=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libsnmp30-32bit-5.7.3-6.3.1 libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-32bit-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 net-snmp-devel-5.7.3-6.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libsnmp30-32bit-5.7.3-6.3.1 libsnmp30-debuginfo-32bit-5.7.3-6.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libsnmp30-32bit-5.7.3-6.3.1 libsnmp30-debuginfo-32bit-5.7.3-6.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libsnmp30-32bit-5.7.3-6.3.1 libsnmp30-debuginfo-32bit-5.7.3-6.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsnmp30-32bit-5.7.3-6.3.1 libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-32bit-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libsnmp30-32bit-5.7.3-6.3.1 libsnmp30-debuginfo-32bit-5.7.3-6.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsnmp30-32bit-5.7.3-6.3.1 libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-32bit-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 - SUSE Enterprise Storage 4 (x86_64): libsnmp30-32bit-5.7.3-6.3.1 libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-32bit-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 - SUSE CaaS Platform 3.0 (x86_64): libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 References: https://www.suse.com/security/cve/CVE-2018-18065.html https://bugzilla.suse.com/1027353 https://bugzilla.suse.com/1081164 https://bugzilla.suse.com/1102775 https://bugzilla.suse.com/1111122 From sle-security-updates at lists.suse.com Thu Oct 25 13:09:38 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Oct 2018 21:09:38 +0200 (CEST) Subject: SUSE-SU-2018:3456-1: important: Security update for xorg-x11-server Message-ID: <20181025190938.3DAE9FC38@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3456-1 Rating: important References: #1078383 #1111697 Cross-References: CVE-2018-14665 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xorg-x11-server provides the following fix: Security issue fixed: - CVE-2018-14665: Local attackers could overwrite system files in any directory using the -logfile option and gain privileges (bsc#1111697) Non security issues fixed: - Do not write past the allocated buffer. (bsc#1078383) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-server-13843=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-server-13843=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-xorg-x11-server-13843=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xorg-x11-server-13843=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-server-13843=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xorg-x11-server-13843=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-sdk-7.4-27.122.21.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.122.21.1 xorg-x11-server-7.4-27.122.21.1 xorg-x11-server-extra-7.4-27.122.21.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): xorg-x11-Xvnc-7.4-27.122.21.1 xorg-x11-server-7.4-27.122.21.1 xorg-x11-server-extra-7.4-27.122.21.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xorg-x11-Xvnc-7.4-27.122.21.1 xorg-x11-server-7.4-27.122.21.1 xorg-x11-server-extra-7.4-27.122.21.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.122.21.1 xorg-x11-server-debugsource-7.4-27.122.21.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.122.21.1 xorg-x11-server-debugsource-7.4-27.122.21.1 References: https://www.suse.com/security/cve/CVE-2018-14665.html https://bugzilla.suse.com/1078383 https://bugzilla.suse.com/1111697 From sle-security-updates at lists.suse.com Thu Oct 25 13:17:37 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Oct 2018 21:17:37 +0200 (CEST) Subject: SUSE-SU-2018:3465-1: moderate: Security update for ImageMagick Message-ID: <20181025191737.DAB0AFC38@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3465-1 Rating: moderate References: #1107609 #1112399 Cross-References: CVE-2017-14997 CVE-2018-16644 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2017-14997: GraphicsMagick allowed remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. [bsc#1112399] - CVE-2018-16644: An regression in the security fix for the pict coder was fixed (bsc#1107609) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2480=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2480=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2480=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2480=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.85.1 ImageMagick-debuginfo-6.8.8.1-71.85.1 ImageMagick-debugsource-6.8.8.1-71.85.1 libMagick++-6_Q16-3-6.8.8.1-71.85.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.85.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.85.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.85.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.85.1 ImageMagick-debuginfo-6.8.8.1-71.85.1 ImageMagick-debugsource-6.8.8.1-71.85.1 ImageMagick-devel-6.8.8.1-71.85.1 libMagick++-6_Q16-3-6.8.8.1-71.85.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.85.1 libMagick++-devel-6.8.8.1-71.85.1 perl-PerlMagick-6.8.8.1-71.85.1 perl-PerlMagick-debuginfo-6.8.8.1-71.85.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.85.1 ImageMagick-debugsource-6.8.8.1-71.85.1 libMagickCore-6_Q16-1-6.8.8.1-71.85.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.85.1 libMagickWand-6_Q16-1-6.8.8.1-71.85.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.85.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.85.1 ImageMagick-debuginfo-6.8.8.1-71.85.1 ImageMagick-debugsource-6.8.8.1-71.85.1 libMagick++-6_Q16-3-6.8.8.1-71.85.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.85.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.85.1 libMagickCore-6_Q16-1-6.8.8.1-71.85.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.85.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.85.1 libMagickWand-6_Q16-1-6.8.8.1-71.85.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.85.1 References: https://www.suse.com/security/cve/CVE-2017-14997.html https://www.suse.com/security/cve/CVE-2018-16644.html https://bugzilla.suse.com/1107609 https://bugzilla.suse.com/1112399 From sle-security-updates at lists.suse.com Thu Oct 25 16:09:08 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Oct 2018 00:09:08 +0200 (CEST) Subject: SUSE-SU-2018:3467-1: moderate: Security update for smt Message-ID: <20181025220908.70663FD4B@maintenance.suse.de> SUSE Security Update: Security update for smt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3467-1 Rating: moderate References: #1104076 #1111056 Cross-References: CVE-2018-12472 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: SMT was updated to version 3.0.38. Following security issue was fixed: - CVE-2018-12472: Harden hostname check during sibling check by forcing double reverse lookup (bsc#1104076) Following non security issues were fixed: - Add migration path check when registration sharing is enabled - Fix sibling sync errors (bsc#1111056): - Synchronize all registered products - Handle duplicate registrations when syncing - Force resync to the sibling instance in `upgrade` and `synchronize` API calls Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2481=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2481=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2481=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2481=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2481=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2481=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-2481=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2481=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): smt-ha-3.0.38-52.26.1 - SUSE Enterprise Storage 4 (x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 References: https://www.suse.com/security/cve/CVE-2018-12472.html https://bugzilla.suse.com/1104076 https://bugzilla.suse.com/1111056 From sle-security-updates at lists.suse.com Thu Oct 25 16:10:38 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Oct 2018 00:10:38 +0200 (CEST) Subject: SUSE-SU-2018:3470-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) Message-ID: <20181025221038.08CFBFC38@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3470-1 Rating: important References: #1102682 #1107832 Cross-References: CVE-2018-14633 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.121-92_95 fixes several issues. The following security issues were fixed: - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2483=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2483=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_95-default-2-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_95-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1107832 From sle-security-updates at lists.suse.com Thu Oct 25 16:16:32 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Oct 2018 00:16:32 +0200 (CEST) Subject: SUSE-SU-2018:3476-1: important: Security update for MozillaFirefox Message-ID: <20181025221632.5A48CFC38@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3476-1 Rating: important References: #1094767 #1107343 #1109363 #1109465 #1110506 #1110507 Cross-References: CVE-2018-12383 CVE-2018-12385 CVE-2018-12386 CVE-2018-12387 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for MozillaFirefox to 60.2.2ESR fixes the following issues: Security issues fixed: MFSA 2018-24: - CVE-2018-12386: A Type confusion in JavaScript allowed remote code execution (bsc#1110506) - CVE-2018-12387: Array.prototype.push stack pointer vulnerability may have enabled exploits in the sandboxed content process (bsc#1110507) MFSA 2018-23: - CVE-2018-12385: Fixed a crash in TransportSecurityInfo due to cached data (bsc#1109363) - CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343) Non security issues fixed: - Avoid undefined behavior in IPC fd-passing code (bsc#1094767) - Fixed a startup crash affecting users migrating from older ESR releases - Clean up old NSS DB files after upgrading - Fixed an endianness problem in bindgen's handling of bitfields, which was causing Firefox to crash on startup on big-endian machines. Also, updates the cc crate, which was buggy in the version that was originally vendored in. (bsc#1109465) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2482=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.2.2-3.13.3 MozillaFirefox-branding-SLE-60-4.5.3 MozillaFirefox-debuginfo-60.2.2-3.13.3 MozillaFirefox-debugsource-60.2.2-3.13.3 MozillaFirefox-translations-common-60.2.2-3.13.3 MozillaFirefox-translations-other-60.2.2-3.13.3 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le x86_64): MozillaFirefox-devel-60.2.2-3.13.3 References: https://www.suse.com/security/cve/CVE-2018-12383.html https://www.suse.com/security/cve/CVE-2018-12385.html https://www.suse.com/security/cve/CVE-2018-12386.html https://www.suse.com/security/cve/CVE-2018-12387.html https://bugzilla.suse.com/1094767 https://bugzilla.suse.com/1107343 https://bugzilla.suse.com/1109363 https://bugzilla.suse.com/1109465 https://bugzilla.suse.com/1110506 https://bugzilla.suse.com/1110507 From sle-security-updates at lists.suse.com Fri Oct 26 06:40:48 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Oct 2018 14:40:48 +0200 (CEST) Subject: SUSE-SU-2018:3480-1: moderate: Security update for wpa_supplicant Message-ID: <20181026124048.9B240FCA4@maintenance.suse.de> SUSE Security Update: Security update for wpa_supplicant ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3480-1 Rating: moderate References: #1080798 #1098854 #1099835 #1104205 #1109209 #1111873 Cross-References: CVE-2018-14526 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for wpa_supplicant provides the following fixes: This security issues was fixe: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the vulnerability to recover sensitive information (bsc#1104205) These non-security issues were fixed: - Fix reading private key passwords from the configuration file. (bsc#1099835) - Enable PWD as EAP method. This allows for password-based authentication, which is easier to setup than most of the other methods, and is used by the Eduroam network. (bsc#1109209) - compile eapol_test binary to allow testing via radius proxy and server (note: this does not match CONFIG_EAPOL_TEST which sets -Werror and activates an assert call inside the code of wpa_supplicant) (bsc#1111873), (fate#326725) - Enabled timestamps in log file when being invoked by systemd service file (bsc#1080798). - Fixes the default file permissions of the debug log file to more sane values, i.e. it is no longer world-readable (bsc#1098854). - Open the debug log file with O_CLOEXEC, which will prevent file descriptor leaking to child processes (bsc#1098854). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2484=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.6-4.11.1 wpa_supplicant-debuginfo-2.6-4.11.1 wpa_supplicant-debugsource-2.6-4.11.1 References: https://www.suse.com/security/cve/CVE-2018-14526.html https://bugzilla.suse.com/1080798 https://bugzilla.suse.com/1098854 https://bugzilla.suse.com/1099835 https://bugzilla.suse.com/1104205 https://bugzilla.suse.com/1109209 https://bugzilla.suse.com/1111873 From sle-security-updates at lists.suse.com Fri Oct 26 10:13:08 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Oct 2018 18:13:08 +0200 (CEST) Subject: SUSE-SU-2018:3487-1: moderate: Security update for kdelibs3 Message-ID: <20181026161308.6F63AFCA4@maintenance.suse.de> SUSE Security Update: Security update for kdelibs3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3487-1 Rating: moderate References: #958347 Cross-References: CVE-2015-7543 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kdelibs3 fixes the following issues: - CVE-2015-7543: Insecure creation of temporary directories allowed local users to hijack the IPC by pre-creating the temporary directory (bsc#958347). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kdelibs3-13846=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kdelibs3-13846=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kdelibs3-13846=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): kdelibs3-arts-3.5.10-23.30.5.1 kdelibs3-devel-3.5.10-23.30.5.1 kdelibs3-doc-3.5.10-23.30.5.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): kdelibs3-arts-32bit-3.5.10-23.30.5.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): kdelibs3-32bit-3.5.10-23.30.5.1 kdelibs3-default-style-32bit-3.5.10-23.30.5.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): kdelibs3-arts-x86-3.5.10-23.30.5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kdelibs3-3.5.10-23.30.5.1 kdelibs3-default-style-3.5.10-23.30.5.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): kdelibs3-32bit-3.5.10-23.30.5.1 kdelibs3-default-style-32bit-3.5.10-23.30.5.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): kdelibs3-default-style-x86-3.5.10-23.30.5.1 kdelibs3-x86-3.5.10-23.30.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kdelibs3-debuginfo-3.5.10-23.30.5.1 kdelibs3-debugsource-3.5.10-23.30.5.1 References: https://www.suse.com/security/cve/CVE-2015-7543.html https://bugzilla.suse.com/958347 From sle-security-updates at lists.suse.com Fri Oct 26 10:14:51 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Oct 2018 18:14:51 +0200 (CEST) Subject: SUSE-SU-2018:3490-1: important: Security update for xen Message-ID: <20181026161451.EA81DFCA4@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3490-1 Rating: important References: #1027519 #1078292 #1091107 #1094508 #1103275 #1103276 #1103279 #1106263 #1111014 Cross-References: CVE-2018-15468 CVE-2018-15469 CVE-2018-15470 CVE-2018-17963 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has four fixes is now available. Description: This update for xen fixes the following issues: XEN was updated to the Xen 4.9.3 bug fix only release (bsc#1027519) - CVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111014) - CVE-2018-15470: oxenstored might not have enforced the configured quota-maxentity. This allowed a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS. (XSA-272) (bsc#1103279) - CVE-2018-15469: ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash). (XSA-268) (bsc#1103275) Note that SUSE does not ship ARM Xen, so we are not affected. - CVE-2018-15468: The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service. (XSA-269) (bsc#1103276) - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. (XSA-273) (bsc#1091107) Non security issues fixed: - The affinity reporting via 'xl vcpu-list' was broken (bsc#1106263) - Kernel oops in fs/dcache.c called by d_materialise_unique() (bsc#1094508) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2492=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2492=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2492=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 x86_64): xen-debugsource-4.9.3_03-3.44.2 xen-devel-4.9.3_03-3.44.2 - SUSE Linux Enterprise Server 12-SP3 (x86_64): xen-4.9.3_03-3.44.2 xen-debugsource-4.9.3_03-3.44.2 xen-doc-html-4.9.3_03-3.44.2 xen-libs-32bit-4.9.3_03-3.44.2 xen-libs-4.9.3_03-3.44.2 xen-libs-debuginfo-32bit-4.9.3_03-3.44.2 xen-libs-debuginfo-4.9.3_03-3.44.2 xen-tools-4.9.3_03-3.44.2 xen-tools-debuginfo-4.9.3_03-3.44.2 xen-tools-domU-4.9.3_03-3.44.2 xen-tools-domU-debuginfo-4.9.3_03-3.44.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): xen-4.9.3_03-3.44.2 xen-debugsource-4.9.3_03-3.44.2 xen-libs-32bit-4.9.3_03-3.44.2 xen-libs-4.9.3_03-3.44.2 xen-libs-debuginfo-32bit-4.9.3_03-3.44.2 xen-libs-debuginfo-4.9.3_03-3.44.2 - SUSE CaaS Platform ALL (x86_64): xen-debugsource-4.9.3_03-3.44.2 xen-libs-4.9.3_03-3.44.2 xen-libs-debuginfo-4.9.3_03-3.44.2 xen-tools-domU-4.9.3_03-3.44.2 xen-tools-domU-debuginfo-4.9.3_03-3.44.2 - SUSE CaaS Platform 3.0 (x86_64): xen-debugsource-4.9.3_03-3.44.2 xen-libs-4.9.3_03-3.44.2 xen-libs-debuginfo-4.9.3_03-3.44.2 xen-tools-domU-4.9.3_03-3.44.2 xen-tools-domU-debuginfo-4.9.3_03-3.44.2 References: https://www.suse.com/security/cve/CVE-2018-15468.html https://www.suse.com/security/cve/CVE-2018-15469.html https://www.suse.com/security/cve/CVE-2018-15470.html https://www.suse.com/security/cve/CVE-2018-17963.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1078292 https://bugzilla.suse.com/1091107 https://bugzilla.suse.com/1094508 https://bugzilla.suse.com/1103275 https://bugzilla.suse.com/1103276 https://bugzilla.suse.com/1103279 https://bugzilla.suse.com/1106263 https://bugzilla.suse.com/1111014 From sle-security-updates at lists.suse.com Fri Oct 26 13:10:38 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Oct 2018 21:10:38 +0200 (CEST) Subject: SUSE-SU-2018:3498-1: moderate: Security update for lcms2 Message-ID: <20181026191038.BD6C2FCA4@maintenance.suse.de> SUSE Security Update: Security update for lcms2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3498-1 Rating: moderate References: #1108813 Cross-References: CVE-2018-16435 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for lcms2 fixes the following issues: - CVE-2018-16435: A integer overflow was fixed in the AllocateDataSet function in cmscgats.c, that could lead to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. (bsc#1108813) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2504=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): lcms2-debuginfo-2.9-3.3.1 lcms2-debugsource-2.9-3.3.1 liblcms2-2-2.9-3.3.1 liblcms2-2-debuginfo-2.9-3.3.1 liblcms2-devel-2.9-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-16435.html https://bugzilla.suse.com/1108813 From sle-security-updates at lists.suse.com Fri Oct 26 16:11:01 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 27 Oct 2018 00:11:01 +0200 (CEST) Subject: SUSE-SU-2018:3170-2: moderate: Security update for binutils Message-ID: <20181026221101.9D149FCA4@maintenance.suse.de> SUSE Security Update: Security update for binutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3170-2 Rating: moderate References: #1065643 #1065689 #1065693 #1068640 #1068643 #1068887 #1068888 #1068950 #1069176 #1069202 #1075418 #1077745 #1079103 #1079741 #1080556 #1081527 #1083528 #1083532 #1085784 #1086608 #1086784 #1086786 #1086788 #1090997 #1091015 #1091365 #1091368 Cross-References: CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that solves 25 vulnerabilities and has two fixes is now available. Description: This update for binutils to version 2.31 fixes the following issues: These security issues were fixed: - CVE-2017-15996: readelf allowed remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggered a buffer overflow on fuzzed archive header (bsc#1065643) - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd) mishandled NULL files in a .debug_line file table, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename (bsc#1065689) - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd) miscalculated DW_FORM_ref_addr die refs in the case of a relocatable object file, which allowed remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash) (bsc#1065693) - CVE-2017-16826: The coff_slurp_line_table function the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068640) - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate size and offset values in the data dictionary, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068643) - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did not validate the symbol count, which allowed remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file (bsc#1068887) - CVE-2017-16830: The print_gnu_property_note function did not have integer-overflow protection on 32-bit platforms, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068888) - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary File Descriptor (BFD) library (aka libbfd) did not prevent negative pointers, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068950) - CVE-2017-16828: The display_debug_frames function allowed remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069176) - CVE-2017-16827: The aout_get_external_symbols function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069202) - CVE-2018-6323: The elf_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) had an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1077745) - CVE-2018-6543: Prevent integer overflow in the function load_specific_debug_section() which resulted in `malloc()` with 0 size. