From sle-security-updates at lists.suse.com Mon Sep 3 13:07:58 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 3 Sep 2018 21:07:58 +0200 (CEST) Subject: SUSE-SU-2018:2593-1: important: Security update for spice-gtk Message-ID: <20180903190758.8EB35FD53@maintenance.suse.de> SUSE Security Update: Security update for spice-gtk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2593-1 Rating: important References: #1101295 #1104448 Cross-References: CVE-2018-10873 CVE-2018-10893 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for spice-gtk fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Avoid buffer overflow on image lz checks (bsc#1101295) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1826=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libspice-client-glib-2_0-8-0.25-5.3.1 libspice-client-glib-2_0-8-debuginfo-0.25-5.3.1 libspice-client-gtk-2_0-4-0.25-5.3.1 libspice-client-gtk-2_0-4-debuginfo-0.25-5.3.1 libspice-client-gtk-3_0-4-0.25-5.3.1 libspice-client-gtk-3_0-4-debuginfo-0.25-5.3.1 libspice-controller0-0.25-5.3.1 libspice-controller0-debuginfo-0.25-5.3.1 spice-gtk-debuginfo-0.25-5.3.1 spice-gtk-debugsource-0.25-5.3.1 typelib-1_0-SpiceClientGlib-2_0-0.25-5.3.1 typelib-1_0-SpiceClientGtk-3_0-0.25-5.3.1 References: https://www.suse.com/security/cve/CVE-2018-10873.html https://www.suse.com/security/cve/CVE-2018-10893.html https://bugzilla.suse.com/1101295 https://bugzilla.suse.com/1104448 From sle-security-updates at lists.suse.com Mon Sep 3 13:08:38 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 3 Sep 2018 21:08:38 +0200 (CEST) Subject: SUSE-SU-2018:2594-1: important: Security update for spice-gtk Message-ID: <20180903190838.73D8AFD53@maintenance.suse.de> SUSE Security Update: Security update for spice-gtk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2594-1 Rating: important References: #1101295 #1104448 Cross-References: CVE-2018-10873 CVE-2018-10893 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for spice-gtk fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Avoid buffer overflow on image lz checks (bsc#1101295) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1824=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1824=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1824=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): spice-gtk-debuginfo-0.33-3.6.1 spice-gtk-debugsource-0.33-3.6.1 spice-gtk-devel-0.33-3.6.1 typelib-1_0-SpiceClientGtk-3_0-0.33-3.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libspice-client-glib-2_0-8-0.33-3.6.1 libspice-client-glib-2_0-8-debuginfo-0.33-3.6.1 libspice-client-glib-helper-0.33-3.6.1 libspice-client-glib-helper-debuginfo-0.33-3.6.1 libspice-client-gtk-3_0-5-0.33-3.6.1 libspice-client-gtk-3_0-5-debuginfo-0.33-3.6.1 libspice-controller0-0.33-3.6.1 libspice-controller0-debuginfo-0.33-3.6.1 spice-gtk-debuginfo-0.33-3.6.1 spice-gtk-debugsource-0.33-3.6.1 typelib-1_0-SpiceClientGlib-2_0-0.33-3.6.1 typelib-1_0-SpiceClientGtk-3_0-0.33-3.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libspice-client-glib-2_0-8-0.33-3.6.1 libspice-client-glib-2_0-8-debuginfo-0.33-3.6.1 libspice-client-glib-helper-0.33-3.6.1 libspice-client-glib-helper-debuginfo-0.33-3.6.1 libspice-client-gtk-3_0-5-0.33-3.6.1 libspice-client-gtk-3_0-5-debuginfo-0.33-3.6.1 libspice-controller0-0.33-3.6.1 libspice-controller0-debuginfo-0.33-3.6.1 spice-gtk-debuginfo-0.33-3.6.1 spice-gtk-debugsource-0.33-3.6.1 typelib-1_0-SpiceClientGlib-2_0-0.33-3.6.1 typelib-1_0-SpiceClientGtk-3_0-0.33-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-10873.html https://www.suse.com/security/cve/CVE-2018-10893.html https://bugzilla.suse.com/1101295 https://bugzilla.suse.com/1104448 From sle-security-updates at lists.suse.com Mon Sep 3 13:09:17 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 3 Sep 2018 21:09:17 +0200 (CEST) Subject: SUSE-SU-2018:2595-1: important: Security update for spice Message-ID: <20180903190917.23D70FD53@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2595-1 Rating: important References: #1101295 #1104448 Cross-References: CVE-2018-10873 CVE-2018-10893 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for spice fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Avoid buffer overflow on image lz checks (bsc#1101295) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1825=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1825=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1825=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libspice-server-devel-0.12.8-6.1 spice-debugsource-0.12.8-6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libspice-server1-0.12.8-6.1 libspice-server1-debuginfo-0.12.8-6.1 spice-debugsource-0.12.8-6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libspice-server1-0.12.8-6.1 libspice-server1-debuginfo-0.12.8-6.1 spice-debugsource-0.12.8-6.1 References: https://www.suse.com/security/cve/CVE-2018-10873.html https://www.suse.com/security/cve/CVE-2018-10893.html https://bugzilla.suse.com/1101295 https://bugzilla.suse.com/1104448 From sle-security-updates at lists.suse.com Mon Sep 3 13:09:59 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 3 Sep 2018 21:09:59 +0200 (CEST) Subject: SUSE-SU-2018:2596-1: important: Security update for the Linux Kernel Message-ID: <20180903190959.8CBE7FD53@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2596-1 Rating: important References: #1012382 #1064232 #1065364 #1068032 #1076110 #1082653 #1082979 #1085042 #1085536 #1086457 #1087081 #1089343 #1090123 #1090435 #1091171 #1091860 #1092001 #1094244 #1095643 #1096254 #1096978 #1097771 #1098253 #1098599 #1099792 #1099811 #1099813 #1099844 #1099845 #1099846 #1099849 #1099858 #1099863 #1099864 #1100132 #1100843 #1100930 #1101296 #1101331 #1101658 #1101789 #1101822 #1101841 #1102188 #1102197 #1102203 #1102205 #1102207 #1102211 #1102214 #1102215 #1102340 #1102394 #1102683 #1102715 #1102797 #1102851 #1103097 #1103119 #1103269 #1103445 #1103580 #1103717 #1103745 #1103884 #1104174 #1104319 #1104365 #1104494 #1104495 #1104897 #1105292 #970506 Cross-References: CVE-2017-18344 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-14734 CVE-2018-3620 CVE-2018-3646 CVE-2018-5390 CVE-2018-5391 CVE-2018-9363 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP3 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 58 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 RT kernel was updated to 4.4.147 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 bsc#1103580). - CVE-2018-10876: A flaw was found in the ext4 filesystem code. A use-after-free was possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. (bnc#1099811) - CVE-2018-10877: The ext4 filesystem was vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. (bnc#1099846) - CVE-2018-10878: A flaw was found in the ext4 filesystem. A local user could cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. (bnc#1099813) - CVE-2018-10879: A flaw was found in the ext4 filesystem. A local user could cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. (bnc#1099844) - CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. (bnc#1099845) - CVE-2018-10881: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099864) - CVE-2018-10882: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. (bnc#1099849) - CVE-2018-10883: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099863) - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119). - CVE-2018-3620: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis (bnc#1087081). - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bnc#1089343 bnc#1104365). - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bnc#1102340). - CVE-2018-5391 aka "FragmentSmack": A flaw in the IP packet reassembly could be used by remote attackers to consume lots of CPU time (bnc#1103097). - CVE-2018-9363: A buffer overflow in bluetooth HID report processing could be used by malicious bluetooth devices to crash the kernel or potentially execute code (bnc#1105292). The following non-security bugs were fixed: - acpi / pci: Bail early in acpi_pci_add_bus() if there is no ACPI handle (bnc#1012382). - Add support for 5,25,50, and 100G to 802.3ad bonding driver (bsc#1096978) - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS (bnc#1012382). - alsa: emu10k1: add error handling for snd_ctl_add (bnc#1012382). - alsa: emu10k1: Rate-limit error messages about page errors (bnc#1012382). - alsa: fm801: add error handling for snd_ctl_add (bnc#1012382). - alsa: hda/ca0132: fix build failure when a local macro is defined (bnc#1012382). - alsa: rawmidi: Change resized buffers atomically (bnc#1012382). - alsa: usb-audio: Apply rate limit to warning messages in URB complete callback (bnc#1012382). - arc: Fix CONFIG_SWAP (bnc#1012382). - arc: mm: allow mprotect to make stack mappings executable (bnc#1012382). - arm64: do not open code page table entry creation (bsc#1102197). - arm64: kpti: Use early_param for kpti= command-line option (bsc#1102188). - arm64: Make sure permission updates happen for pmd/pud (bsc#1102197). - arm: dts: imx6q: Use correct SDMA script for SPI5 core (bnc#1012382). - arm: fix put_user() for gcc-8 (bnc#1012382). - asoc: dpcm: fix BE dai not hw_free and shutdown (bnc#1012382). - asoc: pxa: Fix module autoload for platform drivers (bnc#1012382). - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode (bnc#1012382). - ath: Add regulatory mapping for APL13_WORLD (bnc#1012382). - ath: Add regulatory mapping for APL2_FCCA (bnc#1012382). - ath: Add regulatory mapping for Bahamas (bnc#1012382). - ath: Add regulatory mapping for Bermuda (bnc#1012382). - ath: Add regulatory mapping for ETSI8_WORLD (bnc#1012382). - ath: Add regulatory mapping for FCC3_ETSIC (bnc#1012382). - ath: Add regulatory mapping for Serbia (bnc#1012382). - ath: Add regulatory mapping for Tanzania (bnc#1012382). - ath: Add regulatory mapping for Uganda (bnc#1012382). - atm: zatm: Fix potential Spectre v1 (bnc#1012382). - audit: allow not equal op for audit by executable (bnc#1012382). - bcache: add backing_request_endio() for bi_end_io (bsc#1064232). - bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1064232). - bcache: add io_disable to struct cached_dev (bsc#1064232). - bcache: add journal statistic (bsc#1076110). - bcache: Add __printf annotation to __bch_check_keys() (bsc#1064232). - bcache: add stop_when_cache_set_failed option to backing device (bsc#1064232). - bcache: add wait_for_kthread_stop() in bch_allocator_thread() (bsc#1064232). - bcache: Annotate switch fall-through (bsc#1064232). - bcache: closures: move control bits one bit right (bsc#1076110). - bcache: correct flash only vols (check all uuids) (bsc#1064232). - bcache: count backing device I/O error for writeback I/O (bsc#1064232). - bcache: Fix a compiler warning in bcache_device_init() (bsc#1064232). - bcache: fix cached_dev->count usage for bch_cache_set_error() (bsc#1064232). - bcache: fix crashes in duplicate cache device register (bsc#1076110). - bcache: fix error return value in memory shrink (bsc#1064232). - bcache: fix high CPU occupancy during journal (bsc#1076110). - bcache: Fix, improve efficiency of closure_sync() (bsc#1076110). - bcache: fix inaccurate io state for detached bcache devices (bsc#1064232). - bcache: fix incorrect sysfs output value of strip size (bsc#1064232). - bcache: Fix indentation (bsc#1064232). - bcache: Fix kernel-doc warnings (bsc#1064232). - bcache: fix misleading error message in bch_count_io_errors() (bsc#1064232). - bcache: fix using of loop variable in memory shrink (bsc#1064232). - bcache: fix writeback target calc on large devices (bsc#1076110). - bcache: fix wrong return value in bch_debug_init() (bsc#1076110). - bcache: mark closure_sync() __sched (bsc#1076110). - bcache: move closure debug file into debug directory (bsc#1064232). - bcache: reduce cache_set devices iteration by devices_max_used (bsc#1064232). - bcache: Reduce the number of sparse complaints about lock imbalances (bsc#1064232). - bcache: Remove an unused variable (bsc#1064232). - bcache: ret IOERR when read meets metadata error (bsc#1076110). - bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n (bsc#1064232). - bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1064232). - bcache: set dc->io_disable to true in conditional_stop_bcache_device() (bsc#1064232). - bcache: set error_limit correctly (bsc#1064232). - bcache: set writeback_rate_update_seconds in range [1, 60] seconds (bsc#1064232). - bcache: stop bcache device when backing device is offline (bsc#1064232). - bcache: stop dc->writeback_rate_update properly (bsc#1064232). - bcache: stop writeback thread after detaching (bsc#1076110). - bcache: store disk name in struct cache and struct cached_dev (bsc#1064232). - bcache: Suppress more warnings about set-but-not-used variables (bsc#1064232). - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set (bsc#1064232). - bcache: Use PTR_ERR_OR_ZERO() (bsc#1076110). - bcm63xx_enet: correct clock usage (bnc#1012382). - bcm63xx_enet: do not write to random DMA channel on BCM6345 (bnc#1012382). - blkcg: simplify statistic accumulation code (bsc#1082979). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: do not use interruptible wait anywhere (bnc#1012382). - block/swim: Fix array bounds check (bsc#1082979). - bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 (bnc#1012382). - bluetooth: hci_qca: Fix "Sleep inside atomic section" warning (bnc#1012382). - bpf: fix loading of BPF_MAXINSNS sized programs (bsc#1012382). - bpf: fix references to free_bpf_prog_info() in comments (bnc#1012382). - bpf, x64: fix memleak when not converging after image (bsc#1012382). - brcmfmac: Add support for bcm43364 wireless chipset (bnc#1012382). - btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups (bnc#1012382). - btrfs: Do not remove block group still has pinned down bytes (bsc#1086457). - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bnc#1012382). - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf (git-fixes). - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag (bsc#1099858). - cachefiles: Fix refcounting bug in backing-file read monitoring (bsc#1099858). - cachefiles: Wait rather than BUG'ing on "Unexpected object collision" (bsc#1099858). - can: ems_usb: Fix memory leak on ems_usb_disconnect() (bnc#1012382). - can: xilinx_can: fix device dropping off bus on RX overrun (bnc#1012382). - can: xilinx_can: fix incorrect clear of non-processed interrupts (bnc#1012382). - can: xilinx_can: fix recovery from error states not being propagated (bnc#1012382). - can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK (bnc#1012382). - can: xilinx_can: fix RX overflow interrupt not being enabled (bnc#1012382). - can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting (bnc#1012382). - cifs: fix bad/NULL ptr dereferencing in SMB2_sess_setup() (bsc#1090123). - cifs: Fix infinite loop when using hard mount option (bnc#1012382). - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 (bnc#1012382). - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled (bnc#1012382). - compiler, clang: properly override 'inline' for clang (bnc#1012382). - compiler, clang: suppress warning for unused static inline functions (bnc#1012382). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (bnc#1012382). - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - crypto: authenc - do not leak pointers to authenc keys (bnc#1012382). - crypto: authencesn - do not leak pointers to authenc keys (bnc#1012382). - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak (bnc#1012382). - crypto: crypto4xx - remove bad list_del (bnc#1012382). - crypto: padlock-aes - Fix Nano workaround data corruption (bnc#1012382). - disable loading f2fs module on PAGE_SIZE > 4KB (bnc#1012382). - dmaengine: pxa_dma: remove duplicate const qualifier (bnc#1012382). - dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA (bnc#1012382). - dm thin metadata: remove needless work from __commit_transaction (bsc#1082979). - documentation/spec_ctrl: Do some minor cleanups (bnc#1012382). - drbd: fix access after free (bnc#1012382). - driver core: Partially revert "driver core: correct device's shutdown order" (bnc#1012382). - drm: Add DP PSR2 sink enable bit (bnc#1012382). - drm/atomic: Handling the case when setting old crtc for plane (bnc#1012382). - drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up (bsc#1101822). - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type (bnc#1012382). - drm/msm: Fix possible null dereference on failure of get_pages() (bsc#1102394). - drm/radeon: fix mode_valid's return type (bnc#1012382). - drm: re-enable error handling (bsc#1103884). - esp6: fix memleak on error path in esp6_input (git-fixes). - ext4: add more inode number paranoia checks (bnc#1012382). - ext4: add more mount time checks of the superblock (bnc#1012382). - ext4: always check block group bounds in ext4_init_block_bitmap() (bnc#1012382). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: check superblock mapped prior to committing (bnc#1012382). - ext4: clear i_data in ext4_inode_info when removing inline data (bnc#1012382). - ext4: do not update s_last_mounted of a frozen fs (bsc#1101841). - ext4: factor out helper ext4_sample_last_mounted() (bsc#1101841). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - ext4: fix inline data updates with checksums enabled (bsc#1104494). - ext4: include the illegal physical block in the bad map ext4_error msg (bnc#1012382). - ext4: make sure bitmaps and the inode table do not overlap with bg descriptors (bnc#1012382). - ext4: only look at the bg_flags field if it is valid (bnc#1012382). - ext4: verify the depth of extent tree in ext4_find_extent() (bnc#1012382). - f2fs: fix to do not trigger writeback during recovery (bnc#1012382). - fat: fix memory allocation failure handling of match_strdup() (bnc#1012382). - fscache: Allow cancelled operations to be enqueued (bsc#1099858). - fscache: Fix reference overput in fscache_attach_object() error handling (bsc#1099858). - genirq: Make force irq threading setup more robust (bsc#1082979). - hid: debug: check length before copy_to_user() (bnc#1012382). - hid: hiddev: fix potential Spectre v1 (bnc#1012382). - hid: hid-plantronics: Re-resend Update to map button for PTT products (bnc#1012382). - hid: i2c-hid: check if device is there before really probing (bnc#1012382). - hid: i2c-hid: Fix "incomplete report" noise (bnc#1012382). - hid: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter (bnc#1012382). - hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bnc#1012382). - i2c: imx: Fix reinit_completion() use (bnc#1012382). - i2c: rcar: fix resume by always initializing registers before transfer (bnc#1012382). - ib/isert: fix T10-pi check mask setting (bsc#1082979). - ibmasm: do not write out of bounds in read handler (bnc#1012382). - ibmvnic: Fix error recovery on login failure (bsc#1101789). - ibmvnic: Remove code to request error information (bsc#1104174). - ibmvnic: Revise RX/TX queue error messages (bsc#1101331). - ibmvnic: Update firmware error reporting with cause string (bsc#1104174). - inet: frag: enforce memory limits earlier (bnc#1012382 bsc#970506). - input: elan_i2c - add ACPI ID for lenovo ideapad 330 (bnc#1012382). - input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST (bnc#1012382). - input: i8042 - add Lenovo LaVie Z to the i8042 reset list (bnc#1012382). - ipconfig: Correctly initialise ic_nameservers (bnc#1012382). - ip: hash fragments consistently (bnc#1012382). - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull (bnc#1012382). - ipv4: Fix error return value in fib_convert_metrics() (bnc#1012382). - ipv4: remove BUG_ON() from fib_compute_spec_dst (bnc#1012382). - ipv4: Return EINVAL when ping_group_range sysctl does not map to user ns (bnc#1012382). - ipv6: fix useless rol32 call on hash (bnc#1012382). - iw_cxgb4: correctly enforce the max reg_mr depth (bnc#1012382). - iwlwifi: pcie: fix race in Rx buffer allocator (bnc#1012382). - jbd2: do not mark block as modified if the handle is out of credits (bnc#1012382). - kabi protect includes in include/linux/inet.h (bsc#1095643). - KABI protect net/core/utils.c includes (bsc#1095643). - kABI: protect struct loop_device (kabi). - kABI: reexport tcp_send_ack (kabi). - kABI: reintroduce __static_cpu_has_safe (kabi). - kabi/severities: add 'drivers/md/bcache/* PASS' since no one uses symboles expoted by bcache. - kbuild: fix # escaping in .cmd files for future Make (bnc#1012382). - KEYS: DNS: fix parsing multiple options (bnc#1012382). - kmod: fix wait on recursive loop (bsc#1099792). - kmod: reduce atomic operations on kmod_concurrent and simplify (bsc#1099792). - kmod: throttle kmod thread limit (bsc#1099792). - kprobes/x86: Do not modify singlestep buffer while resuming (bnc#1012382). - kthread, tracing: Do not expose half-written comm when creating kthreads (bsc#1104897). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1102215). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1102214). - kvm/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bnc#1012382). - kvm: x86: vmx: fix vpid leak (bnc#1012382). - libata: do not try to pass through NCQ commands to non-NCQ devices (bsc#1082979). - libata: Fix command retry decision (bnc#1012382). - lib/rhashtable: consider param->min_size when setting initial table size (bnc#1012382). - loop: add recursion validation to LOOP_CHANGE_FD (bnc#1012382). - loop: remember whether sysfs_create_group() was done (bnc#1012382). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (bnc#1012382). - media: cx25840: Use subdev host data for PLL override (bnc#1012382). - media: omap3isp: fix unbalanced dma_iommu_mapping (bnc#1012382). - media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open() (bnc#1012382). - media: saa7164: Fix driver name in debug output (bnc#1012382). - media: si470x: fix __be16 annotations (bnc#1012382). - media: siano: get rid of __le32/__le16 cast warnings (bnc#1012382). - media: videobuf2-core: do not call memop 'finish' when queueing (bnc#1012382). - memory: tegra: Apply interrupts mask per SoC (bnc#1012382). - memory: tegra: Do not handle spurious interrupts (bnc#1012382). - mfd: cros_ec: Fail early if we cannot identify the EC (bnc#1012382). - microblaze: Fix simpleImage format generation (bnc#1012382). - mmc: dw_mmc: fix card threshold control configuration (bsc#1102203). - mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing (bsc#1097771). - mm: hugetlb: yield when prepping struct pages (bnc#1012382). - mm: memcg: fix use after free in mem_cgroup_iter() (bnc#1012382). - mm/slub.c: add __printf verification to slab_err() (bnc#1012382). - mm: vmalloc: avoid racy handling of debugobjects in vunmap (bnc#1012382). - mtd: cfi_cmdset_0002: Change definition naming to retry write operation (bnc#1012382). - mtd: cfi_cmdset_0002: Change erase functions to check chip good only (bnc#1012382). - mtd: cfi_cmdset_0002: Change erase functions to retry for error (bnc#1012382). - mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages (bnc#1012382). - mtd: rawnand: mxc: set spare area size register explicitly (bnc#1012382). - mtd: ubi: wl: Fix error return code in ubi_wl_init() (git-fixes). - mwifiex: correct histogram data with appropriate index (bnc#1012382). - mwifiex: handle race during mwifiex_usb_disconnect (bnc#1012382). - net: cxgb3_main: fix potential Spectre v1 (bnc#1012382). - net: dccp: avoid crash in ccid3_hc_rx_send_feedback() (bnc#1012382). - net: dccp: switch rx_tstamp_last_feedback to monotonic clock (bnc#1012382). - net: Do not copy pfmemalloc flag in __copy_skb_header() (bnc#1012382). - net: dsa: Do not suspend/resume closed slave_dev (bnc#1012382). - netfilter: ebtables: reject non-bridge targets (bnc#1012382). - netfilter: ipset: List timing out entries with "timeout 1" instead of zero (bnc#1012382). - netfilter: ipvs: do not create conn for ABORT packet in sctp_conn_schedule (bsc#1102797). - netfilter: ipvs: fix the issue that sctp_conn_schedule drops non-INIT packet (bsc#1102797). - netfilter: nf_log: do not hold nf_log_mutex during user access (bnc#1012382). - netfilter: nf_queue: augment nfqa_cfg_policy (bnc#1012382). - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() (bnc#1012382). - netfilter: x_tables: initialise match/target check parameter struct (bnc#1012382). - net: fix amd-xgbe flow-control issue (bnc#1012382). - net/ipv4: Set oif in fib_compute_spec_dst (bnc#1012382). - net: lan78xx: fix rx handling before first packet is send (bnc#1012382). - netlink: Do not shift on 64 for ngroups (bnc#1012382). - netlink: Do not shift with UB on nlk->ngroups (bnc#1012382). - netlink: Do not subscribe to non-existent groups (bnc#1012382). - netlink: Fix spectre v1 gadget in netlink_create() (bnc#1012382). - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper (bnc#1012382). - net/mlx5: Fix command interface race in polling mode (bnc#1012382). - net/mlx5: Fix incorrect raw command length parsing (bnc#1012382). - net: mvneta: fix the Rx desc DMA address in the Rx path (bsc#1102207). - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL (bnc#1012382). - net: off by one in inet6_pton() (bsc#1095643). - net: phy: fix flag masking in __set_phy_supported (bnc#1012382). - net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1102205). - net_sched: blackhole: tell upper qdisc about dropped packets (bnc#1012382). - net: socket: fix potential spectre v1 gadget in socketcall (bnc#1012382). - net: stmmac: align DMA stuff to largest cache line length (bnc#1012382). - net: sungem: fix rx checksum support (bnc#1012382). - net/utils: generic inet_pton_with_scope helper (bsc#1095643). - net: vmxnet3: use new api ethtool_{get|set}_link_ksettings (bsc#1091860 bsc#1098253). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (bnc#1012382). - nohz: Fix local_timer_softirq_pending() (bnc#1012382). - n_tty: Access echo_* variables carefully (bnc#1012382). - n_tty: Fix stall at n_tty_receive_char_special() (bnc#1012382). - null_blk: use sector_div instead of do_div (bsc#1082979). - nvme-pci: initialize queue memory before interrupts (bnc#1012382). - nvme-rdma: Check remotely invalidated rkey matches our expected rkey (bsc#1092001). - nvme-rdma: default MR page size to 4k (bsc#1092001). - nvme-rdma: do not complete requests before a send work request has completed (bsc#1092001). - nvme-rdma: do not suppress send completions (bsc#1092001). - nvme-rdma: Fix command completion race at error recovery (bsc#1090435). - nvme-rdma: make nvme_rdma_[create|destroy]_queue_ib symmetrical (bsc#1092001). - nvme-rdma: use inet_pton_with_scope helper (bsc#1095643). - nvme-rdma: Use mr pool (bsc#1092001). - nvme-rdma: wait for local invalidation before completing a request (bsc#1092001). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bnc#1012382). - pci: ibmphp: Fix use-before-set in get_max_bus_speed() (bsc#1100132). - pci: pciehp: Request control of native hotplug only if supported (bnc#1012382). - pci: Prevent sysfs disable of device while driver is attached (bnc#1012382). - perf: fix invalid bit in diagnostic entry (bnc#1012382). - perf tools: Move syscall number fallbacks from perf-sys.h to tools/arch/x86/include/asm/ (bnc#1012382). - perf/x86/intel/uncore: Correct fixed counter index check for NHM (bnc#1012382). - perf/x86/intel/uncore: Correct fixed counter index check in generic code (bnc#1012382). - pinctrl: at91-pio4: add missing of_node_put (bnc#1012382). - pm / hibernate: Fix oops at snapshot_write() (bnc#1012382). - powerpc/32: Add a missing include header (bnc#1012382). - powerpc/64: Initialise thread_info for emergency stacks (bsc#1094244, bsc#1100930, bsc#1102683). - powerpc/64s: Fix compiler store ordering to SLB shadow area (bnc#1012382). - powerpc/8xx: fix invalid register expression in head_8xx.S (bnc#1012382). - powerpc/chrp/time: Make some functions static, add missing header include (bnc#1012382). - powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet (bnc#1012382). - powerpc/fadump: handle crash memory ranges array index overflow (bsc#1103269). - powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements (bsc#1103269). - powerpc/powermac: Add missing prototype for note_bootable_part() (bnc#1012382). - powerpc/powermac: Mark variable x as unused (bnc#1012382). - provide special timeout module parameters for EC2 (bsc#1065364). - ptp: fix missing break in switch (bnc#1012382). - qed: Limit msix vectors in kdump kernel to the minimum required count (bnc#1012382). - r8152: napi hangup fix after disconnect (bnc#1012382). - random: mix rdrand with entropy sent in from userspace (bnc#1012382). - rdma/mad: Convert BUG_ONs to error flows (bnc#1012382). - rdma/ocrdma: Fix an error code in ocrdma_alloc_pd() (bsc#1082979). - rdma/ocrdma: Fix error codes in ocrdma_create_srq() (bsc#1082979). - rdma/ucm: Mark UCM interface as BROKEN (bnc#1012382). - rds: avoid unenecessary cong_update in loop transport (bnc#1012382). - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops (bnc#1012382). - Remove broken patches for dac9063 watchdog (bsc#1100843) - restore cond_resched() in shrink_dcache_parent() (bsc#1098599). - Revert 'block-cancel-workqueue-entries-on-blk_mq_freeze_queue' (bsc#1103717) - Revert "net: Do not copy pfmemalloc flag in __copy_skb_header()" (kabi). - Revert "sit: reload iphdr in ipip6_rcv" (bnc#1012382). - Revert "skbuff: Unconditionally copy pfmemalloc in __skb_clone()" (kabi). - Revert "x86/cpufeature: Move some of the scattered feature bits to x86_capability" (kabi). - Revert "x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6" (kabi). - Revert "x86/mm: Give each mm TLB flush generation a unique ID" (kabi). - Revert "x86/speculation: Use Indirect Branch Prediction Barrier in context switch" (kabi). - ring_buffer: tracing: Inherit the tracing setting to next ring buffer (bnc#1012382). - rsi: Fix 'invalid vdd' warning in mmc (bnc#1012382). - rtc: ensure rtc_set_alarm fails when alarms are not supported (bnc#1012382). - rtlwifi: rtl8821ae: fix firmware is not ready to run (bnc#1012382). - rtnetlink: add rtnl_link_state check in rtnl_configure_link (bnc#1012382). - s390: Correct register corruption in critical section cleanup (bnc#1012382). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (bnc#1012382). - s390/qeth: fix error handling in adapter command callbacks (bnc#1103745, LTC#169699). - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - sched/smt: Update sched_smt_present at runtime (bsc#1089343). - scsi: 3w-9xxx: fix a missing-check bug (bnc#1012382). - scsi: 3w-xxxx: fix a missing-check bug (bnc#1012382). - scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs (bnc#1012382). - scsi: megaraid: silence a static checker bug (bnc#1012382). - scsi: qla2xxx: Fix ISP recovery on unload (bnc#1012382). - scsi: qla2xxx: Return error when TMF returns (bnc#1012382). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1082979). - scsi: scsi_dh: replace too broad "TP9" string with the exact models (bnc#1012382). - scsi: sg: fix minor memory leak in error path (bsc#1082979). - scsi: sg: mitigate read/write abuse (bsc#1101296). - scsi: target: fix crash with iscsi target and dvd (bsc#1082979). - scsi: ufs: fix exception event handling (bnc#1012382). - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC (bnc#1012382). - selftest/seccomp: Fix the seccomp(2) signature (bnc#1012382). - skbuff: Unconditionally copy pfmemalloc in __skb_clone() (bnc#1012382). - smsc75xx: Add workaround for gigabit link up hardware errata (bsc#1100132). - smsc95xx: Configure pause time to 0xffff when tx flow control enabled (bsc#1085536). - squashfs: be more careful about metadata corruption (bnc#1012382). - squashfs: more metadata hardening (bnc#1012382). - squashfs: more metadata hardenings (bnc#1012382). - staging: android: ion: Return an ERR_PTR in ion_map_kernel (bnc#1012382). - staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write() (bnc#1012382). - tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode (bnc#1012382). - tcp: add one more quick ack after after ECN events (bnc#1012382). - tcp: do not aggressively quick ack after ECN events (bnc#1012382). - tcp: do not cancel delay-AcK on DCTCP special ACK (bnc#1012382). - tcp: do not delay ACK in DCTCP upon CE status change (bnc#1012382). - tcp: do not force quickack when receiving out-of-order packets (bnc#1012382). - tcp: fix dctcp delayed ACK schedule (bnc#1012382). - tcp: fix Fast Open key endianness (bnc#1012382). - tcp: helpers to send special DCTCP ack (bnc#1012382). - tcp: prevent bogus FRTO undos with non-SACK flows (bnc#1012382). - tcp: refactor tcp_ecn_check_ce to remove sk type cast (bnc#1012382). - tg3: Add higher cpu clock for 5762 (bnc#1012382). - thermal: exynos: fix setting rising_threshold for Exynos5433 (bnc#1012382). - tools build: fix # escaping in .cmd files for future Make (bnc#1012382). - tracing: Fix double free of event_trigger_data (bnc#1012382). - tracing: Fix missing return symbol in function_graph output (bnc#1012382). - tracing: Fix possible double free in event_enable_trigger_func() (bnc#1012382). - tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure (bnc#1012382). - tracing: Quiet gcc warning about maybe unused link variable (bnc#1012382). - tty: Fix data race in tty_insert_flip_string_fixed_flag (bnc#1012382). - turn off -Wattribute-alias (bnc#1012382). - ubi: Be more paranoid while seaching for the most recent Fastmap (bnc#1012382). - ubi: fastmap: Correctly handle interrupted erasures in EBA (bnc#1012382). - ubi: fastmap: Erase outdated anchor PEBs during attach (bnc#1012382). - ubi: Fix Fastmap's update_vol() (bnc#1012382). - ubi: Fix races around ubi_refill_pools() (bnc#1012382). - ubi: Introduce vol_ignored() (bnc#1012382). - ubi: Rework Fastmap attach base code (bnc#1012382). - uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() (bnc#1012382). - usb: cdc_acm: Add quirk for Castles VEGA3000 (bnc#1012382). - usb: cdc_acm: Add quirk for Uniden UBC125 scanner (bnc#1012382). - usb: core: handle hub C_PORT_OVER_CURRENT condition (bsc#1100132). - usb: gadget: f_fs: Only return delayed status when len is 0 (bnc#1012382). - usb: hub: Do not wait for connect state at resume for powered-off ports (bnc#1012382). - usbip: usbip_detach: Fix memory, udev context and udev leak (bnc#1012382). - usb: quirks: add delay quirks for Corsair Strafe (bnc#1012382). - USB: serial: ch341: fix type promotion bug in ch341_control_in() (bnc#1012382). - USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick (bnc#1012382). - USB: serial: cp210x: add CESINEL device ids (bnc#1012382). - USB: serial: cp210x: add Silicon Labs IDs for Windows Update (bnc#1012382). - USB: serial: keyspan_pda: fix modem-status error handling (bnc#1012382). - USB: serial: mos7840: fix status-register error handling (bnc#1012382). - USB: yurex: fix out-of-bounds uaccess in read handler (bnc#1012382). - vfio: platform: Fix reset module leak in error path (bsc#1102211). - vfs: add the sb_start_intwrite_trylock() helper (bsc#1101841). - vhost_net: validate sock before trying to put its fd (bnc#1012382). - virtio_balloon: fix another race between migration and ballooning (bnc#1012382). - vmw_balloon: fix inflation with batching (bnc#1012382). - vmxnet3: add receive data ring support (bsc#1091860 bsc#1098253). - vmxnet3: add support for get_coalesce, set_coalesce ethtool operations (bsc#1091860 bsc#1098253). - vmxnet3: allow variable length transmit data ring buffer (bsc#1091860 bsc#1098253). - vmxnet3: avoid assumption about invalid dma_pa in vmxnet3_set_mc() (bsc#1091860 bsc#1098253). - vmxnet3: avoid format strint overflow warning (bsc#1091860 bsc#1098253). - vmxnet3: avoid xmit reset due to a race in vmxnet3 (bsc#1091860 bsc#1098253). - vmxnet3: fix incorrect dereference when rxvlan is disabled (bsc#1091860 bsc#1098253). - vmxnet3: fix non static symbol warning (bsc#1091860 bsc#1098253). - vmxnet3: fix tx data ring copy for variable size (bsc#1091860 bsc#1098253). - vmxnet3: increase default rx ring sizes (bsc#1091860 bsc#1098253). - vmxnet3: introduce command to register memory region (bsc#1091860 bsc#1098253). - vmxnet3: introduce generalized command interface to configure the device (bsc#1091860 bsc#1098253). - vmxnet3: prepare for version 3 changes (bsc#1091860 bsc#1098253). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1091860 bsc#1098253). - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter (bsc#1091860 bsc#1098253). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1091860 bsc#1098253). - vmxnet3: set the DMA mask before the first DMA map operation (bsc#1091860 bsc#1098253). - vmxnet3: update to version 3 (bsc#1091860 bsc#1098253). - vmxnet3: use correct flag to indicate LRO feature (bsc#1091860 bsc#1098253). - vmxnet3: use DMA memory barriers where required (bsc#1091860 bsc#1098253). - wait: add wait_event_killable_timeout() (bsc#1099792). - watchdog: da9063: Fix setting/changing timeout (bsc#1100843). - watchdog: da9063: Fix timeout handling during probe (bsc#1100843). - watchdog: da9063: Fix updating timeout value (bsc#1100843). - wlcore: sdio: check for valid platform device data before suspend (bnc#1012382). - x86/alternatives: Add an auxilary section (bnc#1012382). - x86/alternatives: Discard dynamic check after init (bnc#1012382). - x86/amd: do not set X86_BUG_SYSRET_SS_ATTRS when running under Xen (bnc#1012382). - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343). - x86/asm: Add _ASM_ARG* constants for argument registers to (bnc#1012382). - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs (bnc#1012382). - x86/boot: Simplify kernel load address alignment check (bnc#1012382). - x86/bugs: Respect nospec command line option (bsc#1068032). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu/AMD: Fix erratum 1076 (CPB bit) (bnc#1012382). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). Update config files. - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpufeature: Add helper macro for mask check macros (bnc#1012382). - x86/cpufeature: Carve out X86_FEATURE_* (bnc#1012382). - x86/cpufeature: Get rid of the non-asm goto variant (bnc#1012382). - x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated (bnc#1012382). - x86/cpufeature: Move some of the scattered feature bits to x86_capability (bnc#1012382). - x86/cpufeature: preserve numbers (kabi). - x86/cpufeature: Replace the old static_cpu_has() with safe variant (bnc#1012382). - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bnc#1012382). - x86/cpufeatures: Clean up Spectre v2 related CPUID flags (bnc#1012382). - x86/cpufeature: Speed up cpu_feature_enabled() (bnc#1012382). - x86/cpufeature: Update cpufeaure macros (bnc#1012382). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Make alternative_msr_write work for 32-bit code (bnc#1012382). - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 (bnc#1012382). - x86/cpu: Provide a config option to disable static_cpu_has (bnc#1012382). - x86/cpu: Re-apply forced caps every time CPU caps are re-read (bnc#1012382). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface (bnc#1012382). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/fpu: Add an XSTATE_OP() macro (bnc#1012382). - x86/fpu: Get rid of xstate_fault() (bnc#1012382). - x86/headers: Do not include asm/processor.h in asm/atomic.h (bnc#1012382). - x86/irqflags: Provide a declaration for native_save_fl (git-fixes). - x86/mce: Fix incorrect "Machine check from unknown source" message (bnc#1012382). - x86/MCE: Remove min interval polling limitation (bnc#1012382). - x86/mm: Give each mm TLB flush generation a unique ID (bnc#1012382). - x86/mm/pkeys: Fix mismerge of protection keys CPUID bits (bnc#1012382). - x86/mm: Simplify p[g4um]d_page() macros (bnc#1087081). - x86/paravirt: Make native_save_fl() extern inline (bnc#1012382). - x86/process: Correct and optimize TIF_BLOCKSTEP switch (bnc#1012382). - x86/process: Optimize TIF checks in __switch_to_xtra() (bnc#1012382). - x86/process: Optimize TIF_NOTSC switch (bnc#1012382). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/spectre_v2: Do not check microcode versions when running under hypervisors (bnc#1012382). - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (bnc#1012382). - x86/speculation: Add dependency (bnc#1012382). - x86/speculation: Clean up various Spectre related details (bnc#1012382). - x86/speculation: Correct Speculation Control microcode blacklist again (bnc#1012382). - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP (bnc#1012382). - x86/speculation: Update Speculation Control microcode blacklist (bnc#1012382). - x86/speculation: Use IBRS if available before calling into firmware (bnc#1012382). - x86/speculation: Use Indirect Branch Prediction Barrier in context switch (bnc#1012382). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - x86/vdso: Use static_cpu_has() (bnc#1012382). - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths (bnc#1012382). - xen/grant-table: log the lack of grants (bnc#1085042). - xen-netfront: Fix mismatched rtnl_unlock (bnc#1101658). - xen-netfront: Update features after registering netdev (bnc#1101658). - xen-netfront: wait xenbus state change when load module manually (bnc#1012382). - xen: set cpu capabilities from xen_start_kernel() (bnc#1012382). - xhci: Fix perceived dead host due to runtime suspend race with event handler (bnc#1012382). - xhci: xhci-mem: off by one in xhci_stream_id_to_ring() (bnc#1012382). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP3: zypper in -t patch SUSE-SLE-RT-12-SP3-2018-1827=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP3 (noarch): kernel-devel-rt-4.4.147-3.20.1 kernel-source-rt-4.4.147-3.20.1 - SUSE Linux Enterprise Real Time Extension 12-SP3 (x86_64): cluster-md-kmp-rt-4.4.147-3.20.1 cluster-md-kmp-rt-debuginfo-4.4.147-3.20.1 dlm-kmp-rt-4.4.147-3.20.1 dlm-kmp-rt-debuginfo-4.4.147-3.20.1 gfs2-kmp-rt-4.4.147-3.20.1 gfs2-kmp-rt-debuginfo-4.4.147-3.20.1 kernel-rt-4.4.147-3.20.1 kernel-rt-base-4.4.147-3.20.1 kernel-rt-base-debuginfo-4.4.147-3.20.1 kernel-rt-debuginfo-4.4.147-3.20.1 kernel-rt-debugsource-4.4.147-3.20.1 kernel-rt-devel-4.4.147-3.20.1 kernel-rt_debug-debuginfo-4.4.147-3.20.1 kernel-rt_debug-debugsource-4.4.147-3.20.1 kernel-rt_debug-devel-4.4.147-3.20.1 kernel-rt_debug-devel-debuginfo-4.4.147-3.20.1 kernel-syms-rt-4.4.147-3.20.1 ocfs2-kmp-rt-4.4.147-3.20.1 ocfs2-kmp-rt-debuginfo-4.4.147-3.20.1 References: https://www.suse.com/security/cve/CVE-2017-18344.html https://www.suse.com/security/cve/CVE-2018-10876.html https://www.suse.com/security/cve/CVE-2018-10877.html https://www.suse.com/security/cve/CVE-2018-10878.html https://www.suse.com/security/cve/CVE-2018-10879.html https://www.suse.com/security/cve/CVE-2018-10880.html https://www.suse.com/security/cve/CVE-2018-10881.html https://www.suse.com/security/cve/CVE-2018-10882.html https://www.suse.com/security/cve/CVE-2018-10883.html https://www.suse.com/security/cve/CVE-2018-14734.html https://www.suse.com/security/cve/CVE-2018-3620.html https://www.suse.com/security/cve/CVE-2018-3646.html https://www.suse.com/security/cve/CVE-2018-5390.html https://www.suse.com/security/cve/CVE-2018-5391.html https://www.suse.com/security/cve/CVE-2018-9363.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1064232 https://bugzilla.suse.com/1065364 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1076110 https://bugzilla.suse.com/1082653 https://bugzilla.suse.com/1082979 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1086457 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1090123 https://bugzilla.suse.com/1090435 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1091860 https://bugzilla.suse.com/1092001 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1095643 https://bugzilla.suse.com/1096254 https://bugzilla.suse.com/1096978 https://bugzilla.suse.com/1097771 https://bugzilla.suse.com/1098253 https://bugzilla.suse.com/1098599 https://bugzilla.suse.com/1099792 https://bugzilla.suse.com/1099811 https://bugzilla.suse.com/1099813 https://bugzilla.suse.com/1099844 https://bugzilla.suse.com/1099845 https://bugzilla.suse.com/1099846 https://bugzilla.suse.com/1099849 https://bugzilla.suse.com/1099858 https://bugzilla.suse.com/1099863 https://bugzilla.suse.com/1099864 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1100843 https://bugzilla.suse.com/1100930 https://bugzilla.suse.com/1101296 https://bugzilla.suse.com/1101331 https://bugzilla.suse.com/1101658 https://bugzilla.suse.com/1101789 https://bugzilla.suse.com/1101822 https://bugzilla.suse.com/1101841 https://bugzilla.suse.com/1102188 https://bugzilla.suse.com/1102197 https://bugzilla.suse.com/1102203 https://bugzilla.suse.com/1102205 https://bugzilla.suse.com/1102207 https://bugzilla.suse.com/1102211 https://bugzilla.suse.com/1102214 https://bugzilla.suse.com/1102215 https://bugzilla.suse.com/1102340 https://bugzilla.suse.com/1102394 https://bugzilla.suse.com/1102683 https://bugzilla.suse.com/1102715 https://bugzilla.suse.com/1102797 https://bugzilla.suse.com/1102851 https://bugzilla.suse.com/1103097 https://bugzilla.suse.com/1103119 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1103445 https://bugzilla.suse.com/1103580 https://bugzilla.suse.com/1103717 https://bugzilla.suse.com/1103745 https://bugzilla.suse.com/1103884 https://bugzilla.suse.com/1104174 https://bugzilla.suse.com/1104319 https://bugzilla.suse.com/1104365 https://bugzilla.suse.com/1104494 https://bugzilla.suse.com/1104495 https://bugzilla.suse.com/1104897 https://bugzilla.suse.com/1105292 https://bugzilla.suse.com/970506 From sle-security-updates at lists.suse.com Tue Sep 4 07:08:51 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 4 Sep 2018 15:08:51 +0200 (CEST) Subject: SUSE-SU-2018:2603-1: moderate: Security update for crowbar, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui Message-ID: <20180904130851.9D3C6FD53@maintenance.suse.de> SUSE Security Update: Security update for crowbar, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2603-1 Rating: moderate References: #1005886 #1073703 #1081518 #1083093 #1093898 #1096759 #1098369 #1103383 Cross-References: CVE-2016-8611 CVE-2018-3760 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves two vulnerabilities and has 6 fixes is now available. Description: This update for crowbar, crowbar-ha, crowbar-init, crowbar-openstack, crowbar-ui fixes the following issues: This security issues was fixed: - CVE-2018-3760: Upgrade rubygem-sprockets to prevent an information leak. Specially crafted requests could have been be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production (bsc#1098369). - CVE-2016-861: Add rate limiting for glance api (bsc#1005886) These non-security issues were fixed for crowbar: - upgrade: Lock crowbar-ui before admin upgrade - upgrade: Make sure schemas are properly migrated after the upgrade These non-security issues were fixed for crowbar-core: - upgrade: Add the upgrade menu entry - upgrade: Fix upgrade link - apache: copytruncate apache logs bsc#1083093 - Fix exception handling in get_log_lines - upgrade: Raise the default timeouts for most time consuming actions - upgrade: Do not allow manila-share on compute nodes - control_lib: fix host allocation check - upgrade: Check input is a valid node for nodes - upgrade: Provide better information after the failure - upgrade: Report missing scripts - upgrade: Improve error messages with lists - upgrade: Do not allow cinder-volume on compute nodes - upgrade: Fix file layout for rails' autoloading (bsc#1096759) - upgrade: Added API calls for postponing/resuming compute nodes upgrade - upgrade: Unlock crowbar-ui after completed upgrade - upgrade: Do not check if ceph roles are present on compute nodes - upgrade: Fix labels for SOC8 repositories - upgrade: Finish only controllers step These non-security issues were fixed for crowbar-ha: - haproxy: increased SSL stick table to 100k - DRBD: Fix DRBD resources setup on reinstall node - pacemaker: allow multiple meta parameters (bsc#1093898) These non-security issues were fixed for crowbar-openstack: - nova: reload nova-placement-api (bsc#1103383) - Synchronize SSL in the cluster (bsc#1081518) - neutron: add force_metadata attribute - copytruncate apache logs instead of creating - rabbitmq: set client timout to default value - Revert "database: Split database-server role into backend specific roles" - Revert "database: Allow parallel deployments of postgresql and mysql" - Revert "database: Allow parallel HA deployment of PostgreSQL and MariaDB" - Revert "database: Fix "Attributes" UI after role renaming" - Revert "monasca: Fix check for mysql after it got moved to a separate role" - Revert "Restore caching of db_settings" - Revert "database: Migration fixes for separate DB roles" - database: Migration fixes for separate DB roles - Restore caching of db_settings - monasca: Fix check for mysql after it got moved to a separate role - database: Fix "Attributes" UI after role renaming - database: Allow parallel HA deployment of PostgreSQL and MariaDB - database: Allow parallel deployments of postgresql and mysql - database: Split database-server role into backend specific roles - Do not automatically put manila-share roles to compute nodes - rabbitmq: check for rabbit readiness - rabbitmq: Make sure rabbit is running on cluster - monasca: various monasca-installer improvements - manila: Correct field name for cluster name - mariadb: Add prefix to configs - mariadb: Remove redundant config values - aodh: Add config for alarm_history_ttl (bsc#1073703) These non-security issues were fixed for crowbar-ui: - upgrade: Dummy backend for status testing - upgrade: Refactor postpone nodes upgrade - upgrade: Allow interruption of status wait loop - upgrade: Added ability to postpone upgrade nodes - upgrade: Add ability to postpone upgrade nodes - upgrade: Add ability to postpone upgrade nodes - upgrade: Add ability to postpone upgrade nodes - Add ability to postpone upgrade - upgrade: Remove openstack precheck - upgrade: Fixed error key for ha_configured - upgrade: Remove CEPH related code - Remove the non-essential database-configuration controller - remove ui typo test - Remove database configuration option - upgrade: Update SUSE-OpenStack-Cloud-8 label - upgrade: Update admin and nodes repo names - enable and document docker development environment Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1828=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1828=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): crowbar-core-4.0+git.1534246408.3ab19c567-9.33.1 crowbar-core-branding-upstream-4.0+git.1534246408.3ab19c567-9.33.1 - SUSE OpenStack Cloud 7 (noarch): crowbar-4.0+git.1528801103.f5708341-7.20.1 crowbar-devel-4.0+git.1528801103.f5708341-7.20.1 crowbar-ha-4.0+git.1533750802.5768e73-4.34.1 crowbar-openstack-4.0+git.1534254269.ce598a9fe-9.39.1 crowbar-ui-1.1.0+git.1533844061.4ac8e723-4.3.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): crowbar-core-4.0+git.1534246408.3ab19c567-9.33.1 - SUSE Enterprise Storage 4 (noarch): crowbar-4.0+git.1528801103.f5708341-7.20.1 References: https://www.suse.com/security/cve/CVE-2016-8611.html https://www.suse.com/security/cve/CVE-2018-3760.html https://bugzilla.suse.com/1005886 https://bugzilla.suse.com/1073703 https://bugzilla.suse.com/1081518 https://bugzilla.suse.com/1083093 https://bugzilla.suse.com/1093898 https://bugzilla.suse.com/1096759 https://bugzilla.suse.com/1098369 https://bugzilla.suse.com/1103383 From sle-security-updates at lists.suse.com Tue Sep 4 13:09:12 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 4 Sep 2018 21:09:12 +0200 (CEST) Subject: SUSE-SU-2018:2608-1: important: Security update for cobbler Message-ID: <20180904190912.7F614FD53@maintenance.suse.de> SUSE Security Update: Security update for cobbler ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2608-1 Rating: important References: #1101670 #1104189 #1104190 #1104287 #1105440 #1105442 Cross-References: CVE-2018-1000225 CVE-2018-1000226 CVE-2018-10931 Affected Products: SUSE Manager Server 3.1 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API (CVE-2018-10931, CVE-2018-1000225, bsc#1104287, bsc#1104189, bsc#1105442) - Check access token when calling 'modify_setting' API endpoint (bsc#1104190, bsc#1105440, CVE-2018-1000226) Other bugs fixed: - Fix kernel options when generating bootiso (bsc#1101670) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-1832=1 Package List: - SUSE Manager Server 3.1 (noarch): cobbler-2.6.6-5.17.1 References: https://www.suse.com/security/cve/CVE-2018-1000225.html https://www.suse.com/security/cve/CVE-2018-1000226.html https://www.suse.com/security/cve/CVE-2018-10931.html https://bugzilla.suse.com/1101670 https://bugzilla.suse.com/1104189 https://bugzilla.suse.com/1104190 https://bugzilla.suse.com/1104287 https://bugzilla.suse.com/1105440 https://bugzilla.suse.com/1105442 From sle-security-updates at lists.suse.com Tue Sep 4 16:09:59 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 5 Sep 2018 00:09:59 +0200 (CEST) Subject: SUSE-SU-2018:2615-1: moderate: Security update for kvm Message-ID: <20180904220959.8F5A8FD53@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2615-1 Rating: moderate References: #1092885 #1096223 #1098735 Cross-References: CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for kvm fixes the following security issues: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kvm-13767=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kvm-13767=1 Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kvm-1.4.2-53.23.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kvm-1.4.2-53.23.2 References: https://www.suse.com/security/cve/CVE-2018-11806.html https://www.suse.com/security/cve/CVE-2018-12617.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1092885 https://bugzilla.suse.com/1096223 https://bugzilla.suse.com/1098735 From sle-security-updates at lists.suse.com Wed Sep 5 13:07:46 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 5 Sep 2018 21:07:46 +0200 (CEST) Subject: SUSE-SU-2018:2629-1: moderate: Security update for curl Message-ID: <20180905190746.AE527FD53@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2629-1 Rating: moderate References: #1084521 #1101811 #1106019 Cross-References: CVE-2018-1000120 CVE-2018-14618 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for curl fixes the following security issues: - CVE-2018-1000120: Prevent buffer overflow in the FTP URL handling that allowed an attacker to cause a denial of service (bsc#1084521). - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-curl-13769=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): libcurl-devel-7.19.7-1.20.53.16.1 References: https://www.suse.com/security/cve/CVE-2018-1000120.html https://www.suse.com/security/cve/CVE-2018-14618.html https://bugzilla.suse.com/1084521 https://bugzilla.suse.com/1101811 https://bugzilla.suse.com/1106019 From sle-security-updates at lists.suse.com Thu Sep 6 04:11:41 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 6 Sep 2018 12:11:41 +0200 (CEST) Subject: SUSE-SU-2018:2630-1: moderate: Security update for apache-pdfbox Message-ID: <20180906101141.9815EFD58@maintenance.suse.de> SUSE Security Update: Security update for apache-pdfbox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2630-1 Rating: moderate References: #1099721 Cross-References: CVE-2018-8036 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache-pdfbox fixes the following issues: Security issue fixed: - CVE-2018-8036: Fix infinite loop while parsing files that leads to an out of memory issue (bsc#1099721). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1842=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (noarch): apache-pdfbox-1.8.12-5.3.13 References: https://www.suse.com/security/cve/CVE-2018-8036.html https://bugzilla.suse.com/1099721 From sle-security-updates at lists.suse.com Thu Sep 6 04:12:19 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 6 Sep 2018 12:12:19 +0200 (CEST) Subject: SUSE-SU-2018:2631-1: moderate: Security update for libvirt Message-ID: <20180906101219.B72A3FD58@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2631-1 Rating: moderate References: #1079869 #1091427 #1094325 #1094725 #1100112 #959329 Cross-References: CVE-2017-5715 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for libvirt fixes the following issues: This new feature was added: - bsc#1094325, bsc#1094725: libxl: Enable virsh blockresize for XEN guests This security issue was fixed: - CVE-2017-5715: Additional fixes for the Spectre patches (bsc#1079869) These non-security issues were fixed: - bsc#1100112: schema: allow any strings in smbios entry qemu: escape smbios entry strings - bsc#1091427: libxl: fix segfault in libxlReconnectDomain - bsc#959329: libxl: don't set hasManagedSave when performing save Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1843=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1843=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1843=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1843=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libvirt-2.0.0-27.45.1 libvirt-client-2.0.0-27.45.1 libvirt-client-debuginfo-2.0.0-27.45.1 libvirt-daemon-2.0.0-27.45.1 libvirt-daemon-config-network-2.0.0-27.45.1 libvirt-daemon-config-nwfilter-2.0.0-27.45.1 libvirt-daemon-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-interface-2.0.0-27.45.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-lxc-2.0.0-27.45.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-network-2.0.0-27.45.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-qemu-2.0.0-27.45.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-secret-2.0.0-27.45.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-storage-2.0.0-27.45.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.45.1 libvirt-daemon-hooks-2.0.0-27.45.1 libvirt-daemon-lxc-2.0.0-27.45.1 libvirt-daemon-qemu-2.0.0-27.45.1 libvirt-debugsource-2.0.0-27.45.1 libvirt-doc-2.0.0-27.45.1 libvirt-lock-sanlock-2.0.0-27.45.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.45.1 libvirt-nss-2.0.0-27.45.1 libvirt-nss-debuginfo-2.0.0-27.45.1 - SUSE OpenStack Cloud 7 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.45.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.45.1 libvirt-daemon-xen-2.0.0-27.45.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libvirt-2.0.0-27.45.1 libvirt-client-2.0.0-27.45.1 libvirt-client-debuginfo-2.0.0-27.45.1 libvirt-daemon-2.0.0-27.45.1 libvirt-daemon-config-network-2.0.0-27.45.1 libvirt-daemon-config-nwfilter-2.0.0-27.45.1 libvirt-daemon-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-interface-2.0.0-27.45.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-lxc-2.0.0-27.45.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-network-2.0.0-27.45.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-qemu-2.0.0-27.45.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-secret-2.0.0-27.45.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-storage-2.0.0-27.45.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.45.1 libvirt-daemon-hooks-2.0.0-27.45.1 libvirt-daemon-lxc-2.0.0-27.45.1 libvirt-daemon-qemu-2.0.0-27.45.1 libvirt-debugsource-2.0.0-27.45.1 libvirt-doc-2.0.0-27.45.1 libvirt-lock-sanlock-2.0.0-27.45.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.45.1 libvirt-nss-2.0.0-27.45.1 libvirt-nss-debuginfo-2.0.0-27.45.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.45.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.45.1 libvirt-daemon-xen-2.0.0-27.45.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libvirt-2.0.0-27.45.1 libvirt-client-2.0.0-27.45.1 libvirt-client-debuginfo-2.0.0-27.45.1 libvirt-daemon-2.0.0-27.45.1 libvirt-daemon-config-network-2.0.0-27.45.1 libvirt-daemon-config-nwfilter-2.0.0-27.45.1 libvirt-daemon-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-interface-2.0.0-27.45.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-lxc-2.0.0-27.45.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-network-2.0.0-27.45.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-qemu-2.0.0-27.45.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-secret-2.0.0-27.45.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-storage-2.0.0-27.45.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.45.1 libvirt-daemon-hooks-2.0.0-27.45.1 libvirt-daemon-lxc-2.0.0-27.45.1 libvirt-daemon-qemu-2.0.0-27.45.1 libvirt-debugsource-2.0.0-27.45.1 libvirt-doc-2.0.0-27.45.1 libvirt-lock-sanlock-2.0.0-27.45.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.45.1 libvirt-nss-2.0.0-27.45.1 libvirt-nss-debuginfo-2.0.0-27.45.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.45.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.45.1 libvirt-daemon-xen-2.0.0-27.45.1 - SUSE Enterprise Storage 4 (x86_64): libvirt-2.0.0-27.45.1 libvirt-client-2.0.0-27.45.1 libvirt-client-debuginfo-2.0.0-27.45.1 libvirt-daemon-2.0.0-27.45.1 libvirt-daemon-config-network-2.0.0-27.45.1 libvirt-daemon-config-nwfilter-2.0.0-27.45.1 libvirt-daemon-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-interface-2.0.0-27.45.