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1079103) - CVE-2018-6759: The bfd_get_debug_link_info_1 function in the Binary File Descriptor (BFD) library (aka libbfd) had an unchecked strnlen operation. Remote attackers could have leveraged this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file (bsc#1079741) - CVE-2018-6872: The elf_parse_notes function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment (bsc#1080556) - CVE-2018-7208: In the coff_pointerize_aux function in the Binary File Descriptor (BFD) library (aka libbfd) an index was not validated, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object (bsc#1081527) - CVE-2018-7570: The assign_file_positions_for_non_load_sections function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy (bsc#1083528) - CVE-2018-7569: The Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm (bsc#1083532) - CVE-2018-8945: The bfd_section_from_shdr function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (segmentation fault) via a large attribute section (bsc#1086608) - CVE-2018-7643: The display_debug_ranges function allowed remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump (bsc#1086784) - CVE-2018-7642: The swap_std_reloc_in function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy (bsc#1086786) - CVE-2018-7568: The parse_die function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm (bsc#1086788) - CVE-2018-10373: concat_filename in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new (bsc#1090997) - CVE-2018-10372: process_cu_tu_index allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf (bsc#1091015) - CVE-2018-10535: The ignore_section_sym function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy (bsc#1091365) - CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in the Binary File Descriptor (BFD) library (aka libbfd) processesed a negative Data Directory size with an unbounded loop that increased the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeded its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c (bsc#1091368) These non-security issues were fixed: - The AArch64 port now supports showing disassembly notes which are emitted when inconsistencies are found with the instruction that may result in the instruction being invalid. These can be turned on with the option -M notes to objdump. - The AArch64 port now emits warnings when a combination of an instruction and a named register could be invalid. - Added O modifier to ar to display member offsets inside an archive - The ADR and ADRL pseudo-instructions supported by the ARM assembler now only set the bottom bit of the address of thumb function symbols if the -mthumb-interwork command line option is active. - Add --generate-missing-build-notes=[yes|no] option to create (or not) GNU Build Attribute notes if none are present in the input sources. Add a --enable-generate-build-notes=[yes|no] configure time option to set the default behaviour. Set the default if the configure option is not used to "no". - Remove -mold-gcc command-line option for x86 targets. - Add -O[2|s] command-line options to x86 assembler to enable alternate shorter instruction encoding. - Add support for .nops directive. It is currently supported only for x86 targets. - Speed up direct linking with DLLs for Cygwin and Mingw targets. - Add a configure option --enable-separate-code to decide whether -z separate-code should be enabled in ELF linker by default. Default to yes for Linux/x86 targets. Note that -z separate-code can increase disk and memory size. - RISC-V: Fix symbol address problem with versioned symbols - Restore riscv64-elf cross prefix via symlinks - Fix pacemaker libqb problem with section start/stop symbols - RISC-V: Don't enable relaxation in relocatable link - Prevent linking faiures on i386 with assertion (bsc#1085784) - Fix symbol size bug when relaxation deletes bytes - Add --debug-dump=links option to readelf and --dwarf=links option to objdump which displays the contents of any .gnu_debuglink or .gnu_debugaltlink sections. Add a --debug-dump=follow-links option to readelf and a --dwarf=follow-links option to objdump which causes indirect links into separate debug info files to be followed when dumping other DWARF sections. - Add support for loaction views in DWARF debug line information. - Add -z separate-code to generate separate code PT_LOAD segment. - Add "-z undefs" command line option as the inverse of the "-z defs" option. - Add -z globalaudit command line option to force audit libraries to be run for every dynamic object loaded by an executable - provided that the loader supports this functionality. - Tighten linker script grammar around file name specifiers to prevent the use of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These would previously be accepted but had no effect. - The EXCLUDE_FILE directive can now be placed within any SORT_* directive within input section lists. - Fix linker relaxation with --wrap Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2265=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.31-6.3.1 binutils-debugsource-2.31-6.3.1 binutils-gold-2.31-6.3.1 binutils-gold-debuginfo-2.31-6.3.1 cross-arm-binutils-2.31-6.3.1 cross-arm-binutils-debuginfo-2.31-6.3.1 cross-arm-binutils-debugsource-2.31-6.3.1 cross-avr-binutils-2.31-6.3.1 cross-avr-binutils-debuginfo-2.31-6.3.1 cross-avr-binutils-debugsource-2.31-6.3.1 cross-epiphany-binutils-2.31-6.3.1 cross-epiphany-binutils-debuginfo-2.31-6.3.1 cross-epiphany-binutils-debugsource-2.31-6.3.1 cross-hppa-binutils-2.31-6.3.1 cross-hppa-binutils-debuginfo-2.31-6.3.1 cross-hppa-binutils-debugsource-2.31-6.3.1 cross-hppa64-binutils-2.31-6.3.1 cross-hppa64-binutils-debuginfo-2.31-6.3.1 cross-hppa64-binutils-debugsource-2.31-6.3.1 cross-i386-binutils-2.31-6.3.1 cross-i386-binutils-debuginfo-2.31-6.3.1 cross-i386-binutils-debugsource-2.31-6.3.1 cross-ia64-binutils-2.31-6.3.1 cross-ia64-binutils-debuginfo-2.31-6.3.1 cross-ia64-binutils-debugsource-2.31-6.3.1 cross-m68k-binutils-2.31-6.3.1 cross-m68k-binutils-debuginfo-2.31-6.3.1 cross-m68k-binutils-debugsource-2.31-6.3.1 cross-mips-binutils-2.31-6.3.1 cross-mips-binutils-debuginfo-2.31-6.3.1 cross-mips-binutils-debugsource-2.31-6.3.1 cross-ppc-binutils-2.31-6.3.1 cross-ppc-binutils-debuginfo-2.31-6.3.1 cross-ppc-binutils-debugsource-2.31-6.3.1 cross-ppc64-binutils-2.31-6.3.1 cross-ppc64-binutils-debuginfo-2.31-6.3.1 cross-ppc64-binutils-debugsource-2.31-6.3.1 cross-riscv64-binutils-2.31-6.3.1 cross-riscv64-binutils-debuginfo-2.31-6.3.1 cross-riscv64-binutils-debugsource-2.31-6.3.1 cross-rx-binutils-2.31-6.3.1 cross-rx-binutils-debuginfo-2.31-6.3.1 cross-rx-binutils-debugsource-2.31-6.3.1 cross-s390-binutils-2.31-6.3.1 cross-s390-binutils-debuginfo-2.31-6.3.1 cross-s390-binutils-debugsource-2.31-6.3.1 cross-sparc-binutils-2.31-6.3.1 cross-sparc-binutils-debuginfo-2.31-6.3.1 cross-sparc-binutils-debugsource-2.31-6.3.1 cross-sparc64-binutils-2.31-6.3.1 cross-sparc64-binutils-debuginfo-2.31-6.3.1 cross-sparc64-binutils-debugsource-2.31-6.3.1 cross-spu-binutils-2.31-6.3.1 cross-spu-binutils-debuginfo-2.31-6.3.1 cross-spu-binutils-debugsource-2.31-6.3.1 References: https://www.suse.com/security/cve/CVE-2017-15938.html https://www.suse.com/security/cve/CVE-2017-15939.html https://www.suse.com/security/cve/CVE-2017-15996.html https://www.suse.com/security/cve/CVE-2017-16826.html https://www.suse.com/security/cve/CVE-2017-16827.html https://www.suse.com/security/cve/CVE-2017-16828.html https://www.suse.com/security/cve/CVE-2017-16829.html https://www.suse.com/security/cve/CVE-2017-16830.html https://www.suse.com/security/cve/CVE-2017-16831.html https://www.suse.com/security/cve/CVE-2017-16832.html https://www.suse.com/security/cve/CVE-2018-10372.html https://www.suse.com/security/cve/CVE-2018-10373.html https://www.suse.com/security/cve/CVE-2018-10534.html https://www.suse.com/security/cve/CVE-2018-10535.html https://www.suse.com/security/cve/CVE-2018-6323.html https://www.suse.com/security/cve/CVE-2018-6543.html https://www.suse.com/security/cve/CVE-2018-6759.html https://www.suse.com/security/cve/CVE-2018-6872.html https://www.suse.com/security/cve/CVE-2018-7208.html https://www.suse.com/security/cve/CVE-2018-7568.html https://www.suse.com/security/cve/CVE-2018-7569.html https://www.suse.com/security/cve/CVE-2018-7570.html https://www.suse.com/security/cve/CVE-2018-7642.html https://www.suse.com/security/cve/CVE-2018-7643.html https://www.suse.com/security/cve/CVE-2018-8945.html https://bugzilla.suse.com/1065643 https://bugzilla.suse.com/1065689 https://bugzilla.suse.com/1065693 https://bugzilla.suse.com/1068640 https://bugzilla.suse.com/1068643 https://bugzilla.suse.com/1068887 https://bugzilla.suse.com/1068888 https://bugzilla.suse.com/1068950 https://bugzilla.suse.com/1069176 https://bugzilla.suse.com/1069202 https://bugzilla.suse.com/1075418 https://bugzilla.suse.com/1077745 https://bugzilla.suse.com/1079103 https://bugzilla.suse.com/1079741 https://bugzilla.suse.com/1080556 https://bugzilla.suse.com/1081527 https://bugzilla.suse.com/1083528 https://bugzilla.suse.com/1083532 https://bugzilla.suse.com/1085784 https://bugzilla.suse.com/1086608 https://bugzilla.suse.com/1086784 https://bugzilla.suse.com/1086786 https://bugzilla.suse.com/1086788 https://bugzilla.suse.com/1090997 https://bugzilla.suse.com/1091015 https://bugzilla.suse.com/1091365 https://bugzilla.suse.com/1091368 From sle-security-updates at lists.suse.com Fri Oct 26 16:16:28 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 27 Oct 2018 00:16:28 +0200 (CEST) Subject: SUSE-SU-2018:3506-1: moderate: Security update for audiofile Message-ID: <20181026221628.F0201FCA4@maintenance.suse.de> SUSE Security Update: Security update for audiofile ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3506-1 Rating: moderate References: #1111586 Cross-References: CVE-2018-17095 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for audiofile fixes the following issues: - CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2505=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): audiofile-debuginfo-0.3.6-3.3.1 audiofile-debugsource-0.3.6-3.3.1 audiofile-devel-0.3.6-3.3.1 libaudiofile1-0.3.6-3.3.1 libaudiofile1-debuginfo-0.3.6-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-17095.html https://bugzilla.suse.com/1111586 From sle-security-updates at lists.suse.com Mon Oct 29 05:08:28 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Oct 2018 12:08:28 +0100 (CET) Subject: SUSE-SU-2018:3540-1: important: Security update for openssh Message-ID: <20181029110828.6BBD1FCBE@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3540-1 Rating: important References: #1016370 #1065000 #1076957 #1105010 #1105180 #1106163 #1106726 Cross-References: CVE-2016-10012 CVE-2016-10708 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This update for openssh fixes the following issues: Security issues fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability. (bsc#1106163) - CVE-2017-15906: The process_open function in sftp-server.c in OpenSSH did not properly prevent write operations in readonly mode, which allowed attackers to create zero-length files. (bsc#1065000, bsc#1106726) - CVE-2016-10708: sshd allowed remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. (bsc#1076957) - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) - CVE-2016-10012: Removed pre-auth compression support from the server to prevent possible cryptographic attacks. (bsc#1016370) Bugs fixed: - Fixed failing "AuthorizedKeysCommand" within a "Match User" block in sshd_config (bsc#1105180) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-openssh-13848=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssh-13848=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssh-13848=1 Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): openssh-6.2p2-0.41.5.1 openssh-askpass-6.2p2-0.41.5.1 openssh-askpass-gnome-6.2p2-0.41.5.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): openssh-6.2p2-0.41.5.1 openssh-askpass-6.2p2-0.41.5.1 openssh-askpass-gnome-6.2p2-0.41.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssh-askpass-gnome-debuginfo-6.2p2-0.41.5.1 openssh-debuginfo-6.2p2-0.41.5.1 openssh-debugsource-6.2p2-0.41.5.1 References: https://www.suse.com/security/cve/CVE-2016-10012.html https://www.suse.com/security/cve/CVE-2016-10708.html https://www.suse.com/security/cve/CVE-2017-15906.html https://www.suse.com/security/cve/CVE-2018-15473.html https://www.suse.com/security/cve/CVE-2018-15919.html https://bugzilla.suse.com/1016370 https://bugzilla.suse.com/1065000 https://bugzilla.suse.com/1076957 https://bugzilla.suse.com/1105010 https://bugzilla.suse.com/1105180 https://bugzilla.suse.com/1106163 https://bugzilla.suse.com/1106726 From sle-security-updates at lists.suse.com Mon Oct 29 05:11:25 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Oct 2018 12:11:25 +0100 (CET) Subject: SUSE-SU-2018:3542-1: important: Security update for mysql Message-ID: <20181029111125.ABEDAFFD6@maintenance.suse.de> SUSE Security Update: Security update for mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3542-1 Rating: important References: #1013882 #1112368 #1112369 #1112432 Cross-References: CVE-2016-9843 CVE-2018-3133 CVE-2018-3174 CVE-2018-3282 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: MySQL server was updated to version 5.5.62, fixing bugs and security issues. Changes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-62.html Following security issues were fixed: - CVE-2016-9843: The crc32_big function in zlib might have allowed context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. (bsc#1013882) Please note that SUSE uses the system zlib, not the embedded copy. - CVE-2018-3133: Authenticated low privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112369) - CVE-2018-3174: Authenticated high privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112368) - CVE-2018-3282: Authenticated high privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112432) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-13849=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-13849=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-mysql-13849=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mysql-13849=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mysql-13849=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mysql-13849=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.62-0.39.18.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysql55client_r18-x86-5.5.62-0.39.18.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.62-0.39.18.1 libmysql55client_r18-5.5.62-0.39.18.1 mysql-5.5.62-0.39.18.1 mysql-client-5.5.62-0.39.18.1 mysql-tools-5.5.62-0.39.18.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.62-0.39.18.1 libmysql55client_r18-32bit-5.5.62-0.39.18.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysql55client18-x86-5.5.62-0.39.18.1 libmysql55client_r18-x86-5.5.62-0.39.18.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libmysql55client18-5.5.62-0.39.18.1 libmysql55client_r18-5.5.62-0.39.18.1 mysql-5.5.62-0.39.18.1 mysql-client-5.5.62-0.39.18.1 mysql-tools-5.5.62-0.39.18.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libmysql55client18-32bit-5.5.62-0.39.18.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libmysql55client18-5.5.62-0.39.18.1 libmysql55client_r18-5.5.62-0.39.18.1 mysql-5.5.62-0.39.18.1 mysql-client-5.5.62-0.39.18.1 mysql-tools-5.5.62-0.39.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.62-0.39.18.1 mysql-debugsource-5.5.62-0.39.18.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): mysql-debuginfo-5.5.62-0.39.18.1 mysql-debugsource-5.5.62-0.39.18.1 References: https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2018-3133.html https://www.suse.com/security/cve/CVE-2018-3174.html https://www.suse.com/security/cve/CVE-2018-3282.html https://bugzilla.suse.com/1013882 https://bugzilla.suse.com/1112368 https://bugzilla.suse.com/1112369 https://bugzilla.suse.com/1112432 From sle-security-updates at lists.suse.com Mon Oct 29 08:08:57 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Oct 2018 15:08:57 +0100 (CET) Subject: SUSE-SU-2018:3545-1: moderate: Security update for lcms2 Message-ID: <20181029140857.A284FFCBE@maintenance.suse.de> SUSE Security Update: Security update for lcms2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3545-1 Rating: moderate References: #1021364 #1026649 #1026650 #1108813 Cross-References: CVE-2016-10165 CVE-2018-16435 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for lcms2 fixes the following security issues: - CVE-2016-10165: The Type_MLU_Read function allowed remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggered an out-of-bounds heap read (bsc#1021364). - CVE-2018-16435: A integer overflow was fixed in the AllocateDataSet function in cmscgats.c, that could lead to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. (bsc#1108813) - Ensure that LUT stages match channel count (bsc#1026649). - sanitize input and output channels on MPE profiles (bsc#1026650). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2512=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2512=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2512=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): lcms2-debuginfo-2.7-9.7.1 lcms2-debugsource-2.7-9.7.1 liblcms2-devel-2.7-9.7.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): lcms2-2.7-9.7.1 lcms2-debuginfo-2.7-9.7.1 lcms2-debugsource-2.7-9.7.1 liblcms2-2-2.7-9.7.1 liblcms2-2-debuginfo-2.7-9.7.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): liblcms2-2-32bit-2.7-9.7.1 liblcms2-2-debuginfo-32bit-2.7-9.7.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): lcms2-2.7-9.7.1 lcms2-debuginfo-2.7-9.7.1 lcms2-debugsource-2.7-9.7.1 liblcms2-2-2.7-9.7.1 liblcms2-2-32bit-2.7-9.7.1 liblcms2-2-debuginfo-2.7-9.7.1 liblcms2-2-debuginfo-32bit-2.7-9.7.1 References: https://www.suse.com/security/cve/CVE-2016-10165.html https://www.suse.com/security/cve/CVE-2018-16435.html https://bugzilla.suse.com/1021364 https://bugzilla.suse.com/1026649 https://bugzilla.suse.com/1026650 https://bugzilla.suse.com/1108813 From sle-security-updates at lists.suse.com Mon Oct 29 14:08:13 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Oct 2018 21:08:13 +0100 (CET) Subject: SUSE-SU-2018:3549-1: moderate: Security update for python-Django Message-ID: <20181029200813.5AD14FCB3@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3549-1 Rating: moderate References: #1102680 Cross-References: CVE-2018-14574 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Django fixes the following issues: - CVE-2018-14574: Prevent open redirect in django.middleware.common.CommonMiddleware (bsc#1102680) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-2518=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-2518=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-2518=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-Django-1.11.11-3.3.1 - SUSE OpenStack Cloud 8 (noarch): python-Django-1.11.11-3.3.1 - HPE Helion Openstack 8 (noarch): python-Django-1.11.11-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-14574.html https://bugzilla.suse.com/1102680 From sle-security-updates at lists.suse.com Mon Oct 29 14:13:02 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Oct 2018 21:13:02 +0100 (CET) Subject: SUSE-SU-2018:3553-1: moderate: Security update for python-cryptography Message-ID: <20181029201302.62E7CFCB3@maintenance.suse.de> SUSE Security Update: Security update for python-cryptography ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3553-1 Rating: moderate References: #1101820 Cross-References: CVE-2018-10903 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-cryptography fixes the following issues: - CVE-2018-10903: The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries could have caused key leakage (bsc#1101820) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-2517=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-2517=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-2517=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): python-cryptography-2.0.3-3.3.1 python-cryptography-debuginfo-2.0.3-3.3.1 python-cryptography-debugsource-2.0.3-3.3.1 - SUSE OpenStack Cloud 8 (x86_64): python-cryptography-2.0.3-3.3.1 python-cryptography-debuginfo-2.0.3-3.3.1 python-cryptography-debugsource-2.0.3-3.3.1 - HPE Helion Openstack 8 (x86_64): python-cryptography-2.0.3-3.3.1 python-cryptography-debuginfo-2.0.3-3.3.1 python-cryptography-debugsource-2.0.3-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-10903.html https://bugzilla.suse.com/1101820 From sle-security-updates at lists.suse.com Mon Oct 29 14:13:38 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Oct 2018 21:13:38 +0100 (CET) Subject: SUSE-SU-2018:3554-1: moderate: Security update for python, python-base Message-ID: <20181029201338.D7074FCB3@maintenance.suse.de> SUSE Security Update: Security update for python, python-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3554-1 Rating: moderate References: #1086001 #1088004 #1088009 #1109663 Cross-References: CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for python, python-base fixes the following issues: Security issues fixed: - CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663). - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). Bug fixes: - bsc#1086001: python tarfile uses random order. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2520=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2520=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2520=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2520=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-2520=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2520=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): python-base-debuginfo-2.7.13-28.16.1 python-base-debugsource-2.7.13-28.16.1 python-devel-2.7.13-28.16.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.13-28.16.1 python-base-debugsource-2.7.13-28.16.1 python-devel-2.7.13-28.16.