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-libxl-2.0.0-27.45.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-lxc-2.0.0-27.45.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-network-2.0.0-27.45.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-qemu-2.0.0-27.45.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-secret-2.0.0-27.45.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-storage-2.0.0-27.45.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.45.1 libvirt-daemon-hooks-2.0.0-27.45.1 libvirt-daemon-lxc-2.0.0-27.45.1 libvirt-daemon-qemu-2.0.0-27.45.1 libvirt-daemon-xen-2.0.0-27.45.1 libvirt-debugsource-2.0.0-27.45.1 libvirt-doc-2.0.0-27.45.1 libvirt-lock-sanlock-2.0.0-27.45.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.45.1 libvirt-nss-2.0.0-27.45.1 libvirt-nss-debuginfo-2.0.0-27.45.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1079869 https://bugzilla.suse.com/1091427 https://bugzilla.suse.com/1094325 https://bugzilla.suse.com/1094725 https://bugzilla.suse.com/1100112 https://bugzilla.suse.com/959329 From sle-security-updates at lists.suse.com Thu Sep 6 04:13:57 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 6 Sep 2018 12:13:57 +0200 (CEST) Subject: SUSE-SU-2018:2632-1: important: Security update for dovecot22 Message-ID: <20180906101357.75491FD58@maintenance.suse.de> SUSE Security Update: Security update for dovecot22 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2632-1 Rating: important References: #1082828 Cross-References: CVE-2017-15130 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dovecot22 fixes the following issues: Security issue fixed: - CVE-2017-15130: Fixed a potential denial of service via TLS SNI config lookups, which would slow the process down and could have led to exhaustive memory allocation and/or process restarts (bsc#1082828) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1844=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1844=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1844=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1844=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1844=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1844=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1844=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1844=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1844=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): dovecot22-2.2.31-19.11.1 dovecot22-backend-mysql-2.2.31-19.11.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.11.1 dovecot22-backend-pgsql-2.2.31-19.11.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.11.1 dovecot22-backend-sqlite-2.2.31-19.11.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.11.1 dovecot22-debuginfo-2.2.31-19.11.1 dovecot22-debugsource-2.2.31-19.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): dovecot22-debuginfo-2.2.31-19.11.1 dovecot22-debugsource-2.2.31-19.11.1 dovecot22-devel-2.2.31-19.11.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): dovecot22-2.2.31-19.11.1 dovecot22-backend-mysql-2.2.31-19.11.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.11.1 dovecot22-backend-pgsql-2.2.31-19.11.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.11.1 dovecot22-backend-sqlite-2.2.31-19.11.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.11.1 dovecot22-debuginfo-2.2.31-19.11.1 dovecot22-debugsource-2.2.31-19.11.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): dovecot22-2.2.31-19.11.1 dovecot22-backend-mysql-2.2.31-19.11.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.11.1 dovecot22-backend-pgsql-2.2.31-19.11.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.11.1 dovecot22-backend-sqlite-2.2.31-19.11.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.11.1 dovecot22-debuginfo-2.2.31-19.11.1 dovecot22-debugsource-2.2.31-19.11.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.11.1 dovecot22-backend-mysql-2.2.31-19.11.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.11.1 dovecot22-backend-pgsql-2.2.31-19.11.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.11.1 dovecot22-backend-sqlite-2.2.31-19.11.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.11.1 dovecot22-debuginfo-2.2.31-19.11.1 dovecot22-debugsource-2.2.31-19.11.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): dovecot22-2.2.31-19.11.1 dovecot22-backend-mysql-2.2.31-19.11.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.11.1 dovecot22-backend-pgsql-2.2.31-19.11.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.11.1 dovecot22-backend-sqlite-2.2.31-19.11.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.11.1 dovecot22-debuginfo-2.2.31-19.11.1 dovecot22-debugsource-2.2.31-19.11.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): dovecot22-2.2.31-19.11.1 dovecot22-backend-mysql-2.2.31-19.11.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.11.1 dovecot22-backend-pgsql-2.2.31-19.11.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.11.1 dovecot22-backend-sqlite-2.2.31-19.11.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.11.1 dovecot22-debuginfo-2.2.31-19.11.1 dovecot22-debugsource-2.2.31-19.11.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): dovecot22-2.2.31-19.11.1 dovecot22-backend-mysql-2.2.31-19.11.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.11.1 dovecot22-backend-pgsql-2.2.31-19.11.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.11.1 dovecot22-backend-sqlite-2.2.31-19.11.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.11.1 dovecot22-debuginfo-2.2.31-19.11.1 dovecot22-debugsource-2.2.31-19.11.1 - SUSE Enterprise Storage 4 (x86_64): dovecot22-2.2.31-19.11.1 dovecot22-backend-mysql-2.2.31-19.11.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.11.1 dovecot22-backend-pgsql-2.2.31-19.11.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.11.1 dovecot22-backend-sqlite-2.2.31-19.11.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.11.1 dovecot22-debuginfo-2.2.31-19.11.1 dovecot22-debugsource-2.2.31-19.11.1 References: https://www.suse.com/security/cve/CVE-2017-15130.html https://bugzilla.suse.com/1082828 From sle-security-updates at lists.suse.com Thu Sep 6 10:07:59 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 6 Sep 2018 18:07:59 +0200 (CEST) Subject: SUSE-SU-2018:2637-1: important: Security update for the Linux Kernel Message-ID: <20180906160759.6B416FD53@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2637-1 Rating: important References: #1015828 #1037441 #1047487 #1082962 #1083900 #1085107 #1087081 #1089343 #1092904 #1093183 #1094353 #1096480 #1096728 #1097125 #1097234 #1097562 #1098016 #1098658 #1099709 #1099924 #1099942 #1100091 #1100132 #1100418 #1102087 #1103884 #1103909 #1104365 #1104475 #1104684 #909361 Cross-References: CVE-2016-8405 CVE-2017-13305 CVE-2018-1000204 CVE-2018-1068 CVE-2018-1130 CVE-2018-12233 CVE-2018-13053 CVE-2018-13406 CVE-2018-3620 CVE-2018-3646 CVE-2018-5803 CVE-2018-5814 CVE-2018-7492 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 18 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-8405: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. (bnc#1099942). - CVE-2017-13305: A information disclosure vulnerability was fixed in the encrypted-keys handling. (bnc#1094353). - CVE-2018-1000204: A malformed SG_IO ioctl issued for a SCSI device lead to a local kernel data leak manifesting in up to approximately 1000 memory pages copied to the userspace. The problem has limited scope as non-privileged users usually have no permissions to access SCSI device files. (bnc#1096728). - CVE-2018-1068: A flaw was found in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107). - CVE-2018-1130: Linux kernel was vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904). - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c a memory corruption bug in JFS could be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr (bnc#1097234). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 bnc#1100418). - CVE-2018-3620: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis (bnc#1087081). - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bnc#1089343 bnc#1104365). - CVE-2018-5803: An error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length could be exploited to cause a kernel crash (bnc#1083900). - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). - CVE-2018-7492: A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bnc#1082962). The following non-security bugs were fixed: - usb: add USB_DEVICE_INTERFACE_CLASS macro (bsc#1047487). - usb: hub: fix non-SS hub-descriptor handling (bsc#1047487). - usb: kobil_sct: fix non-atomic allocation in write path (bsc#1015828). - usb: serial: ftdi_sio: fix latency-timer error handling (bsc#1037441). - usb: serial: io_edgeport: fix NULL-deref at open (bsc#1015828). - usb: serial: io_edgeport: fix possible sleep-in-atomic (bsc#1037441). - usb: serial: keyspan_pda: fix modem-status error handling (bsc#1100132). - usb: visor: Match I330 phone more precisely (bsc#1047487). - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - disable prot_none native mitigation (bnc#1104684) - drm/i915: fix use-after-free in page_flip_completed() (bsc#1103909). - drm: re-enable error handling (bsc#1103884) - efivarfs: maintain the efivarfs interfaces when sysfs be created and removed (bsc#1097125). - fix pgd underflow (bnc#1104475) custom walk_page_range rework was incorrect and could underflow pgd if the given range was below a first vma. - kthread, tracing: Do not expose half-written comm when creating kthreads (Git-fixes). - nvme: add device id's with intel stripe quirk (bsc#1097562). - perf/core: Fix group scheduling with mixed hw and sw events (Git-fixes). - perf/x86/intel: Handle Broadwell family processors (bsc#1093183). - s390/qeth: fix IPA command submission race (bnc#1099709, LTC#169004). - scsi: zfcp: fix infinite iteration on ERP ready list (bnc#1102087, LTC#168038). - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (bnc#1102087, LTC#168765). - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (bnc#1102087, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (bnc#1102087, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (bnc#1102087, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (bnc#1102087, LTC#168765). - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (bnc#1102087, LTC#168765). - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (bnc#1102087, LTC#168765). - series.conf: Remove trailing whitespaces - slab: introduce kmalloc_array() (bsc#909361). - smsc75xx: Add workaround for gigabit link up hardware errata (bsc#1100132). - x64/entry: move ENABLE_IBRS after switching from trampoline stack (bsc#1098658). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/fpu: fix signal handling with eager FPU switching (bsc#1100091). - x86/mm: Simplify p[g4um]d_page() macros (bnc#1087081, bnc#1104684). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - x86/traps: Fix bad_iret_stack in fixup_bad_iret() (bsc#1098658). - x86/traps: add missing kernel CR3 switch in bad_iret path (bsc#1098658). - xen/x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - xen/x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - xen/x86/cpu: Remove the pointless CPU printout (bsc#1089343). - xhci: xhci-mem: off by one in xhci_stream_id_to_ring() (bsc#1100132). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-kernel-rt-20180827-13770=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-rt-20180827-13770=1 Package List: - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): kernel-rt-3.0.101.rt130-69.33.1 kernel-rt-base-3.0.101.rt130-69.33.1 kernel-rt-devel-3.0.101.rt130-69.33.1 kernel-rt_trace-3.0.101.rt130-69.33.1 kernel-rt_trace-base-3.0.101.rt130-69.33.1 kernel-rt_trace-devel-3.0.101.rt130-69.33.1 kernel-source-rt-3.0.101.rt130-69.33.1 kernel-syms-rt-3.0.101.rt130-69.33.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): kernel-rt-debuginfo-3.0.101.rt130-69.33.1 kernel-rt-debugsource-3.0.101.rt130-69.33.1 kernel-rt_debug-debuginfo-3.0.101.rt130-69.33.1 kernel-rt_debug-debugsource-3.0.101.rt130-69.33.1 kernel-rt_trace-debuginfo-3.0.101.rt130-69.33.1 kernel-rt_trace-debugsource-3.0.101.rt130-69.33.1 References: https://www.suse.com/security/cve/CVE-2016-8405.html https://www.suse.com/security/cve/CVE-2017-13305.html https://www.suse.com/security/cve/CVE-2018-1000204.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-1130.html https://www.suse.com/security/cve/CVE-2018-12233.html https://www.suse.com/security/cve/CVE-2018-13053.html https://www.suse.com/security/cve/CVE-2018-13406.html https://www.suse.com/security/cve/CVE-2018-3620.html https://www.suse.com/security/cve/CVE-2018-3646.html https://www.suse.com/security/cve/CVE-2018-5803.html https://www.suse.com/security/cve/CVE-2018-5814.html https://www.suse.com/security/cve/CVE-2018-7492.html https://bugzilla.suse.com/1015828 https://bugzilla.suse.com/1037441 https://bugzilla.suse.com/1047487 https://bugzilla.suse.com/1082962 https://bugzilla.suse.com/1083900 https://bugzilla.suse.com/1085107 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1092904 https://bugzilla.suse.com/1093183 https://bugzilla.suse.com/1094353 https://bugzilla.suse.com/1096480 https://bugzilla.suse.com/1096728 https://bugzilla.suse.com/1097125 https://bugzilla.suse.com/1097234 https://bugzilla.suse.com/1097562 https://bugzilla.suse.com/1098016 https://bugzilla.suse.com/1098658 https://bugzilla.suse.com/1099709 https://bugzilla.suse.com/1099924 https://bugzilla.suse.com/1099942 https://bugzilla.suse.com/1100091 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1100418 https://bugzilla.suse.com/1102087 https://bugzilla.suse.com/1103884 https://bugzilla.suse.com/1103909 https://bugzilla.suse.com/1104365 https://bugzilla.suse.com/1104475 https://bugzilla.suse.com/1104684 https://bugzilla.suse.com/909361 From sle-security-updates at lists.suse.com Thu Sep 6 13:07:47 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 6 Sep 2018 21:07:47 +0200 (CEST) Subject: SUSE-SU-2018:2640-1: moderate: Security update for php7 Message-ID: <20180906190747.F4125FD53@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2640-1 Rating: moderate References: #1105466 Cross-References: CVE-2017-9118 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: - CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1852=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-1852=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.49.1 php7-debugsource-7.0.7-50.49.1 php7-devel-7.0.7-50.49.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.49.1 apache2-mod_php7-debuginfo-7.0.7-50.49.1 php7-7.0.7-50.49.1 php7-bcmath-7.0.7-50.49.1 php7-bcmath-debuginfo-7.0.7-50.49.1 php7-bz2-7.0.7-50.49.1 php7-bz2-debuginfo-7.0.7-50.49.1 php7-calendar-7.0.7-50.49.1 php7-calendar-debuginfo-7.0.7-50.49.1 php7-ctype-7.0.7-50.49.1 php7-ctype-debuginfo-7.0.7-50.49.1 php7-curl-7.0.7-50.49.1 php7-curl-debuginfo-7.0.7-50.49.1 php7-dba-7.0.7-50.49.1 php7-dba-debuginfo-7.0.7-50.49.1 php7-debuginfo-7.0.7-50.49.1 php7-debugsource-7.0.7-50.49.1 php7-dom-7.0.7-50.49.1 php7-dom-debuginfo-7.0.7-50.49.1 php7-enchant-7.0.7-50.49.1 php7-enchant-debuginfo-7.0.7-50.49.1 php7-exif-7.0.7-50.49.1 php7-exif-debuginfo-7.0.7-50.49.1 php7-fastcgi-7.0.7-50.49.1 php7-fastcgi-debuginfo-7.0.7-50.49.1 php7-fileinfo-7.0.7-50.49.1 php7-fileinfo-debuginfo-7.0.7-50.49.1 php7-fpm-7.0.7-50.49.1 php7-fpm-debuginfo-7.0.7-50.49.1 php7-ftp-7.0.7-50.49.1 php7-ftp-debuginfo-7.0.7-50.49.1 php7-gd-7.0.7-50.49.1 php7-gd-debuginfo-7.0.7-50.49.1 php7-gettext-7.0.7-50.49.1 php7-gettext-debuginfo-7.0.7-50.49.1 php7-gmp-7.0.7-50.49.1 php7-gmp-debuginfo-7.0.7-50.49.1 php7-iconv-7.0.7-50.49.1 php7-iconv-debuginfo-7.0.7-50.49.1 php7-imap-7.0.7-50.49.1 php7-imap-debuginfo-7.0.7-50.49.1 php7-intl-7.0.7-50.49.1 php7-intl-debuginfo-7.0.7-50.49.1 php7-json-7.0.7-50.49.1 php7-json-debuginfo-7.0.7-50.49.1 php7-ldap-7.0.7-50.49.1 php7-ldap-debuginfo-7.0.7-50.49.1 php7-mbstring-7.0.7-50.49.1 php7-mbstring-debuginfo-7.0.7-50.49.1 php7-mcrypt-7.0.7-50.49.1 php7-mcrypt-debuginfo-7.0.7-50.49.1 php7-mysql-7.0.7-50.49.1 php7-mysql-debuginfo-7.0.7-50.49.1 php7-odbc-7.0.7-50.49.1 php7-odbc-debuginfo-7.0.7-50.49.1 php7-opcache-7.0.7-50.49.1 php7-opcache-debuginfo-7.0.7-50.49.1 php7-openssl-7.0.7-50.49.1 php7-openssl-debuginfo-7.0.7-50.49.1 php7-pcntl-7.0.7-50.49.1 php7-pcntl-debuginfo-7.0.7-50.49.1 php7-pdo-7.0.7-50.49.1 php7-pdo-debuginfo-7.0.7-50.49.1 php7-pgsql-7.0.7-50.49.1 php7-pgsql-debuginfo-7.0.7-50.49.1 php7-phar-7.0.7-50.49.1 php7-phar-debuginfo-7.0.7-50.49.1 php7-posix-7.0.7-50.49.1 php7-posix-debuginfo-7.0.7-50.49.1 php7-pspell-7.0.7-50.49.1 php7-pspell-debuginfo-7.0.7-50.49.1 php7-shmop-7.0.7-50.49.1 php7-shmop-debuginfo-7.0.7-50.49.1 php7-snmp-7.0.7-50.49.1 php7-snmp-debuginfo-7.0.7-50.49.1 php7-soap-7.0.7-50.49.1 php7-soap-debuginfo-7.0.7-50.49.1 php7-sockets-7.0.7-50.49.1 php7-sockets-debuginfo-7.0.7-50.49.1 php7-sqlite-7.0.7-50.49.1 php7-sqlite-debuginfo-7.0.7-50.49.1 php7-sysvmsg-7.0.7-50.49.1 php7-sysvmsg-debuginfo-7.0.7-50.49.1 php7-sysvsem-7.0.7-50.49.1 php7-sysvsem-debuginfo-7.0.7-50.49.1 php7-sysvshm-7.0.7-50.49.1 php7-sysvshm-debuginfo-7.0.7-50.49.1 php7-tokenizer-7.0.7-50.49.1 php7-tokenizer-debuginfo-7.0.7-50.49.1 php7-wddx-7.0.7-50.49.1 php7-wddx-debuginfo-7.0.7-50.49.1 php7-xmlreader-7.0.7-50.49.1 php7-xmlreader-debuginfo-7.0.7-50.49.1 php7-xmlrpc-7.0.7-50.49.1 php7-xmlrpc-debuginfo-7.0.7-50.49.1 php7-xmlwriter-7.0.7-50.49.1 php7-xmlwriter-debuginfo-7.0.7-50.49.1 php7-xsl-7.0.7-50.49.1 php7-xsl-debuginfo-7.0.7-50.49.1 php7-zip-7.0.7-50.49.1 php7-zip-debuginfo-7.0.7-50.49.1 php7-zlib-7.0.7-50.49.1 php7-zlib-debuginfo-7.0.7-50.49.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.49.1 php7-pear-Archive_Tar-7.0.7-50.49.1 References: https://www.suse.com/security/cve/CVE-2017-9118.html https://bugzilla.suse.com/1105466 From sle-security-updates at lists.suse.com Thu Sep 6 16:07:47 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Sep 2018 00:07:47 +0200 (CEST) Subject: SUSE-SU-2018:2641-1: moderate: Security update for enigmail Message-ID: <20180906220747.F38D8FD53@maintenance.suse.de> SUSE Security Update: Security update for enigmail ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2641-1 Rating: moderate References: #1104036 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for enigmail to 2.0.8 fixes the following issues: The enigmail 2.0.8 release addresses a security issue and solves a few regression bugs. * A security issue has been fixed that allows an attacker to prepare a plain, unauthenticated HTML message in a way that it looks like it's signed and/or encrypted (boo#1104036) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-1853=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): enigmail-2.0.8-3.10.1 References: https://bugzilla.suse.com/1104036 From sle-security-updates at lists.suse.com Fri Sep 7 07:09:32 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Sep 2018 15:09:32 +0200 (CEST) Subject: SUSE-SU-2018:2647-1: moderate: Security update for nodejs4 Message-ID: <20180907130932.6ED63FD53@maintenance.suse.de> SUSE Security Update: Security update for nodejs4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2647-1 Rating: moderate References: #1082318 #1091764 #1097158 #1097748 #1105019 Cross-References: CVE-2018-0732 CVE-2018-12115 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be used to write to memory outside of a Buffer's memory space buffer (bsc#1105019) - Upgrade to OpenSSL 1.0.2p, which fixed: - CVE-2018-0732: Client denial-of-service due to large DH parameter (bsc#1097158) - ECDSA key extraction via local side-channel Other changes made: - Recommend same major version npm package (bsc#1097748) - Use absolute paths in executable shebang lines - Fix building with ICU61.1 (bsc#1091764) - Install license with %license, not %doc (bsc#1082318) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-1854=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1854=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le x86_64): nodejs4-4.9.1-15.14.1 nodejs4-debuginfo-4.9.1-15.14.1 nodejs4-debugsource-4.9.1-15.14.1 nodejs4-devel-4.9.1-15.14.1 npm4-4.9.1-15.14.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs4-docs-4.9.1-15.14.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): nodejs4-4.9.1-15.14.1 nodejs4-debuginfo-4.9.1-15.14.1 nodejs4-debugsource-4.9.1-15.14.1 References: https://www.suse.com/security/cve/CVE-2018-0732.html https://www.suse.com/security/cve/CVE-2018-12115.html https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1091764 https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1097748 https://bugzilla.suse.com/1105019 From sle-security-updates at lists.suse.com Fri Sep 7 10:08:00 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Sep 2018 18:08:00 +0200 (CEST) Subject: SUSE-SU-2018:2649-1: important: Security update for java-1_7_1-ibm Message-ID: <20180907160800.8D026FD4E@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2649-1 Rating: important References: #1104668 Cross-References: CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: Security issues fixed: - CVE-2018-1517: Fixed a flaw in the java.math component in IBM SDK, which may allow an attacker to inflict a denial-of-service attack with specially crafted String data. - CVE-2018-1656: Protect against path traversal attacks when extracting compressed dump files. - CVE-2018-2940: Fixed an easily exploitable vulnerability in the libraries subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to unauthorized read access. - CVE-2018-2952: Fixed an easily exploitable vulnerability in the concurrency subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to denial of service. - CVE-2018-2973: Fixed a difficult to exploit vulnerability in the JSSE subcomponent, which allowed unauthenticated attackers with network access via SSL/TLS to compromise the Java SE, leading to unauthorized creation, deletion or modification access to critical data. - CVE-2018-12539: Fixed a vulnerability in which users other than the process owner may be able to use Java Attach API to connect to the IBM JVM on the same machine and use Attach API operations, including the ability to execute untrusted arbitrary code. Other changes made: - Various JIT/JVM crash fixes - Version update to 7.1.4.30 (bsc#1104668) You can find detailed information about this update [here](https://developer.ibm.com/javasdk/support/security-vulnerabilities/# IBM_Security_Update_August_2018). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1858=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1858=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1858=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1858=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1858=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1858=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1858=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1858=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1858=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-devel-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.30-38.26.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-plugin-1.7.1_sr4.30-38.26.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.30-38.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-devel-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.30-38.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-plugin-1.7.1_sr4.30-38.26.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-devel-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.30-38.26.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-plugin-1.7.1_sr4.30-38.26.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.30-38.26.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-plugin-1.7.1_sr4.30-38.26.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-devel-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.30-38.26.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-plugin-1.7.1_sr4.30-38.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-devel-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.30-38.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-plugin-1.7.1_sr4.30-38.26.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-devel-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.30-38.26.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-plugin-1.7.1_sr4.30-38.26.1 - SUSE Enterprise Storage 4 (x86_64): java-1_7_1-ibm-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-alsa-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-devel-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-plugin-1.7.1_sr4.30-38.26.1 References: https://www.suse.com/security/cve/CVE-2018-12539.html https://www.suse.com/security/cve/CVE-2018-1517.html https://www.suse.com/security/cve/CVE-2018-1656.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2973.html https://bugzilla.suse.com/1104668 From sle-security-updates at lists.suse.com Fri Sep 7 10:08:36 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Sep 2018 18:08:36 +0200 (CEST) Subject: SUSE-SU-2018:2650-1: moderate: Security update for kvm Message-ID: <20180907160836.715BEFD53@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2650-1 Rating: moderate References: #1092885 #1096223 #1098735 Cross-References: CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for kvm fixes the following security issues: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kvm-13771=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): kvm-1.4.2-60.15.2 References: https://www.suse.com/security/cve/CVE-2018-11806.html https://www.suse.com/security/cve/CVE-2018-12617.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1092885 https://bugzilla.suse.com/1096223 https://bugzilla.suse.com/1098735 From sle-security-updates at lists.suse.com Mon Sep 10 10:08:06 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Sep 2018 18:08:06 +0200 (CEST) Subject: SUSE-SU-2018:2676-1: moderate: Security update for tiff Message-ID: <20180910160806.97BF4FD2C@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2676-1 Rating: moderate References: #1074186 #1092480 #960589 #983440 Cross-References: CVE-2015-8668 CVE-2016-5319 CVE-2017-17942 CVE-2018-10779 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for tiff fixes the following issues: The following security vulnerabilities were addressed: - CVE-2015-8668: Fixed a heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff, which allowed remote attackers to execute arbitrary code or cause a denial of service via a large width field in a specially crafted BMP image. (bsc#960589) - CVE-2018-10779: Fixed a heap-based buffer over-read in TIFFWriteScanline() in tif_write.c (bsc#1092480) - CVE-2017-17942: Fixed a heap-based buffer overflow in the function PackBitsEncode in tif_packbits.c. (bsc#1074186) - CVE-2016-5319: Fixed a beap-based buffer overflow in bmp2tiff (bsc#983440) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-tiff-13772=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tiff-13772=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tiff-13772=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff-devel-3.8.2-141.169.16.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libtiff-devel-32bit-3.8.2-141.169.16.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff3-3.8.2-141.169.16.1 tiff-3.8.2-141.169.16.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libtiff3-32bit-3.8.2-141.169.16.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libtiff3-x86-3.8.2-141.169.16.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tiff-debuginfo-3.8.2-141.169.16.1 tiff-debugsource-3.8.2-141.169.16.1 References: https://www.suse.com/security/cve/CVE-2015-8668.html https://www.suse.com/security/cve/CVE-2016-5319.html https://www.suse.com/security/cve/CVE-2017-17942.html https://www.suse.com/security/cve/CVE-2018-10779.html https://bugzilla.suse.com/1074186 https://bugzilla.suse.com/1092480 https://bugzilla.suse.com/960589 https://bugzilla.suse.com/983440 From sle-security-updates at lists.suse.com Mon Sep 10 13:07:58 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Sep 2018 21:07:58 +0200 (CEST) Subject: SUSE-SU-2018:2677-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15) Message-ID: <20180910190758.5DA93FD2C@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2677-1 Rating: important References: #1105026 Cross-References: CVE-2018-15471 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-25_3 fixes one issue. The following security issue was fixed: - CVE-2018-15471: An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c. The Linux netback driver allowed frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks (bsc#1105026). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-1868=1 SUSE-SLE-Module-Live-Patching-15-2018-1870=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-23-default-3-7.3 kernel-livepatch-4_12_14-23-default-debuginfo-3-7.3 kernel-livepatch-4_12_14-25_3-default-3-2.1 kernel-livepatch-4_12_14-25_3-default-debuginfo-3-2.1 kernel-livepatch-SLE15_Update_0-debugsource-3-7.3 References: https://www.suse.com/security/cve/CVE-2018-15471.html https://bugzilla.suse.com/1105026 From sle-security-updates at lists.suse.com Mon Sep 10 13:08:28 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Sep 2018 21:08:28 +0200 (CEST) Subject: SUSE-SU-2018:2678-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15) Message-ID: <20180910190828.8230BFD2C@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 2 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2678-1 Rating: important References: #1097108 #1103203 #1105026 Cross-References: CVE-2018-10853 CVE-2018-15471 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.12.14-25_6 fixes several issues. The following security issues were fixed: - CVE-2018-15471: An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c. The Linux netback driver allowed frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks (bsc#1105026). - CVE-2018-10853: A KVM guest userspace to guest kernel write was fixed, which could be used by guest users to crash the guest kernel (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-1869=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-25_6-default-3-2.1 kernel-livepatch-4_12_14-25_6-default-debuginfo-3-2.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-15471.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1103203 https://bugzilla.suse.com/1105026 From sle-security-updates at lists.suse.com Mon Sep 10 13:09:20 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Sep 2018 21:09:20 +0200 (CEST) Subject: SUSE-SU-2018:2679-1: moderate: Security update for qemu Message-ID: <20180910190920.C9837FD2D@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2679-1 Rating: moderate References: #1094898 #1098735 #1102604 #1103628 #1105279 Cross-References: CVE-2018-12617 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for qemu fixes the following issues: This security issue was fixed: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) These non-security issues were fixed: - Allow kvm group access to /dev/sev (bsc#1102604). - Fix for the value used for reduced_phys_bits. Please update the reduced_phys_bits value used on the commandline or in libvirt XML to the value 1 (explicitly set now in QEMU code). (bsc#1103628) - Fix (again) the qemu guest agent udev rule file, which got unfixed in a series of unfortunate events (bsc#1094898 and now bsc#1105279) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-1866=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1866=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): qemu-2.11.2-9.9.1 qemu-block-curl-2.11.2-9.9.1 qemu-block-curl-debuginfo-2.11.2-9.9.1 qemu-block-iscsi-2.11.2-9.9.1 qemu-block-iscsi-debuginfo-2.11.2-9.9.1 qemu-block-rbd-2.11.2-9.9.1 qemu-block-rbd-debuginfo-2.11.2-9.9.1 qemu-block-ssh-2.11.2-9.9.1 qemu-block-ssh-debuginfo-2.11.2-9.9.1 qemu-debuginfo-2.11.2-9.9.1 qemu-debugsource-2.11.2-9.9.1 qemu-guest-agent-2.11.2-9.9.1 qemu-guest-agent-debuginfo-2.11.2-9.9.1 qemu-lang-2.11.2-9.9.1 - SUSE Linux Enterprise Module for Server Applications 15 (s390x x86_64): qemu-kvm-2.11.2-9.9.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64): qemu-arm-2.11.2-9.9.1 qemu-arm-debuginfo-2.11.2-9.9.1 - SUSE Linux Enterprise Module for Server Applications 15 (ppc64le): qemu-ppc-2.11.2-9.9.1 qemu-ppc-debuginfo-2.11.2-9.9.1 - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): qemu-x86-2.11.2-9.9.1 qemu-x86-debuginfo-2.11.2-9.9.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): qemu-ipxe-1.0.0-9.9.1 qemu-seabios-1.11.0-9.9.1 qemu-sgabios-8-9.9.1 qemu-vgabios-1.11.0-9.9.1 - SUSE Linux Enterprise Module for Server Applications 15 (s390x): qemu-s390-2.11.2-9.9.1 qemu-s390-debuginfo-2.11.2-9.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-2.11.2-9.9.1 qemu-debugsource-2.11.2-9.9.1 qemu-tools-2.11.2-9.9.1 qemu-tools-debuginfo-2.11.2-9.9.1 References: https://www.suse.com/security/cve/CVE-2018-12617.html https://bugzilla.suse.com/1094898 https://bugzilla.suse.com/1098735 https://bugzilla.suse.com/1102604 https://bugzilla.suse.com/1103628 https://bugzilla.suse.com/1105279 From sle-security-updates at lists.suse.com Mon Sep 10 13:12:28 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Sep 2018 21:12:28 +0200 (CEST) Subject: SUSE-SU-2018:2681-1: moderate: Security update for php53 Message-ID: <20180910191228.43CB8FD2C@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2681-1 Rating: moderate References: #1103659 #1103836 #1105466 Cross-References: CVE-2017-9118 CVE-2018-14851 CVE-2018-14883 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for php53 fixes the following issues: The following security issues were fixed: - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2018-14883: Fixed an integer overflow leading to a heap based buffer over-read in exif_thumbnail_extract of exif.c. (bsc#1103836) - CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-13773=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-13773=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-13773=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-112.38.1 php53-imap-5.3.17-112.38.1 php53-posix-5.3.17-112.38.1 php53-readline-5.3.17-112.38.1 php53-sockets-5.3.17-112.38.1 php53-sqlite-5.3.17-112.38.1 php53-tidy-5.3.17-112.38.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-112.38.1 php53-5.3.17-112.38.1 php53-bcmath-5.3.17-112.38.1 php53-bz2-5.3.17-112.38.1 php53-calendar-5.3.17-112.38.1 php53-ctype-5.3.17-112.38.1 php53-curl-5.3.17-112.38.1 php53-dba-5.3.17-112.38.1 php53-dom-5.3.17-112.38.1 php53-exif-5.3.17-112.38.1 php53-fastcgi-5.3.17-112.38.1 php53-fileinfo-5.3.17-112.38.1 php53-ftp-5.3.17-112.38.1 php53-gd-5.3.17-112.38.1 php53-gettext-5.3.17-112.38.1 php53-gmp-5.3.17-112.38.1 php53-iconv-5.3.17-112.38.1 php53-intl-5.3.17-112.38.1 php53-json-5.3.17-112.38.1 php53-ldap-5.3.17-112.38.1 php53-mbstring-5.3.17-112.38.1 php53-mcrypt-5.3.17-112.38.1 php53-mysql-5.3.17-112.38.1 php53-odbc-5.3.17-112.38.1 php53-openssl-5.3.17-112.38.1 php53-pcntl-5.3.17-112.38.1 php53-pdo-5.3.17-112.38.1 php53-pear-5.3.17-112.38.1 php53-pgsql-5.3.17-112.38.1 php53-pspell-5.3.17-112.38.1 php53-shmop-5.3.17-112.38.1 php53-snmp-5.3.17-112.38.1 php53-soap-5.3.17-112.38.1 php53-suhosin-5.3.17-112.38.1 php53-sysvmsg-5.3.17-112.38.1 php53-sysvsem-5.3.17-112.38.1 php53-sysvshm-5.3.17-112.38.1 php53-tokenizer-5.3.17-112.38.1 php53-wddx-5.3.17-112.38.1 php53-xmlreader-5.3.17-112.38.1 php53-xmlrpc-5.3.17-112.38.1 php53-xmlwriter-5.3.17-112.38.1 php53-xsl-5.3.17-112.38.1 php53-zip-5.3.17-112.38.1 php53-zlib-5.3.17-112.38.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-112.38.1 php53-debugsource-5.3.17-112.38.1 References: https://www.suse.com/security/cve/CVE-2017-9118.html https://www.suse.com/security/cve/CVE-2018-14851.html https://www.suse.com/security/cve/CVE-2018-14883.html https://bugzilla.suse.com/1103659 https://bugzilla.suse.com/1103836 https://bugzilla.suse.com/1105466 From sle-security-updates at lists.suse.com Mon Sep 10 13:13:20 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Sep 2018 21:13:20 +0200 (CEST) Subject: SUSE-SU-2018:2682-1: moderate: Security update for php5 Message-ID: <20180910191320.6A47EFD2C@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2682-1 Rating: moderate References: #1096984 #1099098 #1103659 #1105466 Cross-References: CVE-2017-9118 CVE-2018-10360 CVE-2018-12882 CVE-2018-14851 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for php5 fixes the following issues: The following security issues were fixed: - CVE-2018-10360: Fixed an out-of-bounds read in the do_core_note function in readelf.c in libmagic.a, which allowed remote attackers to cause a denial of service via a crafted ELF file (bsc#1096984) - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2018-12882: Fixed an use-after-free in exif_read_from_impl in ext/exif/exif.c (bsc#1099098) - CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1871=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-1871=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.38.1 php5-debugsource-5.5.14-109.38.1 php5-devel-5.5.14-109.38.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-109.38.1 apache2-mod_php5-debuginfo-5.5.14-109.38.1 php5-5.5.14-109.38.1 php5-bcmath-5.5.14-109.38.1 php5-bcmath-debuginfo-5.5.14-109.38.1 php5-bz2-5.5.14-109.38.1 php5-bz2-debuginfo-5.5.14-109.38.1 php5-calendar-5.5.14-109.38.1 php5-calendar-debuginfo-5.5.14-109.38.1 php5-ctype-5.5.14-109.38.1 php5-ctype-debuginfo-5.5.14-109.38.1 php5-curl-5.5.14-109.38.1 php5-curl-debuginfo-5.5.14-109.38.1 php5-dba-5.5.14-109.38.1 php5-dba-debuginfo-5.5.14-109.38.1 php5-debuginfo-5.5.14-109.38.1 php5-debugsource-5.5.14-109.38.1 php5-dom-5.5.14-109.38.1 php5-dom-debuginfo-5.5.14-109.38.1 php5-enchant-5.5.14-109.38.1 php5-enchant-debuginfo-5.5.14-109.38.1 php5-exif-5.5.14-109.38.1 php5-exif-debuginfo-5.5.14-109.38.1 php5-fastcgi-5.5.14-109.38.1 php5-fastcgi-debuginfo-5.5.14-109.38.1 php5-fileinfo-5.5.14-109.38.1 php5-fileinfo-debuginfo-5.5.14-109.38.1 php5-fpm-5.5.14-109.38.1 php5-fpm-debuginfo-5.5.14-109.38.1 php5-ftp-5.5.14-109.38.1 php5-ftp-debuginfo-5.5.14-109.38.1 php5-gd-5.5.14-109.38.1 php5-gd-debuginfo-5.5.14-109.38.1 php5-gettext-5.5.14-109.38.1 php5-gettext-debuginfo-5.5.14-109.38.1 php5-gmp-5.5.14-109.38.1 php5-gmp-debuginfo-5.5.14-109.38.1 php5-iconv-5.5.14-109.38.1 php5-iconv-debuginfo-5.5.14-109.38.1 php5-imap-5.5.14-109.38.1 php5-imap-debuginfo-5.5.14-109.38.1 php5-intl-5.5.14-109.38.1 php5-intl-debuginfo-5.5.14-109.38.1 php5-json-5.5.14-109.38.1 php5-json-debuginfo-5.5.14-109.38.1 php5-ldap-5.5.14-109.38.1 php5-ldap-debuginfo-5.5.14-109.38.1 php5-mbstring-5.5.14-109.38.1 php5-mbstring-debuginfo-5.5.14-109.38.1 php5-mcrypt-5.5.14-109.38.1 php5-mcrypt-debuginfo-5.5.14-109.38.1 php5-mysql-5.5.14-109.38.1 php5-mysql-debuginfo-5.5.14-109.38.1 php5-odbc-5.5.14-109.38.1 php5-odbc-debuginfo-5.5.14-109.38.1 php5-opcache-5.5.14-109.38.1 php5-opcache-debuginfo-5.5.14-109.38.1 php5-openssl-5.5.14-109.38.1 php5-openssl-debuginfo-5.5.14-109.38.1 php5-pcntl-5.5.14-109.38.1 php5-pcntl-debuginfo-5.5.14-109.38.1 php5-pdo-5.5.14-109.38.1 php5-pdo-debuginfo-5.5.14-109.38.1 php5-pgsql-5.5.14-109.38.1 php5-pgsql-debuginfo-5.5.14-109.38.1 php5-phar-5.5.14-109.38.1 php5-phar-debuginfo-5.5.14-109.38.1 php5-posix-5.5.14-109.38.1 php5-posix-debuginfo-5.5.14-109.38.1 php5-pspell-5.5.14-109.38.1 php5-pspell-debuginfo-5.5.14-109.38.1 php5-shmop-5.5.14-109.38.1 php5-shmop-debuginfo-5.5.14-109.38.1 php5-snmp-5.5.14-109.38.1 php5-snmp-debuginfo-5.5.14-109.38.1 php5-soap-5.5.14-109.38.1 php5-soap-debuginfo-5.5.14-109.38.1 php5-sockets-5.5.14-109.38.1 php5-sockets-debuginfo-5.5.14-109.38.1 php5-sqlite-5.5.14-109.38.1 php5-sqlite-debuginfo-5.5.14-109.38.1 php5-suhosin-5.5.14-109.38.1 php5-suhosin-debuginfo-5.5.14-109.38.1 php5-sysvmsg-5.5.14-109.38.1 php5-sysvmsg-debuginfo-5.5.14-109.38.1 php5-sysvsem-5.5.14-109.38.1 php5-sysvsem-debuginfo-5.5.14-109.38.1 php5-sysvshm-5.5.14-109.38.1 php5-sysvshm-debuginfo-5.5.14-109.38.1 php5-tokenizer-5.5.14-109.38.1 php5-tokenizer-debuginfo-5.5.14-109.38.1 php5-wddx-5.5.14-109.38.1 php5-wddx-debuginfo-5.5.14-109.38.1 php5-xmlreader-5.5.14-109.38.1 php5-xmlreader-debuginfo-5.5.14-109.38.1 php5-xmlrpc-5.5.14-109.38.1 php5-xmlrpc-debuginfo-5.5.14-109.38.1 php5-xmlwriter-5.5.14-109.38.1 php5-xmlwriter-debuginfo-5.5.14-109.38.1 php5-xsl-5.5.14-109.38.1 php5-xsl-debuginfo-5.5.14-109.38.1 php5-zip-5.5.14-109.38.1 php5-zip-debuginfo-5.5.14-109.38.1 php5-zlib-5.5.14-109.38.1 php5-zlib-debuginfo-5.5.14-109.38.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-109.38.1 References: https://www.suse.com/security/cve/CVE-2017-9118.html https://www.suse.com/security/cve/CVE-2018-10360.html https://www.suse.com/security/cve/CVE-2018-12882.html https://www.suse.com/security/cve/CVE-2018-14851.html https://bugzilla.suse.com/1096984 https://bugzilla.suse.com/1099098 https://bugzilla.suse.com/1103659 https://bugzilla.suse.com/1105466 From sle-security-updates at lists.suse.com Mon Sep 10 13:14:20 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Sep 2018 21:14:20 +0200 (CEST) Subject: SUSE-SU-2018:2683-1: moderate: Security update for compat-openssl098 Message-ID: <20180910191420.AB7FAFD2D@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl098 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2683-1 Rating: moderate References: #1087102 #1089039 #1097158 #1097624 #1098592 Cross-References: CVE-2018-0732 CVE-2018-0737 CVE-2018-0739 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for compat-openssl098 fixes the following security issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) - CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could have resulted in DoS (bsc#1087102). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2018-1872=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1872=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1872=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2018-1872=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1872=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): compat-openssl098-debugsource-0.9.8j-106.6.1 libopenssl0_9_8-0.9.8j-106.6.1 libopenssl0_9_8-debuginfo-0.9.8j-106.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): compat-openssl098-debugsource-0.9.8j-106.6.1 libopenssl0_9_8-0.9.8j-106.6.1 libopenssl0_9_8-debuginfo-0.9.8j-106.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): compat-openssl098-debugsource-0.9.8j-106.6.1 libopenssl0_9_8-0.9.8j-106.6.1 libopenssl0_9_8-debuginfo-0.9.8j-106.6.1 - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): compat-openssl098-debugsource-0.9.8j-106.6.1 libopenssl0_9_8-0.9.8j-106.6.1 libopenssl0_9_8-32bit-0.9.8j-106.6.1 libopenssl0_9_8-debuginfo-0.9.8j-106.6.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): compat-openssl098-debugsource-0.9.8j-106.6.1 libopenssl0_9_8-0.9.8j-106.6.1 libopenssl0_9_8-32bit-0.9.8j-106.6.1 libopenssl0_9_8-debuginfo-0.9.8j-106.6.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.6.1 References: https://www.suse.com/security/cve/CVE-2018-0732.html https://www.suse.com/security/cve/CVE-2018-0737.html https://www.suse.com/security/cve/CVE-2018-0739.html https://bugzilla.suse.com/1087102 https://bugzilla.suse.com/1089039 https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1097624 https://bugzilla.suse.com/1098592 From sle-security-updates at lists.suse.com Tue Sep 11 04:11:41 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 11 Sep 2018 12:11:41 +0200 (CEST) Subject: SUSE-SU-2018:2684-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP1) Message-ID: <20180911101141.2A8F1FD2C@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2684-1 Rating: important References: #1097108 Cross-References: CVE-2018-10853 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.74-60_64_99 fixes one issue. The following security issue was fixed: - CVE-2018-10853: A KVM guest userspace to guest kernel write was fixed, which could be used by guest users to crash the guest kernel (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1875=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1874=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1875=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1874=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1873=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_121-92_92-default-2-2.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_99-default-2-2.1 kgraft-patch-3_12_74-60_64_99-xen-2-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_121-92_92-default-2-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_99-default-2-2.1 kgraft-patch-3_12_74-60_64_99-xen-2-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_141-default-2-2.1 kgraft-patch-3_12_61-52_141-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://bugzilla.suse.com/1097108 From sle-security-updates at lists.suse.com Tue Sep 11 07:08:04 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 11 Sep 2018 15:08:04 +0200 (CEST) Subject: SUSE-SU-2018:2685-1: moderate: Security update for openssh Message-ID: <20180911130804.9F8FBFD2C@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2685-1 Rating: moderate References: #1016370 #1017099 #1023275 #1048367 #1053972 #1065000 #1069509 #1076957 #1092582 Cross-References: CVE-2008-1483 CVE-2016-10012 CVE-2016-10708 CVE-2017-15906 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has 5 fixes is now available. Description: This update for openssh provides the following fixes: Security issues fixed: - CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server (bsc#1065000). - CVE-2016-10012: Remove pre-auth compression support from the server to prevent possible cryptographic attacks (bsc#1016370). - CVE-2008-1483: Refine handling of sockets for X11 forwarding to remove reintroduced CVE-2008-1483 (bsc#1069509). - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957). Bug fixes: - bsc#1017099: Enable case-insensitive hostname matching. - bsc#1023275: Add a new switch for printing diagnostic messages in sftp client's batch mode. - bsc#1048367: systemd integration to work around various race conditions. - bsc#1053972: Remove duplicate KEX method. - bsc#1092582: Add missing piece of systemd integration. - Remove the limit on the amount of tasks sshd can run. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1876=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1876=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1876=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): openssh-6.6p1-54.15.2 openssh-askpass-gnome-6.6p1-54.15.1 openssh-askpass-gnome-debuginfo-6.6p1-54.15.1 openssh-debuginfo-6.6p1-54.15.2 openssh-debugsource-6.6p1-54.15.2 openssh-fips-6.6p1-54.15.2 openssh-helpers-6.6p1-54.15.2 openssh-helpers-debuginfo-6.6p1-54.15.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): openssh-6.6p1-54.15.2 openssh-askpass-gnome-6.6p1-54.15.1 openssh-askpass-gnome-debuginfo-6.6p1-54.15.1 openssh-debuginfo-6.6p1-54.15.2 openssh-debugsource-6.6p1-54.15.2 openssh-fips-6.6p1-54.15.2 openssh-helpers-6.6p1-54.15.2 openssh-helpers-debuginfo-6.6p1-54.15.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): openssh-6.6p1-54.15.2 openssh-askpass-gnome-6.6p1-54.15.1 openssh-askpass-gnome-debuginfo-6.6p1-54.15.1 openssh-debuginfo-6.6p1-54.15.2 openssh-debugsource-6.6p1-54.15.2 openssh-fips-6.6p1-54.15.2 openssh-helpers-6.6p1-54.15.2 openssh-helpers-debuginfo-6.6p1-54.15.2 References: https://www.suse.com/security/cve/CVE-2008-1483.html https://www.suse.com/security/cve/CVE-2016-10012.html https://www.suse.com/security/cve/CVE-2016-10708.html https://www.suse.com/security/cve/CVE-2017-15906.html https://bugzilla.suse.com/1016370 https://bugzilla.suse.com/1017099 https://bugzilla.suse.com/1023275 https://bugzilla.suse.com/1048367 https://bugzilla.suse.com/1053972 https://bugzilla.suse.com/1065000 https://bugzilla.suse.com/1069509 https://bugzilla.suse.com/1076957 https://bugzilla.suse.com/1092582 From sle-security-updates at lists.suse.com Tue Sep 11 10:07:55 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 11 Sep 2018 18:07:55 +0200 (CEST) Subject: SUSE-SU-2018:2686-1: important: Security update for zsh Message-ID: <20180911160755.E4E84FD2C@maintenance.suse.de> SUSE Security Update: Security update for zsh ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2686-1 Rating: important References: #1107294 #1107296 Cross-References: CVE-2018-0502 CVE-2018-13259 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for zsh to version 5.6 fixes the following security issues: - CVE-2018-0502: The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line (bsc#1107296). - CVE-2018-13259: Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one (bsc#1107294). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1880=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): zsh-5.6-3.6.1 zsh-debuginfo-5.6-3.6.1 zsh-debugsource-5.6-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-0502.html https://www.suse.com/security/cve/CVE-2018-13259.html https://bugzilla.suse.com/1107294 https://bugzilla.suse.com/1107296 From sle-security-updates at lists.suse.com Tue Sep 11 10:09:08 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 11 Sep 2018 18:09:08 +0200 (CEST) Subject: SUSE-SU-2018:2688-1: important: Security update for libzypp, zypper Message-ID: <20180911160908.224CBFD2C@maintenance.suse.de> SUSE Security Update: Security update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2688-1 Rating: important References: #1036304 #1037210 #1038984 #1045735 #1048315 #1054088 #1070851 #1076192 #1079334 #1088705 #1091624 #1092413 #1096803 #1099847 #1100028 #1101349 #1102429 Cross-References: CVE-2017-7435 CVE-2017-7436 CVE-2017-9269 CVE-2018-7685 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has 13 fixes is now available. Description: This update for libzypp, zypper fixes the following issues: libzypp security fixes: - PackageProvider: Validate delta rpms before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) - PackageProvider: Validate downloaded rpm package signatures before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) - Be sure bad packages do not stay in the cache (bsc#1045735, CVE-2017-9269) - Fix repo gpg check workflows, mainly for unsigned repos and packages (bsc#1045735, bsc#1038984, CVE-2017-7435, CVE-2017-7436, CVE-2017-9269) libzypp other changes/bugs fixed: - Update to version 14.45.17 - RepoInfo: add enum GpgCheck for convenient gpgcheck mode handling (bsc#1045735) - repo refresh: Re-probe if the repository type changes (bsc#1048315) - Use common workflow for downloading packages and srcpackages. This includes a common way of handling and reporting gpg signature and checks. (bsc#1037210) - PackageProvider: as well support downloading SrcPackage (for bsc#1037210) - Adapt to work with GnuPG 2.1.23 (bsc#1054088) - repo refresh: Re-probe if the repository type changes (bsc#1048315) - Handle http error 502 Bad Gateway in curl backend (bsc#1070851) - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - Prefer calling "repo2solv" rather than "repo2solv.sh" - libzypp-devel should not require cmake (bsc#1101349) - HardLocksFile: Prevent against empty commit without Target having been been loaded (bsc#1096803) - Avoid zombie tar processes (bsc#1076192) - lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304) zypper security fixes: - Improve signature check callback messages (bsc#1045735, CVE-2017-9269) - add/modify repo: Add options to tune the GPG check settings (bsc#1045735, CVE-2017-9269) - Adapt download callback to report and handle unsigned packages (bsc#1038984, CVE-2017-7436) zypper other changes/bugs fixed: - Update to version 1.11.70 - Bugfix: Prevent ESC sequence strings from going out of scope (bsc#1092413) - XML attribute `packages-to-change` added (bsc#1102429) - man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028) - ansi.h: Prevent ESC sequence strings from going out of scope (bsc#1092413) - do not recommend cron (bsc#1079334) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1879=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libzypp-14.45.17-2.82.1 libzypp-debuginfo-14.45.17-2.82.1 libzypp-debugsource-14.45.17-2.82.1 zypper-1.11.70-2.69.2 zypper-debuginfo-1.11.70-2.69.2 zypper-debugsource-1.11.70-2.69.2 - SUSE Linux Enterprise Server 12-LTSS (noarch): zypper-log-1.11.70-2.69.2 References: https://www.suse.com/security/cve/CVE-2017-7435.html https://www.suse.com/security/cve/CVE-2017-7436.html https://www.suse.com/security/cve/CVE-2017-9269.html https://www.suse.com/security/cve/CVE-2018-7685.html https://bugzilla.suse.com/1036304 https://bugzilla.suse.com/1037210 https://bugzilla.suse.com/1038984 https://bugzilla.suse.com/1045735 https://bugzilla.suse.com/1048315 https://bugzilla.suse.com/1054088 https://bugzilla.suse.com/1070851 https://bugzilla.suse.com/1076192 https://bugzilla.suse.com/1079334 https://bugzilla.suse.com/1088705 https://bugzilla.suse.com/1091624 https://bugzilla.suse.com/1092413 https://bugzilla.suse.com/1096803 https://bugzilla.suse.com/1099847 https://bugzilla.suse.com/1100028 https://bugzilla.suse.com/1101349 https://bugzilla.suse.com/1102429 From sle-security-updates at lists.suse.com Tue Sep 11 13:07:50 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 11 Sep 2018 21:07:50 +0200 (CEST) Subject: SUSE-SU-2018:2689-1: moderate: Security update for spark Message-ID: <20180911190750.6B099FD2C@maintenance.suse.de> SUSE Security Update: Security update for spark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2689-1 Rating: moderate References: #1087837 Cross-References: CVE-2018-9159 Affected Products: SUSE Manager Server 3.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spark fixes the following security issue: - CVE-2018-9159: Fix a security problem in the serving of static files. (bsc#1087837) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-1885=1 Package List: - SUSE Manager Server 3.1 (noarch): spark-2.3-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-9159.html https://bugzilla.suse.com/1087837 From sle-security-updates at lists.suse.com Tue Sep 11 13:08:21 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 11 Sep 2018 21:08:21 +0200 (CEST) Subject: SUSE-SU-2018:2690-1: important: Security update for libzypp, zypper Message-ID: <20180911190821.D561DFD2C@maintenance.suse.de> SUSE Security Update: Security update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2690-1 Rating: important References: #1036304 #1041178 #1043166 #1045735 #1058515 #1066215 #1070770 #1070851 #1082318 #1084525 #1088037 #1088705 #1091624 #1092413 #1093103 #1096217 #1096617 #1096803 #1099847 #1100028 #1100095 #1100427 #1101349 #1102019 #1102429 #408814 #428822 #907538 Cross-References: CVE-2017-9269 CVE-2018-7685 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has 26 fixes is now available. Description: This update for libzypp, zypper, libsolv provides the following fixes: Security fixes in libzypp: - CVE-2018-7685: PackageProvider: Validate RPMs before caching (bsc#1091624, bsc#1088705) - CVE-2017-9269: Be sure bad packages do not stay in the cache (bsc#1045735) Changes in libzypp: - Update to version 17.6.4 - Automatically fetch repository signing key from gpgkey url (bsc#1088037) - lsof: use '-K i' if lsof supports it (bsc#1099847,bsc#1036304) - Check for not imported keys after multi key import from rpmdb (bsc#1096217) - Flags: make it std=c++14 ready - Ignore /var, /tmp and /proc in zypper ps. (bsc#1096617) - Show GPGME version in log - Adapt to changes in libgpgme11-11.1.0 breaking the signature verification (bsc#1100427) - RepoInfo::provideKey: add report telling where we look for missing keys. - Support listing gpgkey URLs in repo files (bsc#1088037) - Add new report to request user approval for importing a package key - Handle http error 502 Bad Gateway in curl backend (bsc#1070851) - Add filesize check for downloads with known size (bsc#408814) - Removed superfluous space in translation (bsc#1102019) - Prevent the system from sleeping during a commit - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - libzypp-devel should not require cmake (bsc#1101349) - Avoid zombies from ExternalProgram - Update ApiConfig - HardLocksFile: Prevent against empty commit without Target having been been loaded (bsc#1096803) - lsof: use '-K i' if lsof supports it (bsc#1099847) - Add filesize check for downloads with known size (bsc#408814) - Fix detection of metalink downloads and prevent aborting if a metalink file is larger than the expected data file. - Require libsolv-devel >= 0.6.35 during build (fixing bsc#1100095) - Make use of %license macro (bsc#1082318) Security fix in zypper: - CVE-2017-9269: Improve signature check callback messages (bsc#1045735) Changes in zypper: - Always set error status if any nr of unknown repositories are passed to lr and ref (bsc#1093103) - Notify user about unsupported rpm V3 keys in an old rpm database (bsc#1096217) - Detect read only filesystem on system modifying operations (fixes #199) - Use %license (bsc#1082318) - Handle repo aliases containing multiple ':' in the PackageArgs parser (bsc #1041178) - Fix broken display of detailed query results. - Fix broken search for items with a dash. (bsc#907538, bsc#1043166, bsc#1070770) - Disable repository operations when searching installed packages. (bsc#1084525) - Prevent nested calls to exit() if aborted by a signal. (bsc#1092413) - ansi.h: Prevent ESC sequence strings from going out of scope. (bsc#1092413) - Fix some translation errors. - Support listing gpgkey URLs in repo files (bsc#1088037) - Check for root privileges in zypper verify and si (bsc#1058515) - XML attribute `packages-to-change` added (bsc#1102429) - Add expert (allow-*) options to all installer commands (bsc#428822) - Sort search results by multiple columns (bsc#1066215) - man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028) - Set error status if repositories passed to lr and ref are not known (bsc#1093103) - Do not override table style in search - Fix out of bound read in MbsIterator - Add --supplements switch to search and info - Add setter functions for zypp cache related config values to ZConfig Changes in libsolv: - convert repo2solv.sh script into a binary tool - Make use of %license macro (bsc#1082318) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1883=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1883=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.6.35-3.5.2 libsolv-debugsource-0.6.35-3.5.2 perl-solv-0.6.35-3.5.2 perl-solv-debuginfo-0.6.35-3.5.2 python3-solv-0.6.35-3.5.2 python3-solv-debuginfo-0.6.35-3.5.2 ruby-solv-0.6.35-3.5.2 ruby-solv-debuginfo-0.6.35-3.5.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.6.35-3.5.2 libsolv-debugsource-0.6.35-3.5.2 libsolv-devel-0.6.35-3.5.2 libsolv-devel-debuginfo-0.6.35-3.5.2 libsolv-tools-0.6.35-3.5.2 libsolv-tools-debuginfo-0.6.35-3.5.2 libzypp-17.6.4-3.10.1 libzypp-debuginfo-17.6.4-3.10.1 libzypp-debugsource-17.6.4-3.10.1 libzypp-devel-17.6.4-3.10.1 python-solv-0.6.35-3.5.2 python-solv-debuginfo-0.6.35-3.5.2 zypper-1.14.10-3.7.1 zypper-debuginfo-1.14.10-3.7.1 zypper-debugsource-1.14.10-3.7.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): zypper-log-1.14.10-3.7.1 References: https://www.suse.com/security/cve/CVE-2017-9269.html https://www.suse.com/security/cve/CVE-2018-7685.html https://bugzilla.suse.com/1036304 https://bugzilla.suse.com/1041178 https://bugzilla.suse.com/1043166 https://bugzilla.suse.com/1045735 https://bugzilla.suse.com/1058515 https://bugzilla.suse.com/1066215 https://bugzilla.suse.com/1070770 https://bugzilla.suse.com/1070851 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1084525 https://bugzilla.suse.com/1088037 https://bugzilla.suse.com/1088705 https://bugzilla.suse.com/1091624 https://bugzilla.suse.com/1092413 https://bugzilla.suse.com/1093103 https://bugzilla.suse.com/1096217 https://bugzilla.suse.com/1096617 https://bugzilla.suse.com/1096803 https://bugzilla.suse.com/1099847 https://bugzilla.suse.com/1100028 https://bugzilla.suse.com/1100095 https://bugzilla.suse.com/1100427 https://bugzilla.suse.com/1101349 https://bugzilla.suse.com/1102019 https://bugzilla.suse.com/1102429 https://bugzilla.suse.com/408814 https://bugzilla.suse.com/428822 https://bugzilla.suse.com/907538 From sle-security-updates at lists.suse.com Wed Sep 12 07:07:59 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Sep 2018 15:07:59 +0200 (CEST) Subject: SUSE-SU-2018:2696-1: moderate: Security update for python3 Message-ID: <20180912130759.EAAE6FD2C@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2696-1 Rating: moderate References: #1086001 #1088004 #1088009 #1107030 Cross-References: CVE-2018-1060 CVE-2018-1061 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for python3 provides the following fixes: These security issues were fixed: - CVE-2018-1061: Prevent catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could have used this flaw to cause denial of service (bsc#1088004). - CVE-2018-1060: Prevent catastrophic backtracking in pop3lib's apop() method. An attacker could have used this flaw to cause denial of service (bsc#1088009). These non-security issues were fixed: - Sort files and directories when creating tarfile archives so that they are created in a more predictable way. (bsc#1086001) - Add -fwrapv to OPTS (bsc#1107030) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1886=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1886=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-1886=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1886=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.6-25.16.1 python3-base-debugsource-3.4.6-25.16.1 python3-devel-3.4.6-25.16.