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.16.1 libpython2_7-1_0-debuginfo-2.7.13-28.16.1 python-2.7.13-28.16.1 python-base-2.7.13-28.16.1 python-base-debuginfo-2.7.13-28.16.1 python-base-debugsource-2.7.13-28.16.1 python-curses-2.7.13-28.16.1 python-curses-debuginfo-2.7.13-28.16.1 python-debuginfo-2.7.13-28.16.1 python-debugsource-2.7.13-28.16.1 python-demo-2.7.13-28.16.1 python-gdbm-2.7.13-28.16.1 python-gdbm-debuginfo-2.7.13-28.16.1 python-idle-2.7.13-28.16.1 python-tk-2.7.13-28.16.1 python-tk-debuginfo-2.7.13-28.16.1 python-xml-2.7.13-28.16.1 python-xml-debuginfo-2.7.13-28.16.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.16.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.16.1 python-32bit-2.7.13-28.16.1 python-base-32bit-2.7.13-28.16.1 python-base-debuginfo-32bit-2.7.13-28.16.1 python-debuginfo-32bit-2.7.13-28.16.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): python-doc-2.7.13-28.16.1 python-doc-pdf-2.7.13-28.16.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpython2_7-1_0-2.7.13-28.16.1 libpython2_7-1_0-32bit-2.7.13-28.16.1 libpython2_7-1_0-debuginfo-2.7.13-28.16.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.16.1 python-2.7.13-28.16.1 python-base-2.7.13-28.16.1 python-base-debuginfo-2.7.13-28.16.1 python-base-debuginfo-32bit-2.7.13-28.16.1 python-base-debugsource-2.7.13-28.16.1 python-curses-2.7.13-28.16.1 python-curses-debuginfo-2.7.13-28.16.1 python-debuginfo-2.7.13-28.16.1 python-debugsource-2.7.13-28.16.1 python-devel-2.7.13-28.16.1 python-tk-2.7.13-28.16.1 python-tk-debuginfo-2.7.13-28.16.1 python-xml-2.7.13-28.16.1 python-xml-debuginfo-2.7.13-28.16.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): python-debuginfo-2.7.13-28.16.1 python-debugsource-2.7.13-28.16.1 python-strict-tls-check-2.7.13-28.16.1 - SUSE CaaS Platform ALL (x86_64): libpython2_7-1_0-2.7.13-28.16.1 libpython2_7-1_0-debuginfo-2.7.13-28.16.1 python-2.7.13-28.16.1 python-base-2.7.13-28.16.1 python-base-debuginfo-2.7.13-28.16.1 python-base-debugsource-2.7.13-28.16.1 python-debuginfo-2.7.13-28.16.1 python-debugsource-2.7.13-28.16.1 python-xml-2.7.13-28.16.1 python-xml-debuginfo-2.7.13-28.16.1 - SUSE CaaS Platform 3.0 (x86_64): libpython2_7-1_0-2.7.13-28.16.1 libpython2_7-1_0-debuginfo-2.7.13-28.16.1 python-2.7.13-28.16.1 python-base-2.7.13-28.16.1 python-base-debuginfo-2.7.13-28.16.1 python-base-debugsource-2.7.13-28.16.1 python-debuginfo-2.7.13-28.16.1 python-debugsource-2.7.13-28.16.1 python-xml-2.7.13-28.16.1 python-xml-debuginfo-2.7.13-28.16.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libpython2_7-1_0-2.7.13-28.16.1 libpython2_7-1_0-debuginfo-2.7.13-28.16.1 python-2.7.13-28.16.1 python-base-2.7.13-28.16.1 python-base-debuginfo-2.7.13-28.16.1 python-base-debugsource-2.7.13-28.16.1 python-debuginfo-2.7.13-28.16.1 python-debugsource-2.7.13-28.16.1 python-xml-2.7.13-28.16.1 python-xml-debuginfo-2.7.13-28.16.1 References: https://www.suse.com/security/cve/CVE-2018-1000802.html https://www.suse.com/security/cve/CVE-2018-1060.html https://www.suse.com/security/cve/CVE-2018-1061.html https://bugzilla.suse.com/1086001 https://bugzilla.suse.com/1088004 https://bugzilla.suse.com/1088009 https://bugzilla.suse.com/1109663 From sle-security-updates at lists.suse.com Mon Oct 29 14:14:49 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Oct 2018 21:14:49 +0100 (CET) Subject: SUSE-SU-2018:3555-1: moderate: Security update for qemu Message-ID: <20181029201449.A9519FCB3@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3555-1 Rating: moderate References: #1092885 #1094725 #1096223 #1098735 Cross-References: CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for qemu fixes the following issues: These security issues were fixed: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735). - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223). With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). This feature was added: - Add support for block resize support for disks through the monitor (bsc#1094725). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2519=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2519=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): qemu-2.9.1-6.19.11 qemu-block-curl-2.9.1-6.19.11 qemu-block-curl-debuginfo-2.9.1-6.19.11 qemu-block-iscsi-2.9.1-6.19.11 qemu-block-iscsi-debuginfo-2.9.1-6.19.11 qemu-block-ssh-2.9.1-6.19.11 qemu-block-ssh-debuginfo-2.9.1-6.19.11 qemu-debugsource-2.9.1-6.19.11 qemu-guest-agent-2.9.1-6.19.11 qemu-guest-agent-debuginfo-2.9.1-6.19.11 qemu-lang-2.9.1-6.19.11 qemu-tools-2.9.1-6.19.11 qemu-tools-debuginfo-2.9.1-6.19.11 - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): qemu-block-rbd-2.9.1-6.19.11 qemu-block-rbd-debuginfo-2.9.1-6.19.11 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): qemu-kvm-2.9.1-6.19.11 - SUSE Linux Enterprise Server 12-SP3 (aarch64): qemu-arm-2.9.1-6.19.11 qemu-arm-debuginfo-2.9.1-6.19.11 - SUSE Linux Enterprise Server 12-SP3 (ppc64le): qemu-ppc-2.9.1-6.19.11 qemu-ppc-debuginfo-2.9.1-6.19.11 - SUSE Linux Enterprise Server 12-SP3 (noarch): qemu-ipxe-1.0.0-6.19.11 qemu-seabios-1.10.2-6.19.11 qemu-sgabios-8-6.19.11 qemu-vgabios-1.10.2-6.19.11 - SUSE Linux Enterprise Server 12-SP3 (x86_64): qemu-x86-2.9.1-6.19.11 qemu-x86-debuginfo-2.9.1-6.19.11 - SUSE Linux Enterprise Server 12-SP3 (s390x): qemu-s390-2.9.1-6.19.11 qemu-s390-debuginfo-2.9.1-6.19.11 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): qemu-ipxe-1.0.0-6.19.11 qemu-seabios-1.10.2-6.19.11 qemu-sgabios-8-6.19.11 qemu-vgabios-1.10.2-6.19.11 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): qemu-2.9.1-6.19.11 qemu-block-curl-2.9.1-6.19.11 qemu-block-curl-debuginfo-2.9.1-6.19.11 qemu-debugsource-2.9.1-6.19.11 qemu-kvm-2.9.1-6.19.11 qemu-tools-2.9.1-6.19.11 qemu-tools-debuginfo-2.9.1-6.19.11 qemu-x86-2.9.1-6.19.11 - SUSE CaaS Platform ALL (x86_64): qemu-debugsource-2.9.1-6.19.11 qemu-guest-agent-2.9.1-6.19.11 qemu-guest-agent-debuginfo-2.9.1-6.19.11 - SUSE CaaS Platform 3.0 (x86_64): qemu-debugsource-2.9.1-6.19.11 qemu-guest-agent-2.9.1-6.19.11 qemu-guest-agent-debuginfo-2.9.1-6.19.11 References: https://www.suse.com/security/cve/CVE-2018-11806.html https://www.suse.com/security/cve/CVE-2018-12617.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1092885 https://bugzilla.suse.com/1094725 https://bugzilla.suse.com/1096223 https://bugzilla.suse.com/1098735 From sle-security-updates at lists.suse.com Tue Oct 30 05:08:34 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Oct 2018 12:08:34 +0100 (CET) Subject: SUSE-SU-2018:3556-1: important: Test-update for SLE-12-SP4 (security) Message-ID: <20181030110834.36034FFD7@maintenance.suse.de> SUSE Security Update: Test-update for SLE-12-SP4 (security) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3556-1 Rating: important References: #1103062 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This is a security test-update for SLE-12-SP4. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-1725=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-1725=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): update-test-security-5-8.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): update-test-security-5-8.7.1 References: https://bugzilla.suse.com/1103062 From sle-security-updates at lists.suse.com Tue Oct 30 05:14:10 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Oct 2018 12:14:10 +0100 (CET) Subject: SUSE-SU-2018:3563-1: important: Security update for ardana-monasca, ardana-spark, kafka, kafka-kit, openstack-monasca-api Message-ID: <20181030111410.B7D0DFCB3@maintenance.suse.de> SUSE Security Update: Security update for ardana-monasca, ardana-spark, kafka, kafka-kit, openstack-monasca-api ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3563-1 Rating: important References: #1094851 #1094971 #1102662 #1102920 Cross-References: CVE-2018-1288 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for ardana-monasca, ardana-spark, kafka, kafka-kit, openstack-monasca-api fixes the following issues: This update for ardana-monasca to version 8.0+git.1535031421.9262a47 fixes these issues: - Requests Apache to reload on change (bsc#1102662) - Avoids managing non-Monasca users (bsc#1102662) - Line up perms on storm.conf to match rpm (bsc#1094971) This update for ardana-spark to version 8.0+git.1532114050.04654a8 fixes this issue: - Only set log dir perms on legacy install (bsc#1094851) This update for kafka to version 0.10.2.2 fixes this security issue: - CVE-2018-1288: Authenticated Kafka users may have performed action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss (bsc#1102920). This update for kafka to version 0.10.2.2 fixes these non-security issues: - set internal.leave.group.on.close to false in KafkaStreams - Improve message for Kafka failed startup with non-Kafka data in data.dirs - add max_number _of_retries to exponential backoff strategy - Mute logger for reflections.org at the warn level in system tests - Kafka connect: error with special characters in connector name - streams task gets stuck after re-balance due to LockException - CachingSessionStore doesn't use the default keySerde. - RocksDBSessionStore doesn't use default aggSerde. - Recommended values for Connect transformations contain the wrong class name - Kafka broker fails to start if a topic containing dot in its name is marked for delete but hasn't been deleted during previous uptime - GlobalKTable does not checkpoint offsets after restoring state - Log cleaning can increase message size and cause cleaner to crash with buffer overflow - Some socket connections not closed after restart of Kafka Streams - Distributed Herder Deadlocks on Shutdown - Log cleaner fails due to large offset in segment file - StreamsKafkaClient should not use StreamsConfig.POLL_MS_CONFIG - Refactor kafkatest docker support - ducktape kafka service: do not assume Service contains num_nodes - Using _DUCKTAPE_OPTIONS has no effect on executing tests - Connect WorkerSinkTask out of order offset commit can lead to inconsistent state - RocksDB segments not removed when store is closed causes re-initialization to fail - FetchMetadata creates unneeded Strings on instantiation - SourceTask#stop() not called after exception raised in poll() - Sink connectors that explicitly 'resume' topic partitions can resume a paused task - GlobalStateManagerImpl should not write offsets of in-memory stores in checkpoint file - Source KTable checkpoint is not correct - ConnectSchema#equals() broken for array-typed default values This update for openstack-monasca-api to version 2.2.1~dev24 fixes these issues: - devstack: download storm from archive.apache.org - Backport tempest test robustness improvements - 1724543-fixed kafka partition creation error in devstack installation - Fix:No alarms created if metric name in alarm def. expr. is mix case - Zuul: Remove project name - Run against Pike requirements Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-2523=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-2523=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-2523=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openstack-monasca-api-2.2.1~dev24-3.6.1 python-monasca-api-2.2.1~dev24-3.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): kafka-0.10.2.2-5.6.1 - SUSE OpenStack Cloud 8 (noarch): ardana-monasca-8.0+git.1535031421.9262a47-3.12.1 ardana-spark-8.0+git.1534267176.a5f3a22-3.6.1 openstack-monasca-api-2.2.1~dev24-3.6.1 python-monasca-api-2.2.1~dev24-3.6.1 - SUSE OpenStack Cloud 8 (x86_64): kafka-0.10.2.2-5.6.1 - HPE Helion Openstack 8 (noarch): ardana-monasca-8.0+git.1535031421.9262a47-3.12.1 ardana-spark-8.0+git.1534267176.a5f3a22-3.6.1 openstack-monasca-api-2.2.1~dev24-3.6.1 python-monasca-api-2.2.1~dev24-3.6.1 - HPE Helion Openstack 8 (x86_64): kafka-0.10.2.2-5.6.1 References: https://www.suse.com/security/cve/CVE-2018-1288.html https://bugzilla.suse.com/1094851 https://bugzilla.suse.com/1094971 https://bugzilla.suse.com/1102662 https://bugzilla.suse.com/1102920 From sle-security-updates at lists.suse.com Tue Oct 30 11:08:56 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Oct 2018 18:08:56 +0100 (CET) Subject: SUSE-SU-2018:3571-1: moderate: Security update for libarchive Message-ID: <20181030170856.DD634FFD7@maintenance.suse.de> SUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3571-1 Rating: moderate References: #1059100 #1059134 #1059139 Cross-References: CVE-2017-14501 CVE-2017-14502 CVE-2017-14503 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libarchive fixes the following issues: - CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139) - CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134) - CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2528=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2528=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): bsdtar-3.3.2-3.3.2 bsdtar-debuginfo-3.3.2-3.3.2 libarchive-debugsource-3.3.2-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libarchive-debugsource-3.3.2-3.3.2 libarchive-devel-3.3.2-3.3.2 libarchive13-3.3.2-3.3.2 libarchive13-debuginfo-3.3.2-3.3.2 References: https://www.suse.com/security/cve/CVE-2017-14501.html https://www.suse.com/security/cve/CVE-2017-14502.html https://www.suse.com/security/cve/CVE-2017-14503.html https://bugzilla.suse.com/1059100 https://bugzilla.suse.com/1059134 https://bugzilla.suse.com/1059139 From sle-security-updates at lists.suse.com Tue Oct 30 11:09:44 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Oct 2018 18:09:44 +0100 (CET) Subject: SUSE-SU-2018:3572-1: moderate: Security update for apache2-mod_nss Message-ID: <20181030170944.BFB8CFCB3@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3572-1 Rating: moderate References: #1108771 #863035 #993642 #996282 #998176 #998180 #998183 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for apache2-mod_nss fixes the following issues: Due to the update of mozilla-nss apache2-mod_nss needs to be updated to change to the SQLite certificate database, which is now the default (bsc#1108771). Because of that this update is tagged as security, to reach customers that only install secuirty updates. Other changes contained: - Require minimal NSS version of 3.25 because of SSLv2 changes (bsc#993642) - Add support for SHA384 TLS ciphers (bsc#863035) - Remove deprecated NSSSessionCacheTimeout option from mod_nss.conf.in (bsc#998176) - Change ownership of the gencert generated NSS database so apache can read it (bsc#998180) - Use correct configuration path in mod_nss.conf.in (bsc#996282) - Generate dummy certificates if there aren't any in mod_nss.d (bsc#998183) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2527=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): apache2-mod_nss-1.0.14-10.17.2 apache2-mod_nss-debuginfo-1.0.14-10.17.2 apache2-mod_nss-debugsource-1.0.14-10.17.2 References: https://bugzilla.suse.com/1108771 https://bugzilla.suse.com/863035 https://bugzilla.suse.com/993642 https://bugzilla.suse.com/996282 https://bugzilla.suse.com/998176 https://bugzilla.suse.com/998180 https://bugzilla.suse.com/998183 From sle-security-updates at lists.suse.com Tue Oct 30 14:15:52 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Oct 2018 21:15:52 +0100 (CET) Subject: SUSE-SU-2018:3582-1: important: Security update for apache2 Message-ID: <20181030201552.6E6CBFCB3@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3582-1 Rating: important References: #1109961 Cross-References: CVE-2018-11763 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2541=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2541=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2541=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2541=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2541=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2541=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2541=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): apache2-2.4.23-29.27.2 apache2-debuginfo-2.4.23-29.27.2 apache2-debugsource-2.4.23-29.27.2 apache2-example-pages-2.4.23-29.27.2 apache2-prefork-2.4.23-29.27.2 apache2-prefork-debuginfo-2.4.23-29.27.2 apache2-utils-2.4.23-29.27.2 apache2-utils-debuginfo-2.4.23-29.27.2 apache2-worker-2.4.23-29.27.2 apache2-worker-debuginfo-2.4.23-29.27.2 - SUSE OpenStack Cloud 7 (noarch): apache2-doc-2.4.23-29.27.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.27.2 apache2-debugsource-2.4.23-29.27.2 apache2-devel-2.4.23-29.27.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): apache2-2.4.23-29.27.2 apache2-debuginfo-2.4.23-29.27.2 apache2-debugsource-2.4.23-29.27.2 apache2-example-pages-2.4.23-29.27.2 apache2-prefork-2.4.23-29.27.2 apache2-prefork-debuginfo-2.4.23-29.27.2 apache2-utils-2.4.23-29.27.2 apache2-utils-debuginfo-2.4.23-29.27.2 apache2-worker-2.4.23-29.27.2 apache2-worker-debuginfo-2.4.23-29.27.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): apache2-doc-2.4.23-29.27.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.27.2 apache2-debuginfo-2.4.23-29.27.2 apache2-debugsource-2.4.23-29.27.2 apache2-example-pages-2.4.23-29.27.2 apache2-prefork-2.4.23-29.27.2 apache2-prefork-debuginfo-2.4.23-29.27.2 apache2-utils-2.4.23-29.27.2 apache2-utils-debuginfo-2.4.23-29.27.2 apache2-worker-2.4.23-29.27.2 apache2-worker-debuginfo-2.4.23-29.27.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): apache2-doc-2.4.23-29.27.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): apache2-2.4.23-29.27.2 apache2-debuginfo-2.4.23-29.27.2 apache2-debugsource-2.4.23-29.27.2 apache2-example-pages-2.4.23-29.27.2 apache2-prefork-2.4.23-29.27.2 apache2-prefork-debuginfo-2.4.23-29.27.2 apache2-utils-2.4.23-29.27.2 apache2-utils-debuginfo-2.4.23-29.27.2 apache2-worker-2.4.23-29.27.2 apache2-worker-debuginfo-2.4.23-29.27.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): apache2-doc-2.4.23-29.27.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-2.4.23-29.27.2 apache2-debuginfo-2.4.23-29.27.2 apache2-debugsource-2.4.23-29.27.2 apache2-example-pages-2.4.23-29.27.2 apache2-prefork-2.4.23-29.27.2 apache2-prefork-debuginfo-2.4.23-29.27.2 apache2-utils-2.4.23-29.27.2 apache2-utils-debuginfo-2.4.23-29.27.2 apache2-worker-2.4.23-29.27.2 apache2-worker-debuginfo-2.4.23-29.27.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apache2-doc-2.4.23-29.27.2 - SUSE Enterprise Storage 4 (x86_64): apache2-2.4.23-29.27.2 apache2-debuginfo-2.4.23-29.27.2 apache2-debugsource-2.4.23-29.27.2 apache2-example-pages-2.4.23-29.27.2 apache2-prefork-2.4.23-29.27.2 apache2-prefork-debuginfo-2.4.23-29.27.2 apache2-utils-2.4.23-29.27.2 apache2-utils-debuginfo-2.4.23-29.27.2 apache2-worker-2.4.23-29.27.2 apache2-worker-debuginfo-2.4.23-29.27.2 - SUSE Enterprise Storage 4 (noarch): apache2-doc-2.4.23-29.27.2 References: https://www.suse.com/security/cve/CVE-2018-11763.html https://bugzilla.suse.com/1109961 From sle-security-updates at lists.suse.com Wed Oct 31 08:09:48 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 31 Oct 2018 15:09:48 +0100 (CET) Subject: SUSE-SU-2018:3587-1: Security update for ntfs-3g_ntfsprogs Message-ID: <20181031140948.A678DFCBE@maintenance.suse.de> SUSE Security Update: Security update for ntfs-3g_ntfsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3587-1 Rating: low References: #1022500 Cross-References: CVE-2017-0358 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ntfs-3g_ntfsprogs fixes the following issues: - CVE-2017-0358: Missing sanitization of the environment during a call to modprobe allowed local users to escalate fo root privilege (bsc#1022500) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2543=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2543=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2543=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libntfs-3g84-2013.1.13-5.3.1 libntfs-3g84-debuginfo-2013.1.13-5.3.1 ntfs-3g-2013.1.13-5.3.1 ntfs-3g-debuginfo-2013.1.13-5.3.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.3.1 ntfsprogs-2013.1.13-5.3.1 ntfsprogs-debuginfo-2013.1.13-5.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libntfs-3g-devel-2013.1.13-5.3.1 libntfs-3g84-2013.1.13-5.3.1 libntfs-3g84-debuginfo-2013.1.13-5.3.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libntfs-3g84-2013.1.13-5.3.1 libntfs-3g84-debuginfo-2013.1.13-5.3.1 ntfs-3g-2013.1.13-5.3.1 ntfs-3g-debuginfo-2013.1.13-5.3.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.3.1 ntfsprogs-2013.1.13-5.3.1 ntfsprogs-debuginfo-2013.1.13-5.3.1 References: https://www.suse.com/security/cve/CVE-2017-0358.html https://bugzilla.suse.com/1022500 From sle-security-updates at lists.suse.com Wed Oct 31 08:10:29 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 31 Oct 2018 15:10:29 +0100 (CET) Subject: SUSE-SU-2018:3588-1: moderate: Security update for audiofile Message-ID: <20181031141029.8E89CFCBE@maintenance.suse.de> SUSE Security Update: Security update for audiofile ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3588-1 Rating: moderate References: #1111586 Cross-References: CVE-2018-17095 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for audiofile fixes the following issues: - CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2542=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2542=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2542=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): audiofile-debuginfo-0.3.6-11.3.1 audiofile-debugsource-0.3.6-11.3.1 audiofile-devel-0.3.6-11.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): audiofile-0.3.6-11.3.1 audiofile-debuginfo-0.3.6-11.3.1 audiofile-debugsource-0.3.6-11.3.1 libaudiofile1-0.3.6-11.3.1 libaudiofile1-debuginfo-0.3.6-11.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libaudiofile1-32bit-0.3.6-11.3.1 libaudiofile1-debuginfo-32bit-0.3.6-11.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): audiofile-0.3.6-11.3.1 audiofile-debuginfo-0.3.6-11.3.1 audiofile-debugsource-0.3.6-11.3.1 libaudiofile1-0.3.6-11.3.1 libaudiofile1-32bit-0.3.6-11.3.1 libaudiofile1-debuginfo-0.3.6-11.3.1 libaudiofile1-debuginfo-32bit-0.3.6-11.3.1 References: https://www.suse.com/security/cve/CVE-2018-17095.html https://bugzilla.suse.com/1111586 From sle-security-updates at lists.suse.com Wed Oct 31 11:08:53 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 31 Oct 2018 18:08:53 +0100 (CET) Subject: SUSE-SU-2018:3589-1: important: Security update for the Linux Kernel Message-ID: <20181031170853.EBD69FCBE@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3589-1 Rating: important References: #1046540 #1050319 #1050536 #1050540 #1051510 #1055120 #1065600 #1066674 #1067126 #1067906 #1076830 #1079524 #1083647 #1084760 #1084831 #1086283 #1086288 #1094825 #1095805 #1099125 #1100132 #1102881 #1103308 #1103543 #1104731 #1105025 #1105536 #1106105 #1106110 #1106237 #1106240 #1106838 #1107685 #1108241 #1108377 #1108468 #1108828 #1108841 #1108870 #1109151 #1109158 #1109217 #1109330 #1109739 #1109784 #1109806 #1109818 #1109907 #1109911 #1109915 #1109919 #1109951 #1110006 #1110096 #1110538 #1110561 #1110921 #1111028 #1111076 #1111506 #1111806 #1111819 #1111830 #1111834 #1111841 #1111870 #1111901 #1111904 #1111928 #1111983 #1112170 #1112173 #1112208 #1112219 #1112221 #1112246 #1112372 #1112514 #1112554 #1112708 #1112710 #1112711 #1112712 #1112713 #1112731 #1112732 #1112733 #1112734 #1112735 #1112736 #1112738 #1112739 #1112740 #1112741 #1112743 #1112745 #1112746 #1112894 #1112899 #1112902 #1112903 #1112905 #1112906 #1112907 #1113257 #1113284 Cross-References: CVE-2017-16533 CVE-2017-18224 CVE-2018-18386 CVE-2018-18445 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has 102 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18445: A faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-18224: fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The following non-security bugs were fixed: - acpi / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510). - acpica: Reference Counts: increase max to 0x4000 for large servers (bsc#1108241). - alsa: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 (bsc#1051510). - arm: 8799/1: mm: fix pci_ioremap_io() offset check (bsc#1051510). - arm: bcm2835: Add GET_THROTTLED firmware property (bsc#1108468). - arm: exynos: Clear global variable on init error path (bsc#1051510). - arm: hisi: check of_iomap and fix missing of_node_put (bsc#1051510). - arm: hwmod: RTC: Do not assume lock/unlock will be called with irq enabled (bsc#1051510). - arm: mvebu: declare asm symbols as character arrays in pmsu.c (bsc#1051510). - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510). - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510). - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510). - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510). - ASoC: wm8804: Add ACPI support (bsc#1051510). - Btrfs: fix file data corruption after cloning a range and fsync (bsc#1111901). - Btrfs: fix mount failure after fsync due to hard link recreation (bsc#1103543). - Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting (bsc#1111904). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - Delete patches.drivers/IB-qedr-Remove-GID-add-del-dummy-routines.patch. (bsc#1110921) - Disable DRM patches that broke vbox video driver KMP (bsc#1111076) - EDAC, ghes: Add DDR4 and NVDIMM memory types (bsc#1099125). - EDAC, skx: Fix skx_edac build error when ACPI_NFIT=m (bsc#1099125). - EDAC, skx_edac: Detect non-volatile DIMMs (bsc#1099125). - EDAC: Add new memory type for non-volatile DIMMs (bsc#1099125). - HID: add support for Apple Magic Keyboards (bsc#1051510). - HID: hid-saitek: Add device ID for RAT 7 Contagion (bsc#1051510). - HID: hid-sensor-hub: Force logical minimum to 1 for power and report state (bsc#1051510). - HID: quirks: fix support for Apple Magic Keyboards (bsc#1051510). - HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report (bsc#1051510). - input: atakbd - fix Atari CapsLock behaviour (bsc#1051510). - input: atakbd - fix Atari keymap (bsc#1051510). - kvm/vmx: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR path as unlikely() (bsc#1110006). - kvm: svm: Add MSR-based feature support for serializing LFENCE (bsc#1106240). - kvm: vmx: Tell the nested hypervisor to skip L1D flush on vmentry (bsc#1106240). - kvm: vmx: raise internal error for exception during invalid protected mode state (bsc#1110006). - kvm: vmx: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (bsc#1106240). - kvm: x86: Fix reserved bits check for MOV to CR3 (bsc#1110006). - kvm: x86: Introduce kvm_get_msr_feature() (bsc#1106240). - kvm: x86: fix incorrect reference of trace_kvm_pi_irte_update (bsc#1110006). - kvm: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use (bsc#1110006). - kvm: nvmx: Do not expose MPX VMX controls when guest MPX disabled (bsc#1106240). - kvm: nvmx: Do not halt vcpu when L1 is injecting events to L2 (bsc#1110006). - kvm: vmx: track host_state.loaded using a loaded_vmcs pointer (bsc#1110006). - kvm: vmx: use local variable for current_vmptr when emulating VMPTRST (bsc#1110006). - kvm: x86: Add a framework for supporting MSR-based features (bsc#1106240). - kvm: x86: Do not use kvm_x86_ops->mpx_supported() directly (bsc#1106240). - kvm: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed (bsc#1110006). - kvm: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506). - kvm: x86: fix #UD address of failed Hyper-V hypercalls (bsc#1110006). - kvm: x86: fix escape of guest dr6 to the host (bsc#1110006). - kvm: x86: remove APIC Timer periodic/oneshot spikes (bsc#1110006). - nfc: trf7970a: fix check of clock frequencies, use && instead of || (bsc#1051510). - nfs: Avoid quadratic search when freeing delegations (bsc#1084760). - pci: Reprogram bridge prefetch registers on resume (bsc#1051510). - pci: dwc: Fix scheduling while atomic issues (git-fixes). - pci: hv: Do not wait forever on a device that has disappeared (bsc#1109806). - pm / Domains: Fix genpd to deal with drivers returning 1 from ->prepare() (bsc#1051510). - pm / core: Clear the direct_complete flag on errors (bsc#1051510). - pm: cpuidle: Fix cpuidle_poll_state_init() prototype (bsc#1110006). - rdma/bnxt_re: Fix system crash during RDMA resource initialization (bsc#1086283). - Revert "Limit kernel-source build to architectures for which we build binaries" This reverts commit d6435125446d740016904abe30a60611549ae812. - Revert "cdc-acm: implement put_char() and flush_chars()" (bsc#1051510). - Revert "drm/amdgpu: Add an ATPX quirk for hybrid laptop" (bsc#1051510). - Revert "drm/i915/gvt: set max priority for gvt context" (bsc#1051510). - Revert "gpio: set up initial state from .get_direction()" (bsc#1051510). - Revert "iommu/io-pgtable: Avoid redundant TLB syncs" (bsc#1106237). - Revert "mwifiex: fix incorrect ht capability problem" (bsc#1051510). - Revert "mwifiex: handle race during mwifiex_usb_disconnect" (bsc#1051510). - Revert "pinctrl: sunxi: Do not enforce bias disable (for now)" (bsc#1051510). - Revert "slab: __GFP_ZERO is incompatible with a constructor" (bnc#1108828) This reverts commit de0a67303736262e306a3eb23aa38824b28c2764 because we still seem to have false possitives in the tree. - Revert "ubifs: xattr: Do not operate on deleted inodes" (bsc#1051510). - Squashfs: Compute expected length from inode size rather than block length (bsc#1051510). - usb: Add quirk to support DJI CineSSD (bsc#1051510). - usb: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller (bsc#1051510). - usb: fix error handling in usb_driver_claim_interface() (bsc#1051510). - usb: handle NULL config in usb_find_alt_setting() (bsc#1051510). - usb: remove LPM management from usb_driver_claim_interface() (bsc#1051510). - usb: serial: simple: add Motorola Tetra MTP6550 id (bsc#1051510). - usb: yurex: Check for truncation in yurex_read() (bsc#1051510). - usb: yurex: Fix buffer over-read in yurex_write() (bsc#1051510). - Use upstream version of pci-hyperv patch (35a88a1) - acpi, nfit: Add function to look up nvdimm device and provide SMBIOS handle (bsc#1099125). - aio: fix io_destroy(2) vs. lookup_ioctx() race (git-fixes). - apparmor: Check buffer bounds when mapping permissions mask (git-fixes). - apparmor: Fix failure to audit context info in build_change_hat (bsc#1051510). - apparmor: Fully initialize aa_perms struct when answering userspace query (bsc#1051510). - apparmor: fix mediation of prlimit (bsc#1051510). - apparmor: fix memory leak when deduping profile load (bsc#1051510). - apparmor: fix ptrace read check (bsc#1051510). - asix: Check for supported Wake-on-LAN modes (bsc#1051510). - ath10k: fix kernel panic issue during pci probe (bsc#1051510). - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510). - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock (bsc#1051510). - audit: fix use-after-free in audit_add_watch (bsc#1051510). - batman-adv: Avoid probe ELP information leak (bsc#1051510). - batman-adv: Fix multicast TT issues with bogus ROAM flags (bsc#1051510). - batman-adv: Fix segfault when writing to sysfs elp_interval (bsc#1051510). - batman-adv: Fix segfault when writing to throughput_override (bsc#1051510). - batman-adv: Prevent duplicated gateway_node entry (bsc#1051510). - batman-adv: Prevent duplicated global TT entry (bsc#1051510). - batman-adv: Prevent duplicated nc_node entry (bsc#1051510). - batman-adv: Prevent duplicated softif_vlan entry (bsc#1051510). - batman-adv: Prevent duplicated tvlv handler (bsc#1051510). - batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510). - batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510). - bdi: Fix another oops in wb_workfn() (bsc#1112746). - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746). - be2net: Fix memory leak in be_cmd_get_profile_config() (bsc#1086288). - be2net: remove unused old AIC info (bsc#1086288). - be2net: remove unused old custom busy-poll fields (bsc#1086288 ). - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713). - blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers (bsc#1111819). - block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708). - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712). - block: bvec_nr_vecs() returns value for wrong slab (bsc#1111834). - bnx2x: Fix invalid memory access in rss hash config path (bsc#1050319). - bnx2x: Fix receiving tx-timeout in error or recovery state (bsc#1050319). - bpf/verifier: disallow pointer subtraction (bsc#1083647). - bpf: make cavium thunder compatible w/ bpf_xdp_adjust_tail (bsc#1110096). - btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915). - cdc-acm: fix race between reset and control messaging (bsc#1051510). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983). - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() (bsc#1051510). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510). - clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure (bsc#1051510). - clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 (bsc#1051510). - clk: tegra: bpmp: Do not crash when a clock fails to register (bsc#1051510). - clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510). - clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail (bsc#1051510). - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bsc#1051510). - clocksource/drivers/timer-atmel-pit: Properly handle error cases (bsc#1051510). - coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510). - cpu/hotplug: Fix SMT supported evaluation (bsc#1110006). - cpufreq, intel_pstate: Allow unspecified FADT profile to probe PPC (bnc#1108841). - crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic (bsc#1051510). - crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions (bsc#1051510). - crypto: ccp - add timeout support in the SEV command (bsc#1106838). - crypto: chelsio - Fix memory corruption in DMA Mapped buffers (bsc#1051510). - crypto: mxs-dcp - Fix wait logic on chan threads (bsc#1051510). - crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() (bsc#1051510). - cxgb4: fix abort_req_rss6 struct (bsc#1046540). - cxgb4: when disabling dcb set txq dcb priority to 0 (bsc#1046540 ). - dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951). - debugobjects: Make stack check warning more informative (bsc#1051510). - declance: Fix continuation with the adapter identification message (bsc#1051510). - dmaengine: pl330: fix irq race with terminate_all (bsc#1051510). - drivers/base: stop new probing during shutdown (bsc#1051510). - drivers/tty: add error handling for pcmcia_loop_config (bsc#1051510). - drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode (bsc#1051510). - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510). - drm/amdgpu: Fix vce work queue was not cancelled when suspend (bsc#1106110) - drm/amdgpu: Pulling old prepare and submit for flip back (bsc#1051510). - drm/amdgpu: Update power state at the end of smu hw_init (bsc#1051510). - drm/amdgpu: add another ATPX quirk for TOPAZ (bsc#1051510). - drm/amdgpu: add new polaris pci id (bsc#1051510). - drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk (bsc#1106110) - drm/amdgpu: revert "fix deadlock of reservation between cs and gpu reset v2" (bsc#1051510). - drm/amdkfd: Fix error codes in kfd_get_process (bsc#1051510). - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510). - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510). - drm/i915: Handle incomplete Z_FINISH for compressed error states (bsc#1100132) - drm/nouveau/TBDdevinit: do not fail when PMU/PRE_OS is missing from VBIOS (bsc#1051510). - drm/nouveau/debugfs: Wake up GPU before doing any reclocking (bsc#1051510). - drm/nouveau/disp: fix DP disable race (bsc#1051510). - drm/nouveau/drm/nouveau: Do not forget to cancel hpd_work on suspend/unload (bsc#1051510). - drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early (bsc#1051510). - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() (bsc#1051510). - drm/nouveau: Fix deadlocks in nouveau_connector_detect() (bsc#1051510). - drm/nouveau: Fix runtime PM leak in drm_open() (bsc#1051510). - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping (bsc#1051510). - drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110) - drm/sun4i: Fix releasing node when enumerating enpoints (bsc#1051510). - drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510). - drm: udl: Destroy framebuffer only if it was initialized (bsc#1051510). - e1000: check on netif_running() before calling e1000_up() (bsc#1051510). - e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510). - eeprom: at24: change nvmem stride to 1 (bsc#1051510). - eeprom: at24: check at24_read/write arguments (bsc#1051510). - eeprom: at24: correctly set the size for at24mac402 (bsc#1051510). - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode (bsc#1110006). - enic: do not call enic_change_mtu in enic_probe (bsc#1051510). - enic: handle mtu change for vf properly (bsc#1051510). - enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510). - ethtool: Remove trailing semicolon for static inline (bsc#1051510). - ethtool: fix a privilege escalation bug (bsc#1076830). - evm: Do not deadlock if a crypto algorithm is unavailable (bsc#1051510). - ext2, dax: set ext2_dax_aops for dax files (bsc#1112554). - ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736). - ext4: avoid divide by zero fault when deleting corrupted inline directories (bsc#1112735). - ext4: check for NUL characters in extended attribute's name (bsc#1112732). - ext4: check to make sure the rename(2)'s destination is not freed (bsc#1112734). - ext4: do not mark mmp buffer head dirty (bsc#1112743). - ext4: fix online resize's handling of a too-small final block group (bsc#1112739). - ext4: fix online resizing for bigalloc file systems with a 1k block size (bsc#1112740). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733). - ext4: recalucate superblock checksum after updating free blocks/inodes (bsc#1112738). - ext4: reset error code in ext4_find_entry in fallback (bsc#1112731). - ext4: show test_dummy_encryption mount option in /proc/mounts (bsc#1112741). - fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510). - firmware, DMI: Add function to look up a handle and return DIMM size (bsc#1099125). - firmware: raspberrypi: Register hwmon driver (bsc#1108468). - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (bsc#1051510). - fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745). - fuse: Do not access pipe->buffers without pipe_lock() (bsc#1051510). - gpio: Fix crash due to registration race (bsc#1051510). - gpio: adp5588: Fix sleep-in-atomic-context bug (bsc#1051510). - gpio: mb86s70: Revert "Return error if requesting an already assigned gpio" (bsc#1051510). - gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall (bsc#1051510). - gpiolib: Free the last requested descriptor (bsc#1051510). - hfs: prevent crash on exit from failed search (bsc#1051510). - hfsplus: do not return 0 when fill_super() failed (bsc#1051510). - hfsplus: stop workqueue when fill_super() failed (bsc#1051510). - hv: avoid crash in vmbus sysfs files (bnc#1108377). - hv_netvsc: fix schedule in RCU context (). - hwmon: (adt7475) Make adt7475_read_word() return errors (bsc#1051510). - hwmon: (ina2xx) fix sysfs shunt resistor read access (bsc#1051510). - hwmon: (nct6775) Set weight source to zero correctly (bsc#1051510). - hwmon: Add support for RPi voltage sensor (bsc#1108468). - hwmon: rpi: add module alias to raspberrypi-hwmon (bsc#1108468). - hypfs_kill_super(): deal with failed allocations (bsc#1051510). - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510). - i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510). - intel_th: pci: Add Ice Lake PCH support (bsc#1051510). - iommu/amd: Clear memory encryption mask from physical address (bsc#1106105). - iommu/arm-smmu: Error out only if not enough context interrupts (bsc#1106237). - iommu/vt-d: Add definitions for PFSID (bsc#1106237). - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237). - iommu/vt-d: Fix scatterlist offset handling (bsc#1106237). - ipmi:ssif: Add support for multi-part transmit messages > 2 parts (bsc#1103308). - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() (git-fixes). - irq/core: Fix boot crash when the irqaffinity= boot parameter is passed on CPUMASK_OFFSTACK=y kernels(v1) (bsc#1051510). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1051510). - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510). - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510). - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface (bsc#1051510). - iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510). - iwlwifi: mvm: send BCAST management frames to the right station (bsc#1051510). - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value (bsc#1051510). - iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257). - kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240). - kabi protect enum mem_type (bsc#1099125). - kprobes/x86: Disable preemption in ftrace-based jprobes (bsc#1110006). - kprobes/x86: Fix %p uses in error messages (bsc#1110006). - kprobes/x86: Prohibit probing on exception masking instructions (bsc#1110006). - ksm: fix unlocked iteration over vmas in cmp_and_merge_page() (VM Functionality bsc#1111806). - kvm, mm: account shadow page tables to kmemcg (bsc#1110006). - kvm/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506). - kvm: Make VM ioctl do valloc for some archs (bsc#1111506). - kvm: x86: Set highest physical address bits in non-present/reserved SPTEs (bsc#1106240). - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl (bsc#1110006). - kvmclock: fix TSC calibration for nested guests (bsc#1110006). - lib/bug.c: exclude non-BUG/WARN exceptions from report_bug() (bsc#1110006). - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510). - lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510). - libertas: call into generic suspend code before turning off power (bsc#1051510). - liquidio: fix hang when re-binding VF host drv after running DPDK VF driver (bsc#1067126). - liquidio: fix kernel panic in VF driver (bsc#1067126). - loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711). - loop: do not call into filesystem while holding lo_ctl_mutex (bsc#1112710). - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284). - mac80211: Fix station bandwidth setting after channel switch (bsc#1051510). - mac80211: Run TXQ teardown code before de-registering interfaces (bsc#1051510). - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510). - mac80211: do not Tx a deauth frame if the AP forbade Tx (bsc#1051510). - mac80211: do not convert to A-MSDU if frag/subframe limited (bsc#1051510). - mac80211: fix a race between restart and CSA flows (bsc#1051510). - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys (bsc#1051510). - mac80211: mesh: fix HWMP sequence numbering to follow standard (bsc#1051510). - mac80211: minstrel: fix using short preamble CCK rates on HT clients (bsc#1051510). - mac80211: shorten the IBSS debug messages (bsc#1051510). - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510). - mac80211_hwsim: require at least one channel (bsc#1051510). - mach64: detect the dot clock divider correctly on sparc (bsc#1051510). - media: af9035: prevent buffer overflow on write (bsc#1051510). - media: davinci: vpif_display: Mix memory leak on probe error path (bsc#1051510). - media: fsl-viu: fix error handling in viu_of_probe() (bsc#1051510). - media: helene: fix xtal frequency setting at power on (bsc#1051510). - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power (bsc#1051510). - media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions (bsc#1051510). - media: soc_camera: ov772x: correct setting of banding filter (bsc#1051510). - media: tm6000: add error handling for dvb_register_adapter (bsc#1051510). - media: videobuf-dma-sg: Fix dma_{sync,unmap}_sg() calls (bsc#1051510). - media: videobuf2-core: check for q->error in vb2_core_qbuf() (bsc#1051510). - mm/migrate: Use spin_trylock() while resetting rate limit (). - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907). - mm: Preserve _PAGE_DEVMAP across mprotect() calls (bsc#1111028). - mm: fix BUG_ON() in vmf_insert_pfn_pud() from VM_MIXEDMAP removal (bsc#1111841). - mmc: block: avoid multiblock reads for the last sector in SPI mode (bsc#1051510). - mwifiex: handle race during mwifiex_usb_disconnect (bsc#1051510). - net: add support for Cavium PTP coprocessor (bsc#1110096). - net: cavium: fix NULL pointer dereference in cavium_ptp_put (bsc#1110096). - net: cavium: use module_pci_driver to simplify the code (bsc#1110096). - net: thunder: change q_len's type to handle max ring size (bsc#1110096). - net: thunderx: Set max queue count taking XDP_TX into account (bsc#1110096). - net: thunderx: add MAC address filter tracking for LMAC (bsc#1110096). - net: thunderx: add XCAST messages handlers for PF (bsc#1110096). - net: thunderx: add multicast filter management support (bsc#1110096). - net: thunderx: add ndo_set_rx_mode callback implementation for VF (bsc#1110096). - net: thunderx: add new messages for handle ndo_set_rx_mode callback (bsc#1110096). - net: thunderx: add timestamping support (bsc#1110096). - net: thunderx: add workqueue control structures for handle ndo_set_rx_mode request (bsc#1110096). - net: thunderx: check for failed allocation lmac->dmacs (bsc#1110096). - net: thunderx: fix double free error (bsc#1110096). - net: thunderx: move filter register related macro into proper place (bsc#1110096). - net: thunderx: prevent concurrent data re-writing by nicvf_set_rx_mode (bsc#1110096). - net: thunderx: remove a couple of redundant assignments (bsc#1110096). - net: thunderx: rework mac addresses list to u64 array (bsc#1110096). - nvme: call nvme_complete_rq when nvmf_check_ready fails for mpath I/O (bsc#1107685). - objtool, kprobes/x86: Sync the latest header with tools/objtool/arch/x86/include/asm/insn.h (bsc#1110006). - orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510). - orangefs: initialize op on loop restart in orangefs_devreq_read (bsc#1051510). - orangefs: use list_for_each_entry_safe in purge_waiting_ops (bsc#1051510). - orangefs_kill_sb(): deal with allocation failures (bsc#1051510). - ovl: Sync upper dirty data when syncing overlayfs (git-fixes). - ovl: fix format of setxattr debug (git-fixes). - perf/x86/amd/ibs: Do not access non-started event (bsc#1110006). - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr (bsc#1110006). - perf/x86/intel/lbr: Fix incomplete LBR call stack (bsc#1110006). - perf/x86/intel/uncore: Correct fixed counter index check for NHM (bsc#1110006). - perf/x86/intel/uncore: Correct fixed counter index check in generic code (bsc#1110006). - perf/x86/intel/uncore: Fix Skylake UPI event format (bsc#1110006). - perf/x86/intel: Do not accidentally clear high bits in bdw_limit_period() (bsc#1110006). - perf/x86/intel: Fix event update for auto-reload (bsc#1110006). - perf/x86/intel: Fix large period handling on Broadwell CPUs (bsc#1110006). - perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs (bsc#1110006). - perf/x86/intel: Properly save/restore the PMU state in the NMI handler (bsc#1110006). - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver (bsc#1110006). - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() (bsc#1110006). - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* (bsc#1110006). - powerpc/firmware: Add definitions for new drc-info firmware feature (bsc#1109158). - powerpc/numa: Skip onlining a offline node in kdump path (bsc#1109784). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1055120). - powerpc/pseries/mm: Introducing FW_FEATURE_BLOCK_REMOVE (bsc#1109158). - powerpc/pseries/mm: call H_BLOCK_REMOVE (bsc#1109158). - powerpc/pseries/mm: factorize PTE slot computation (bsc#1109158). - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes). - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes). - powerpc/pseries: Fix duplicate firmware feature for DRC_INFO (bsc#1109158). - powerpc/rtas: Fix a potential race between CPU-Offline & Migration (bsc#1111870). - printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208). - printk: drop in_nmi check from printk_safe_flush_on_panic() (bsc#1112170). - proc: restrict kernel stack dumps to root (git-fixes). blacklist.conf: - ptrace,x86: Make user_64bit_mode() available to 32-bit builds (bsc#1110006). - qed: Add missing device config for RoCE EDPM in UFP mode (bsc#1109217). - qed: Avoid sending mailbox commands when MFW is not responsive (bsc#1050536). - qed: Do not add VLAN 0 tag to untagged frames in multi-function mode (bsc#1050536). - qed: Fix populating the invalid stag value in multi function mode (bsc#1050536). - qed: Fix shmem structure inconsistency between driver and the mfw (bsc#1110561). - qed: Prevent a possible deadlock during driver load and unload (bsc#1050536). - qed: Wait for MCP halt and resume commands to take place (bsc#1050536). - qed: Wait for ready indication before rereading the shmem (bsc#1050536). - qlcnic: fix Tx descriptor corruption on 82xx devices (bsc#1050540). - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface (bsc#1051510). - qmi_wwan: set DTR for modems in forced USB2 mode (bsc#1051510). - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510). - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bsc#1051510). - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760). - rculist: add list_for_each_entry_from_rcu() (bsc#1084760). - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - rename a hv patch to reduce conflicts in -AZURE - reorder a qedi patch to allow further work in this branch - rpc_pipefs: fix double-dput() (bsc#1051510). - rtc: bq4802: add error handling for devm_ioremap (bsc#1051510). - sched/numa: Limit the conditions where scan period is reset (). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: ipr: Eliminate duplicate barriers (). - scsi: ipr: Use dma_pool_zalloc() (). - scsi: ipr: fix incorrect indentation of assignment statement (). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: qedi: Add the CRC size within iSCSI NVM image (bsc#1110538). - scsi: qedi: Initialize the stats mutex lock (bsc#1110538). - scsi: qla2xxx: Fix NVMe Target discovery (bsc#1108870). - scsi: qla2xxx: Fix NVMe session hang on unload (bsc#1108870). - scsi: qla2xxx: Fix driver hang when FC-NVMe LUNs are configured (bsc#1108870). - scsi: qla2xxx: Fix duplicate switch database entries (bsc#1108870). - scsi: qla2xxx: Fix for double free of SRB structure (bsc#1108870). - scsi: qla2xxx: Fix memory leak for allocating abort IOCB (bsc#1111830). - scsi: qla2xxx: Fix re-using LoopID when handle is in use (bsc#1108870). - scsi: qla2xxx: Fix recursive mailbox timeout (bsc#1108870). - scsi: qla2xxx: Move log messages before issuing command to firmware (bsc#1108870). - scsi: qla2xxx: Return switch command on a timeout (bsc#1108870). - scsi: qla2xxx: do not allow negative thresholds (bsc#1108870). - scsi: target: prefer dbroot of /etc/target over /var/target (bsc#1111928). - selftests/x86: Add tests for User-Mode Instruction Prevention (bsc#1110006). - selftests/x86: Add tests for the STR and SLDT instructions (bsc#1110006). - serial: 8250_exar: Read INT0 from slave device, too (bsc#1051510). - serial: cpm_uart: return immediately from console poll (bsc#1051510). - serial: imx: restore handshaking irq for imx1 (bsc#1051510). - series.conf: moved some Xen patches to the sorted region xen/blkfront: correct purging of persistent grants (bnc#1112514). - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift() (bsc#1051510). - soc: mediatek: pwrap: fix cipher init setting error (bsc#1051510). - sock_diag: fix use-after-free read in __sk_free (bsc#1051510). - soreuseport: initialise timewait reuseport field (bsc#1051510). - sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510). - sound: enable interrupt after dma buffer initialization (bsc#1051510). - spi: rspi: Fix interrupted DMA transfers (bsc#1051510). - spi: rspi: Fix invalid SPI use during system suspend (bsc#1051510). - spi: sh-msiof: Fix handling of write value for SISTR register (bsc#1051510). - spi: sh-msiof: Fix invalid SPI use during system suspend (bsc#1051510). - spi: tegra20-slink: explicitly enable/disable clock (bsc#1051510). - squashfs metadata 2: electric boogaloo (bsc#1051510). - squashfs: be more careful about metadata corruption (bsc#1051510). - squashfs: more metadata hardening (bsc#1051510). - squashfs: more metadata hardening (bsc#1051510). - stm: Potential read overflow in stm_char_policy_set_ioctl() (bsc#1051510). - supported.conf: added cavium_ptp - supported.conf: mark raspberrypi-hwmon as supported - switchtec: Fix Spectre v1 vulnerability (bsc#1051510). - sysfs: Do not return POSIX ACL xattrs via listxattr (git-fixes). - target: log Data-Out timeouts as errors (bsc#1095805). - target: log NOP ping timeouts as errors (bsc#1095805). - target: split out helper for cxn timeout error stashing (bsc#1095805). - target: stash sess_err_stats on Data-Out timeout (bsc#1095805). - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805). - team: Forbid enslaving team device to itself (bsc#1051510). - thermal: of-thermal: disable passive polling when thermal zone is disabled (bsc#1051510). - tools/vm/page-types.c: fix "defined but not used" warning (bsc#1051510). - tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510). - tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} (bsc#1110006). - tracing: Add barrier to trace_printk() buffer nesting modification (bsc#1112219). - tsl2550: fix lux1_input error in low light (bsc#1051510). - tty: Drop tty->count on tty_reopen() failure (bsc#1051510). - tty: rocket: Fix possible buffer overwrite on register_PCI (bsc#1051510). - tty: serial: exar: Relocate sleep wake-up handling (bsc#1051510). - tty: serial: lpuart: avoid leaking struct tty_struct (bsc#1051510). - tty: vt_ioctl: fix potential Spectre v1 (bsc#1051510). - ubifs: Check for name being NULL while mounting (bsc#1051510). - udp: Unbreak modules that rely on external __skb_recv_udp() availability (bsc#1109151). - uprobes/x86: Prohibit probing on MOV SS instruction (bsc#1110006). - usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() (bsc#1051510). - usb: cdc_acm: Do not leak URB buffers (bsc#1051510). - usb: dwc2: Turn on uframe_sched on "amlogic" platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on "bcm" platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on "his" platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on "stm32f4x9_fsotg" platforms (bsc#1102881). - usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] (bsc#1051510). - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() (bsc#1051510). - usb: misc: uss720: Fix two sleep-in-atomic-context bugs (bsc#1051510). - usb: musb: dsps: do not disable CPPI41 irq in driver teardown (bsc#1051510). - usb: uas: add support for more quirk flags (bsc#1051510). - usb: wusbcore: security: cast sizeof to int for comparison (bsc#1051510). - usb: xhci-mtk: resume USB3 roothub first (bsc#1051510). - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (bsc#1109739). - uwb: hwa-rc: fix memory leak at probe (bsc#1051510). - vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page (bsc#1110006). - virtio: pci-legacy: Validate queue pfn (bsc#1051510). - vmbus: do not return values for uninitalized channels (bsc#1051510). - vti4: Do not count header length twice on tunnel setup (bsc#1051510). - vti6: fix PMTU caching and reporting on xmit (bsc#1051510). - vti6: remove !skb->ignore_df check from vti6_xmit() (bsc#1051510). - x86-64/realmode: Add instruction suffix (bsc#1110006). - x86-memory_failure-Introduce-set-clear-_mce_nospec.patch: One more fixup to avoid even warning about statement without effect. - x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present (bsc#1110006). - x86/CPU: Add a microcode loader callback (bsc#1110006). - x86/CPU: Check CPU feature bits after microcode upgrade (bsc#1110006). - x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006). - x86/KVM/VMX: Do not set l1tf_flush_l1d from vmx_handle_external_intr() (bsc#1110006). - x86/KVM/VMX: Do not set l1tf_flush_l1d to true from vmx_l1d_flush() (bsc#1110006). - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() (bsc#1110006). - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' (bsc#1110006). - x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount (bsc#1110006). - x86/LDT: Avoid warning in 32-bit builds with older gcc (bsc#1110006). - x86/MCE/AMD: Define a function to get SMCA bank type (bsc#1110006). - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() (bsc#1110006). - x86/MCE: Remove min interval polling limitation (bsc#1110006). - x86/MCE: Report only DRAM ECC as memory errors on AMD systems (bsc#1110006). - x86/MCE: Serialize sysfs changes (bsc#1110006). - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted (bsc#1110006). - x86/alternatives: Fixup alternative_call_2 (bsc#1110006). - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified (bsc#1110006). - x86/asm: Add _ASM_ARG* constants for argument registers to (bsc#1110006). - x86/asm: Allow again using asm.h when building for the 'bpf' clang target (bsc#1110006). - x86/asm: Do not use the confusing '.ifeq' directive (bsc#1110006). - x86/boot/64: Verify alignment of the LOAD segment (bsc#1110006). - x86/boot/compressed/64: Print error if 5-level paging is not supported (bsc#1110006). - x86/boot: Fix if_changed build flip/flop bug (bsc#1110006). - x86/boot: Move EISA setup to a separate file (bsc#1110006). - x86/boot: Relocate definition of the initial state of CR0 (bsc#1110006). - x86/build: Beautify build log of syscall headers (bsc#1110006). - x86/cpu/AMD: Apply the Erratum 688 fix when the BIOS does not (bsc#1110006). - x86/cpu/intel: Add missing TLB cpuid values (bsc#1110006). - x86/cpufeature: Add User-Mode Instruction Prevention definitions (bsc#1110006). - x86/cpufeatures: Add Intel PCONFIG cpufeature (bsc#1110006). - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature (bsc#1110006). - x86/debug: Handle warnings before the notifier chain, to fix KGDB crash (bsc#1110006). - x86/decoder: Add new TEST instruction pattern (bsc#1110006). - x86/efi: Fix efi_call_phys_epilog() with CONFIG_X86_5LEVEL=y (bsc#1110006). - x86/eisa: Add missing include (bsc#1110006). - x86/entry/64: Add two more instruction suffixes (bsc#1110006). - x86/entry/64: Use 'xorl' for faster register clearing (bsc#1110006). - x86/entry: Reduce the code footprint of the 'idtentry' macro (bsc#1110006). - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() (bsc#1110006). - x86/fpu/debug: Remove unused 'x86_fpu_state' and 'x86_fpu_deactivate_state' tracepoints (bsc#1110006). - x86/fpu: Make XSAVE check the base CPUID features before enabling (bsc#1110006). - x86/fpu: Parse clearcpuid= as early XSAVE argument (bsc#1110006). - x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006). - x86/fpu: Remove the explicit clearing of XSAVE dependent features (bsc#1110006). - x86/hyperv: Check for required priviliges in hyperv_init() (bsc#1110006). - x86/intel_rdt: Enable CMT and MBM on new Skylake stepping (bsc#1110006). - x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-directory in resctrl file system (bsc#1110006). - x86/intel_rdt: Fix potential deadlock during resctrl mount (bsc#1110006). - x86/intel_rdt: Fix potential deadlock during resctrl unmount (bsc#1110006). - x86/irq: Remove an old outdated comment about context tracking races (bsc#1110006). - x86/kasan: Panic if there is not enough memory to boot (bsc#1110006). - x86/kexec: Make kexec (mostly) work in 5-level paging mode (bsc#1110006). - x86/kprobes: Fix kernel crash when probing .entry_trampoline code (bsc#1110006). - x86/kvm/vmx: Remove duplicate l1d flush definitions (bsc#1110006). - x86/mce/AMD: Get address from already initialized block (bsc#1110006). - x86/mce: Add notifier_block forward declaration (bsc#1110006). - x86/mce: Check for alternate indication of machine check recovery on Skylake (bsc#1110006). - x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() (bsc#1110006). - x86/mce: Fix incorrect "Machine check from unknown source" message (bsc#1110006). - x86/microcode/intel: Check microcode revision before updating sibling threads (bsc#1110006). - x86/microcode/intel: Fix memleak in save_microcode_patch() (bsc#1110006). - x86/microcode/intel: Look into the patch cache first (bsc#1110006). - x86/microcode/intel: Save microcode patch unconditionally (bsc#1110006). - x86/microcode/intel: Writeback and invalidate caches before updating microcode (bsc#1110006). - x86/microcode: Allow late microcode loading with SMT disabled (bsc#1110006). - x86/microcode: Attempt late loading only when new microcode is present (bsc#1110006). - x86/microcode: Do not exit early from __reload_late() (bsc#1110006). - x86/microcode: Do not upload microcode if CPUs are offline (bsc#1110006). - x86/microcode: Fix CPU synchronization routine (bsc#1110006). - x86/microcode: Get rid of struct apply_microcode_ctx (bsc#1110006). - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date (bsc#1110006). - x86/microcode: Make the late update update_lock a raw lock for RT (bsc#1110006). - x86/microcode: Propagate return value from updating functions (bsc#1110006). - x86/microcode: Request microcode on the BSP (bsc#1110006). - x86/microcode: Synchronize late microcode loading (bsc#1110006). - x86/microcode: Update the new microcode revision unconditionally (bsc#1110006). - x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() (bsc#1110006). - x86/mm/64: Rename the register_page_bootmem_memmap() 'size' parameter to 'nr_pages' (bsc#1110006). - x86/mm/kmmio: Fix mmiotrace for page unaligned addresses (bsc#1110006). - x86/mm/kmmio: Make the tracer robust against L1TF (bsc#1110006). - x86/mm/pat: Make set_memory_np() L1TF safe (bsc#1110006). - x86/mm/pti: Add an overflow check to pti_clone_pmds() (bsc#1110006). - x86/mm/pti: Fix PTI comment in entry_SYSCALL_64() (bsc#1110006). - x86/mm: Define _PAGE_TABLE using _KERNPG_TABLE (bsc#1110006). - x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init (bsc#1110006). - x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead of this_cpu_has() in build_cr3_noflush() (bsc#1110006). - x86/mm: Relocate page fault error codes to traps.h (bsc#1110006). - x86/mm: Remove in_nmi() warning from vmalloc_fault() (bsc#1110006). - x86/nmi: Fix NMI uaccess race against CR3 switching (bsc#1110006). - x86/numa_emulation: Fix emulated-to-physical node mapping (bsc#1110006). - x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() (bsc#1110006). - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear (bsc#1110006). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/paravirt: Remove 'noreplace-paravirt' cmdline option (bsc#1110006). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/pgtable: Do not set huge PUD/PMD on non-leaf entries (bsc#1110006). - x86/power: Fix swsusp_arch_resume prototype (bsc#1110006). - x86/pti: Check the return value of pti_user_pagetable_walk_p4d() (bsc#1110006). - x86/pti: Check the return value of pti_user_pagetable_walk_pmd() (bsc#1110006). - x86/retpoline/checksum32: Convert assembler indirect jumps (bsc#1110006). - x86/retpoline/irq32: Convert assembler indirect jumps (bsc#1110006). - x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread (bsc#1110006). - x86/smpboot: Do not use mwait_play_dead() on AMD systems (bsc#1110006). - x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable" (bsc#1110006). - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32-bit kernels (bsc#1110006). - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (bsc#1110006). - x86/speculation/l1tf: Extend 64bit swap file size limit (bsc#1110006). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bsc#1105536). - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bsc#1110006). - x86/speculation/l1tf: Invert all not present mappings (bsc#1110006). - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (bsc#1110006). - x86/speculation/l1tf: Protect PAE swap entries against L1TF (bsc#1110006). - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (bsc#1110006). - x86/time: Correct the attribute on jiffies' definition (bsc#1110006). - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (bsc#1110006). - x86/tsc: Add missing header to tsc_msr.c (bsc#1110006). - x86/tsc: Allow TSC calibration without PIT (bsc#1110006). - x86/tsc: Prevent 32bit truncation in calc_hpet_ref() (bsc#1110006). - x86/vdso: Fix asm constraints on vDSO syscall fallbacks (bsc#1110006). - x86/vdso: Fix vDSO syscall fallback asm constraint regression (bsc#1110006). - x86/xen: Delay get_cpu_cap until stack canary is established (bsc#1110006). - x86/xen: Drop 5-level paging support code from the XEN_PV code (bsc#1110006). - x86/xen: Reset VCPU0 info pointer after shared_info remap (bsc#1110006). - x86/xen: do not write ptes directly in 32-bit PV guests (bsc#1110006). - x86: Add check for APIC access address for vmentry of L2 guests (bsc#1110006). - x86: Call fixup_exception() before notify_die() in math_error() (bsc#1110006). - x86: Delay skip of emulated hypercall instruction (bsc#1110006). - x86: PM: Make APM idle driver initialize polling state (bsc#1110006). - x86: i8259: Add missing include file (bsc#1110006). - x86: kvm: avoid unused variable warning (bsc#1110006). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1065600). - xen/PVH: Set up GS segment for stack canary (bsc#1110006). - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1065600). - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code (bsc#1110006). - xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating guests (bsc#1110006). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025). - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI (bsc#1051510). - xhci: Do not print a warning when setting link state for disabled ports (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-2547=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2547=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2547=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2547=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2547=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-2547=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-25.25.1 kernel-default-debugsource-4.12.14-25.25.1 kernel-default-extra-4.12.14-25.25.1 kernel-default-extra-debuginfo-4.12.14-25.25.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-default-base-4.12.14-25.25.1 kernel-default-base-debuginfo-4.12.14-25.25.1 kernel-default-debuginfo-4.12.14-25.25.1 kernel-default-debugsource-4.12.14-25.25.1 kernel-obs-qa-4.12.14-25.25.1 kselftests-kmp-default-4.12.14-25.25.1 kselftests-kmp-default-debuginfo-4.12.14-25.25.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): kernel-docs-html-4.12.14-25.25.