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.6-25.16.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.16.1 libpython3_4m1_0-debuginfo-3.4.6-25.16.1 python3-3.4.6-25.16.1 python3-base-3.4.6-25.16.1 python3-base-debuginfo-3.4.6-25.16.1 python3-base-debugsource-3.4.6-25.16.1 python3-curses-3.4.6-25.16.1 python3-curses-debuginfo-3.4.6-25.16.1 python3-debuginfo-3.4.6-25.16.1 python3-debugsource-3.4.6-25.16.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.16.1 libpython3_4m1_0-debuginfo-3.4.6-25.16.1 python3-3.4.6-25.16.1 python3-base-3.4.6-25.16.1 python3-base-debuginfo-3.4.6-25.16.1 python3-base-debugsource-3.4.6-25.16.1 python3-debuginfo-3.4.6-25.16.1 python3-debugsource-3.4.6-25.16.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpython3_4m1_0-3.4.6-25.16.1 libpython3_4m1_0-debuginfo-3.4.6-25.16.1 python3-3.4.6-25.16.1 python3-base-3.4.6-25.16.1 python3-base-debuginfo-3.4.6-25.16.1 python3-base-debugsource-3.4.6-25.16.1 python3-curses-3.4.6-25.16.1 python3-curses-debuginfo-3.4.6-25.16.1 python3-debuginfo-3.4.6-25.16.1 python3-debugsource-3.4.6-25.16.1 References: https://www.suse.com/security/cve/CVE-2018-1060.html https://www.suse.com/security/cve/CVE-2018-1061.html https://bugzilla.suse.com/1086001 https://bugzilla.suse.com/1088004 https://bugzilla.suse.com/1088009 https://bugzilla.suse.com/1107030 From sle-security-updates at lists.suse.com Thu Sep 13 04:11:08 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 13 Sep 2018 12:11:08 +0200 (CEST) Subject: SUSE-SU-2018:2699-1: moderate: Security update for tomcat Message-ID: <20180913101108.DA0A0FD2C@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2699-1 Rating: moderate References: #1067720 #1093697 #1095472 #1102379 #1102400 #1102410 Cross-References: CVE-2018-1336 CVE-2018-8014 CVE-2018-8034 CVE-2018-8037 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for tomcat to 8.0.53 fixes the following issues: Security issue fixed: - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service (bsc#1102400). - CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default (bsc#1102379). - CVE-2018-8037: If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could have resulted in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also have resulted in a user seeing a response intended for another user (bsc#1102410). - CVE-2018-8014: Fix insecure default CORS filter settings (bsc#1093697). Bug fixes: - bsc#1067720: Avoid overwriting of customer's configuration during update. - bsc#1095472: Add Obsoletes for tomcat6 packages. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1890=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): tomcat-8.0.53-29.13.1 tomcat-admin-webapps-8.0.53-29.13.1 tomcat-docs-webapp-8.0.53-29.13.1 tomcat-el-3_0-api-8.0.53-29.13.1 tomcat-javadoc-8.0.53-29.13.1 tomcat-jsp-2_3-api-8.0.53-29.13.1 tomcat-lib-8.0.53-29.13.1 tomcat-servlet-3_1-api-8.0.53-29.13.1 tomcat-webapps-8.0.53-29.13.1 References: https://www.suse.com/security/cve/CVE-2018-1336.html https://www.suse.com/security/cve/CVE-2018-8014.html https://www.suse.com/security/cve/CVE-2018-8034.html https://www.suse.com/security/cve/CVE-2018-8037.html https://bugzilla.suse.com/1067720 https://bugzilla.suse.com/1093697 https://bugzilla.suse.com/1095472 https://bugzilla.suse.com/1102379 https://bugzilla.suse.com/1102400 https://bugzilla.suse.com/1102410 From sle-security-updates at lists.suse.com Thu Sep 13 10:11:27 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 13 Sep 2018 18:11:27 +0200 (CEST) Subject: SUSE-SU-2018:2704-1: moderate: Security update for podman Message-ID: <20180913161127.8BC32FD2C@maintenance.suse.de> SUSE Security Update: Security update for podman ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2704-1 Rating: moderate References: #1097970 Cross-References: CVE-2018-10856 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for podman to version 0.8.5 fixes the following issues: This security issue was fixed: - CVE-2018-10856: podman did not drop capabilities when executing a container as a non-root user. This resulted in unnecessary privileges being granted to the container (bsc#1097970). For additional non-security changes please refer to the changelog. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): podman-0.8.5-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-10856.html https://bugzilla.suse.com/1097970 From sle-security-updates at lists.suse.com Thu Sep 13 19:07:57 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Sep 2018 03:07:57 +0200 (CEST) Subject: SUSE-SU-2018:2709-1: important: Security update for spice-gtk Message-ID: <20180914010757.40741FD2C@maintenance.suse.de> SUSE Security Update: Security update for spice-gtk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2709-1 Rating: important References: #1101295 #1101420 #1104448 Cross-References: CVE-2018-10873 CVE-2018-10893 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for spice-gtk fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Avoid buffer overflow on image lz checks (bsc#1101295) Other bugs fixed: - Add setuid bit to spice-client-glib-usb-acl-helper (bsc#1101420) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-1900=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1900=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): spice-gtk-debuginfo-0.34-3.3.1 spice-gtk-debugsource-0.34-3.3.1 spice-gtk-devel-0.34-3.3.1 typelib-1_0-SpiceClientGlib-2_0-0.34-3.3.1 typelib-1_0-SpiceClientGtk-3_0-0.34-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libspice-client-glib-2_0-8-0.34-3.3.1 libspice-client-glib-2_0-8-debuginfo-0.34-3.3.1 libspice-client-glib-helper-0.34-3.3.1 libspice-client-glib-helper-debuginfo-0.34-3.3.1 libspice-client-gtk-3_0-5-0.34-3.3.1 libspice-client-gtk-3_0-5-debuginfo-0.34-3.3.1 libspice-controller0-0.34-3.3.1 libspice-controller0-debuginfo-0.34-3.3.1 spice-gtk-debuginfo-0.34-3.3.1 spice-gtk-debugsource-0.34-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-10873.html https://www.suse.com/security/cve/CVE-2018-10893.html https://bugzilla.suse.com/1101295 https://bugzilla.suse.com/1101420 https://bugzilla.suse.com/1104448 From sle-security-updates at lists.suse.com Fri Sep 14 10:09:33 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Sep 2018 18:09:33 +0200 (CEST) Subject: SUSE-SU-2018:2714-1: moderate: Security update for curl Message-ID: <20180914160933.9452AFCF0@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2714-1 Rating: moderate References: #1086367 #1106019 Cross-References: CVE-2018-14618 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for curl fixes the following issues: This security issue was fixed: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019) This non-security issue was fixed: - Use OPENSSL_config instead of CONF_modules_load_file() to avoid crashes due to openssl engines conflicts (bsc#1086367) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1904=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): curl-7.60.0-3.9.1 curl-debuginfo-7.60.0-3.9.1 curl-debugsource-7.60.0-3.9.1 libcurl-devel-7.60.0-3.9.1 libcurl4-7.60.0-3.9.1 libcurl4-debuginfo-7.60.0-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libcurl4-32bit-7.60.0-3.9.1 libcurl4-32bit-debuginfo-7.60.0-3.9.1 References: https://www.suse.com/security/cve/CVE-2018-14618.html https://bugzilla.suse.com/1086367 https://bugzilla.suse.com/1106019 From sle-security-updates at lists.suse.com Fri Sep 14 10:10:19 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Sep 2018 18:10:19 +0200 (CEST) Subject: SUSE-SU-2018:2715-1: moderate: Security update for curl Message-ID: <20180914161019.43E4EFD03@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2715-1 Rating: moderate References: #1089533 #1106019 Cross-References: CVE-2018-14618 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for curl fixes the following issues: This security issue was fixed: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019) This non-security issue was fixed: - Fixed erroneous debug message when paired with OpenSSL (bsc#1089533) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1903=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1903=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1903=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1903=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.37.0-37.26.1 curl-debugsource-7.37.0-37.26.1 libcurl-devel-7.37.0-37.26.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): curl-7.37.0-37.26.1 curl-debuginfo-7.37.0-37.26.1 curl-debugsource-7.37.0-37.26.1 libcurl4-7.37.0-37.26.1 libcurl4-debuginfo-7.37.0-37.26.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libcurl4-32bit-7.37.0-37.26.1 libcurl4-debuginfo-32bit-7.37.0-37.26.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): curl-7.37.0-37.26.1 curl-debuginfo-7.37.0-37.26.1 curl-debugsource-7.37.0-37.26.1 libcurl4-32bit-7.37.0-37.26.1 libcurl4-7.37.0-37.26.1 libcurl4-debuginfo-32bit-7.37.0-37.26.1 libcurl4-debuginfo-7.37.0-37.26.1 - SUSE CaaS Platform ALL (x86_64): curl-7.37.0-37.26.1 curl-debuginfo-7.37.0-37.26.1 curl-debugsource-7.37.0-37.26.1 libcurl4-7.37.0-37.26.1 libcurl4-debuginfo-7.37.0-37.26.1 - SUSE CaaS Platform 3.0 (x86_64): curl-7.37.0-37.26.1 curl-debuginfo-7.37.0-37.26.1 curl-debugsource-7.37.0-37.26.1 libcurl4-7.37.0-37.26.1 libcurl4-debuginfo-7.37.0-37.26.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): curl-7.37.0-37.26.1 curl-debuginfo-7.37.0-37.26.1 curl-debugsource-7.37.0-37.26.1 libcurl4-7.37.0-37.26.1 libcurl4-debuginfo-7.37.0-37.26.1 References: https://www.suse.com/security/cve/CVE-2018-14618.html https://bugzilla.suse.com/1089533 https://bugzilla.suse.com/1106019 From sle-security-updates at lists.suse.com Fri Sep 14 10:11:00 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Sep 2018 18:11:00 +0200 (CEST) Subject: SUSE-SU-2018:2716-1: important: Security update for libzypp, zypper Message-ID: <20180914161100.BE957FCF0@maintenance.suse.de> SUSE Security Update: Security update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2716-1 Rating: important References: #1036304 #1045735 #1049825 #1070851 #1076192 #1079334 #1088705 #1091624 #1092413 #1096803 #1099847 #1100028 #1101349 #1102429 Cross-References: CVE-2017-9269 CVE-2018-7685 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves two vulnerabilities and has 12 fixes is now available. Description: This update for libzypp, zypper provides the following fixes: Update libzypp to version 16.17.20 Security issues fixed: - PackageProvider: Validate delta rpms before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) - PackageProvider: Validate downloaded rpm package signatures before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) Other bugs fixed: - lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304) - Handle http error 502 Bad Gateway in curl backend (bsc#1070851) - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - libzypp-devel should not require cmake (bsc#1101349) - HardLocksFile: Prevent against empty commit without Target having been been loaded (bsc#1096803) - Avoid zombie tar processes (bsc#1076192) Update to zypper to version 1.13.45 Security issue fixed: - Improve signature check callback messages (bsc#1045735, CVE-2017-9269) - add/modify repo: Add options to tune the GPG check settings (bsc#1045735, CVE-2017-9269) Other bugs fixed: - XML attribute `packages-to-change` added (bsc#1102429) - man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028) - Prevent nested calls to exit() if aborted by a signal (bsc#1092413) - ansi.h: Prevent ESC sequence strings from going out of scope (bsc#1092413) - Fix: zypper bash completion expands non-existing options (bsc#1049825) - do not recommend cron (bsc#1079334) - Improve signature check callback messages (bsc#1045735) - add/modify repo: Add options to tune the GPG check settings (bsc#1045735) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1905=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1905=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1905=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1905=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1905=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libzypp-16.17.20-27.52.1 libzypp-debuginfo-16.17.20-27.52.1 libzypp-debugsource-16.17.20-27.52.1 zypper-1.13.45-18.33.1 zypper-debuginfo-1.13.45-18.33.1 zypper-debugsource-1.13.45-18.33.1 - SUSE OpenStack Cloud 7 (noarch): zypper-log-1.13.45-18.33.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libzypp-16.17.20-27.52.1 libzypp-debuginfo-16.17.20-27.52.1 libzypp-debugsource-16.17.20-27.52.1 zypper-1.13.45-18.33.1 zypper-debuginfo-1.13.45-18.33.1 zypper-debugsource-1.13.45-18.33.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): zypper-log-1.13.45-18.33.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libzypp-16.17.20-27.52.1 libzypp-debuginfo-16.17.20-27.52.1 libzypp-debugsource-16.17.20-27.52.1 zypper-1.13.45-18.33.1 zypper-debuginfo-1.13.45-18.33.1 zypper-debugsource-1.13.45-18.33.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): zypper-log-1.13.45-18.33.1 - SUSE Enterprise Storage 4 (noarch): zypper-log-1.13.45-18.33.1 - SUSE Enterprise Storage 4 (x86_64): libzypp-16.17.20-27.52.1 libzypp-debuginfo-16.17.20-27.52.1 libzypp-debugsource-16.17.20-27.52.1 zypper-1.13.45-18.33.1 zypper-debuginfo-1.13.45-18.33.1 zypper-debugsource-1.13.45-18.33.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libzypp-16.17.20-27.52.1 libzypp-debuginfo-16.17.20-27.52.1 libzypp-debugsource-16.17.20-27.52.1 zypper-1.13.45-18.33.1 zypper-debuginfo-1.13.45-18.33.1 zypper-debugsource-1.13.45-18.33.1 References: https://www.suse.com/security/cve/CVE-2017-9269.html https://www.suse.com/security/cve/CVE-2018-7685.html https://bugzilla.suse.com/1036304 https://bugzilla.suse.com/1045735 https://bugzilla.suse.com/1049825 https://bugzilla.suse.com/1070851 https://bugzilla.suse.com/1076192 https://bugzilla.suse.com/1079334 https://bugzilla.suse.com/1088705 https://bugzilla.suse.com/1091624 https://bugzilla.suse.com/1092413 https://bugzilla.suse.com/1096803 https://bugzilla.suse.com/1099847 https://bugzilla.suse.com/1100028 https://bugzilla.suse.com/1101349 https://bugzilla.suse.com/1102429 From sle-security-updates at lists.suse.com Fri Sep 14 10:13:45 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Sep 2018 18:13:45 +0200 (CEST) Subject: SUSE-SU-2018:2717-1: moderate: Security update for curl Message-ID: <20180914161345.45BA6FCF0@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2717-1 Rating: moderate References: #1106019 Cross-References: CVE-2018-14618 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-curl-13776=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-curl-13776=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-curl-13776=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-curl-13776=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.37.0-70.33.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): curl-7.37.0-70.33.1 libcurl4-7.37.0-70.33.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libcurl4-32bit-7.37.0-70.33.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libcurl4-x86-7.37.0-70.33.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): curl-openssl1-7.37.0-70.33.1 libcurl4-openssl1-7.37.0-70.33.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libcurl4-openssl1-32bit-7.37.0-70.33.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libcurl4-openssl1-x86-7.37.0-70.33.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): curl-debuginfo-7.37.0-70.33.1 curl-debugsource-7.37.0-70.33.1 References: https://www.suse.com/security/cve/CVE-2018-14618.html https://bugzilla.suse.com/1106019 From sle-security-updates at lists.suse.com Fri Sep 14 13:08:35 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Sep 2018 21:08:35 +0200 (CEST) Subject: SUSE-SU-2018:2719-1: important: Security update for openssh-openssl1 Message-ID: <20180914190835.91278FCF0@maintenance.suse.de> SUSE Security Update: Security update for openssh-openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2719-1 Rating: important References: #1016370 #1017099 #1023275 #1053972 #1065000 #1069509 #1076957 Cross-References: CVE-2008-1483 CVE-2016-10012 CVE-2016-10708 CVE-2017-15906 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update for openssh-openssl1 fixes the following issues: These security issues were fixed: - CVE-2016-10708: Prevent NULL pointer dereference via an out-of-sequence NEWKEYS message allowed remote attackers to cause a denial of service (bsc#1076957). - CVE-2017-15906: The process_open function did not properly prevent write operations in readonly mode, which allowed attackers to create zero-length files (bsc#1065000). - CVE-2016-10012: The shared memory manager (associated with pre-authentication compression) did not ensure that a bounds check is enforced by all compilers, which might have allowed local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures (bsc#1016370). - CVE-2008-1483: Prevent local users from hijacking forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port. This problem was reontroduced by another patch and was previously fixed by another update (bsc#1069509). These non-security issues were fixed: - Remove duplicate KEX method (bsc#1053972) - New switch for printing diagnostic messages in sftp client's batch mode (bsc#1023275) - Enable case-insensitive hostname matching (bsc#1017099) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssh-openssl1-13777=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): openssh-openssl1-6.6p1-19.3.1 openssh-openssl1-helpers-6.6p1-19.3.1 References: https://www.suse.com/security/cve/CVE-2008-1483.html https://www.suse.com/security/cve/CVE-2016-10012.html https://www.suse.com/security/cve/CVE-2016-10708.html https://www.suse.com/security/cve/CVE-2017-15906.html https://bugzilla.suse.com/1016370 https://bugzilla.suse.com/1017099 https://bugzilla.suse.com/1023275 https://bugzilla.suse.com/1053972 https://bugzilla.suse.com/1065000 https://bugzilla.suse.com/1069509 https://bugzilla.suse.com/1076957 From sle-security-updates at lists.suse.com Wed Sep 19 10:07:59 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Sep 2018 18:07:59 +0200 (CEST) Subject: SUSE-SU-2018:2752-1: moderate: Security update for webkit2gtk3 Message-ID: <20180919160759.387F7FCF0@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2752-1 Rating: moderate References: #1101999 #1104169 Cross-References: CVE-2018-12911 CVE-2018-4261 CVE-2018-4262 CVE-2018-4263 CVE-2018-4264 CVE-2018-4265 CVE-2018-4266 CVE-2018-4267 CVE-2018-4270 CVE-2018-4271 CVE-2018-4272 CVE-2018-4273 CVE-2018-4278 CVE-2018-4284 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for webkit2gtk3 to version 2.20.5 fixes the following issues: Security issue fixed: - CVE-2018-12911: Fix off-by-one in xdg_mime_get_simple_globs (bsc#1101999). - CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4267, CVE-2018-4272, CVE-2018-4284: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. - CVE-2018-4266: A malicious website may be able to cause a denial of service. A race condition was addressed with additional validation. - CVE-2018-4270, CVE-2018-4271, CVE-2018-4273: Processing maliciously crafted web content may lead to an unexpected application crash. A memory corruption issue was addressed with improved input validation. - CVE-2018-4278: A malicious website may exfiltrate audio data cross-origin. Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. Other bugs fixed: - Fix rendering artifacts in some web sites due to a bug introduced in 2.20.4. - Fix a crash when leaving accelerated compositing mode. - Fix non-deterministic build failure due to missing JavaScriptCore/JSContextRef.h. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1921=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1921=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.20.5-3.8.1 typelib-1_0-WebKit2-4_0-2.20.5-3.8.1 typelib-1_0-WebKit2WebExtension-4_0-2.20.5-3.8.1 webkit2gtk3-debugsource-2.20.5-3.8.1 webkit2gtk3-devel-2.20.5-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.20.5-3.8.1 libjavascriptcoregtk-4_0-18-debuginfo-2.20.5-3.8.1 libwebkit2gtk-4_0-37-2.20.5-3.8.1 libwebkit2gtk-4_0-37-debuginfo-2.20.5-3.8.1 webkit2gtk-4_0-injected-bundles-2.20.5-3.8.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.20.5-3.8.1 webkit2gtk3-debugsource-2.20.5-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libwebkit2gtk3-lang-2.20.5-3.8.1 References: https://www.suse.com/security/cve/CVE-2018-12911.html https://www.suse.com/security/cve/CVE-2018-4261.html https://www.suse.com/security/cve/CVE-2018-4262.html https://www.suse.com/security/cve/CVE-2018-4263.html https://www.suse.com/security/cve/CVE-2018-4264.html https://www.suse.com/security/cve/CVE-2018-4265.html https://www.suse.com/security/cve/CVE-2018-4266.html https://www.suse.com/security/cve/CVE-2018-4267.html https://www.suse.com/security/cve/CVE-2018-4270.html https://www.suse.com/security/cve/CVE-2018-4271.html https://www.suse.com/security/cve/CVE-2018-4272.html https://www.suse.com/security/cve/CVE-2018-4273.html https://www.suse.com/security/cve/CVE-2018-4278.html https://www.suse.com/security/cve/CVE-2018-4284.html https://bugzilla.suse.com/1101999 https://bugzilla.suse.com/1104169 From sle-security-updates at lists.suse.com Thu Sep 20 04:11:33 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 20 Sep 2018 12:11:33 +0200 (CEST) Subject: SUSE-SU-2018:2761-1: moderate: Security update for OpenStack Message-ID: <20180920101133.89C64FD2E@maintenance.suse.de> SUSE Security Update: Security update for OpenStack ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2761-1 Rating: moderate References: #1084362 #1102151 Cross-References: CVE-2018-14432 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for OpenStack fixes the following issues: The following security issue with openstack-keystone has been fixed: - CVE-2018-14432: Reduce duplication in federated authentication APIs. (bsc#1102151) Additionally, the following non-security issues have been fixed: aodh: - Support same projects in different domain. barbican: - Add zuulv3 to Pike. cinder: - Empty option value maybe cause Unity driver failed to initialize. - GoodnessWeigher schedules non-type volumes. - Fix quota error when deleting temporary volume. - Fix cinder quota-usage error. - Unity: Return logged-out initiators. - Correct S-Series to DS-Series systems. - Update storage backends supported for Lenovo. - Unity: Add support of removing empty host. - NetApp: Fix to support SVM scoped permissions. - NetApp ONTAP iSCSI: Force exception on online extend. - NetApp ONTAP: Set new sub-lun clone limit for ONTAP driver. dashboard: - Make @memoize thread-aware. designate: - Add provides to handle installation of mdns and producer seamlessly. - Fix service files. - Install a default pools.yaml. glance: - doc: Modify the description for the command. - Make ImageTarget behave like a dictionary. - Add barbican-tempest experimental job. heat: - Fixing unicode issue when to\_dict is called on py2.7 env. - Ignore NotFound error in prepare\_for\_replace. - Reset resource replaced\_by field for rollback. - Ignore RESOLVE translation errors when translating before\_props. - Ignore errors in purging events. heat-templates: - Deprecate hooks in heat-templates. horizon-plugin-designate-ui: - Install all designate panels that are available. horizon-plugin-freezer-ui: - Avoid using deprecated opt in Web-UI. horizon-plugin-gbp-ui: - Fix patching of create instance dialog. neutron-lbaas-dashboard: - Remove custom zuul jobs. horizon-plugin-trove-ui: - Update UPPER\_CONSTRAINTS\_FILE for stable/pike. ironic: - Fix error when deleting a non-existent port. - Tear down console during unprovisioning. manila: - Fix ZFSOnLinux doc about manage ops. - DB Migration: Fix downgrade. - Fix share-service VM restart problem. - Added Handling Newer Quobyte API Error Codes. - NetApp ONTAP: Fix delete-share for vsadmin users. - Remove confusing DB deprecation messages. - Add missing Requires: for python-tooz neutron: - Skip MTU check during deletion of Networks. - HA L3 agent restart only standby agents. - Retry dhcp\_release on failures. - Reduce IP address collision during port creating. - Refactor DVR HA migarations DB operations. - Disallow router interface out of subnet IP range. - Fix fwaas v1 configuration doc. - Add list of all working DSCP marks. - Set trusted port only once in iptables firewall driver. - Fix UT BridgeLibTest when IPv6 is disabled. neutron-fwaas: - DVR-FWaaS: Fix DVR FWaaS rules for fipnamespace. neutron-lbaas: - Get providers directly from ORM to make startup take half as long. - Cap haproxy log level severity. - Fix sphinx-docs job for stable branch. neutron-vpnaas: - Fix sphinx-docs job for stable branch and pep8 issues. neutron-zvm-agent: - Backport zCC backend networking-zvm. nova: - libvirt: Add method to configure migration speed. - Make host\_aggregate\_map dictionary case-insensitive. - Fix unbound local when saving an unchanged RequestSpec. - Cleanup mapping/reqspec after archive instance. - Default embedded instance.flavor.disabled attribute. - Backport tox.ini to switch to stestr. - Cleanup RP and HM records while deleting a compute service. - Delete allocations from API if nova-compute is down. - Block deleting compute services which are hosting instances. - api-ref: Add a note in DELETE /os-services about deleting computes. - Add functional test for deleting a compute service. - Factor out compute service start in ServerMovingTest. - Moving more utils to ProviderUsageBaseTestCase. - Make nova service-list use scatter-gather routine. - libvirt: Slow live-migration to ensure network is ready. - Use instance project/user when creating RequestSpec during resize reschedule. - Mock utils.execute() in qemu-img unit test. - Add policy rule to block image-backed servers with 0 root disk flavor. - Change consecutive build failure limit to a weigher. - Ensure resource class cache when listing usages. - Metadata-API fails to retrieve avz for instances created before Pike. - placement: Fix HTTP error generation. - Add amd-ssbd and amd-no-ssb CPU flags. - Fixed auto-convergence option name in doc. - libvirt: Skip fetching the virtual size of block devices. - libvirt: Handle DiskNotFound during update\_available\_resource. - Avoid showing password in log. - Fix shelving a paused instance. - Document how to disable notifications. - Add ssbd and virt-ssbd flags to cpu\_model\_extra\_flags whitelist. - Stringify instance UUID. nova-virt-zvm: - Backport zvm driver. octavia: - Update introduction documention page. - Use HMAC.hexdigest to avoid non-ascii characters for package data. trove: - Add .stestr.conf to fix tox-py27 stable job. - Fix mysql instance create failed when enable skip-name-resolve. - Failed to build mongo image. - Open the volume\_support of redis. - Remove Mitaka reference in install/dashboard.rst. - Enable longer Keystone token life. - Fix gate issues. python-barbicanclient: - Update time for functional tests. (bsc#1084362) python-keystone-json-assignment: - Speedup project lookup. python-manilaclient: - Fix for use endpoint_type in _discover_client method. - Add search_opts in func list of ManagerWithFind type classes. - Fix share can not be found by name in admin context. python-vmware-nsx: - NSX|V3: Handle port-not-found during get_ports. - NSXAdminV3: Add message on client cert generation. - NSX-V: Add server-ip-address to the supported dhcp options. - NSX|V3: Fix global SG creation duplication. - Fix security groups ext_properties loading. - NSXv3: Add pool-level lock for LB pool member operations. - NSX|v3: Do not retry on DB duplications on section init. - NSXv: Handle listener failures on backend. - Add mock to the requirements. - AdminUtils V3: Do not set nat_pass for NO-NAT rules. - NSX|V3: Wait for another neutron to create default section. - NSX|V3: Cleanup duplicate sections on startup. - V and D: Make security group logging more robust. - NSX|v3: Ensure that 0.0.0.0/# is treated correctly in SG rules. - NSX|V: Fix create/delete subnet race condition. python-vmware-nsxlib: - Fix service ports for egress firewall rule. - Add server-ip-address to the suppoprted dhcp options. - Retry on 503 Service Unavailable. - Remove sha224 from supported client cert hash algs. - Add logging when initializing a default FW section. - Fixed tenacity usage. - Retry is IOError is received. - Handle cluster connection closed by server. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1929=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1929=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1929=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openstack-aodh-5.1.1~dev5-3.5.3 openstack-aodh-api-5.1.1~dev5-3.5.3 openstack-aodh-doc-5.1.1~dev5-3.5.4 openstack-aodh-evaluator-5.1.1~dev5-3.5.3 openstack-aodh-expirer-5.1.1~dev5-3.5.3 openstack-aodh-listener-5.1.1~dev5-3.5.3 openstack-aodh-notifier-5.1.1~dev5-3.5.3 openstack-barbican-5.0.1~dev11-3.8.3 openstack-barbican-api-5.0.1~dev11-3.8.3 openstack-barbican-doc-5.0.1~dev11-3.8.3 openstack-barbican-keystone-listener-5.0.1~dev11-3.8.3 openstack-barbican-retry-5.0.1~dev11-3.8.3 openstack-barbican-worker-5.0.1~dev11-3.8.3 openstack-cinder-11.1.2~dev14-3.6.3 openstack-cinder-api-11.1.2~dev14-3.6.3 openstack-cinder-backup-11.1.2~dev14-3.6.3 openstack-cinder-doc-11.1.2~dev14-3.6.4 openstack-cinder-scheduler-11.1.2~dev14-3.6.3 openstack-cinder-volume-11.1.2~dev14-3.6.3 openstack-dashboard-12.0.4~dev1-3.8.3 openstack-designate-5.0.2~dev5-3.5.3 openstack-designate-agent-5.0.2~dev5-3.5.3 openstack-designate-api-5.0.2~dev5-3.5.3 openstack-designate-central-5.0.2~dev5-3.5.3 openstack-designate-doc-5.0.2~dev5-3.5.3 openstack-designate-producer-5.0.2~dev5-3.5.3 openstack-designate-sink-5.0.2~dev5-3.5.3 openstack-designate-worker-5.0.2~dev5-3.5.3 openstack-glance-15.0.2~dev4-3.3.3 openstack-glance-api-15.0.2~dev4-3.3.3 openstack-glance-doc-15.0.2~dev4-3.3.3 openstack-glance-registry-15.0.2~dev4-3.3.3 openstack-heat-9.0.5~dev11-3.6.3 openstack-heat-api-9.0.5~dev11-3.6.3 openstack-heat-api-cfn-9.0.5~dev11-3.6.3 openstack-heat-api-cloudwatch-9.0.5~dev11-3.6.3 openstack-heat-doc-9.0.5~dev11-3.6.4 openstack-heat-engine-9.0.5~dev11-3.6.3 openstack-heat-plugin-heat_docker-9.0.5~dev11-3.6.3 openstack-heat-templates-0.0.0+git.1525957319.6b5a7cd-3.3.3 openstack-heat-test-9.0.5~dev11-3.6.3 openstack-horizon-plugin-designate-ui-5.0.2~dev5-3.3.5 openstack-horizon-plugin-freezer-ui-5.0.1~dev6-3.3.5 openstack-horizon-plugin-gbp-ui-5.0.1~dev21-4.3.3 openstack-horizon-plugin-manila-ui-2.10.3~dev4-4.5.5 openstack-horizon-plugin-neutron-lbaas-ui-3.0.3~dev2-3.5.4 openstack-horizon-plugin-trove-ui-9.0.1~dev7-3.3.5 openstack-ironic-9.1.5~dev7-3.6.3 openstack-ironic-api-9.1.5~dev7-3.6.3 openstack-ironic-conductor-9.1.5~dev7-3.6.3 openstack-ironic-doc-9.1.5~dev7-3.6.3 openstack-keystone-12.0.1~dev19-5.8.3 openstack-keystone-doc-12.0.1~dev19-5.8.3 openstack-manila-5.0.2~dev55-3.6.3 openstack-manila-api-5.0.2~dev55-3.6.3 openstack-manila-data-5.0.2~dev55-3.6.3 openstack-manila-doc-5.0.2~dev55-3.6.4 openstack-manila-scheduler-5.0.2~dev55-3.6.3 openstack-manila-share-5.0.2~dev55-3.6.3 openstack-neutron-11.0.6~dev63-3.6.3 openstack-neutron-dhcp-agent-11.0.6~dev63-3.6.3 openstack-neutron-doc-11.0.6~dev63-3.6.3 openstack-neutron-fwaas-11.0.2~dev7-3.5.3 openstack-neutron-fwaas-doc-11.0.2~dev7-3.5.3 openstack-neutron-ha-tool-11.0.6~dev63-3.6.3 openstack-neutron-l3-agent-11.0.6~dev63-3.6.3 openstack-neutron-lbaas-11.0.4~dev4-3.3.4 openstack-neutron-lbaas-agent-11.0.4~dev4-3.3.4 openstack-neutron-lbaas-doc-11.0.4~dev4-3.3.3 openstack-neutron-linuxbridge-agent-11.0.6~dev63-3.6.3 openstack-neutron-macvtap-agent-11.0.6~dev63-3.6.3 openstack-neutron-metadata-agent-11.0.6~dev63-3.6.3 openstack-neutron-metering-agent-11.0.6~dev63-3.6.3 openstack-neutron-openvswitch-agent-11.0.6~dev63-3.6.3 openstack-neutron-server-11.0.6~dev63-3.6.3 openstack-neutron-vpn-agent-11.0.1~dev1-3.3.3 openstack-neutron-vpnaas-11.0.1~dev1-3.3.3 openstack-neutron-vpnaas-doc-11.0.1~dev1-3.3.3 openstack-neutron-vyatta-agent-11.0.1~dev1-3.3.3 openstack-neutron-zvm-agent-8.0.1~dev12-4.3.3 openstack-nova-16.1.5~dev49-3.8.4 openstack-nova-api-16.1.5~dev49-3.8.4 openstack-nova-cells-16.1.5~dev49-3.8.4 openstack-nova-compute-16.1.5~dev49-3.8.4 openstack-nova-conductor-16.1.5~dev49-3.8.4 openstack-nova-console-16.1.5~dev49-3.8.4 openstack-nova-consoleauth-16.1.5~dev49-3.8.4 openstack-nova-doc-16.1.5~dev49-3.8.4 openstack-nova-novncproxy-16.1.5~dev49-3.8.4 openstack-nova-placement-api-16.1.5~dev49-3.8.4 openstack-nova-scheduler-16.1.5~dev49-3.8.4 openstack-nova-serialproxy-16.1.5~dev49-3.8.4 openstack-nova-virt-zvm-8.0.1~dev56-3.3.4 openstack-nova-vncproxy-16.1.5~dev49-3.8.4 openstack-octavia-1.0.3~dev21-4.6.3 openstack-octavia-amphora-agent-1.0.3~dev21-4.6.3 openstack-octavia-api-1.0.3~dev21-4.6.3 openstack-octavia-health-manager-1.0.3~dev21-4.6.3 openstack-octavia-housekeeping-1.0.3~dev21-4.6.3 openstack-octavia-worker-1.0.3~dev21-4.6.3 openstack-trove-8.0.1~dev11-3.3.3 openstack-trove-api-8.0.1~dev11-3.3.3 openstack-trove-conductor-8.0.1~dev11-3.3.3 openstack-trove-doc-8.0.1~dev11-3.3.3 openstack-trove-guestagent-8.0.1~dev11-3.3.3 openstack-trove-taskmanager-8.0.1~dev11-3.3.3 python-aodh-5.1.1~dev5-3.5.3 python-barbican-5.0.1~dev11-3.8.3 python-barbicanclient-4.5.2-4.3.2 python-barbicanclient-doc-4.5.2-4.3.2 python-cinder-11.1.2~dev14-3.6.3 python-designate-5.0.2~dev5-3.5.3 python-glance-15.0.2~dev4-3.3.3 python-heat-9.0.5~dev11-3.6.3 python-horizon-12.0.4~dev1-3.8.3 python-horizon-plugin-designate-ui-5.0.2~dev5-3.3.5 python-horizon-plugin-freezer-ui-5.0.1~dev6-3.3.5 python-horizon-plugin-gbp-ui-5.0.1~dev21-4.3.3 python-horizon-plugin-manila-ui-2.10.3~dev4-4.5.5 python-horizon-plugin-neutron-lbaas-ui-3.0.3~dev2-3.5.4 python-horizon-plugin-trove-ui-9.0.1~dev7-3.3.5 python-ironic-9.1.5~dev7-3.6.3 python-keystone-12.0.1~dev19-5.8.3 python-keystone-json-assignment-0.0.2-3.3.2 python-manila-5.0.2~dev55-3.6.3 python-manilaclient-1.17.3-3.3.2 python-manilaclient-doc-1.17.3-3.3.2 python-neutron-11.0.6~dev63-3.6.3 python-neutron-fwaas-11.0.2~dev7-3.5.3 python-neutron-lbaas-11.0.4~dev4-3.3.4 python-neutron-vpnaas-11.0.1~dev1-3.3.3 python-nova-16.1.5~dev49-3.8.4 python-octavia-1.0.3~dev21-4.6.3 python-trove-8.0.1~dev11-3.3.3 python-vmware-nsx-11.0.3~dev16-3.3.2 python-vmware-nsxlib-11.0.4~dev7-3.3.2 - SUSE OpenStack Cloud 8 (noarch): openstack-aodh-5.1.1~dev5-3.5.3 openstack-aodh-api-5.1.1~dev5-3.5.3 openstack-aodh-doc-5.1.1~dev5-3.5.4 openstack-aodh-evaluator-5.1.1~dev5-3.5.3 openstack-aodh-expirer-5.1.1~dev5-3.5.3 openstack-aodh-listener-5.1.1~dev5-3.5.3 openstack-aodh-notifier-5.1.1~dev5-3.5.3 openstack-barbican-5.0.1~dev11-3.8.3 openstack-barbican-api-5.0.1~dev11-3.8.3 openstack-barbican-doc-5.0.1~dev11-3.8.3 openstack-barbican-keystone-listener-5.0.1~dev11-3.8.3 openstack-barbican-retry-5.0.1~dev11-3.8.3 openstack-barbican-worker-5.0.1~dev11-3.8.3 openstack-cinder-11.1.2~dev14-3.6.3 openstack-cinder-api-11.1.2~dev14-3.6.3 openstack-cinder-backup-11.1.2~dev14-3.6.3 openstack-cinder-doc-11.1.2~dev14-3.6.4 openstack-cinder-scheduler-11.1.2~dev14-3.6.3 openstack-cinder-volume-11.1.2~dev14-3.6.3 openstack-dashboard-12.0.4~dev1-3.8.3 openstack-designate-5.0.2~dev5-3.5.3 openstack-designate-agent-5.0.2~dev5-3.5.3 openstack-designate-api-5.0.2~dev5-3.5.3 openstack-designate-central-5.0.2~dev5-3.5.3 openstack-designate-doc-5.0.2~dev5-3.5.3 openstack-designate-producer-5.0.2~dev5-3.5.3 openstack-designate-sink-5.0.2~dev5-3.5.3 openstack-designate-worker-5.0.2~dev5-3.5.3 openstack-glance-15.0.2~dev4-3.3.3 openstack-glance-api-15.0.2~dev4-3.3.3 openstack-glance-doc-15.0.2~dev4-3.3.3 openstack-glance-registry-15.0.2~dev4-3.3.3 openstack-heat-9.0.5~dev11-3.6.3 openstack-heat-api-9.0.5~dev11-3.6.3 openstack-heat-api-cfn-9.0.5~dev11-3.6.3 openstack-heat-api-cloudwatch-9.0.5~dev11-3.6.3 openstack-heat-doc-9.0.5~dev11-3.6.4 openstack-heat-engine-9.0.5~dev11-3.6.3 openstack-heat-plugin-heat_docker-9.0.5~dev11-3.6.3 openstack-heat-templates-0.0.0+git.1525957319.6b5a7cd-3.3.3 openstack-heat-test-9.0.5~dev11-3.6.3 openstack-horizon-plugin-designate-ui-5.0.2~dev5-3.3.5 openstack-horizon-plugin-freezer-ui-5.0.1~dev6-3.3.5 openstack-horizon-plugin-gbp-ui-5.0.1~dev21-4.3.3 openstack-horizon-plugin-manila-ui-2.10.3~dev4-4.5.5 openstack-horizon-plugin-neutron-lbaas-ui-3.0.3~dev2-3.5.4 openstack-horizon-plugin-trove-ui-9.0.1~dev7-3.3.5 openstack-ironic-9.1.5~dev7-3.6.3 openstack-ironic-api-9.1.5~dev7-3.6.3 openstack-ironic-conductor-9.1.5~dev7-3.6.3 openstack-ironic-doc-9.1.5~dev7-3.6.3 openstack-keystone-12.0.1~dev19-5.8.3 openstack-keystone-doc-12.0.1~dev19-5.8.3 openstack-manila-5.0.2~dev55-3.6.3 openstack-manila-api-5.0.2~dev55-3.6.3 openstack-manila-data-5.0.2~dev55-3.6.3 openstack-manila-doc-5.0.2~dev55-3.6.4 openstack-manila-scheduler-5.0.2~dev55-3.6.3 openstack-manila-share-5.0.2~dev55-3.6.3 openstack-neutron-11.0.6~dev63-3.6.3 openstack-neutron-dhcp-agent-11.0.6~dev63-3.6.3 openstack-neutron-doc-11.0.6~dev63-3.6.3 openstack-neutron-fwaas-11.0.2~dev7-3.5.3 openstack-neutron-fwaas-doc-11.0.2~dev7-3.5.3 openstack-neutron-ha-tool-11.0.6~dev63-3.6.3 openstack-neutron-l3-agent-11.0.6~dev63-3.6.3 openstack-neutron-lbaas-11.0.4~dev4-3.3.4 openstack-neutron-lbaas-agent-11.0.4~dev4-3.3.4 openstack-neutron-lbaas-doc-11.0.4~dev4-3.3.3 openstack-neutron-linuxbridge-agent-11.0.6~dev63-3.6.3 openstack-neutron-macvtap-agent-11.0.6~dev63-3.6.3 openstack-neutron-metadata-agent-11.0.6~dev63-3.6.3 openstack-neutron-metering-agent-11.0.6~dev63-3.6.3 openstack-neutron-openvswitch-agent-11.0.6~dev63-3.6.3 openstack-neutron-server-11.0.6~dev63-3.6.3 openstack-neutron-vpn-agent-11.0.1~dev1-3.3.3 openstack-neutron-vpnaas-11.0.1~dev1-3.3.3 openstack-neutron-vpnaas-doc-11.0.1~dev1-3.3.3 openstack-neutron-vyatta-agent-11.0.1~dev1-3.3.3 openstack-neutron-zvm-agent-8.0.1~dev12-4.3.3 openstack-nova-16.1.5~dev49-3.8.4 openstack-nova-api-16.1.5~dev49-3.8.4 openstack-nova-cells-16.1.5~dev49-3.8.4 openstack-nova-compute-16.1.5~dev49-3.8.4 openstack-nova-conductor-16.1.5~dev49-3.8.4 openstack-nova-console-16.1.5~dev49-3.8.4 openstack-nova-consoleauth-16.1.5~dev49-3.8.4 openstack-nova-doc-16.1.5~dev49-3.8.4 openstack-nova-novncproxy-16.1.5~dev49-3.8.4 openstack-nova-placement-api-16.1.5~dev49-3.8.4 openstack-nova-scheduler-16.1.5~dev49-3.8.4 openstack-nova-serialproxy-16.1.5~dev49-3.8.4 openstack-nova-virt-zvm-8.0.1~dev56-3.3.4 openstack-nova-vncproxy-16.1.5~dev49-3.8.4 openstack-octavia-1.0.3~dev21-4.6.3 openstack-octavia-amphora-agent-1.0.3~dev21-4.6.3 openstack-octavia-api-1.0.3~dev21-4.6.3 openstack-octavia-health-manager-1.0.3~dev21-4.6.3 openstack-octavia-housekeeping-1.0.3~dev21-4.6.3 openstack-octavia-worker-1.0.3~dev21-4.6.3 openstack-trove-8.0.1~dev11-3.3.3 openstack-trove-api-8.0.1~dev11-3.3.3 openstack-trove-conductor-8.0.1~dev11-3.3.3 openstack-trove-doc-8.0.1~dev11-3.3.3 openstack-trove-guestagent-8.0.1~dev11-3.3.3 openstack-trove-taskmanager-8.0.1~dev11-3.3.3 python-aodh-5.1.1~dev5-3.5.3 python-barbican-5.0.1~dev11-3.8.3 python-barbicanclient-4.5.2-4.3.2 python-barbicanclient-doc-4.5.2-4.3.2 python-cinder-11.1.2~dev14-3.6.3 python-designate-5.0.2~dev5-3.5.3 python-glance-15.0.2~dev4-3.3.3 python-heat-9.0.5~dev11-3.6.3 python-horizon-12.0.4~dev1-3.8.3 python-horizon-plugin-designate-ui-5.0.2~dev5-3.3.5 python-horizon-plugin-freezer-ui-5.0.1~dev6-3.3.5 python-horizon-plugin-gbp-ui-5.0.1~dev21-4.3.3 python-horizon-plugin-manila-ui-2.10.3~dev4-4.5.5 python-horizon-plugin-neutron-lbaas-ui-3.0.3~dev2-3.5.4 python-horizon-plugin-trove-ui-9.0.1~dev7-3.3.5 python-ironic-9.1.5~dev7-3.6.3 python-keystone-12.0.1~dev19-5.8.3 python-keystone-json-assignment-0.0.2-3.3.2 python-manila-5.0.2~dev55-3.6.3 python-manilaclient-1.17.3-3.3.2 python-manilaclient-doc-1.17.3-3.3.2 python-neutron-11.0.6~dev63-3.6.3 python-neutron-fwaas-11.0.2~dev7-3.5.3 python-neutron-lbaas-11.0.4~dev4-3.3.4 python-neutron-vpnaas-11.0.1~dev1-3.3.3 python-nova-16.1.5~dev49-3.8.4 python-octavia-1.0.3~dev21-4.6.3 python-trove-8.0.1~dev11-3.3.3 python-vmware-nsx-11.0.3~dev16-3.3.2 python-vmware-nsxlib-11.0.4~dev7-3.3.2 venv-openstack-aodh-x86_64-5.0.1-12.4.1 venv-openstack-barbican-x86_64-5.0.1-12.5.1 venv-openstack-cinder-x86_64-11.0.2-14.5.1 venv-openstack-designate-x86_64-5.0.1-12.3.1 venv-openstack-glance-x86_64-15.0.1-12.3.1 venv-openstack-heat-x86_64-9.0.1-12.5.1 venv-openstack-horizon-x86_64-11.0.2-14.6.1 venv-openstack-ironic-x86_64-9.1.3-12.5.1 venv-openstack-keystone-x86_64-12.0.1-11.5.1 venv-openstack-magnum-x86_64-5.0.2-11.4.1 venv-openstack-manila-x86_64-5.0.2-12.5.1 venv-openstack-neutron-x86_64-11.0.2-13.8.1 venv-openstack-nova-x86_64-16.0.3-11.6.1 venv-openstack-octavia-x86_64-1.0.2-12.5.1 venv-openstack-sahara-x86_64-7.0.1-11.4.1 venv-openstack-trove-x86_64-8.0.0.0-11.4.1 - HPE Helion Openstack 8 (noarch): openstack-aodh-5.1.1~dev5-3.5.3 openstack-aodh-api-5.1.1~dev5-3.5.3 openstack-aodh-doc-5.1.1~dev5-3.5.4 openstack-aodh-evaluator-5.1.1~dev5-3.5.3 openstack-aodh-expirer-5.1.1~dev5-3.5.3 openstack-aodh-listener-5.1.1~dev5-3.5.3 openstack-aodh-notifier-5.1.1~dev5-3.5.3 openstack-barbican-5.0.1~dev11-3.8.3 openstack-barbican-api-5.0.1~dev11-3.8.3 openstack-barbican-doc-5.0.1~dev11-3.8.3 openstack-barbican-keystone-listener-5.0.1~dev11-3.8.3 openstack-barbican-retry-5.0.1~dev11-3.8.3 openstack-barbican-worker-5.0.1~dev11-3.8.3 openstack-cinder-11.1.2~dev14-3.6.3 openstack-cinder-api-11.1.2~dev14-3.6.3 openstack-cinder-backup-11.1.2~dev14-3.6.3 openstack-cinder-doc-11.1.2~dev14-3.6.4 openstack-cinder-scheduler-11.1.2~dev14-3.6.3 openstack-cinder-volume-11.1.2~dev14-3.6.3 openstack-dashboard-12.0.4~dev1-3.8.3 openstack-designate-5.0.2~dev5-3.5.3 openstack-designate-agent-5.0.2~dev5-3.5.3 openstack-designate-api-5.0.2~dev5-3.5.3 openstack-designate-central-5.0.2~dev5-3.5.3 openstack-designate-doc-5.0.2~dev5-3.5.3 openstack-designate-producer-5.0.2~dev5-3.5.3 openstack-designate-sink-5.0.2~dev5-3.5.3 openstack-designate-worker-5.0.2~dev5-3.5.3 openstack-glance-15.0.2~dev4-3.3.3 openstack-glance-api-15.0.2~dev4-3.3.3 openstack-glance-doc-15.0.2~dev4-3.3.3 openstack-glance-registry-15.0.2~dev4-3.3.3 openstack-heat-9.0.5~dev11-3.6.3 openstack-heat-api-9.0.5~dev11-3.6.3 openstack-heat-api-cfn-9.0.5~dev11-3.6.3 openstack-heat-api-cloudwatch-9.0.5~dev11-3.6.3 openstack-heat-doc-9.0.5~dev11-3.6.4 openstack-heat-engine-9.0.5~dev11-3.6.3 openstack-heat-plugin-heat_docker-9.0.5~dev11-3.6.3 openstack-heat-templates-0.0.0+git.1525957319.6b5a7cd-3.3.3 openstack-heat-test-9.0.5~dev11-3.6.3 openstack-horizon-plugin-designate-ui-5.0.2~dev5-3.3.5 openstack-horizon-plugin-freezer-ui-5.0.1~dev6-3.3.5 openstack-horizon-plugin-gbp-ui-5.0.1~dev21-4.3.3 openstack-horizon-plugin-manila-ui-2.10.3~dev4-4.5.5 openstack-horizon-plugin-neutron-lbaas-ui-3.0.3~dev2-3.5.4 openstack-horizon-plugin-trove-ui-9.0.1~dev7-3.3.5 openstack-ironic-9.1.5~dev7-3.6.3 openstack-ironic-api-9.1.5~dev7-3.6.3 openstack-ironic-conductor-9.1.5~dev7-3.6.3 openstack-ironic-doc-9.1.5~dev7-3.6.3 openstack-keystone-12.0.1~dev19-5.8.3 openstack-keystone-doc-12.0.1~dev19-5.8.3 openstack-manila-5.0.2~dev55-3.6.3 openstack-manila-api-5.0.2~dev55-3.6.3 openstack-manila-data-5.0.2~dev55-3.6.3 openstack-manila-doc-5.0.2~dev55-3.6.4 openstack-manila-scheduler-5.0.2~dev55-3.6.3 openstack-manila-share-5.0.2~dev55-3.6.3 openstack-neutron-11.0.6~dev63-3.6.3 openstack-neutron-dhcp-agent-11.0.6~dev63-3.6.3 openstack-neutron-doc-11.0.6~dev63-3.6.3 openstack-neutron-fwaas-11.0.2~dev7-3.5.3 openstack-neutron-fwaas-doc-11.0.2~dev7-3.5.3 openstack-neutron-ha-tool-11.0.6~dev63-3.6.3 openstack-neutron-l3-agent-11.0.6~dev63-3.6.3 openstack-neutron-lbaas-11.0.4~dev4-3.3.4 openstack-neutron-lbaas-agent-11.0.4~dev4-3.3.4 openstack-neutron-lbaas-doc-11.0.4~dev4-3.3.3 openstack-neutron-linuxbridge-agent-11.0.6~dev63-3.6.3 openstack-neutron-macvtap-agent-11.0.6~dev63-3.6.3 openstack-neutron-metadata-agent-11.0.6~dev63-3.6.3 openstack-neutron-metering-agent-11.0.6~dev63-3.6.3 openstack-neutron-openvswitch-agent-11.0.6~dev63-3.6.3 openstack-neutron-server-11.0.6~dev63-3.6.3 openstack-neutron-vpn-agent-11.0.1~dev1-3.3.3 openstack-neutron-vpnaas-11.0.1~dev1-3.3.3 openstack-neutron-vpnaas-doc-11.0.1~dev1-3.3.3 openstack-neutron-vyatta-agent-11.0.1~dev1-3.3.3 openstack-neutron-zvm-agent-8.0.1~dev12-4.3.3 openstack-nova-16.1.5~dev49-3.8.4 openstack-nova-api-16.1.5~dev49-3.8.4 openstack-nova-cells-16.1.5~dev49-3.8.4 openstack-nova-compute-16.1.5~dev49-3.8.4 openstack-nova-conductor-16.1.5~dev49-3.8.4 openstack-nova-console-16.1.5~dev49-3.8.4 openstack-nova-consoleauth-16.1.5~dev49-3.8.4 openstack-nova-doc-16.1.5~dev49-3.8.4 openstack-nova-novncproxy-16.1.5~dev49-3.8.4 openstack-nova-placement-api-16.1.5~dev49-3.8.4 openstack-nova-scheduler-16.1.5~dev49-3.8.4 openstack-nova-serialproxy-16.1.5~dev49-3.8.4 openstack-nova-virt-zvm-8.0.1~dev56-3.3.4 openstack-nova-vncproxy-16.1.5~dev49-3.8.4 openstack-octavia-1.0.3~dev21-4.6.3 openstack-octavia-amphora-agent-1.0.3~dev21-4.6.3 openstack-octavia-api-1.0.3~dev21-4.6.3 openstack-octavia-health-manager-1.0.3~dev21-4.6.3 openstack-octavia-housekeeping-1.0.3~dev21-4.6.3 openstack-octavia-worker-1.0.3~dev21-4.6.3 openstack-trove-8.0.1~dev11-3.3.3 openstack-trove-api-8.0.1~dev11-3.3.3 openstack-trove-conductor-8.0.1~dev11-3.3.3 openstack-trove-doc-8.0.1~dev11-3.3.3 openstack-trove-guestagent-8.0.1~dev11-3.3.3 openstack-trove-taskmanager-8.0.1~dev11-3.3.3 python-aodh-5.1.1~dev5-3.5.3 python-barbican-5.0.1~dev11-3.8.3 python-barbicanclient-4.5.2-4.3.2 python-barbicanclient-doc-4.5.2-4.3.2 python-cinder-11.1.2~dev14-3.6.3 python-designate-5.0.2~dev5-3.5.3 python-glance-15.0.2~dev4-3.3.3 python-heat-9.0.5~dev11-3.6.3 python-horizon-12.0.4~dev1-3.8.3 python-horizon-plugin-designate-ui-5.0.2~dev5-3.3.5 python-horizon-plugin-freezer-ui-5.0.1~dev6-3.3.5 python-horizon-plugin-gbp-ui-5.0.1~dev21-4.3.3 python-horizon-plugin-manila-ui-2.10.3~dev4-4.5.5 python-horizon-plugin-neutron-lbaas-ui-3.0.3~dev2-3.5.4 python-horizon-plugin-trove-ui-9.0.1~dev7-3.3.5 python-ironic-9.1.5~dev7-3.6.3 python-keystone-12.0.1~dev19-5.8.3 python-keystone-json-assignment-0.0.2-3.3.2 python-manila-5.0.2~dev55-3.6.3 python-manilaclient-1.17.3-3.3.2 python-manilaclient-doc-1.17.3-3.3.2 python-neutron-11.0.6~dev63-3.6.3 python-neutron-fwaas-11.0.2~dev7-3.5.3 python-neutron-lbaas-11.0.4~dev4-3.3.4 python-neutron-vpnaas-11.0.1~dev1-3.3.3 python-nova-16.1.5~dev49-3.8.4 python-octavia-1.0.3~dev21-4.6.3 python-trove-8.0.1~dev11-3.3.3 python-vmware-nsx-11.0.3~dev16-3.3.2 python-vmware-nsxlib-11.0.4~dev7-3.3.2 venv-openstack-aodh-x86_64-5.0.1-12.4.1 venv-openstack-barbican-x86_64-5.0.1-12.5.1 venv-openstack-cinder-x86_64-11.0.2-14.5.1 venv-openstack-designate-x86_64-5.0.1-12.3.1 venv-openstack-glance-x86_64-15.0.1-12.3.1 venv-openstack-heat-x86_64-9.0.1-12.5.1 venv-openstack-horizon-hpe-x86_64-11.0.2-14.6.1 venv-openstack-ironic-x86_64-9.1.3-12.5.1 venv-openstack-keystone-x86_64-12.0.1-11.5.1 venv-openstack-magnum-x86_64-5.0.2-11.4.1 venv-openstack-manila-x86_64-5.0.2-12.5.1 venv-openstack-neutron-x86_64-11.0.2-13.8.1 venv-openstack-nova-x86_64-16.0.3-11.6.1 venv-openstack-octavia-x86_64-1.0.2-12.5.1 venv-openstack-sahara-x86_64-7.0.1-11.4.1 venv-openstack-trove-x86_64-8.0.0.0-11.4.1 References: https://www.suse.com/security/cve/CVE-2018-14432.html https://bugzilla.suse.com/1084362 https://bugzilla.suse.com/1102151 From sle-security-updates at lists.suse.com Thu Sep 20 04:12:28 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 20 Sep 2018 12:12:28 +0200 (CEST) Subject: SUSE-SU-2018:2762-1: moderate: Security update for crowbar, crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack, crowbar-ui Message-ID: <20180920101228.A0C44FCF0@maintenance.suse.de> SUSE Security Update: Security update for crowbar, crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack, crowbar-ui ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2762-1 Rating: moderate References: #1005886 #1073703 #1081518 #1083093 #1090336 #1093898 #1095420 #1096043 #1096759 #1098369 #1099392 Cross-References: CVE-2016-8611 CVE-2018-3760 Affected Products: SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that solves two vulnerabilities and has 9 fixes is now available. Description: This update for crowbar, crowbar-ha, crowbar-init, crowbar-openstack, crowbar-ui fixes the following issues: This security issues was fixed: - CVE-2018-3760: Upgrade rubygem-sprockets to prevent an information leak. Specially crafted requests could have been be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production (bsc#1098369). - CVE-2016-861: Add rate limiting for glance api (bsc#1005886) These non-security issues were fixed for crowbar: - upgrade: Lock crowbar-ui before admin upgrade - upgrade: Make sure schemas are properly migrated after the upgrade - upgrade: No need for database dump before the upgrade - upgrade: No need to use crowbar-init during the upgrade These non-security issues were fixed for crowbar-core: - upgrade: Remove pre-upgrade constraints from existing locations - upgrade: Show the grep result when checking for not-migrated instances - upgrade: Set clone_stateless_services to false on upgrade - control_lib: fix host allocation check - Fix exception handling in get_log_lines - apache: copytruncate apache logs bsc#1083093 - upgrade: Refresh repos before crowbar-ui update (bsc#1099392) - upgrade: Reset RabbitMQ nodes during upgrade - upgrade: Do not allow cinder-volume on compute nodes - upgrade: Wait until all nova-compute services are up before evacuation - upgrade: Save the information which set of nodes should be upgraded - Let skip_unready_nodes skip also nodes that are in crowbar_upgrade state - upgrade: Add missing brackets checking for nodes - upgrade: Make sure postponed nodes can be skipped when applying proposal - upgrade: When the upgrade is not finished, show a link to wizard - upgrade: Correctly delete remaining upgrade scripts - upgrade: Wait for services shutdown to finish - upgrade: Unlock crowbar-ui after completed upgrade - upgrade: Stop cron before stopping any other service - upgrade: Provide better information after the failure - upgrade: Report missing scripts - upgrade: Better check for upgraded nodes - do not rely on state - upgrade: Improve error messages with lists - upgrade: Check input is a valid node for nodes - upgrade: Delete upgrade scripts really at the end of upgrade - upgrade: Increase the timeout for deleting pacemaker resources - upgrade: Adapt the check for upgraded? value - upgrade: Move step to mark the admin upgrade end - upgrade: Do not finalize nodes that are not upgraded - upgrade: Fix file layout for rails' autoloading (bsc#1096759) - upgrade: Deleting cinder services from database no longer needed - upgrade: Allow postpone and resume of compute nodes upgrade - upgrade: Allow the access to controller actions when upgrade is postponed - upgrade: Finalize upgrade of controller nodes after they are done - upgrade: Added API calls for postponing/resuming compute nodes upgrade - upgrade: Unblock upgrade status API in Cloud8 - upgrade: Do not end admin step while it is still running (bsc#1095420) - upgrade: Adapt ceph-related checks to 7-8 upgrade - upgrade: Allow running schema migrations on upgrade - upgrade: Fix platform retrieval These non-security issues were fixed for crowbar-ha: - pacemaker: allow multiple meta parameters (bsc#1093898) - haproxy: active-active mode, just one VIP These non-security issues were fixed for crowbar-openstack: - Synchronize SSL in the cluster (bsc#1081518) - neutron: add force_metadata attribute - rabbitmq: set client timout to default value - /etc/sysctl.d/99-sysctl.conf is a symlink to /etc/sysctl.conf - Do not automatically put manila-share roles to compute nodes - rabbitmq: check for rabbit readiness - rabbitmq: Make sure rabbit is running on cluster - monasca: various monasca-installer improvements - monasca: reduce monasca-installer runs (bsc#1096043) - manila: Correct field name for cluster name - Do not mark [:nova][:db_synced] too early - nova: Do not do partial online migrations, that was Newton specific - monasca: add elasticsearch tunables (bsc#1090336) - copytruncate apache logs instead of creating - rabbitmq: Better dependency check - aodh: Add config for alarm_history_ttl (bsc#1073703) - upgrade: cinder: run live migrations at correct rev These non-security issues were fixed for crowbar-ui: - upgrade: Dummy backend for status testing - upgrade: Refactor postpone nodes upgrade - upgrade: Allow interruption of status wait loop - upgrade: Added ability to postpone upgrade nodes - upgrade: Add ability to postpone upgrade nodes - upgrade: Add ability to postpone upgrade nodes - upgrade: Add ability to postpone upgrade nodes - Add ability to postpone upgrade - upgrade: Remove openstack precheck - upgrade: Fixed error key for ha_configured - upgrade: Remove CEPH related code - Remove the non-essential database-configuration controller - remove ui typo test - Remove database configuration option - upgrade: Update SUSE-OpenStack-Cloud-8 label - upgrade: Update admin and nodes repo names Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1928=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): crowbar-core-5.0+git.1533887407.6e9b0412d-3.8.2 crowbar-core-branding-upstream-5.0+git.1533887407.6e9b0412d-3.8.2 - SUSE OpenStack Cloud Crowbar 8 (noarch): crowbar-5.0+git.1528696845.81a7b5d0-3.3.1 crowbar-devel-5.0+git.1528696845.81a7b5d0-3.3.1 crowbar-ha-5.0+git.1530177874.35b9099-3.3.1 crowbar-init-5.0+git.1520420379.d5bbb35-3.3.1 crowbar-openstack-5.0+git.1534167599.d325ef804-4.8.2 crowbar-ui-1.2.0+git.1533844061.4ac8e723-3.3.1 References: https://www.suse.com/security/cve/CVE-2016-8611.html https://www.suse.com/security/cve/CVE-2018-3760.html https://bugzilla.suse.com/1005886 https://bugzilla.suse.com/1073703 https://bugzilla.suse.com/1081518 https://bugzilla.suse.com/1083093 https://bugzilla.suse.com/1090336 https://bugzilla.suse.com/1093898 https://bugzilla.suse.com/1095420 https://bugzilla.suse.com/1096043 https://bugzilla.suse.com/1096759 https://bugzilla.suse.com/1098369 https://bugzilla.suse.com/1099392 From sle-security-updates at lists.suse.com Thu Sep 20 04:15:24 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 20 Sep 2018 12:15:24 +0200 (CEST) Subject: SUSE-SU-2018:2763-1: moderate: Security update for pango Message-ID: <20180920101524.25DA3FCF0@maintenance.suse.de> SUSE Security Update: Security update for pango ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2763-1 Rating: moderate References: #1103877 Cross-References: CVE-2018-15120 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pango fixes the following issues: Security issue fixed: - CVE-2018-15120: Fixed a denial of service when parsing emoji (bsc#1103877) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1931=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1931=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): libpango-1_0-0-32bit-1.40.14-3.3.1 libpango-1_0-0-32bit-debuginfo-1.40.14-3.3.1 pango-debugsource-1.40.14-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpango-1_0-0-1.40.14-3.3.1 libpango-1_0-0-debuginfo-1.40.14-3.3.1 pango-debugsource-1.40.14-3.3.1 pango-devel-1.40.14-3.3.1 typelib-1_0-Pango-1_0-1.40.14-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-15120.html https://bugzilla.suse.com/1103877 From sle-security-updates at lists.suse.com Thu Sep 20 04:16:47 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 20 Sep 2018 12:16:47 +0200 (CEST) Subject: SUSE-SU-2018:2765-1: moderate: Security update for couchdb Message-ID: <20180920101647.62EE4FCF0@maintenance.suse.de> SUSE Security Update: Security update for couchdb ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2765-1 Rating: moderate References: #1100973 Cross-References: CVE-2018-8007 Affected Products: SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for couchdb fixes the following security issues: - CVE-2018-8007: Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it was possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API (bsc#1100973) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1930=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): couchdb-1.7.2-3.3.1 couchdb-debuginfo-1.7.2-3.3.1 couchdb-debugsource-1.7.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-8007.html https://bugzilla.suse.com/1100973 From sle-security-updates at lists.suse.com Thu Sep 20 07:11:47 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 20 Sep 2018 15:11:47 +0200 (CEST) Subject: SUSE-SU-2018:2771-1: moderate: Security update for gdm Message-ID: <20180920131147.EBBA4FCF0@maintenance.suse.de> SUSE Security Update: Security update for gdm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2771-1 Rating: moderate References: #1081947 #1103093 #1103737 Cross-References: CVE-2018-14424 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for gdm provides the following fixes: This security issue was fixed: - CVE-2018-14424: The daemon in GDM did not properly unexport display objects from its D-Bus interface when they are destroyed, which allowed a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution (bsc#1103737) These non-security issues were fixed: - Enable pam_keyinit module (bsc#1081947) - Fix a build race in SLE (bsc#1103093) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1939=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gdm-3.26.2.1-13.9.1 gdm-debuginfo-3.26.2.1-13.9.1 gdm-debugsource-3.26.2.1-13.9.1 gdm-devel-3.26.2.1-13.9.1 libgdm1-3.26.2.1-13.9.1 libgdm1-debuginfo-3.26.2.1-13.9.1 typelib-1_0-Gdm-1_0-3.26.2.1-13.