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-25.25.1 kernel-default-debugsource-4.12.14-25.25.1 reiserfs-kmp-default-4.12.14-25.25.1 reiserfs-kmp-default-debuginfo-4.12.14-25.25.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-25.25.1 kernel-obs-build-debugsource-4.12.14-25.25.1 kernel-syms-4.12.14-25.25.1 kernel-vanilla-base-4.12.14-25.25.1 kernel-vanilla-base-debuginfo-4.12.14-25.25.1 kernel-vanilla-debuginfo-4.12.14-25.25.1 kernel-vanilla-debugsource-4.12.14-25.25.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-25.25.1 kernel-source-4.12.14-25.25.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-25.25.1 kernel-default-debuginfo-4.12.14-25.25.1 kernel-default-debugsource-4.12.14-25.25.1 kernel-default-devel-4.12.14-25.25.1 kernel-default-devel-debuginfo-4.12.14-25.25.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-25.25.1 kernel-macros-4.12.14-25.25.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-25.25.1 kernel-zfcpdump-4.12.14-25.25.1 kernel-zfcpdump-debuginfo-4.12.14-25.25.1 kernel-zfcpdump-debugsource-4.12.14-25.25.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-25.25.1 cluster-md-kmp-default-debuginfo-4.12.14-25.25.1 dlm-kmp-default-4.12.14-25.25.1 dlm-kmp-default-debuginfo-4.12.14-25.25.1 gfs2-kmp-default-4.12.14-25.25.1 gfs2-kmp-default-debuginfo-4.12.14-25.25.1 kernel-default-debuginfo-4.12.14-25.25.1 kernel-default-debugsource-4.12.14-25.25.1 ocfs2-kmp-default-4.12.14-25.25.1 ocfs2-kmp-default-debuginfo-4.12.14-25.25.1 References: https://www.suse.com/security/cve/CVE-2017-16533.html https://www.suse.com/security/cve/CVE-2017-18224.html https://www.suse.com/security/cve/CVE-2018-18386.html https://www.suse.com/security/cve/CVE-2018-18445.html https://bugzilla.suse.com/1046540 https://bugzilla.suse.com/1050319 https://bugzilla.suse.com/1050536 https://bugzilla.suse.com/1050540 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055120 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1066674 https://bugzilla.suse.com/1067126 https://bugzilla.suse.com/1067906 https://bugzilla.suse.com/1076830 https://bugzilla.suse.com/1079524 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1084760 https://bugzilla.suse.com/1084831 https://bugzilla.suse.com/1086283 https://bugzilla.suse.com/1086288 https://bugzilla.suse.com/1094825 https://bugzilla.suse.com/1095805 https://bugzilla.suse.com/1099125 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1102881 https://bugzilla.suse.com/1103308 https://bugzilla.suse.com/1103543 https://bugzilla.suse.com/1104731 https://bugzilla.suse.com/1105025 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106838 https://bugzilla.suse.com/1107685 https://bugzilla.suse.com/1108241 https://bugzilla.suse.com/1108377 https://bugzilla.suse.com/1108468 https://bugzilla.suse.com/1108828 https://bugzilla.suse.com/1108841 https://bugzilla.suse.com/1108870 https://bugzilla.suse.com/1109151 https://bugzilla.suse.com/1109158 https://bugzilla.suse.com/1109217 https://bugzilla.suse.com/1109330 https://bugzilla.suse.com/1109739 https://bugzilla.suse.com/1109784 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1109818 https://bugzilla.suse.com/1109907 https://bugzilla.suse.com/1109911 https://bugzilla.suse.com/1109915 https://bugzilla.suse.com/1109919 https://bugzilla.suse.com/1109951 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1110096 https://bugzilla.suse.com/1110538 https://bugzilla.suse.com/1110561 https://bugzilla.suse.com/1110921 https://bugzilla.suse.com/1111028 https://bugzilla.suse.com/1111076 https://bugzilla.suse.com/1111506 https://bugzilla.suse.com/1111806 https://bugzilla.suse.com/1111819 https://bugzilla.suse.com/1111830 https://bugzilla.suse.com/1111834 https://bugzilla.suse.com/1111841 https://bugzilla.suse.com/1111870 https://bugzilla.suse.com/1111901 https://bugzilla.suse.com/1111904 https://bugzilla.suse.com/1111928 https://bugzilla.suse.com/1111983 https://bugzilla.suse.com/1112170 https://bugzilla.suse.com/1112173 https://bugzilla.suse.com/1112208 https://bugzilla.suse.com/1112219 https://bugzilla.suse.com/1112221 https://bugzilla.suse.com/1112246 https://bugzilla.suse.com/1112372 https://bugzilla.suse.com/1112514 https://bugzilla.suse.com/1112554 https://bugzilla.suse.com/1112708 https://bugzilla.suse.com/1112710 https://bugzilla.suse.com/1112711 https://bugzilla.suse.com/1112712 https://bugzilla.suse.com/1112713 https://bugzilla.suse.com/1112731 https://bugzilla.suse.com/1112732 https://bugzilla.suse.com/1112733 https://bugzilla.suse.com/1112734 https://bugzilla.suse.com/1112735 https://bugzilla.suse.com/1112736 https://bugzilla.suse.com/1112738 https://bugzilla.suse.com/1112739 https://bugzilla.suse.com/1112740 https://bugzilla.suse.com/1112741 https://bugzilla.suse.com/1112743 https://bugzilla.suse.com/1112745 https://bugzilla.suse.com/1112746 https://bugzilla.suse.com/1112894 https://bugzilla.suse.com/1112899 https://bugzilla.suse.com/1112902 https://bugzilla.suse.com/1112903 https://bugzilla.suse.com/1112905 https://bugzilla.suse.com/1112906 https://bugzilla.suse.com/1112907 https://bugzilla.suse.com/1113257 https://bugzilla.suse.com/1113284 From sle-security-updates at lists.suse.com Wed Oct 31 11:25:58 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 31 Oct 2018 18:25:58 +0100 (CET) Subject: SUSE-SU-2018:3590-1: important: Security update for wireshark Message-ID: <20181031172558.0E3CBFCBE@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3590-1 Rating: important References: #1111647 Cross-References: CVE-2018-12086 CVE-2018-18227 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for wireshark fixes the following issues: Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed: - CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) - CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2548=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2548=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2548=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2548=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2548=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2548=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2548=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2548=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2548=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2548=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-devel-2.4.10-48.32.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 - SUSE Enterprise Storage 4 (x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 References: https://www.suse.com/security/cve/CVE-2018-12086.html https://www.suse.com/security/cve/CVE-2018-18227.html https://bugzilla.suse.com/1111647 From sle-security-updates at lists.suse.com Wed Oct 31 11:26:44 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 31 Oct 2018 18:26:44 +0100 (CET) Subject: SUSE-SU-2018:3591-1: important: Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss Message-ID: <20181031172644.699BBFCBE@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3591-1 Rating: important References: #1012260 #1021577 #1026191 #1041469 #1041894 #1049703 #1061204 #1064786 #1065464 #1066489 #1073210 #1078436 #1091551 #1092697 #1094767 #1096515 #1107343 #1108771 #1108986 #1109363 #1109465 #1110506 #1110507 #703591 #839074 #857131 #893359 Cross-References: CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12381 CVE-2018-12383 CVE-2018-12385 CVE-2018-12386 CVE-2018-12387 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 17 fixes is now available. Description: This update for MozillaFirefox to ESR 60.2.2 fixes several issues. These general changes are part of the version 60 release. - New browser engine with speed improvements - Redesigned graphical user interface elements - Unified address and search bar for new installations - New tab page listing top visited, recently visited and recommended pages - Support for configuration policies in enterprise deployments via JSON files - Support for Web Authentication, allowing the use of USB tokens for authentication to web sites The following changes affect compatibility: - Now exclusively supports extensions built using the WebExtension API. - Unsupported legacy extensions will no longer work in Firefox 60 ESR - TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted The "security.pki.distrust_ca_policy" preference can be set to 0 to reinstate trust in those certificates The following issues affect performance: - new format for storing private keys, certificates and certificate trust If the user home or data directory is on a network file system, it is recommended that users set the following environment variable to avoid slowdowns: NSS_SDB_USE_CACHE=yes This setting is not recommended for local, fast file systems. These security issues were fixed: - CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation (bsc#1107343). - CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1107343). - CVE-2018-12376: Various memory safety bugs (bsc#1107343). - CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343). - CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343). - CVE-2018-12379: Out-of-bounds write with malicious MAR file (bsc#1107343). - CVE-2018-12386: Type confusion in JavaScript allowed remote code execution (bsc#1110506) - CVE-2018-12387: Array.prototype.push stack pointer vulnerability may enable exploits in the sandboxed content process (bsc#1110507) - CVE-2018-12385: Crash in TransportSecurityInfo due to cached data (bsc#1109363) - CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343) This update for mozilla-nspr to version 4.19 fixes the follwing issues - Added TCP Fast Open functionality - A socket without PR_NSPR_IO_LAYER will no longer trigger an assertion when polling This update for mozilla-nss to version 3.36.4 fixes the follwing issues - Connecting to a server that was recently upgraded to TLS 1.3 would result in a SSL_RX_MALFORMED_SERVER_HELLO error. - Fix a rare bug with PKCS#12 files. - Replaces existing vectorized ChaCha20 code with verified HACL* implementation. - TLS 1.3 support has been updated to draft -23. - Added formally verified implementations of non-vectorized Chacha20 and non-vectorized Poly1305 64-bit. - The following CA certificates were Removed: OU = Security Communication EV RootCA1 CN = CA Disig Root R1 CN = DST ACES CA X6 Certum CA, O=Unizeto Sp. z o.o. StartCom Certification Authority StartCom Certification Authority G2 T??B??TAK UEKAE K??k Sertifika Hizmet Sa??lay??c??s?? - S??r??m 3 ACEDICOM Root Certinomis - Autorit?? Racine T??RKTRUST Elektronik Sertifika Hizmet Sa??lay??c??s?? PSCProcert CA ???????????????, O=WoSign CA Limited Certification Authority of WoSign Certification Authority of WoSign G2 CA WoSign ECC Root Subject CN = VeriSign Class 3 Secure Server CA - G2 O = Japanese Government, OU = ApplicationCA CN = WellsSecure Public Root Certificate Authority CN = T??RKTRUST Elektronik Sertifika Hizmet Sa??lay??c??s?? H6 CN = Microsec e-Szigno Root * The following CA certificates were Removed: AddTrust Public CA Root AddTrust Qualified CA Root China Internet Network Information Center EV Certificates Root CNNIC ROOT ComSign Secured CA GeoTrust Global CA 2 Secure Certificate Services Swisscom Root CA 1 Swisscom Root EV CA 2 Trusted Certificate Services UTN-USERFirst-Hardware UTN-USERFirst-Object * The following CA certificates were Added CN = D-TRUST Root CA 3 2013 CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 GDCA TrustAUTH R5 ROOT SSL.com Root Certification Authority RSA SSL.com Root Certification Authority ECC SSL.com EV Root Certification Authority RSA R2 SSL.com EV Root Certification Authority ECC TrustCor RootCert CA-1 TrustCor RootCert CA-2 TrustCor ECA-1 * The Websites (TLS/SSL) trust bit was turned off for the following CA certificates: CN = Chambers of Commerce Root CN = Global Chambersign Root * TLS servers are able to handle a ClientHello statelessly, if the client supports TLS 1.3. If the server sends a HelloRetryRequest, it is possible to discard the server socket, and make a new socket to handle any subsequent ClientHello. This better enables stateless server operation. (This feature is added in support of QUIC, but it also has utility for DTLS 1.3 servers.) Due to the update of mozilla-nss apache2-mod_nss needs to be updated to change to the SQLite certificate database, which is now the default (bsc#1108771) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2549=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2549=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2549=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2549=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2549=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2549=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2549=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2549=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2549=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2549=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-devel-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 apache2-mod_nss-1.0.14-19.6.3 apache2-mod_nss-debuginfo-1.0.14-19.6.3 apache2-mod_nss-debugsource-1.0.14-19.6.3 libfreebl3-3.36.4-58.15.3 libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libfreebl3-hmac-3.36.4-58.15.3 libfreebl3-hmac-32bit-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-hmac-3.36.4-58.15.3 libsoftokn3-hmac-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-devel-60.2.2esr-109.46.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nspr-devel-4.19-19.3.1 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-devel-3.36.4-58.15.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-devel-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 apache2-mod_nss-1.0.14-19.6.3 apache2-mod_nss-debuginfo-1.0.14-19.6.3 apache2-mod_nss-debugsource-1.0.14-19.6.3 libfreebl3-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-hmac-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-hmac-3.36.4-58.15.3 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libfreebl3-hmac-32bit-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-hmac-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-devel-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 apache2-mod_nss-1.0.14-19.6.3 apache2-mod_nss-debuginfo-1.0.14-19.6.3 apache2-mod_nss-debugsource-1.0.14-19.6.3 libfreebl3-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-hmac-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-hmac-3.36.4-58.15.3 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nspr-devel-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-devel-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libfreebl3-hmac-32bit-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-hmac-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 apache2-mod_nss-1.0.14-19.6.3 apache2-mod_nss-debuginfo-1.0.14-19.6.3 apache2-mod_nss-debugsource-1.0.14-19.6.3 libfreebl3-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-hmac-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-hmac-3.36.4-58.15.3 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libfreebl3-hmac-32bit-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-hmac-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-devel-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 apache2-mod_nss-1.0.14-19.6.3 apache2-mod_nss-debuginfo-1.0.14-19.6.3 apache2-mod_nss-debugsource-1.0.14-19.6.3 libfreebl3-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-hmac-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-hmac-3.36.4-58.15.3 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libfreebl3-hmac-32bit-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-hmac-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-devel-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 apache2-mod_nss-1.0.14-19.6.3 apache2-mod_nss-debuginfo-1.0.14-19.6.3 apache2-mod_nss-debugsource-1.0.14-19.6.3 libfreebl3-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-hmac-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-hmac-3.36.4-58.15.3 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nspr-devel-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-devel-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libfreebl3-hmac-32bit-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-hmac-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-devel-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 libfreebl3-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-hmac-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-hmac-3.36.4-58.15.3 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nspr-devel-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-devel-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libfreebl3-hmac-32bit-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-hmac-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 libfreebl3-3.36.4-58.15.3 libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 - SUSE Enterprise Storage 4 (x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-devel-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 apache2-mod_nss-1.0.14-19.6.3 apache2-mod_nss-debuginfo-1.0.14-19.6.3 apache2-mod_nss-debugsource-1.0.14-19.6.3 libfreebl3-3.36.4-58.15.3 libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libfreebl3-hmac-3.36.4-58.15.3 libfreebl3-hmac-32bit-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-hmac-3.36.4-58.15.3 libsoftokn3-hmac-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 - SUSE CaaS Platform ALL (x86_64): libfreebl3-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 - SUSE CaaS Platform 3.0 (x86_64): libfreebl3-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 References: https://www.suse.com/security/cve/CVE-2017-16541.html https://www.suse.com/security/cve/CVE-2018-12376.html https://www.suse.com/security/cve/CVE-2018-12377.html https://www.suse.com/security/cve/CVE-2018-12378.html https://www.suse.com/security/cve/CVE-2018-12379.html https://www.suse.com/security/cve/CVE-2018-12381.html https://www.suse.com/security/cve/CVE-2018-12383.html https://www.suse.com/security/cve/CVE-2018-12385.html https://www.suse.com/security/cve/CVE-2018-12386.html https://www.suse.com/security/cve/CVE-2018-12387.html https://bugzilla.suse.com/1012260 https://bugzilla.suse.com/1021577 https://bugzilla.suse.com/1026191 https://bugzilla.suse.com/1041469 https://bugzilla.suse.com/1041894 https://bugzilla.suse.com/1049703 https://bugzilla.suse.com/1061204 https://bugzilla.suse.com/1064786 https://bugzilla.suse.com/1065464 https://bugzilla.suse.com/1066489 https://bugzilla.suse.com/1073210 https://bugzilla.suse.com/1078436 https://bugzilla.suse.com/1091551 https://bugzilla.suse.com/1092697 https://bugzilla.suse.com/1094767 https://bugzilla.suse.com/1096515 https://bugzilla.suse.com/1107343 https://bugzilla.suse.com/1108771 https://bugzilla.suse.com/1108986 https://bugzilla.suse.com/1109363 https://bugzilla.suse.com/1109465 https://bugzilla.suse.com/1110506 https://bugzilla.suse.com/1110507 https://bugzilla.suse.com/703591 https://bugzilla.suse.com/839074 https://bugzilla.suse.com/857131 https://bugzilla.suse.com/893359 From sle-security-updates at lists.suse.com Wed Oct 31 11:32:55 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 31 Oct 2018 18:32:55 +0100 (CET) Subject: SUSE-SU-2018:3593-1: important: Security update for the Linux Kernel Message-ID: <20181031173255.C3A2BFCBE@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3593-1 Rating: important References: #1046540 #1050319 #1050536 #1050540 #1051510 #1055120 #1065600 #1066674 #1067126 #1067906 #1076830 #1079524 #1083647 #1084760 #1084831 #1086283 #1086288 #1094825 #1095805 #1099125 #1100132 #1102881 #1103308 #1103543 #1104731 #1105025 #1105536 #1106105 #1106110 #1106237 #1106240 #1106838 #1107685 #1108241 #1108377 #1108468 #1108828 #1108841 #1108870 #1109151 #1109158 #1109217 #1109330 #1109739 #1109784 #1109806 #1109818 #1109907 #1109911 #1109915 #1109919 #1109951 #1110006 #1110096 #1110538 #1110561 #1110921 #1111028 #1111076 #1111506 #1111806 #1111819 #1111830 #1111834 #1111841 #1111870 #1111901 #1111904 #1111928 #1111983 #1112170 #1112173 #1112208 #1112219 #1112221 #1112246 #1112372 #1112514 #1112554 #1112708 #1112710 #1112711 #1112712 #1112713 #1112731 #1112732 #1112733 #1112734 #1112735 #1112736 #1112738 #1112739 #1112740 #1112741 #1112743 #1112745 #1112746 #1112894 #1112899 #1112902 #1112903 #1112905 #1112906 #1112907 #1113257 #1113284 Cross-References: CVE-2017-16533 CVE-2017-18224 CVE-2018-18386 CVE-2018-18445 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has 102 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18445: A faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-18224: fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The following non-security bugs were fixed: - acpi / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510). - acpica: Reference Counts: increase max to 0x4000 for large servers (bsc#1108241). - alsa: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 (bsc#1051510). - arm: 8799/1: mm: fix pci_ioremap_io() offset check (bsc#1051510). - arm: bcm2835: Add GET_THROTTLED firmware property (bsc#1108468). - arm: exynos: Clear global variable on init error path (bsc#1051510). - arm: hisi: check of_iomap and fix missing of_node_put (bsc#1051510). - arm: hwmod: RTC: Do not assume lock/unlock will be called with irq enabled (bsc#1051510). - arm: mvebu: declare asm symbols as character arrays in pmsu.c (bsc#1051510). - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510). - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510). - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510). - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510). - ASoC: wm8804: Add ACPI support (bsc#1051510). - Btrfs: fix file data corruption after cloning a range and fsync (bsc#1111901). - Btrfs: fix mount failure after fsync due to hard link recreation (bsc#1103543). - Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting (bsc#1111904). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - Delete patches.drivers/IB-qedr-Remove-GID-add-del-dummy-routines.patch. (bsc#1110921) - Disable DRM patches that broke vbox video driver KMP (bsc#1111076) - EDAC, ghes: Add DDR4 and NVDIMM memory types (bsc#1099125). - EDAC, skx: Fix skx_edac build error when ACPI_NFIT=m (bsc#1099125). - EDAC, skx_edac: Detect non-volatile DIMMs (bsc#1099125). - EDAC: Add new memory type for non-volatile DIMMs (bsc#1099125). - HID: add support for Apple Magic Keyboards (bsc#1051510). - HID: hid-saitek: Add device ID for RAT 7 Contagion (bsc#1051510). - HID: hid-sensor-hub: Force logical minimum to 1 for power and report state (bsc#1051510). - HID: quirks: fix support for Apple Magic Keyboards (bsc#1051510). - HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report (bsc#1051510). - input: atakbd - fix Atari CapsLock behaviour (bsc#1051510). - input: atakbd - fix Atari keymap (bsc#1051510). - kvm/vmx: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR path as unlikely() (bsc#1110006). - kvm: svm: Add MSR-based feature support for serializing LFENCE (bsc#1106240). - kvm: vmx: Tell the nested hypervisor to skip L1D flush on vmentry (bsc#1106240). - kvm: vmx: raise internal error for exception during invalid protected mode state (bsc#1110006). - kvm: vmx: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (bsc#1106240). - kvm: x86: Fix reserved bits check for MOV to CR3 (bsc#1110006). - kvm: x86: Introduce kvm_get_msr_feature() (bsc#1106240). - kvm: x86: fix incorrect reference of trace_kvm_pi_irte_update (bsc#1110006). - kvm: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use (bsc#1110006). - kvm: nvmx: Do not expose MPX VMX controls when guest MPX disabled (bsc#1106240). - kvm: nvmx: Do not halt vcpu when L1 is injecting events to L2 (bsc#1110006). - kvm: vmx: track host_state.loaded using a loaded_vmcs pointer (bsc#1110006). - kvm: vmx: use local variable for current_vmptr when emulating VMPTRST (bsc#1110006). - kvm: x86: Add a framework for supporting MSR-based features (bsc#1106240). - kvm: x86: Do not use kvm_x86_ops->mpx_supported() directly (bsc#1106240). - kvm: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed (bsc#1110006). - kvm: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506). - kvm: x86: fix #UD address of failed Hyper-V hypercalls (bsc#1110006). - kvm: x86: fix escape of guest dr6 to the host (bsc#1110006). - kvm: x86: remove APIC Timer periodic/oneshot spikes (bsc#1110006). - nfc: trf7970a: fix check of clock frequencies, use && instead of || (bsc#1051510). - nfs: Avoid quadratic search when freeing delegations (bsc#1084760). - pci: Reprogram bridge prefetch registers on resume (bsc#1051510). - pci: dwc: Fix scheduling while atomic issues (git-fixes). - pci: hv: Do not wait forever on a device that has disappeared (bsc#1109806). - pm / Domains: Fix genpd to deal with drivers returning 1 from ->prepare() (bsc#1051510). - pm / core: Clear the direct_complete flag on errors (bsc#1051510). - pm: cpuidle: Fix cpuidle_poll_state_init() prototype (bsc#1110006). - rdma/bnxt_re: Fix system crash during RDMA resource initialization (bsc#1086283). - Revert "Limit kernel-source build to architectures for which we build binaries" This reverts commit d6435125446d740016904abe30a60611549ae812. - Revert "cdc-acm: implement put_char() and flush_chars()" (bsc#1051510). - Revert "drm/amdgpu: Add an ATPX quirk for hybrid laptop" (bsc#1051510). - Revert "drm/i915/gvt: set max priority for gvt context" (bsc#1051510). - Revert "gpio: set up initial state from .get_direction()" (bsc#1051510). - Revert "iommu/io-pgtable: Avoid redundant TLB syncs" (bsc#1106237). - Revert "mwifiex: fix incorrect ht capability problem" (bsc#1051510). - Revert "mwifiex: handle race during mwifiex_usb_disconnect" (bsc#1051510). - Revert "pinctrl: sunxi: Do not enforce bias disable (for now)" (bsc#1051510). - Revert "slab: __GFP_ZERO is incompatible with a constructor" (bnc#1108828) This reverts commit de0a67303736262e306a3eb23aa38824b28c2764 because we still seem to have false possitives in the tree. - Revert "ubifs: xattr: Do not operate on deleted inodes" (bsc#1051510). - Squashfs: Compute expected length from inode size rather than block length (bsc#1051510). - usb: Add quirk to support DJI CineSSD (bsc#1051510). - usb: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller (bsc#1051510). - usb: fix error handling in usb_driver_claim_interface() (bsc#1051510). - usb: handle NULL config in usb_find_alt_setting() (bsc#1051510). - usb: remove LPM management from usb_driver_claim_interface() (bsc#1051510). - usb: serial: simple: add Motorola Tetra MTP6550 id (bsc#1051510). - usb: yurex: Check for truncation in yurex_read() (bsc#1051510). - usb: yurex: Fix buffer over-read in yurex_write() (bsc#1051510). - Use upstream version of pci-hyperv patch (35a88a1) - acpi, nfit: Add function to look up nvdimm device and provide SMBIOS handle (bsc#1099125). - aio: fix io_destroy(2) vs. lookup_ioctx() race (git-fixes). - apparmor: Check buffer bounds when mapping permissions mask (git-fixes). - apparmor: Fix failure to audit context info in build_change_hat (bsc#1051510). - apparmor: Fully initialize aa_perms struct when answering userspace query (bsc#1051510). - apparmor: fix mediation of prlimit (bsc#1051510). - apparmor: fix memory leak when deduping profile load (bsc#1051510). - apparmor: fix ptrace read check (bsc#1051510). - asix: Check for supported Wake-on-LAN modes (bsc#1051510). - ath10k: fix kernel panic issue during pci probe (bsc#1051510). - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510). - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock (bsc#1051510). - audit: fix use-after-free in audit_add_watch (bsc#1051510). - batman-adv: Avoid probe ELP information leak (bsc#1051510). - batman-adv: Fix multicast TT issues with bogus ROAM flags (bsc#1051510). - batman-adv: Fix segfault when writing to sysfs elp_interval (bsc#1051510). - batman-adv: Fix segfault when writing to throughput_override (bsc#1051510). - batman-adv: Prevent duplicated gateway_node entry (bsc#1051510). - batman-adv: Prevent duplicated global TT entry (bsc#1051510). - batman-adv: Prevent duplicated nc_node entry (bsc#1051510). - batman-adv: Prevent duplicated softif_vlan entry (bsc#1051510). - batman-adv: Prevent duplicated tvlv handler (bsc#1051510). - batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510). - batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510). - bdi: Fix another oops in wb_workfn() (bsc#1112746). - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746). - be2net: Fix memory leak in be_cmd_get_profile_config() (bsc#1086288). - be2net: remove unused old AIC info (bsc#1086288). - be2net: remove unused old custom busy-poll fields (bsc#1086288 ). - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713). - blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers (bsc#1111819). - block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708). - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712). - block: bvec_nr_vecs() returns value for wrong slab (bsc#1111834). - bnx2x: Fix invalid memory access in rss hash config path (bsc#1050319). - bnx2x: Fix receiving tx-timeout in error or recovery state (bsc#1050319). - bpf/verifier: disallow pointer subtraction (bsc#1083647). - bpf: make cavium thunder compatible w/ bpf_xdp_adjust_tail (bsc#1110096). - btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915). - cdc-acm: fix race between reset and control messaging (bsc#1051510). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983). - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() (bsc#1051510). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510). - clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure (bsc#1051510). - clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 (bsc#1051510). - clk: tegra: bpmp: Do not crash when a clock fails to register (bsc#1051510). - clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510). - clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail (bsc#1051510). - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bsc#1051510). - clocksource/drivers/timer-atmel-pit: Properly handle error cases (bsc#1051510). - coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510). - cpu/hotplug: Fix SMT supported evaluation (bsc#1110006). - cpufreq, intel_pstate: Allow unspecified FADT profile to probe PPC (bnc#1108841). - crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic (bsc#1051510). - crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions (bsc#1051510). - crypto: ccp - add timeout support in the SEV command (bsc#1106838). - crypto: chelsio - Fix memory corruption in DMA Mapped buffers (bsc#1051510). - crypto: mxs-dcp - Fix wait logic on chan threads (bsc#1051510). - crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() (bsc#1051510). - cxgb4: fix abort_req_rss6 struct (bsc#1046540). - cxgb4: when disabling dcb set txq dcb priority to 0 (bsc#1046540 ). - dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951). - debugobjects: Make stack check warning more informative (bsc#1051510). - declance: Fix continuation with the adapter identification message (bsc#1051510). - dmaengine: pl330: fix irq race with terminate_all (bsc#1051510). - drivers/base: stop new probing during shutdown (bsc#1051510). - drivers/tty: add error handling for pcmcia_loop_config (bsc#1051510). - drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode (bsc#1051510). - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510). - drm/amdgpu: Fix vce work queue was not cancelled when suspend (bsc#1106110) - drm/amdgpu: Pulling old prepare and submit for flip back (bsc#1051510). - drm/amdgpu: Update power state at the end of smu hw_init (bsc#1051510). - drm/amdgpu: add another ATPX quirk for TOPAZ (bsc#1051510). - drm/amdgpu: add new polaris pci id (bsc#1051510). - drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk (bsc#1106110) - drm/amdgpu: revert "fix deadlock of reservation between cs and gpu reset v2" (bsc#1051510). - drm/amdkfd: Fix error codes in kfd_get_process (bsc#1051510). - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510). - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510). - drm/i915: Handle incomplete Z_FINISH for compressed error states (bsc#1100132) - drm/nouveau/TBDdevinit: do not fail when PMU/PRE_OS is missing from VBIOS (bsc#1051510). - drm/nouveau/debugfs: Wake up GPU before doing any reclocking (bsc#1051510). - drm/nouveau/disp: fix DP disable race (bsc#1051510). - drm/nouveau/drm/nouveau: Do not forget to cancel hpd_work on suspend/unload (bsc#1051510). - drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early (bsc#1051510). - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() (bsc#1051510). - drm/nouveau: Fix deadlocks in nouveau_connector_detect() (bsc#1051510). - drm/nouveau: Fix runtime PM leak in drm_open() (bsc#1051510). - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping (bsc#1051510). - drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110) - drm/sun4i: Fix releasing node when enumerating enpoints (bsc#1051510). - drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510). - drm: udl: Destroy framebuffer only if it was initialized (bsc#1051510). - e1000: check on netif_running() before calling e1000_up() (bsc#1051510). - e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510). - eeprom: at24: change nvmem stride to 1 (bsc#1051510). - eeprom: at24: check at24_read/write arguments (bsc#1051510). - eeprom: at24: correctly set the size for at24mac402 (bsc#1051510). - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode (bsc#1110006). - enic: do not call enic_change_mtu in enic_probe (bsc#1051510). - enic: handle mtu change for vf properly (bsc#1051510). - enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510). - ethtool: Remove trailing semicolon for static inline (bsc#1051510). - ethtool: fix a privilege escalation bug (bsc#1076830). - evm: Do not deadlock if a crypto algorithm is unavailable (bsc#1051510). - ext2, dax: set ext2_dax_aops for dax files (bsc#1112554). - ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736). - ext4: avoid divide by zero fault when deleting corrupted inline directories (bsc#1112735). - ext4: check for NUL characters in extended attribute's name (bsc#1112732). - ext4: check to make sure the rename(2)'s destination is not freed (bsc#1112734). - ext4: do not mark mmp buffer head dirty (bsc#1112743). - ext4: fix online resize's handling of a too-small final block group (bsc#1112739). - ext4: fix online resizing for bigalloc file systems with a 1k block size (bsc#1112740). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733). - ext4: recalucate superblock checksum after updating free blocks/inodes (bsc#1112738). - ext4: reset error code in ext4_find_entry in fallback (bsc#1112731). - ext4: show test_dummy_encryption mount option in /proc/mounts (bsc#1112741). - fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510). - firmware, DMI: Add function to look up a handle and return DIMM size (bsc#1099125). - firmware: raspberrypi: Register hwmon driver (bsc#1108468). - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (bsc#1051510). - fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745). - fuse: Do not access pipe->buffers without pipe_lock() (bsc#1051510). - gpio: Fix crash due to registration race (bsc#1051510). - gpio: adp5588: Fix sleep-in-atomic-context bug (bsc#1051510). - gpio: mb86s70: Revert "Return error if requesting an already assigned gpio" (bsc#1051510). - gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall (bsc#1051510). - gpiolib: Free the last requested descriptor (bsc#1051510). - hfs: prevent crash on exit from failed search (bsc#1051510). - hfsplus: do not return 0 when fill_super() failed (bsc#1051510). - hfsplus: stop workqueue when fill_super() failed (bsc#1051510). - hv: avoid crash in vmbus sysfs files (bnc#1108377). - hv_netvsc: fix schedule in RCU context (). - hwmon: (adt7475) Make adt7475_read_word() return errors (bsc#1051510). - hwmon: (ina2xx) fix sysfs shunt resistor read access (bsc#1051510). - hwmon: (nct6775) Set weight source to zero correctly (bsc#1051510). - hwmon: Add support for RPi voltage sensor (bsc#1108468). - hwmon: rpi: add module alias to raspberrypi-hwmon (bsc#1108468). - hypfs_kill_super(): deal with failed allocations (bsc#1051510). - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510). - i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510). - intel_th: pci: Add Ice Lake PCH support (bsc#1051510). - iommu/amd: Clear memory encryption mask from physical address (bsc#1106105). - iommu/arm-smmu: Error out only if not enough context interrupts (bsc#1106237). - iommu/vt-d: Add definitions for PFSID (bsc#1106237). - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237). - iommu/vt-d: Fix scatterlist offset handling (bsc#1106237). - ipmi:ssif: Add support for multi-part transmit messages > 2 parts (bsc#1103308). - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() (git-fixes). - irq/core: Fix boot crash when the irqaffinity= boot parameter is passed on CPUMASK_OFFSTACK=y kernels(v1) (bsc#1051510). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1051510). - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510). - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510). - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface (bsc#1051510). - iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510). - iwlwifi: mvm: send BCAST management frames to the right station (bsc#1051510). - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value (bsc#1051510). - iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257). - kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240). - kabi protect enum mem_type (bsc#1099125). - kprobes/x86: Disable preemption in ftrace-based jprobes (bsc#1110006). - kprobes/x86: Fix %p uses in error messages (bsc#1110006). - kprobes/x86: Prohibit probing on exception masking instructions (bsc#1110006). - ksm: fix unlocked iteration over vmas in cmp_and_merge_page() (VM Functionality bsc#1111806). - kvm, mm: account shadow page tables to kmemcg (bsc#1110006). - kvm/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506). - kvm: Make VM ioctl do valloc for some archs (bsc#1111506). - kvm: x86: Set highest physical address bits in non-present/reserved SPTEs (bsc#1106240). - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl (bsc#1110006). - kvmclock: fix TSC calibration for nested guests (bsc#1110006). - lib/bug.c: exclude non-BUG/WARN exceptions from report_bug() (bsc#1110006). - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510). - lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510). - libertas: call into generic suspend code before turning off power (bsc#1051510). - liquidio: fix hang when re-binding VF host drv after running DPDK VF driver (bsc#1067126). - liquidio: fix kernel panic in VF driver (bsc#1067126). - loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711). - loop: do not call into filesystem while holding lo_ctl_mutex (bsc#1112710). - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284). - mac80211: Fix station bandwidth setting after channel switch (bsc#1051510). - mac80211: Run TXQ teardown code before de-registering interfaces (bsc#1051510). - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510). - mac80211: do not Tx a deauth frame if the AP forbade Tx (bsc#1051510). - mac80211: do not convert to A-MSDU if frag/subframe limited (bsc#1051510). - mac80211: fix a race between restart and CSA flows (bsc#1051510). - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys (bsc#1051510). - mac80211: mesh: fix HWMP sequence numbering to follow standard (bsc#1051510). - mac80211: minstrel: fix using short preamble CCK rates on HT clients (bsc#1051510). - mac80211: shorten the IBSS debug messages (bsc#1051510). - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510). - mac80211_hwsim: require at least one channel (bsc#1051510). - mach64: detect the dot clock divider correctly on sparc (bsc#1051510). - media: af9035: prevent buffer overflow on write (bsc#1051510). - media: davinci: vpif_display: Mix memory leak on probe error path (bsc#1051510). - media: fsl-viu: fix error handling in viu_of_probe() (bsc#1051510). - media: helene: fix xtal frequency setting at power on (bsc#1051510). - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power (bsc#1051510). - media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions (bsc#1051510). - media: soc_camera: ov772x: correct setting of banding filter (bsc#1051510). - media: tm6000: add error handling for dvb_register_adapter (bsc#1051510). - media: videobuf-dma-sg: Fix dma_{sync,unmap}_sg() calls (bsc#1051510). - media: videobuf2-core: check for q->error in vb2_core_qbuf() (bsc#1051510). - mm/migrate: Use spin_trylock() while resetting rate limit (). - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907). - mm: Preserve _PAGE_DEVMAP across mprotect() calls (bsc#1111028). - mm: fix BUG_ON() in vmf_insert_pfn_pud() from VM_MIXEDMAP removal (bsc#1111841). - mmc: block: avoid multiblock reads for the last sector in SPI mode (bsc#1051510). - mwifiex: handle race during mwifiex_usb_disconnect (bsc#1051510). - net: add support for Cavium PTP coprocessor (bsc#1110096). - net: cavium: fix NULL pointer dereference in cavium_ptp_put (bsc#1110096). - net: cavium: use module_pci_driver to simplify the code (bsc#1110096). - net: thunder: change q_len's type to handle max ring size (bsc#1110096). - net: thunderx: Set max queue count taking XDP_TX into account (bsc#1110096). - net: thunderx: add MAC address filter tracking for LMAC (bsc#1110096). - net: thunderx: add XCAST messages handlers for PF (bsc#1110096). - net: thunderx: add multicast filter management support (bsc#1110096). - net: thunderx: add ndo_set_rx_mode callback implementation for VF (bsc#1110096). - net: thunderx: add new messages for handle ndo_set_rx_mode callback (bsc#1110096). - net: thunderx: add timestamping support (bsc#1110096). - net: thunderx: add workqueue control structures for handle ndo_set_rx_mode request (bsc#1110096). - net: thunderx: check for failed allocation lmac->dmacs (bsc#1110096). - net: thunderx: fix double free error (bsc#1110096). - net: thunderx: move filter register related macro into proper place (bsc#1110096). - net: thunderx: prevent concurrent data re-writing by nicvf_set_rx_mode (bsc#1110096). - net: thunderx: remove a couple of redundant assignments (bsc#1110096). - net: thunderx: rework mac addresses list to u64 array (bsc#1110096). - nvme: call nvme_complete_rq when nvmf_check_ready fails for mpath I/O (bsc#1107685). - objtool, kprobes/x86: Sync the latest header with tools/objtool/arch/x86/include/asm/insn.h (bsc#1110006). - orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510). - orangefs: initialize op on loop restart in orangefs_devreq_read (bsc#1051510). - orangefs: use list_for_each_entry_safe in purge_waiting_ops (bsc#1051510). - orangefs_kill_sb(): deal with allocation failures (bsc#1051510). - ovl: Sync upper dirty data when syncing overlayfs (git-fixes). - ovl: fix format of setxattr debug (git-fixes). - perf/x86/amd/ibs: Do not access non-started event (bsc#1110006). - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr (bsc#1110006). - perf/x86/intel/lbr: Fix incomplete LBR call stack (bsc#1110006). - perf/x86/intel/uncore: Correct fixed counter index check for NHM (bsc#1110006). - perf/x86/intel/uncore: Correct fixed counter index check in generic code (bsc#1110006). - perf/x86/intel/uncore: Fix Skylake UPI event format (bsc#1110006). - perf/x86/intel: Do not accidentally clear high bits in bdw_limit_period() (bsc#1110006). - perf/x86/intel: Fix event update for auto-reload (bsc#1110006). - perf/x86/intel: Fix large period handling on Broadwell CPUs (bsc#1110006). - perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs (bsc#1110006). - perf/x86/intel: Properly save/restore the PMU state in the NMI handler (bsc#1110006). - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver (bsc#1110006). - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() (bsc#1110006). - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* (bsc#1110006). - powerpc/firmware: Add definitions for new drc-info firmware feature (bsc#1109158). - powerpc/numa: Skip onlining a offline node in kdump path (bsc#1109784). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1055120). - powerpc/pseries/mm: Introducing FW_FEATURE_BLOCK_REMOVE (bsc#1109158). - powerpc/pseries/mm: call H_BLOCK_REMOVE (bsc#1109158). - powerpc/pseries/mm: factorize PTE slot computation (bsc#1109158). - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes). - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes). - powerpc/pseries: Fix duplicate firmware feature for DRC_INFO (bsc#1109158). - powerpc/rtas: Fix a potential race between CPU-Offline & Migration (bsc#1111870). - printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208). - printk: drop in_nmi check from printk_safe_flush_on_panic() (bsc#1112170). - proc: restrict kernel stack dumps to root (git-fixes). blacklist.conf: - ptrace,x86: Make user_64bit_mode() available to 32-bit builds (bsc#1110006). - qed: Add missing device config for RoCE EDPM in UFP mode (bsc#1109217). - qed: Avoid sending mailbox commands when MFW is not responsive (bsc#1050536). - qed: Do not add VLAN 0 tag to untagged frames in multi-function mode (bsc#1050536). - qed: Fix populating the invalid stag value in multi function mode (bsc#1050536). - qed: Fix shmem structure inconsistency between driver and the mfw (bsc#1110561). - qed: Prevent a possible deadlock during driver load and unload (bsc#1050536). - qed: Wait for MCP halt and resume commands to take place (bsc#1050536). - qed: Wait for ready indication before rereading the shmem (bsc#1050536). - qlcnic: fix Tx descriptor corruption on 82xx devices (bsc#1050540). - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface (bsc#1051510). - qmi_wwan: set DTR for modems in forced USB2 mode (bsc#1051510). - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510). - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bsc#1051510). - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760). - rculist: add list_for_each_entry_from_rcu() (bsc#1084760). - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - rename a hv patch to reduce conflicts in -AZURE - reorder a qedi patch to allow further work in this branch - rpc_pipefs: fix double-dput() (bsc#1051510). - rtc: bq4802: add error handling for devm_ioremap (bsc#1051510). - sched/numa: Limit the conditions where scan period is reset (). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: ipr: Eliminate duplicate barriers (). - scsi: ipr: Use dma_pool_zalloc() (). - scsi: ipr: fix incorrect indentation of assignment statement (). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: qedi: Add the CRC size within iSCSI NVM image (bsc#1110538). - scsi: qedi: Initialize the stats mutex lock (bsc#1110538). - scsi: qla2xxx: Fix NVMe Target discovery (bsc#1108870). - scsi: qla2xxx: Fix NVMe session hang on unload (bsc#1108870). - scsi: qla2xxx: Fix driver hang when FC-NVMe LUNs are configured (bsc#1108870). - scsi: qla2xxx: Fix duplicate switch database entries (bsc#1108870). - scsi: qla2xxx: Fix for double free of SRB structure (bsc#1108870). - scsi: qla2xxx: Fix memory leak for allocating abort IOCB (bsc#1111830). - scsi: qla2xxx: Fix re-using LoopID when handle is in use (bsc#1108870). - scsi: qla2xxx: Fix recursive mailbox timeout (bsc#1108870). - scsi: qla2xxx: Move log messages before issuing command to firmware (bsc#1108870). - scsi: qla2xxx: Return switch command on a timeout (bsc#1108870). - scsi: qla2xxx: do not allow negative thresholds (bsc#1108870). - scsi: target: prefer dbroot of /etc/target over /var/target (bsc#1111928). - selftests/x86: Add tests for User-Mode Instruction Prevention (bsc#1110006). - selftests/x86: Add tests for the STR and SLDT instructions (bsc#1110006). - serial: 8250_exar: Read INT0 from slave device, too (bsc#1051510). - serial: cpm_uart: return immediately from console poll (bsc#1051510). - serial: imx: restore handshaking irq for imx1 (bsc#1051510). - series.conf: moved some Xen patches to the sorted region xen/blkfront: correct purging of persistent grants (bnc#1112514). - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift() (bsc#1051510). - soc: mediatek: pwrap: fix cipher init setting error (bsc#1051510). - sock_diag: fix use-after-free read in __sk_free (bsc#1051510). - soreuseport: initialise timewait reuseport field (bsc#1051510). - sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510). - sound: enable interrupt after dma buffer initialization (bsc#1051510). - spi: rspi: Fix interrupted DMA transfers (bsc#1051510). - spi: rspi: Fix invalid SPI use during system suspend (bsc#1051510). - spi: sh-msiof: Fix handling of write value for SISTR register (bsc#1051510). - spi: sh-msiof: Fix invalid SPI use during system suspend (bsc#1051510). - spi: tegra20-slink: explicitly enable/disable clock (bsc#1051510). - squashfs metadata 2: electric boogaloo (bsc#1051510). - squashfs: be more careful about metadata corruption (bsc#1051510). - squashfs: more metadata hardening (bsc#1051510). - squashfs: more metadata hardening (bsc#1051510). - stm: Potential read overflow in stm_char_policy_set_ioctl() (bsc#1051510). - supported.conf: added cavium_ptp - supported.conf: mark raspberrypi-hwmon as supported - switchtec: Fix Spectre v1 vulnerability (bsc#1051510). - sysfs: Do not return POSIX ACL xattrs via listxattr (git-fixes). - target: log Data-Out timeouts as errors (bsc#1095805). - target: log NOP ping timeouts as errors (bsc#1095805). - target: split out helper for cxn timeout error stashing (bsc#1095805). - target: stash sess_err_stats on Data-Out timeout (bsc#1095805). - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805). - team: Forbid enslaving team device to itself (bsc#1051510). - thermal: of-thermal: disable passive polling when thermal zone is disabled (bsc#1051510). - tools/vm/page-types.c: fix "defined but not used" warning (bsc#1051510). - tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510). - tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} (bsc#1110006). - tracing: Add barrier to trace_printk() buffer nesting modification (bsc#1112219). - tsl2550: fix lux1_input error in low light (bsc#1051510). - tty: Drop tty->count on tty_reopen() failure (bsc#1051510). - tty: rocket: Fix possible buffer overwrite on register_PCI (bsc#1051510). - tty: serial: exar: Relocate sleep wake-up handling (bsc#1051510). - tty: serial: lpuart: avoid leaking struct tty_struct (bsc#1051510). - tty: vt_ioctl: fix potential Spectre v1 (bsc#1051510). - ubifs: Check for name being NULL while mounting (bsc#1051510). - udp: Unbreak modules that rely on external __skb_recv_udp() availability (bsc#1109151). - uprobes/x86: Prohibit probing on MOV SS instruction (bsc#1110006). - usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() (bsc#1051510). - usb: cdc_acm: Do not leak URB buffers (bsc#1051510). - usb: dwc2: Turn on uframe_sched on "amlogic" platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on "bcm" platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on "his" platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on "stm32f4x9_fsotg" platforms (bsc#1102881). - usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] (bsc#1051510). - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() (bsc#1051510). - usb: misc: uss720: Fix two sleep-in-atomic-context bugs (bsc#1051510). - usb: musb: dsps: do not disable CPPI41 irq in driver teardown (bsc#1051510). - usb: uas: add support for more quirk flags (bsc#1051510). - usb: wusbcore: security: cast sizeof to int for comparison (bsc#1051510). - usb: xhci-mtk: resume USB3 roothub first (bsc#1051510). - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (bsc#1109739). - uwb: hwa-rc: fix memory leak at probe (bsc#1051510). - vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page (bsc#1110006). - virtio: pci-legacy: Validate queue pfn (bsc#1051510). - vmbus: do not return values for uninitalized channels (bsc#1051510). - vti4: Do not count header length twice on tunnel setup (bsc#1051510). - vti6: fix PMTU caching and reporting on xmit (bsc#1051510). - vti6: remove !skb->ignore_df check from vti6_xmit() (bsc#1051510). - x86-64/realmode: Add instruction suffix (bsc#1110006). - x86-memory_failure-Introduce-set-clear-_mce_nospec.patch: One more fixup to avoid even warning about statement without effect. - x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present (bsc#1110006). - x86/CPU: Add a microcode loader callback (bsc#1110006). - x86/CPU: Check CPU feature bits after microcode upgrade (bsc#1110006). - x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006). - x86/KVM/VMX: Do not set l1tf_flush_l1d from vmx_handle_external_intr() (bsc#1110006). - x86/KVM/VMX: Do not set l1tf_flush_l1d to true from vmx_l1d_flush() (bsc#1110006). - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() (bsc#1110006). - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' (bsc#1110006). - x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount (bsc#1110006). - x86/LDT: Avoid warning in 32-bit builds with older gcc (bsc#1110006). - x86/MCE/AMD: Define a function to get SMCA bank type (bsc#1110006). - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() (bsc#1110006). - x86/MCE: Remove min interval polling limitation (bsc#1110006). - x86/MCE: Report only DRAM ECC as memory errors on AMD systems (bsc#1110006). - x86/MCE: Serialize sysfs changes (bsc#1110006). - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted (bsc#1110006). - x86/alternatives: Fixup alternative_call_2 (bsc#1110006). - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified (bsc#1110006). - x86/asm: Add _ASM_ARG* constants for argument registers to (bsc#1110006). - x86/asm: Allow again using asm.h when building for the 'bpf' clang target (bsc#1110006). - x86/asm: Do not use the confusing '.ifeq' directive (bsc#1110006). - x86/boot/64: Verify alignment of the LOAD segment (bsc#1110006). - x86/boot/compressed/64: Print error if 5-level paging is not supported (bsc#1110006). - x86/boot: Fix if_changed build flip/flop bug (bsc#1110006). - x86/boot: Move EISA setup to a separate file (bsc#1110006). - x86/boot: Relocate definition of the initial state of CR0 (bsc#1110006). - x86/build: Beautify build log of syscall headers (bsc#1110006). - x86/cpu/AMD: Apply the Erratum 688 fix when the BIOS does not (bsc#1110006). - x86/cpu/intel: Add missing TLB cpuid values (bsc#1110006). - x86/cpufeature: Add User-Mode Instruction Prevention definitions (bsc#1110006). - x86/cpufeatures: Add Intel PCONFIG cpufeature (bsc#1110006). - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature (bsc#1110006). - x86/debug: Handle warnings before the notifier chain, to fix KGDB crash (bsc#1110006). - x86/decoder: Add new TEST instruction pattern (bsc#1110006). - x86/efi: Fix efi_call_phys_epilog() with CONFIG_X86_5LEVEL=y (bsc#1110006). - x86/eisa: Add missing include (bsc#1110006). - x86/entry/64: Add two more instruction suffixes (bsc#1110006). - x86/entry/64: Use 'xorl' for faster register clearing (bsc#1110006). - x86/entry: Reduce the code footprint of the 'idtentry' macro (bsc#1110006). - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() (bsc#1110006). - x86/fpu/debug: Remove unused 'x86_fpu_state' and 'x86_fpu_deactivate_state' tracepoints (bsc#1110006). - x86/fpu: Make XSAVE check the base CPUID features before enabling (bsc#1110006). - x86/fpu: Parse clearcpuid= as early XSAVE argument (bsc#1110006). - x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006). - x86/fpu: Remove the explicit clearing of XSAVE dependent features (bsc#1110006). - x86/hyperv: Check for required priviliges in hyperv_init() (bsc#1110006). - x86/intel_rdt: Enable CMT and MBM on new Skylake stepping (bsc#1110006). - x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-directory in resctrl file system (bsc#1110006). - x86/intel_rdt: Fix potential deadlock during resctrl mount (bsc#1110006). - x86/intel_rdt: Fix potential deadlock during resctrl unmount (bsc#1110006). - x86/irq: Remove an old outdated comment about context tracking races (bsc#1110006). - x86/kasan: Panic if there is not enough memory to boot (bsc#1110006). - x86/kexec: Make kexec (mostly) work in 5-level paging mode (bsc#1110006). - x86/kprobes: Fix kernel crash when probing .entry_trampoline code (bsc#1110006). - x86/kvm/vmx: Remove duplicate l1d flush definitions (bsc#1110006). - x86/mce/AMD: Get address from already initialized block (bsc#1110006). - x86/mce: Add notifier_block forward declaration (bsc#1110006). - x86/mce: Check for alternate indication of machine check recovery on Skylake (bsc#1110006). - x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() (bsc#1110006). - x86/mce: Fix incorrect "Machine check from unknown source" message (bsc#1110006). - x86/microcode/intel: Check microcode revision before updating sibling threads (bsc#1110006). - x86/microcode/intel: Fix memleak in save_microcode_patch() (bsc#1110006). - x86/microcode/intel: Look into the patch cache first (bsc#1110006). - x86/microcode/intel: Save microcode patch unconditionally (bsc#1110006). - x86/microcode/intel: Writeback and invalidate caches before updating microcode (bsc#1110006). - x86/microcode: Allow late microcode loading with SMT disabled (bsc#1110006). - x86/microcode: Attempt late loading only when new microcode is present (bsc#1110006). - x86/microcode: Do not exit early from __reload_late() (bsc#1110006). - x86/microcode: Do not upload microcode if CPUs are offline (bsc#1110006). - x86/microcode: Fix CPU synchronization routine (bsc#1110006). - x86/microcode: Get rid of struct apply_microcode_ctx (bsc#1110006). - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date (bsc#1110006). - x86/microcode: Make the late update update_lock a raw lock for RT (bsc#1110006). - x86/microcode: Propagate return value from updating functions (bsc#1110006). - x86/microcode: Request microcode on the BSP (bsc#1110006). - x86/microcode: Synchronize late microcode loading (bsc#1110006). - x86/microcode: Update the new microcode revision unconditionally (bsc#1110006). - x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() (bsc#1110006). - x86/mm/64: Rename the register_page_bootmem_memmap() 'size' parameter to 'nr_pages' (bsc#1110006). - x86/mm/kmmio: Fix mmiotrace for page unaligned addresses (bsc#1110006). - x86/mm/kmmio: Make the tracer robust against L1TF (bsc#1110006). - x86/mm/pat: Make set_memory_np() L1TF safe (bsc#1110006). - x86/mm/pti: Add an overflow check to pti_clone_pmds() (bsc#1110006). - x86/mm/pti: Fix PTI comment in entry_SYSCALL_64() (bsc#1110006). - x86/mm: Define _PAGE_TABLE using _KERNPG_TABLE (bsc#1110006). - x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init (bsc#1110006). - x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead of this_cpu_has() in build_cr3_noflush() (bsc#1110006). - x86/mm: Relocate page fault error codes to traps.h (bsc#1110006). - x86/mm: Remove in_nmi() warning from vmalloc_fault() (bsc#1110006). - x86/nmi: Fix NMI uaccess race against CR3 switching (bsc#1110006). - x86/numa_emulation: Fix emulated-to-physical node mapping (bsc#1110006). - x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() (bsc#1110006). - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear (bsc#1110006). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/paravirt: Remove 'noreplace-paravirt' cmdline option (bsc#1110006). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/pgtable: Do not set huge PUD/PMD on non-leaf entries (bsc#1110006). - x86/power: Fix swsusp_arch_resume prototype (bsc#1110006). - x86/pti: Check the return value of pti_user_pagetable_walk_p4d() (bsc#1110006). - x86/pti: Check the return value of pti_user_pagetable_walk_pmd() (bsc#1110006). - x86/retpoline/checksum32: Convert assembler indirect jumps (bsc#1110006). - x86/retpoline/irq32: Convert assembler indirect jumps (bsc#1110006). - x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread (bsc#1110006). - x86/smpboot: Do not use mwait_play_dead() on AMD systems (bsc#1110006). - x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable" (bsc#1110006). - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32-bit kernels (bsc#1110006). - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (bsc#1110006). - x86/speculation/l1tf: Extend 64bit swap file size limit (bsc#1110006). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bsc#1105536). - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bsc#1110006). - x86/speculation/l1tf: Invert all not present mappings (bsc#1110006). - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (bsc#1110006). - x86/speculation/l1tf: Protect PAE swap entries against L1TF (bsc#1110006). - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (bsc#1110006). - x86/time: Correct the attribute on jiffies' definition (bsc#1110006). - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (bsc#1110006). - x86/tsc: Add missing header to tsc_msr.c (bsc#1110006). - x86/tsc: Allow TSC calibration without PIT (bsc#1110006). - x86/tsc: Prevent 32bit truncation in calc_hpet_ref() (bsc#1110006). - x86/vdso: Fix asm constraints on vDSO syscall fallbacks (bsc#1110006). - x86/vdso: Fix vDSO syscall fallback asm constraint regression (bsc#1110006). - x86/xen: Delay get_cpu_cap until stack canary is established (bsc#1110006). - x86/xen: Drop 5-level paging support code from the XEN_PV code (bsc#1110006). - x86/xen: Reset VCPU0 info pointer after shared_info remap (bsc#1110006). - x86/xen: do not write ptes directly in 32-bit PV guests (bsc#1110006). - x86: Add check for APIC access address for vmentry of L2 guests (bsc#1110006). - x86: Call fixup_exception() before notify_die() in math_error() (bsc#1110006). - x86: Delay skip of emulated hypercall instruction (bsc#1110006). - x86: PM: Make APM idle driver initialize polling state (bsc#1110006). - x86: i8259: Add missing include file (bsc#1110006). - x86: kvm: avoid unused variable warning (bsc#1110006). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1065600). - xen/PVH: Set up GS segment for stack canary (bsc#1110006). - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1065600). - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code (bsc#1110006). - xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating guests (bsc#1110006). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025). - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI (bsc#1051510). - xhci: Do not print a warning when setting link state for disabled ports (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-2547=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-25.25.1 kernel-default-debugsource-4.12.14-25.25.1 kernel-default-livepatch-4.12.14-25.25.1 kernel-livepatch-4_12_14-25_25-default-1-1.3.1 kernel-livepatch-4_12_14-25_25-default-debuginfo-1-1.3.1 References: https://www.suse.com/security/cve/CVE-2017-16533.html https://www.suse.com/security/cve/CVE-2017-18224.html https://www.suse.com/security/cve/CVE-2018-18386.html https://www.suse.com/security/cve/CVE-2018-18445.html https://bugzilla.suse.com/1046540 https://bugzilla.suse.com/1050319 https://bugzilla.suse.com/1050536 https://bugzilla.suse.com/1050540 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055120 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1066674 https://bugzilla.suse.com/1067126 https://bugzilla.suse.com/1067906 https://bugzilla.suse.com/1076830 https://bugzilla.suse.com/1079524 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1084760 https://bugzilla.suse.com/1084831 https://bugzilla.suse.com/1086283 https://bugzilla.suse.com/1086288 https://bugzilla.suse.com/1094825 https://bugzilla.suse.com/1095805 https://bugzilla.suse.com/1099125 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1102881 https://bugzilla.suse.com/1103308 https://bugzilla.suse.com/1103543 https://bugzilla.suse.com/1104731 https://bugzilla.suse.com/1105025 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106838 https://bugzilla.suse.com/1107685 https://bugzilla.suse.com/1108241 https://bugzilla.suse.com/1108377 https://bugzilla.suse.com/1108468 https://bugzilla.suse.com/1108828 https://bugzilla.suse.com/1108841 https://bugzilla.suse.com/1108870 https://bugzilla.suse.com/1109151 https://bugzilla.suse.com/1109158 https://bugzilla.suse.com/1109217 https://bugzilla.suse.com/1109330 https://bugzilla.suse.com/1109739 https://bugzilla.suse.com/1109784 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1109818 https://bugzilla.suse.com/1109907 https://bugzilla.suse.com/1109911 https://bugzilla.suse.com/1109915 https://bugzilla.suse.com/1109919 https://bugzilla.suse.com/1109951 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1110096 https://bugzilla.suse.com/1110538 https://bugzilla.suse.com/1110561 https://bugzilla.suse.com/1110921 https://bugzilla.suse.com/1111028 https://bugzilla.suse.com/1111076 https://bugzilla.suse.com/1111506 https://bugzilla.suse.com/1111806 https://bugzilla.suse.com/1111819 https://bugzilla.suse.com/1111830 https://bugzilla.suse.com/1111834 https://bugzilla.suse.com/1111841 https://bugzilla.suse.com/1111870 https://bugzilla.suse.com/1111901 https://bugzilla.suse.com/1111904 https://bugzilla.suse.com/1111928 https://bugzilla.suse.com/1111983 https://bugzilla.suse.com/1112170 https://bugzilla.suse.com/1112173 https://bugzilla.suse.com/1112208 https://bugzilla.suse.com/1112219 https://bugzilla.suse.com/1112221 https://bugzilla.suse.com/1112246 https://bugzilla.suse.com/1112372 https://bugzilla.suse.com/1112514 https://bugzilla.suse.com/1112554 https://bugzilla.suse.com/1112708 https://bugzilla.suse.com/1112710 https://bugzilla.suse.com/1112711 https://bugzilla.suse.com/1112712 https://bugzilla.suse.com/1112713 https://bugzilla.suse.com/1112731 https://bugzilla.suse.com/1112732 https://bugzilla.suse.com/1112733 https://bugzilla.suse.com/1112734 https://bugzilla.suse.com/1112735 https://bugzilla.suse.com/1112736 https://bugzilla.suse.com/1112738 https://bugzilla.suse.com/1112739 https://bugzilla.suse.com/1112740 https://bugzilla.suse.com/1112741 https://bugzilla.suse.com/1112743 https://bugzilla.suse.com/1112745 https://bugzilla.suse.com/1112746 https://bugzilla.suse.com/1112894 https://bugzilla.suse.com/1112899 https://bugzilla.suse.com/1112902 https://bugzilla.suse.com/1112903 https://bugzilla.suse.com/1112905 https://bugzilla.suse.com/1112906 https://bugzilla.suse.com/1112907 https://bugzilla.suse.com/1113257 https://bugzilla.suse.com/1113284