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gdm-lang-3.26.2.1-13.9.1 gdmflexiserver-3.26.2.1-13.9.1 References: https://www.suse.com/security/cve/CVE-2018-14424.html https://bugzilla.suse.com/1081947 https://bugzilla.suse.com/1103093 https://bugzilla.suse.com/1103737 From sle-security-updates at lists.suse.com Thu Sep 20 16:08:37 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Sep 2018 00:08:37 +0200 (CEST) Subject: SUSE-SU-2018:2775-1: important: Security update for the Linux Kernel Message-ID: <20180920220837.938E4FCF0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2775-1 Rating: important References: #1012382 #1015342 #1015343 #1017967 #1019695 #1019699 #1020412 #1021121 #1022604 #1024361 #1024365 #1024376 #1027968 #1030552 #1031492 #1033962 #1042286 #1048317 #1050431 #1053685 #1055014 #1056596 #1062604 #1063646 #1064232 #1065364 #1066223 #1068032 #1068075 #1069138 #1078921 #1080157 #1083663 #1085042 #1085536 #1085539 #1086457 #1087092 #1089066 #1090888 #1091171 #1091860 #1096254 #1096748 #1097105 #1098253 #1098822 #1099597 #1099810 #1099811 #1099813 #1099832 #1099844 #1099845 #1099846 #1099849 #1099863 #1099864 #1099922 #1099999 #1100000 #1100001 #1100132 #1101822 #1101841 #1102346 #1102486 #1102517 #1102715 #1102797 #1103269 #1103445 #1103717 #1104319 #1104485 #1104494 #1104495 #1104683 #1104897 #1105271 #1105292 #1105322 #1105323 #1105392 #1105396 #1105524 #1105536 #1105769 #1106016 #1106105 #1106185 #1106229 #1106271 #1106275 #1106276 #1106278 #1106281 #1106283 #1106369 #1106509 #1106511 #1106697 #1106929 #1106934 #1106995 #1107060 #1107078 #1107319 #1107320 #1107689 #1107735 #1107966 #963575 #966170 #966172 #969470 #969476 #969477 #970506 Cross-References: CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-10902 CVE-2018-10938 CVE-2018-1128 CVE-2018-1129 CVE-2018-12896 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-15572 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 CVE-2018-9363 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 98 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.155 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001). - CVE-2018-13095: Prevent denial of service (memory corruption and BUG) that could have occurred for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999). - CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000). - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922). - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689). - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511). - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509). - CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (bnc#1096748). - CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (bnc#1096748). - CVE-2018-10938: A crafted network packet sent remotely by an attacker forced the kernel to enter an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service (bnc#1106016). - CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517). - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322 1105323). - CVE-2018-9363: Prevent buffer overflow in hidp_process_report (bsc#1105292) - CVE-2018-10883: A local user could have caused an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099863). - CVE-2018-10879: A local user could have caused a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact by renaming a file in a crafted ext4 filesystem image (bsc#1099844). - CVE-2018-10878: A local user could have caused an out-of-bounds write and a denial of service or unspecified other impact by mounting and operating a crafted ext4 filesystem image (bsc#1099813). - CVE-2018-10876: A use-after-free was possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image (bsc#1099811). - CVE-2018-10877: Prevent out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image (bsc#1099846). - CVE-2018-10881: A local user could have caused an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099864). - CVE-2018-10882: A local user could have caused an out-of-bound write, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image (bsc#1099849). - CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could have used this to cause a system crash and a denial of service (bsc#1099845). The following non-security bugs were fixed: - 9p/net: Fix zero-copy path in the 9p virtio transport (bnc#1012382). - 9p/virtio: fix off-by-one error in sg list bounds check (bnc#1012382). - 9p: fix multiple NULL-pointer-dereferences (bnc#1012382). - ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices (bnc#1012382). - ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle (bnc#1012382). - ACPI / PM: save NVS memory for ASUS 1025C laptop (bnc#1012382). - ACPI: save NVS memory for Lenovo G50-45 (bnc#1012382). - ALSA: cs5535audio: Fix invalid endian conversion (bnc#1012382). - ALSA: emu10k1: Rate-limit error messages about page errors (bnc#1012382). - ALSA: emu10k1: add error handling for snd_ctl_add (bnc#1012382). - ALSA: fm801: add error handling for snd_ctl_add (bnc#1012382). - ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs (bnc#1012382). - ALSA: hda - Turn CX8200 into D3 as well upon reboot (bnc#1012382). - ALSA: hda/ca0132: fix build failure when a local macro is defined (bnc#1012382). - ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry (bnc#1012382). - ALSA: memalloc: Do not exceed over the requested size (bnc#1012382). - ALSA: rawmidi: Change resized buffers atomically (bnc#1012382). - ALSA: snd-aoa: add of_node_put() in error path (bsc#1099810). - ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback (bnc#1012382). - ALSA: virmidi: Fix too long output trigger loop (bnc#1012382). - ALSA: vx222: Fix invalid endian conversions (bnc#1012382). - ALSA: vxpocket: Fix invalid endian conversions (bnc#1012382). - ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP (bnc#1012382). - ARC: Explicitly add -mmedium-calls to CFLAGS (bnc#1012382). - ARC: Fix CONFIG_SWAP (bnc#1012382). - ARC: mm: allow mprotect to make stack mappings executable (bnc#1012382). - ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot (bnc#1012382). - ARM: dts: Cygnus: Fix I2C controller interrupt type (bnc#1012382). - ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller (bnc#1012382). - ARM: dts: am437x: make edt-ft5x06 a wakeup source (bnc#1012382). - ARM: dts: da850: Fix interrups property for gpio (bnc#1012382). - ARM: dts: imx6sx: fix irq for pcie bridge (bnc#1012382). - ARM: fix put_user() for gcc-8 (bnc#1012382). - ARM: imx_v4_v5_defconfig: Select ULPI support (bnc#1012382). - ARM: imx_v6_v7_defconfig: Select ULPI support (bnc#1012382). - ARM: pxa: irq: fix handling of ICMR registers in suspend/resume (bnc#1012382). - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset (bnc#1012382). - ASoC: Intel: cht_bsw_max98090: remove useless code, align with ChromeOS driver. - ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization (bnc#1012382). - ASoC: dpcm: do not merge format from invalid codec dai (bnc#1012382). - ASoC: dpcm: fix BE dai not hw_free and shutdown (bnc#1012382). - ASoC: pxa: Fix module autoload for platform drivers (bnc#1012382). - ASoC: sirf: Fix potential NULL pointer dereference (bnc#1012382). - Add reference to bsc#1091171 (bnc#1012382; bsc#1091171). - Bluetooth: avoid killing an already killed socket (bnc#1012382). - Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 (bnc#1012382). - Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table (bsc#1087092). - Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking (bsc#1087092). - Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning (bnc#1012382). - Documentation/spec_ctrl: Do some minor cleanups (bnc#1012382). - HID: hid-plantronics: Re-resend Update to map button for PTT products (bnc#1012382). - HID: i2c-hid: check if device is there before really probing (bnc#1012382). - HID: wacom: Correct touch maximum XY of 2nd-gen Intuos (bnc#1012382). - IB/core: Make testing MR flags for writability a static inline function (bnc#1012382). - IB/core: Remove duplicate declaration of gid_cache_wq (bsc#1056596). - IB/iser: Do not reduce max_sectors (bsc#1063646). - IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()'. - IB/mlx4: Mark user MR as writable if actual virtual memory is writable (bnc#1012382). - IB/mlx5: Fetch soft WQE's on fatal error state (bsc#1015342 bsc#1015343). - IB/mlx5: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1015342 bsc#1015343). - IB/ocrdma: fix out of bounds access to local buffer (bnc#1012382). - Input: elan_i2c - add ACPI ID for lenovo ideapad 330 (bnc#1012382). - Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST (bnc#1012382). - Input: i8042 - add Lenovo LaVie Z to the i8042 reset list (bnc#1012382). - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bnc#1012382). - KVM: MMU: always terminate page walks at level 1 (bsc#1062604). - KVM: MMU: simplify last_pte_bitmap (bsc#1062604). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: arm/arm64: Skip updating PMD entry if no change (bnc#1012382). - KVM: arm/arm64: Skip updating PTE entry if no change (bnc#1012382). - KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer (bnc#1012382). - KVM: nVMX: update last_nonleaf_level when initializing nested EPT (bsc#1062604). - MIPS: Correct the 64-bit DSP accumulator register size (bnc#1012382). - MIPS: Fix off-by-one in pci_resource_to_user() (bnc#1012382). - MIPS: ath79: fix register address in ath79_ddr_wb_flush() (bnc#1012382). - MIPS: lib: Provide MIPS64r6 __multi3() for GCC lower than < 7 (bnc#1012382). - NET: stmmac: align DMA stuff to largest cache line length (bnc#1012382). - PCI: Prevent sysfs disable of device while driver is attached (bnc#1012382). - PCI: Skip MPS logic for Virtual Functions (VFs) (bnc#1012382). - PCI: hotplug: Do not leak pci_slot on registration failure (bnc#1012382). - PCI: pciehp: Fix use-after-free on unplug (bnc#1012382). - PCI: pciehp: Request control of native hotplug only if supported (bnc#1012382). - PM / sleep: wakeup: Fix build error caused by missing SRCU support (bnc#1012382). - RDMA/i40iw: Avoid panic when objects are being created and destroyed (bsc#969476 bsc#969477). - RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint (bsc#969476 bsc#969477). - RDMA/i40iw: Avoid reference leaks when processing the AEQ (bsc#969476 bsc#969477). - RDMA/i40w: Hold read semaphore while looking after VMA (bsc#1024376). - RDMA/mad: Convert BUG_ONs to error flows (bnc#1012382). - RDMA/mlx5: Use proper spec flow label type (bsc#1015342 bsc#1015343). - Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" (bnc#1012382). - Revert "UBIFS: Fix potential integer overflow in allocation" (bnc#1012382). - Revert "f2fs: handle dirty segments inside refresh_sit_entry" (bsc#1106281). - Revert "mm: page_alloc: skip over regions of invalid pfns where possible" (bnc#1107078). - Revert 'block-cancel-workqueue-entries-on-blk_mq_freeze_queue' (bsc#1103717). - Smack: Mark inode instant in smack_task_to_inode (bnc#1012382). - USB: musb: fix external abort on suspend (bsc#1085536). - USB: option: add support for DW5821e (bnc#1012382). - USB: serial: metro-usb: stop I/O after failed open (bsc#1085539). - USB: serial: sierra: fix potential deadlock at close (bnc#1012382). - Workaround kABI breakage by __must_check drop of strscpy() (bsc#1107319). - afs: Fix directory permissions check (bsc#1106283). - arc: fix build errors in arc/include/asm/delay.h (bnc#1012382). - arc: fix type warnings in arc/mm/cache.c (bnc#1012382). - arm64: make secondary_start_kernel() notrace (bnc#1012382). - arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() (bnc#1012382). - ath: Add regulatory mapping for APL13_WORLD (bnc#1012382). - ath: Add regulatory mapping for APL2_FCCA (bnc#1012382). - ath: Add regulatory mapping for Bahamas (bnc#1012382). - ath: Add regulatory mapping for Bermuda (bnc#1012382). - ath: Add regulatory mapping for ETSI8_WORLD (bnc#1012382). - ath: Add regulatory mapping for FCC3_ETSIC (bnc#1012382). - ath: Add regulatory mapping for Serbia (bnc#1012382). - ath: Add regulatory mapping for Tanzania (bnc#1012382). - ath: Add regulatory mapping for Uganda (bnc#1012382). - atl1c: reserve min skb headroom (bnc#1012382). - atm: Preserve value of skb->truesize when accounting to vcc (bsc#1089066). - audit: allow not equal op for audit by executable (bnc#1012382). - backlight: as3711_bl: Fix Device Tree node leaks (bsc#1106929). - backlight: lm3630a: Bump REG_MAX value to 0x50 instead of 0x1F (bsc#1106929). - bcache: avoid unncessary cache prefetch bch_btree_node_get() (bsc#1064232). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes (bsc#1064232). - bcache: display rate debug parameters to 0 when writeback is not running (bsc#1064232). - bcache: do not check return value of debugfs_create_dir() (bsc#1064232). - bcache: finish incremental GC (bsc#1064232). - bcache: fix I/O significant decline while backend devices registering (bsc#1064232). - bcache: fix error setting writeback_rate through sysfs interface (bsc#1064232). - bcache: free heap cache_set->flush_btree in bch_journal_free (bsc#1064232). - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section (bsc#1064232). - bcache: release dc->writeback_lock properly in bch_writeback_thread() (bsc#1064232). - bcache: set max writeback rate when I/O request is idle (bsc#1064232). - bcache: simplify the calculation of the total amount of flash dirty data (bsc#1064232). - be2net: remove unused old custom busy-poll fields (bsc#1021121 ). - blkdev: __blkdev_direct_IO_simple: fix leak in error case (bsc#1083663). - block: bio_iov_iter_get_pages: fix size of last iovec (bsc#1083663). - block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs (bsc#1083663). - block: do not use interruptible wait anywhere (bnc#1012382). - bnx2x: Fix invalid memory access in rss hash config path (bnc#1012382). - bnx2x: Fix receiving tx-timeout in error or recovery state (bnc#1012382). - bnxt_en: Always set output parameters in bnxt_get_max_rings() (bsc#963575). - bnxt_en: Fix for system hang if request_irq fails (bnc#1012382). - bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic (bsc#1020412 ). - bpf: fix references to free_bpf_prog_info() in comments (bnc#1012382). - brcmfmac: Add support for bcm43364 wireless chipset (bnc#1012382). - brcmfmac: stop watchdog before detach and free everything (bnc#1012382). - bridge: Propagate vlan add failure to user (bnc#1012382). - btrfs: Do not remove block group still has pinned down bytes (bsc#1086457). - btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups (bnc#1012382). - btrfs: do not leak ret from do_chunk_alloc (bnc#1012382). - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bnc#1012382). - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf. - btrfs: round down size diff when shrinking/growing device (bsc#1097105). - can: ems_usb: Fix memory leak on ems_usb_disconnect() (bnc#1012382). - can: mpc5xxx_can: check of_iomap return before use (bnc#1012382). - can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK (bnc#1012382). - can: xilinx_can: fix RX overflow interrupt not being enabled (bnc#1012382). - can: xilinx_can: fix device dropping off bus on RX overrun (bnc#1012382). - can: xilinx_can: fix incorrect clear of non-processed interrupts (bnc#1012382). - can: xilinx_can: fix recovery from error states not being propagated (bnc#1012382). - can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting (bnc#1012382). - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (bnc#1012382). - ceph: fix incorrect use of strncpy (bsc#1107319). - ceph: return errors from posix_acl_equiv_mode() correctly (bsc#1107320). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1012382). - cifs: add missing debug entries for kconfig options (bnc#1012382). - cifs: check kmalloc before use (bsc#1012382). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1012382). - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 (bnc#1012382). - crypto: ablkcipher - fix crash flushing dcache in error path (bnc#1012382). - crypto: authenc - do not leak pointers to authenc keys (bnc#1012382). - crypto: authencesn - do not leak pointers to authenc keys (bnc#1012382). - crypto: blkcipher - fix crash flushing dcache in error path (bnc#1012382). - crypto: padlock-aes - Fix Nano workaround data corruption (bnc#1012382). - crypto: vmac - require a block cipher with 128-bit block size (bnc#1012382). - crypto: vmac - separate tfm and request context (bnc#1012382). - crypto: vmx - Fix sleep-in-atomic bugs (bsc#1048317). - cxgb4: when disabling dcb set txq dcb priority to 0 (bnc#1012382). - cxl: Fix wrong comparison in cxl_adapter_context_get() (bsc#1055014). - dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() (bnc#1012382). - disable loading f2fs module on PAGE_SIZE > 4KB (bnc#1012382). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (bnc#1012382). - dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA (bnc#1012382). - dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() (bnc#1012382). - dmaengine: pxa_dma: remove duplicate const qualifier (bnc#1012382). - driver core: Partially revert "driver core: correct device's shutdown order" (bnc#1012382). - drivers: net: lmc: fix case value for target abort error (bnc#1012382). - drm/armada: fix colorkey mode property (bnc#1012382). - drm/atmel-hlcdc: check stride values in the first plane (bsc#1106929). - drm/atomic: Handling the case when setting old crtc for plane (bnc#1012382). - drm/bridge: adv7511: Reset registers on hotplug (bnc#1012382). - drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up (bsc#1101822). - drm/drivers: add support for using the arch wc mapping API. - drm/exynos/dsi: mask frame-done interrupt (bsc#1106929). - drm/exynos: decon5433: Fix WINCONx reset value (bnc#1012382). - drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes (bnc#1012382). - drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes (bnc#1012382). - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type (bnc#1012382). - drm/i915/userptr: reject zero user_size (bsc#1090888). - drm/i915: Correctly handle limited range YCbCr data on VLV/CHV (bsc#1087092). - drm/imx: fix typo in ipu_plane_formats (bsc#1106929). - drm/imx: imx-ldb: check if channel is enabled before printing warning (bnc#1012382). - drm/imx: imx-ldb: disable LDB on driver bind (bnc#1012382). - drm/msm/hdmi: Use bitwise operators when building register values (bsc#1106929). - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bnc#1012382). - drm/panel: type promotion bug in s6e8aa0_read_mtp_id() (bsc#1105769). - drm/radeon: fix mode_valid's return type (bnc#1012382). - drm: Add DP PSR2 sink enable bit (bnc#1012382). - drm: Reject getfb for multi-plane framebuffers (bsc#1106929). - enic: do not call enic_change_mtu in enic_probe - enic: handle mtu change for vf properly (bnc#1012382). - enic: initialize enic->rfs_h.lock in enic_probe (bnc#1012382). - esp6: fix memleak on error path in esp6_input - ext4: check for NUL characters in extended attribute's name (bnc#1012382). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: do not update s_last_mounted of a frozen fs (bsc#1101841). - ext4: factor out helper ext4_sample_last_mounted() (bsc#1101841). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - ext4: fix inline data updates with checksums enabled (bsc#1104494). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bnc#1012382). - ext4: reset error code in ext4_find_entry in fallback (bnc#1012382). - ext4: sysfs: print ext4_super_block fields as little-endian (bsc#1106229). - f2fs: fix to do not trigger writeback during recovery (bnc#1012382). - fat: fix memory allocation failure handling of match_strdup() (bnc#1012382). - fb: fix lost console when the user unplugs a USB adapter (bnc#1012382). - fbdev: omapfb: off by one in omapfb_register_client() (bsc#1106929). - fix __legitimize_mnt()/mntput() race (bnc#1012382). - fix mntput/mntput race (bnc#1012382). - fork: unconditionally clear stack on fork (bnc#1012382). - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed (bnc#1012382). - fs/dax.c: fix inefficiency in dax_writeback_mapping_range() (bsc#1106185). - fs/quota: Fix spectre gadget in do_quotactl (bnc#1012382). - fs: aio: fix the increment of aio-nr and counting against aio-max-nr (bsc#1068075, bsc#1078921). - fuse: Add missed unlock_page() to fuse_readpages_fill() (bnc#1012382). - fuse: Do not access pipe->buffers without pipe_lock() (bnc#1012382). - fuse: Fix oops at process_init_reply() (bnc#1012382). - fuse: fix double request_end() (bnc#1012382). - fuse: fix unlocked access to processing queue (bnc#1012382). - fuse: umount should wait for all requests (bnc#1012382). - genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392). - getxattr: use correct xattr length (bnc#1012382). - hfsplus: Do not clear SGID when inheriting ACLs (bsc#1030552). - hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bnc#1012382). - hwrng: exynos - Disable runtime PM on driver unbind. - i2c: davinci: Avoid zero value of CLKH (bnc#1012382). - i2c: imx: Fix race condition in dma read (bnc#1012382). - i2c: imx: Fix reinit_completion() use (bnc#1012382). - i2c: ismt: fix wrong device address when unmap the data buffer (bnc#1012382). - i40e: use cpumask_copy instead of direct assignment (bsc#1053685). - i40iw: Fix memory leak in error path of create QP (bsc#969476 bsc#969477). - i40iw: Use correct address in dst_neigh_lookup for IPv6 (bsc#969476 bsc#969477). - ibmvnic: Include missing return code checks in reset function (bnc#1107966). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bnc#1012382). - ieee802154: at86rf230: use __func__ macro for debug messages (bnc#1012382). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bnc#1012382). - igb: Fix not adding filter elements to the list (bsc#1024361 bsc#1024365). - iio: ad9523: Fix displayed phase (bnc#1012382). - iio: ad9523: Fix return value for ad952x_store() (bnc#1012382). - inet: frag: enforce memory limits earlier (bnc#1012382 bsc#970506). - iommu/amd: make sure TLB to be flushed before IOVA freed (bsc#1106105). - iommu/vt-d: Add definitions for PFSID (bnc#1012382). - iommu/vt-d: Fix dev iotlb pfsid use (bnc#1012382). - iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105). - ioremap: Update pgtable free interfaces with addr (bnc#1012382). - ip: hash fragments consistently (bnc#1012382). - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull (bnc#1012382). - ipconfig: Correctly initialise ic_nameservers (bnc#1012382). - ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV (bnc#1012382). - ipv4: Return EINVAL when ping_group_range sysctl does not map to user ns (bnc#1012382). - ipv4: remove BUG_ON() from fib_compute_spec_dst (bnc#1012382). - ipv6: fix useless rol32 call on hash (bnc#1012382). - ipv6: mcast: fix unsolicited report interval after receiving querys (bnc#1012382). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1033962). - iscsi target: fix session creation failure handling (bnc#1012382). - isdn: Disable IIOCDBGVAR (bnc#1012382). - iw_cxgb4: remove duplicate memcpy() in c4iw_create_listen() (bsc#969476 bsc#969477). - iwlwifi: pcie: fix race in Rx buffer allocator (bnc#1012382). - ixgbe: Be more careful when modifying MAC filters (bnc#1012382). - jfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - jump_label: Add RELEASE barrier after text changes (bsc#1105271). - jump_label: Fix concurrent static_key_enable/disable() (bsc#1105271). - jump_label: Move CPU hotplug locking (bsc#1105271). - jump_label: Provide hotplug context variants (bsc#1105271). - jump_label: Reduce the size of struct static_key (bsc#1105271). - jump_label: Reorder hotplug lock and jump_label_lock (bsc#1105271). - jump_label: Split out code under the hotplug lock (bsc#1105271). - jump_label: remove bug.h, atomic.h dependencies for HAVE_JUMP_LABEL (bsc#1105271). - kABI: protect enum tcp_ca_event (kabi). - kABI: reexport tcp_send_ack (kabi). - kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597) - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kasan: do not emit builtin calls when sanitization is off (bnc#1012382). - kasan: fix shadow_size calculation error in kasan_module_alloc (bnc#1012382). - kbuild: verify that $DEPMOD is installed (bnc#1012382). - kernel: improve spectre mitigation (bnc#1106934, LTC#171029). - kprobes/x86: Fix %p uses in error messages (bnc#1012382). - kprobes: Make list and blacklist root user read only (bnc#1012382). - kthread, tracing: Do not expose half-written comm when creating kthreads (bsc#1104897). - kvm: x86: vmx: fix vpid leak (bnc#1012382). - l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache (bnc#1012382). - lib/rhashtable: consider param->min_size when setting initial table size (bnc#1012382). - libata: Fix command retry decision (bnc#1012382). - libceph: check authorizer reply/challenge length before reading (bsc#1096748). - libceph: factor out __ceph_x_decrypt() (bsc#1096748). - libceph: factor out __prepare_write_connect() (bsc#1096748). - libceph: factor out encrypt_authorizer() (bsc#1096748). - libceph: store ceph_auth_handshake pointer in ceph_connection (bsc#1096748). - libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() (bsc#1096748). - llc: use refcount_inc_not_zero() for llc_sap_find() (bnc#1012382). - locking/lockdep: Do not record IRQ state within lockdep code (bnc#1012382). - locks: pass inode pointer to locks_free_lock_context (bsc at 1099832). - locks: prink more detail when there are leaked locks (bsc#1099832). - locks: restore a warn for leaked locks on close (bsc#1099832). - m68k: fix "bad page state" oops on ColdFire boot (bnc#1012382). - mac80211: add stations tied to AP_VLANs during hw reconfig (bnc#1012382). - md/raid10: fix that replacement cannot complete recovery after reassemble (bnc#1012382). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (bnc#1012382). - media: omap3isp: fix unbalanced dma_iommu_mapping (bnc#1012382). - media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open() (bnc#1012382). - media: rtl28xxu: be sure that it won't go past the array size (bsc#1050431). - media: s5p-jpeg: fix number of components macro (bsc#1050431). - media: saa7164: Fix driver name in debug output (bnc#1012382). - media: si470x: fix __be16 annotations (bnc#1012382). - media: siano: get rid of __le32/__le16 cast warnings (bnc#1012382). - media: staging: omap4iss: Include asm/cacheflush.h after generic includes (bnc#1012382). - media: videobuf2-core: do not call memop 'finish' when queueing (bnc#1012382). - memory: tegra: Apply interrupts mask per SoC (bnc#1012382). - memory: tegra: Do not handle spurious interrupts (bnc#1012382). - mfd: cros_ec: Fail early if we cannot identify the EC (bnc#1012382). - microblaze: Fix simpleImage format generation (bnc#1012382). - mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported (bnc#1106697). - mm/memory.c: check return value of ioremap_prot (bnc#1012382). - mm/slub.c: add __printf verification to slab_err() (bnc#1012382). - mm/tlb: Remove tlb_remove_table() non-concurrent condition (bnc#1012382). - mm: Add vm_insert_pfn_prot() (bnc#1012382). - mm: fix cache mode tracking in vm_insert_mixed() (bnc#1012382). - mm: memcg: fix use after free in mem_cgroup_iter() (bnc#1012382). - mm: vmalloc: avoid racy handling of debugobjects in vunmap (bnc#1012382). - mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 (bnc#1012382). - mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages (bnc#1012382). - mtd: ubi: wl: Fix error return code in ubi_wl_init(). - mwifiex: correct histogram data with appropriate index (bnc#1012382). - mwifiex: handle race during mwifiex_usb_disconnect (bnc#1012382). - net/9p/client.c: version pointer uninitialized (bnc#1012382). - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() (bnc#1012382). - net/ethernet/freescale/fman: fix cross-build error (bnc#1012382). - net/ipv4: Set oif in fib_compute_spec_dst (bnc#1012382). - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper (bnc#1012382). - net/mlx5: Add missing SET_DRIVER_VERSION command translation (bsc#1015342 bsc#1015343). - net/mlx5: E-Switch, Include VF RDMA stats in vport statistics (bsc#966170 bsc#966172). - net/mlx5: Eswitch, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1015342 bsc#1015343). - net/mlx5: Fix wrong size allocation for QoS ETC TC regitster (bsc#966170 bsc#966172). - net/mlx5: Vport, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#966170 bsc#966172). - net/mlx5e: Do not allow aRFS for encapsulated packets (bsc#1015342 bsc#1015343). - net/mlx5e: Err if asked to offload TC match on frag being first (bsc#1015342 bsc#1015343). - net/mlx5e: Fix quota counting in aRFS expire flow (bsc#1015342 bsc#1015343). - net/mlx5e: Refine ets validation function (bsc#966170 bsc#966172). - net: 6lowpan: fix reserved space for single frames (bnc#1012382). - net: Do not copy pfmemalloc flag in __copy_skb_header() (bnc#1012382). - net: add skb_condense() helper (bsc#1089066). - net: adjust skb->truesize in ___pskb_trim() (bsc#1089066). - net: adjust skb->truesize in pskb_expand_head() (bsc#1089066). - net: axienet: Fix double deregister of mdio (bnc#1012382). - net: caif: Add a missing rcu_read_unlock() in caif_flow_cb (bnc#1012382). - net: davinci_emac: match the mdio device against its compatible if possible (bnc#1012382). - net: dsa: Do not suspend/resume closed slave_dev (bnc#1012382). - net: ena: Fix use of uninitialized DMA address bits field (bsc#1027968). - net: fix amd-xgbe flow-control issue (bnc#1012382). - net: hamradio: use eth_broadcast_addr (bnc#1012382). - net: lan78xx: Fix misplaced tasklet_schedule() call (bnc#1012382). - net: lan78xx: fix rx handling before first packet is send (bnc#1012382). - net: mac802154: tx: expand tailroom if necessary (bnc#1012382). - net: phy: fix flag masking in __set_phy_supported (bnc#1012382). - net: prevent ISA drivers from building on PPC32 (bnc#1012382). - net: propagate dev_get_valid_name return code (bnc#1012382). - net: qca_spi: Avoid packet drop during initial sync (bnc#1012382). - net: qca_spi: Fix log level if probe fails (bnc#1012382). - net: qca_spi: Make sure the QCA7000 reset is triggered (bnc#1012382). - net: socket: fix potential spectre v1 gadget in socketcall (bnc#1012382). - net: usb: rtl8150: demote allmulti message to dev_dbg() (bnc#1012382). - net: vmxnet3: use new api ethtool_{get|set}_link_ksettings (bsc#1091860 bsc#1098253). - net_sched: Fix missing res info when create new tc_index filter (bnc#1012382). - net_sched: fix NULL pointer dereference when delete tcindex filter (bnc#1012382). - netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state (bnc#1012382). - netfilter: ipset: List timing out entries with "timeout 1" instead of zero (bnc#1012382). - netfilter: ipv6: nf_defrag: reduce struct net memory waste (bnc#1012382). - netfilter: ipvs: do not create conn for ABORT packet in sctp_conn_schedule (bsc#1102797). - netfilter: ipvs: fix the issue that sctp_conn_schedule drops non-INIT packet (bsc#1102797). - netfilter: x_tables: set module owner for icmp(6) matches (bnc#1012382). - netlink: Do not shift on 64 for ngroups (bnc#1012382). - netlink: Do not shift with UB on nlk->ngroups (bnc#1012382). - netlink: Do not subscribe to non-existent groups (bnc#1012382). - netlink: Fix spectre v1 gadget in netlink_create() (bnc#1012382). - netlink: do not enter direct reclaim from netlink_trim() (bsc#1042286). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (bnc#1012382). - nl80211: Add a missing break in parse_station_flags (bnc#1012382). - nohz: Fix local_timer_softirq_pending() (bnc#1012382). - nvme-fc: release io queues to allow fast fail (bsc#1102486). - nvme: if_ready checks to fail io to deleting controller (bsc#1102486). - nvme: kABI-compliant version of nvmf_fail_nonready_command() (bsc#1102486). - nvmet-fc: fix target sgl list on large transfers (bsc#1102486). - osf_getdomainname(): use copy_to_user() (bnc#1012382). - ovl: Do d_type check only if work dir creation was successful (bnc#1012382). - ovl: Ensure upper filesystem supports d_type (bnc#1012382). - ovl: warn instead of error if d_type is not supported (bnc#1012382). - packet: refine ring v3 block size test to hold one frame (bnc#1012382). - packet: reset network header if packet shorter than ll reserved space (bnc#1012382). - parisc: Define mb() and add memory barriers to assembler unlock sequences (bnc#1012382). - parisc: Enable CONFIG_MLONGCALLS by default (bnc#1012382). - parisc: Remove ordered stores from syscall.S (bnc#1012382). - parisc: Remove unnecessary barriers from spinlock.h (bnc#1012382). - perf auxtrace: Fix queue resize (bnc#1012382). - perf llvm-utils: Remove bashism from kernel include fetch script (bnc#1012382). - perf report powerpc: Fix crash if callchain is empty (bnc#1012382). - perf test session topology: Fix test on s390 (bnc#1012382). - perf/x86/intel/uncore: Correct fixed counter index check for NHM (bnc#1012382). - perf/x86/intel/uncore: Correct fixed counter index check in generic code (bnc#1012382). - perf: fix invalid bit in diagnostic entry (bnc#1012382). - pinctrl: at91-pio4: add missing of_node_put (bnc#1012382). - pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() (bnc#1012382). - pnfs/blocklayout: off by one in bl_map_stripe() (bnc#1012382). - powerpc/32: Add a missing include header (bnc#1012382). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032). - powerpc/64s: Fix compiler store ordering to SLB shadow area (bnc#1012382). - powerpc/8xx: fix invalid register expression in head_8xx.S (bnc#1012382). - powerpc/chrp/time: Make some functions static, add missing header include (bnc#1012382). - powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet (bnc#1012382). - powerpc/fadump: handle crash memory ranges array index overflow (bsc#1103269). - powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements (bsc#1103269). - powerpc/lib: Fix the feature fixup tests to actually work (bsc#1066223). - powerpc/powermac: Add missing prototype for note_bootable_part() (bnc#1012382). - powerpc/powermac: Mark variable x as unused (bnc#1012382). - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler (bnc#1012382). - powerpc/topology: Get topology for shared processors at boot (bsc#1104683). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc: make feature-fixup tests fortify-safe (bsc#1066223). - provide special timeout module parameters for EC2 (bsc#1065364). - ptp: fix missing break in switch (bnc#1012382). - pwm: tiehrpwm: Fix disabling of output of PWMs (bnc#1012382). - qed: Add sanity check for SIMD fastpath handler (bnc#1012382). - qed: Correct Multicast API to reflect existence of 256 approximate buckets (bsc#1019695 bsc#1019699 bsc#1022604). - qed: Do not advertise DCBX_LLD_MANAGED capability (bsc#1019695 bsc#1019699 bsc#1022604). - qed: Fix possible memory leak in Rx error path handling (bsc#1019695 bsc#1019699 bsc#1022604 ). - qed: Fix possible race for the link state value (bnc#1012382). - qed: Fix setting of incorrect eswitch mode (bsc#1019695 bsc#1019699 bsc#1022604). - qed: Fix use of incorrect size in memcpy call (bsc#1019695 bsc#1019699 bsc#1022604). - qede: Adverstise software timestamp caps when PHC is not available (bsc#1019695 bsc#1019699 bsc#1022604). - qlge: Fix netdev features configuration (bsc#1098822). - qlogic: check kstrtoul() for errors (bnc#1012382). - random: mix rdrand with entropy sent in from userspace (bnc#1012382). - readahead: stricter check for bdi io_pages (VM Functionality). - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops (bnc#1012382). - reiserfs: fix broken xattr handling (heap corruption, bad retval) (bnc#1012382). - ring_buffer: tracing: Inherit the tracing setting to next ring buffer (bnc#1012382). - root dentries need RCU-delayed freeing (bnc#1012382). - rsi: Fix 'invalid vdd' warning in mmc (bnc#1012382). - rtc: ensure rtc_set_alarm fails when alarms are not supported (bnc#1012382). - rtnetlink: add rtnl_link_state check in rtnl_configure_link (bnc#1012382). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (bnc#1012382). - s390/kvm: fix deadlock when killed by oom (bnc#1012382). - s390/lib: use expoline for all bcr instructions (bnc#1106934, LTC#171029). - s390/pci: fix out of bounds access during irq setup (bnc#1012382). - s390/qdio: reset old sbal_state flags (bnc#1012382). - s390/qeth: do not clobber buffer on async TX completion (bnc#1104485, LTC#170349). - s390/qeth: fix race when setting MAC address (bnc#1104485, LTC#170726). - s390: add explicit for jump label (bsc#1105271). - s390: detect etoken facility (bnc#1106934, LTC#171029). - s390: fix br_r1_trampoline for machines without exrl (bnc#1012382 bnc#1106934 LTC#171029). - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - scripts/tar-up.sh: Do not package gitlog-excludes file Also fix the evaluation of gitlog-excludes file, too - scsi: 3w-xxxx: fix a missing-check bug (bnc#1012382). - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bnc#1012382). - scsi: fcoe: drop frames in ELS LOGO error path (bnc#1012382). - scsi: hpsa: limit transfer length to 1MB, not 512kB (bsc#1102346). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bnc#1012382). - scsi: megaraid: silence a static checker bug (bnc#1012382). - scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs (bnc#1012382). - scsi: qla2xxx: Fix ISP recovery on unload (bnc#1012382). - scsi: qla2xxx: Return error when TMF returns (bnc#1012382). - scsi: scsi_dh: replace too broad "TP9" string with the exact models (bnc#1012382). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (bnc#1012382). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bnc#1012382). - scsi: ufs: fix exception event handling (bnc#1012382). - scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED (bnc#1012382). - scsi: xen-scsifront: add error handling for xenbus_printf (bnc#1012382). - scsi_debug: call resp_XXX function after setting host_scribble (bsc#1069138). - scsi_debug: reset injection flags for every_nth > 0 (bsc#1069138). - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC (bnc#1012382). - selftest/seccomp: Fix the seccomp(2) signature (bnc#1012382). - selftests/ftrace: Add snapshot and tracing_on test case (bnc#1012382). - selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs (bnc#1012382). - selftests: pstore: return Kselftest Skip code for skipped tests (bnc#1012382). - selftests: static_keys: return Kselftest Skip code for skipped tests (bnc#1012382). - selftests: sync: add config fragment for testing sync framework (bnc#1012382). - selftests: user: return Kselftest Skip code for skipped tests (bnc#1012382). - selftests: zram: return Kselftest Skip code for skipped tests (bnc#1012382). - serial: 8250_dw: always set baud rate in dw8250_set_termios (bnc#1012382). - sfc: stop the TX queue before pushing new buffers (bsc#1017967 ). - skbuff: Unconditionally copy pfmemalloc in __skb_clone() (bnc#1012382). - slab: __GFP_ZERO is incompatible with a constructor (bnc#1107060). - smb3: Do not send SMB3 SET_INFO if nothing changed (bnc#1012382). - smb3: do not request leases in symlink creation and query (bnc#1012382). - spi: davinci: fix a NULL pointer dereference (bnc#1012382). - squashfs: be more careful about metadata corruption (bnc#1012382). - squashfs: more metadata hardening (bnc#1012382). - squashfs: more metadata hardenings (bnc#1012382). - staging: android: ion: check for kref overflow (bnc#1012382). - string: drop __must_check from strscpy() and restore strscpy() usages in cgroup (bsc#1107319). - sys: do not hold uts_sem while accessing userspace memory (bnc#1106995). - target_core_rbd: use RCU in free_device (bsc#1105524). - tcp: Fix missing range_truesize enlargement in the backport (bnc#1012382). - tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode (bnc#1012382). - tcp: add one more quick ack after after ECN events (bnc#1012382). - tcp: do not aggressively quick ack after ECN events (bnc#1012382). - tcp: do not cancel delay-AcK on DCTCP special ACK (bnc#1012382). - tcp: do not delay ACK in DCTCP upon CE status change (bnc#1012382). - tcp: do not force quickack when receiving out-of-order packets (bnc#1012382). - tcp: fix dctcp delayed ACK schedule (bnc#1012382). - tcp: helpers to send special DCTCP ack (bnc#1012382). - tcp: identify cryptic messages as TCP seq # bugs (bnc#1012382). - tcp: refactor tcp_ecn_check_ce to remove sk type cast (bnc#1012382). - tcp: remove DELAYED ACK events in DCTCP (bnc#1012382). - tg3: Add higher cpu clock for 5762 (bnc#1012382). - thermal: exynos: fix setting rising_threshold for Exynos5433 (bnc#1012382). - timekeeping: Eliminate the stale declaration of ktime_get_raw_and_real_ts64() (bsc#969470). - tools/power turbostat: Read extended processor family from CPUID (bnc#1012382). - tools/power turbostat: fix -S on UP systems (bnc#1012382). - tools: usb: ffs-test: Fix build on big endian systems (bnc#1012382). - tpm: fix race condition in tpm_common_write() (bnc#1012382). - tracing/blktrace: Fix to allow setting same value (bnc#1012382). - tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure (bnc#1012382). - tracing: Do not call start/stop() functions when tracing_on does not change (bnc#1012382). - tracing: Fix double free of event_trigger_data (bnc#1012382). - tracing: Fix possible double free in event_enable_trigger_func() (bnc#1012382). - tracing: Quiet gcc warning about maybe unused link variable (bnc#1012382). - tracing: Use __printf markup to silence compiler (bnc#1012382). - tty: Fix data race in tty_insert_flip_string_fixed_flag (bnc#1012382). - turn off -Wattribute-alias (bnc#1012382). - ubi: Be more paranoid while seaching for the most recent Fastmap (bnc#1012382). - ubi: Fix Fastmap's update_vol() (bnc#1012382). - ubi: Fix races around ubi_refill_pools() (bnc#1012382). - ubi: Introduce vol_ignored() (bnc#1012382). - ubi: Rework Fastmap attach base code (bnc#1012382). - ubi: fastmap: Erase outdated anchor PEBs during attach (bnc#1012382). - ubifs: Check data node size before truncate (bsc#1106276). - ubifs: Fix memory leak in lprobs self-check (bsc#1106278). - ubifs: Fix synced_i_size calculation for xattr inodes (bsc#1106275). - ubifs: xattr: Do not operate on deleted inodes (bsc#1106271). - udl-kms: change down_interruptible to down (bnc#1012382). - udl-kms: fix crash due to uninitialized memory (bnc#1012382). - udl-kms: handle allocation failure (bnc#1012382). - udlfb: set optimal write delay (bnc#1012382). - uprobes: Use synchronize_rcu() not synchronize_sched() (bnc#1012382). - usb/phy: fix PPC64 build errors in phy-fsl-usb.c (bnc#1012382). - usb: audio-v2: Correct the comment for struct uac_clock_selector_descriptor (bsc#1099810). - usb: cdc_acm: Add quirk for Castles VEGA3000 (bnc#1012382). - usb: dwc2: debugfs: Do not touch RX FIFO during register dump (bsc#1100132). - usb: dwc2: fix isoc split in transfer with no data (bnc#1012382). - usb: gadget: composite: fix delayed_status race condition when set_interface (bnc#1012382). - usb: gadget: dwc2: fix memory leak in gadget_init() (bnc#1012382). - usb: gadget: f_fs: Only return delayed status when len is 0 (bnc#1012382). - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' (bnc#1012382). - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() (bnc#1012382). - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() (bnc#1012382). - usb: hub: Do not wait for connect state at resume for powered-off ports (bnc#1012382). - usb: renesas_usbhs: gadget: fix spin_lock_init() for &uep->lock (bsc#1085536). - usb: xhci: increase CRS timeout value (bnc#1012382). - usbip: usbip_detach: Fix memory, udev context and udev leak (bnc#1012382). - userns: move user access out of the mutex (bnc#1012382). - vfs: add the sb_start_intwrite_trylock() helper (bsc#1101841). - virtio_balloon: fix another race between migration and ballooning (bnc#1012382). - vmw_balloon: VMCI_DOORBELL_SET does not check status (bnc#1012382). - vmw_balloon: do not use 2MB without batching (bnc#1012382). - vmw_balloon: fix VMCI use when balloon built into kernel (bnc#1012382). - vmw_balloon: fix inflation of 64-bit GFNs (bnc#1012382). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1091860 bsc#1098253). - vmxnet3: add receive data ring support (bsc#1091860 bsc#1098253). - vmxnet3: add support for get_coalesce, set_coalesce ethtool operations (bsc#1091860 bsc#1098253). - vmxnet3: allow variable length transmit data ring buffer (bsc#1091860 bsc#1098253). - vmxnet3: avoid assumption about invalid dma_pa in vmxnet3_set_mc() (bsc#1091860 bsc#1098253). - vmxnet3: avoid format strint overflow warning (bsc#1091860 bsc#1098253). - vmxnet3: avoid xmit reset due to a race in vmxnet3 (bsc#1091860 bsc#1098253). - vmxnet3: fix incorrect dereference when rxvlan is disabled (bsc#1091860 bsc#1098253). - vmxnet3: fix non static symbol warning (bsc#1091860 bsc#1098253). - vmxnet3: fix tx data ring copy for variable size (bsc#1091860 bsc#1098253). - vmxnet3: increase default rx ring sizes (bsc#1091860 bsc#1098253). - vmxnet3: introduce command to register memory region (bsc#1091860 bsc#1098253). - vmxnet3: introduce generalized command interface to configure the device (bsc#1091860 bsc#1098253). - vmxnet3: prepare for version 3 changes (bsc#1091860 bsc#1098253). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1091860 bsc#1098253). - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter (bsc#1091860 bsc#1098253). - vmxnet3: set the DMA mask before the first DMA map operation (bsc#1091860 bsc#1098253). - vmxnet3: update to version 3 (bsc#1091860 bsc#1098253). - vmxnet3: use DMA memory barriers where required (bsc#1091860 bsc#1098253). - vmxnet3: use correct flag to indicate LRO feature (bsc#1091860 bsc#1098253). - vsock: split dwork to avoid reinitializations (bnc#1012382). - vti6: Fix dev->max_mtu setting (bsc#1033962). - vti6: fix PMTU caching and reporting on xmit (bnc#1012382). - wlcore: sdio: check for valid platform device data before suspend (bnc#1012382). - x86/MCE: Remove min interval polling limitation (bnc#1012382). - x86/amd: do not set X86_BUG_SYSRET_SS_ATTRS when running under Xen (bnc#1012382). - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs (bnc#1012382). - x86/bugs: Move the l1tf function and define pr_fmt properly (bnc#1012382). - x86/bugs: Respect nospec command line option (bsc#1068032). - x86/cpu/AMD: Fix erratum 1076 (CPB bit) (bnc#1012382). - x86/cpu: Make alternative_msr_write work for 32-bit code (bnc#1012382). - x86/cpu: Re-apply forced caps every time CPU caps are re-read (bnc#1012382). - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bnc#1012382). - x86/cpufeatures: Clean up Spectre v2 related CPUID flags (bnc#1012382). - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface (bnc#1012382). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/init: fix build with CONFIG_SWAP=n (bnc#1012382). - x86/irqflags: Mark native_restore_fl extern inline (bnc#1012382). - x86/irqflags: Provide a declaration for native_save_fl. - x86/mm/kmmio: Make the tracer robust against L1TF (bnc#1012382). - x86/mm/pat: Fix L1TF stable backport for CPA (bnc#1012382). - x86/mm/pat: Fix L1TF stable backport for CPA, 2nd call (bnc#1012382). - x86/mm/pat: Make set_memory_np() L1TF safe (bnc#1012382). - x86/mm: Add TLB purge to free pmd/pte page interfaces (bnc#1012382). - x86/mm: Disable ioremap free page handling on x86-PAE (bnc#1012382). - x86/mm: Give each mm TLB flush generation a unique ID (bnc#1012382). - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (bnc#1012382). - x86/paravirt: Make native_save_fl() extern inline (bnc#1012382). - x86/process: Correct and optimize TIF_BLOCKSTEP switch (bnc#1012382). - x86/process: Optimize TIF checks in __switch_to_xtra() (bnc#1012382). - x86/process: Optimize TIF_NOTSC switch (bnc#1012382). - x86/process: Re-export start_thread() (bnc#1012382). - x86/spectre: Add missing family 6 check to microcode check (bnc#1012382). - x86/spectre_v2: Do not check microcode versions when running under hypervisors (bnc#1012382). - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (bnc#1012382). - x86/speculation/l1tf: Extend 64bit swap file size limit (bnc#1012382). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1012382). - x86/speculation/l1tf: Fix up CPU feature flags (bnc#1012382). - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bnc#1012382). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Invert all not present mappings (bnc#1012382). - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (bnc#1012382). - x86/speculation/l1tf: Protect PAE swap entries against L1TF (bnc#1012382). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (bnc#1012382). - x86/speculation: Add dependency (bnc#1012382). - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (bnc#1012382). - x86/speculation: Clean up various Spectre related details (bnc#1012382). - x86/speculation: Correct Speculation Control microcode blacklist again (bnc#1012382). - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP (bnc#1012382). - x86/speculation: Update Speculation Control microcode blacklist (bnc#1012382). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - x86/speculation: Use IBRS if available before calling into firmware (bnc#1012382). - x86/speculation: Use Indirect Branch Prediction Barrier in context switch (bnc#1012382). - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths (bnc#1012382). - xen-netfront: wait xenbus state change when load module manually (bnc#1012382). - xen/blkback: do not keep persistent grants too long (bsc#1085042). - xen/blkback: move persistent grants flags to bool (bsc#1085042). - xen/blkfront: cleanup stale persistent grants (bsc#1085042). - xen/blkfront: reorder tests in xlblk_init() (bsc#1085042). - xen/netfront: do not cache skb_shinfo() (bnc#1012382). - xen: set cpu capabilities from xen_start_kernel() (bnc#1012382). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (bnc#1012382). - xfrm: free skb if nlsk pointer is NULL (bnc#1012382). - xfrm_user: prevent leaking 2 bytes of kernel memory (bnc#1012382). - xfs: Remove dead code from inode recover function (bsc#1105396). - xfs: repair malformed inode items during log recovery (bsc#1105396). - xhci: Fix perceived dead host due to runtime suspend race with event handler (bnc#1012382). - zswap: re-check zswap_is_full() after do zswap_shrink() (bnc#1012382). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1941=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_155-94_50-default-1-4.3.1 kgraft-patch-4_4_155-94_50-default-debuginfo-1-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-10876.html https://www.suse.com/security/cve/CVE-2018-10877.html https://www.suse.com/security/cve/CVE-2018-10878.html https://www.suse.com/security/cve/CVE-2018-10879.html https://www.suse.com/security/cve/CVE-2018-10880.html https://www.suse.com/security/cve/CVE-2018-10881.html https://www.suse.com/security/cve/CVE-2018-10882.html https://www.suse.com/security/cve/CVE-2018-10883.html https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10938.html https://www.suse.com/security/cve/CVE-2018-1128.html https://www.suse.com/security/cve/CVE-2018-1129.html https://www.suse.com/security/cve/CVE-2018-12896.html https://www.suse.com/security/cve/CVE-2018-13093.html https://www.suse.com/security/cve/CVE-2018-13094.html https://www.suse.com/security/cve/CVE-2018-13095.html https://www.suse.com/security/cve/CVE-2018-15572.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://www.suse.com/security/cve/CVE-2018-9363.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1015342 https://bugzilla.suse.com/1015343 https://bugzilla.suse.com/1017967 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1019699 https://bugzilla.suse.com/1020412 https://bugzilla.suse.com/1021121 https://bugzilla.suse.com/1022604 https://bugzilla.suse.com/1024361 https://bugzilla.suse.com/1024365 https://bugzilla.suse.com/1024376 https://bugzilla.suse.com/1027968 https://bugzilla.suse.com/1030552 https://bugzilla.suse.com/1031492 https://bugzilla.suse.com/1033962 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1048317 https://bugzilla.suse.com/1050431 https://bugzilla.suse.com/1053685 https://bugzilla.suse.com/1055014 https://bugzilla.suse.com/1056596 https://bugzilla.suse.com/1062604 https://bugzilla.suse.com/1063646 https://bugzilla.suse.com/1064232 https://bugzilla.suse.com/1065364 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068075 https://bugzilla.suse.com/1069138 https://bugzilla.suse.com/1078921 https://bugzilla.suse.com/1080157 https://bugzilla.suse.com/1083663 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1086457 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1089066 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1091860 https://bugzilla.suse.com/1096254 https://bugzilla.suse.com/1096748 https://bugzilla.suse.com/1097105 https://bugzilla.suse.com/1098253 https://bugzilla.suse.com/1098822 https://bugzilla.suse.com/1099597 https://bugzilla.suse.com/1099810 https://bugzilla.suse.com/1099811 https://bugzilla.suse.com/1099813 https://bugzilla.suse.com/1099832 https://bugzilla.suse.com/1099844 https://bugzilla.suse.com/1099845 https://bugzilla.suse.com/1099846 https://bugzilla.suse.com/1099849 https://bugzilla.suse.com/1099863 https://bugzilla.suse.com/1099864 https://bugzilla.suse.com/1099922 https://bugzilla.suse.com/1099999 https://bugzilla.suse.com/1100000 https://bugzilla.suse.com/1100001 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1101822 https://bugzilla.suse.com/1101841 https://bugzilla.suse.com/1102346 https://bugzilla.suse.com/1102486 https://bugzilla.suse.com/1102517 https://bugzilla.suse.com/1102715 https://bugzilla.suse.com/1102797 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1103445 https://bugzilla.suse.com/1103717 https://bugzilla.suse.com/1104319 https://bugzilla.suse.com/1104485 https://bugzilla.suse.com/1104494 https://bugzilla.suse.com/1104495 https://bugzilla.suse.com/1104683 https://bugzilla.suse.com/1104897 https://bugzilla.suse.com/1105271 https://bugzilla.suse.com/1105292 https://bugzilla.suse.com/1105322 https://bugzilla.suse.com/1105323 https://bugzilla.suse.com/1105392 https://bugzilla.suse.com/1105396 https://bugzilla.suse.com/1105524 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1105769 https://bugzilla.suse.com/1106016 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106185 https://bugzilla.suse.com/1106229 https://bugzilla.suse.com/1106271 https://bugzilla.suse.com/1106275 https://bugzilla.suse.com/1106276 https://bugzilla.suse.com/1106278 https://bugzilla.suse.com/1106281 https://bugzilla.suse.com/1106283 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1106697 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1106934 https://bugzilla.suse.com/1106995 https://bugzilla.suse.com/1107060 https://bugzilla.suse.com/1107078 https://bugzilla.suse.com/1107319 https://bugzilla.suse.com/1107320 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1107735 https://bugzilla.suse.com/1107966 https://bugzilla.suse.com/963575 https://bugzilla.suse.com/966170 https://bugzilla.suse.com/966172 https://bugzilla.suse.com/969470 https://bugzilla.suse.com/969476 https://bugzilla.suse.com/969477 https://bugzilla.suse.com/970506 From sle-security-updates at lists.suse.com Thu Sep 20 16:30:31 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Sep 2018 00:30:31 +0200 (CEST) Subject: SUSE-SU-2018:2776-1: important: Security update for the Linux Kernel Message-ID: <20180920223031.98B38FD03@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2776-1 Rating: important References: #1012382 #1015342 #1015343 #1017967 #1019695 #1019699 #1020412 #1021121 #1022604 #1024361 #1024365 #1024376 #1027968 #1030552 #1031492 #1033962 #1042286 #1048317 #1050431 #1053685 #1055014 #1056596 #1062604 #1063646 #1064232 #1065364 #1066223 #1068032 #1068075 #1069138 #1078921 #1080157 #1083663 #1085042 #1085536 #1085539 #1086457 #1087092 #1089066 #1090888 #1091171 #1091860 #1096254 #1096748 #1097105 #1098253 #1098822 #1099597 #1099810 #1099811 #1099813 #1099832 #1099844 #1099845 #1099846 #1099849 #1099863 #1099864 #1099922 #1099999 #1100000 #1100001 #1100132 #1101822 #1101841 #1102346 #1102486 #1102517 #1102715 #1102797 #1103269 #1103445 #1103717 #1104319 #1104485 #1104494 #1104495 #1104683 #1104897 #1105271 #1105292 #1105322 #1105323 #1105392 #1105396 #1105524 #1105536 #1105769 #1106016 #1106105 #1106185 #1106229 #1106271 #1106275 #1106276 #1106278 #1106281 #1106283 #1106369 #1106509 #1106511 #1106697 #1106929 #1106934 #1106995 #1107060 #1107078 #1107319 #1107320 #1107689 #1107735 #1107966 #963575 #966170 #966172 #969470 #969476 #969477 #970506 Cross-References: CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-10902 CVE-2018-10938 CVE-2018-1128 CVE-2018-1129 CVE-2018-12896 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-15572 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 CVE-2018-9363 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 98 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.155 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001). - CVE-2018-13095: Prevent denial of service (memory corruption and BUG) that could have occurred for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999). - CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000). - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922). - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689). - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511). - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509). - CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (bnc#1096748). - CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (bnc#1096748). - CVE-2018-10938: A crafted network packet sent remotely by an attacker forced the kernel to enter an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service (bnc#1106016). - CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517). - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322 1105323). - CVE-2018-9363: Prevent buffer overflow in hidp_process_report (bsc#1105292) - CVE-2018-10883: A local user could have caused an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099863). - CVE-2018-10879: A local user could have caused a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact by renaming a file in a crafted ext4 filesystem image (bsc#1099844). - CVE-2018-10878: A local user could have caused an out-of-bounds write and a denial of service or unspecified other impact by mounting and operating a crafted ext4 filesystem image (bsc#1099813). - CVE-2018-10876: A use-after-free was possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image (bsc#1099811). - CVE-2018-10877: Prevent out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image (bsc#1099846). - CVE-2018-10881: A local user could have caused an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099864). - CVE-2018-10882: A local user could have caused an out-of-bound write, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image (bsc#1099849). - CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could have used this to cause a system crash and a denial of service (bsc#1099845). The following non-security bugs were fixed: - 9p/net: Fix zero-copy path in the 9p virtio transport (bnc#1012382). - 9p/virtio: fix off-by-one error in sg list bounds check (bnc#1012382). - 9p: fix multiple NULL-pointer-dereferences (bnc#1012382). - ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices (bnc#1012382). - ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle (bnc#1012382). - ACPI / PM: save NVS memory for ASUS 1025C laptop (bnc#1012382). - ACPI: save NVS memory for Lenovo G50-45 (bnc#1012382). - ALSA: cs5535audio: Fix invalid endian conversion (bnc#1012382). - ALSA: emu10k1: Rate-limit error messages about page errors (bnc#1012382). - ALSA: emu10k1: add error handling for snd_ctl_add (bnc#1012382). - ALSA: fm801: add error handling for snd_ctl_add (bnc#1012382). - ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs (bnc#1012382). - ALSA: hda - Turn CX8200 into D3 as well upon reboot (bnc#1012382). - ALSA: hda/ca0132: fix build failure when a local macro is defined (bnc#1012382). - ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry (bnc#1012382). - ALSA: memalloc: Do not exceed over the requested size (bnc#1012382). - ALSA: rawmidi: Change resized buffers atomically (bnc#1012382). - ALSA: snd-aoa: add of_node_put() in error path (bsc#1099810). - ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback (bnc#1012382). - ALSA: virmidi: Fix too long output trigger loop (bnc#1012382). - ALSA: vx222: Fix invalid endian conversions (bnc#1012382). - ALSA: vxpocket: Fix invalid endian conversions (bnc#1012382). - ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP (bnc#1012382). - ARC: Explicitly add -mmedium-calls to CFLAGS (bnc#1012382). - ARC: Fix CONFIG_SWAP (bnc#1012382). - ARC: mm: allow mprotect to make stack mappings executable (bnc#1012382). - ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot (bnc#1012382). - ARM: dts: Cygnus: Fix I2C controller interrupt type (bnc#1012382). - ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller (bnc#1012382). - ARM: dts: am437x: make edt-ft5x06 a wakeup source (bnc#1012382). - ARM: dts: da850: Fix interrups property for gpio (bnc#1012382). - ARM: dts: imx6sx: fix irq for pcie bridge (bnc#1012382). - ARM: fix put_user() for gcc-8 (bnc#1012382). - ARM: imx_v4_v5_defconfig: Select ULPI support (bnc#1012382). - ARM: imx_v6_v7_defconfig: Select ULPI support (bnc#1012382). - ARM: pxa: irq: fix handling of ICMR registers in suspend/resume (bnc#1012382). - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset (bnc#1012382). - ASoC: Intel: cht_bsw_max98090: remove useless code, align with ChromeOS driver. - ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization (bnc#1012382). - ASoC: dpcm: do not merge format from invalid codec dai (bnc#1012382). - ASoC: dpcm: fix BE dai not hw_free and shutdown (bnc#1012382). - ASoC: pxa: Fix module autoload for platform drivers (bnc#1012382). - ASoC: sirf: Fix potential NULL pointer dereference (bnc#1012382). - Add reference to bsc#1091171 (bnc#1012382; bsc#1091171). - Bluetooth: avoid killing an already killed socket (bnc#1012382). - Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 (bnc#1012382). - Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table (bsc#1087092). - Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking (bsc#1087092). - Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning (bnc#1012382). - Documentation/spec_ctrl: Do some minor cleanups (bnc#1012382). - HID: hid-plantronics: Re-resend Update to map button for PTT products (bnc#1012382). - HID: i2c-hid: check if device is there before really probing (bnc#1012382). - HID: wacom: Correct touch maximum XY of 2nd-gen Intuos (bnc#1012382). - IB/core: Make testing MR flags for writability a static inline function (bnc#1012382). - IB/core: Remove duplicate declaration of gid_cache_wq (bsc#1056596). - IB/iser: Do not reduce max_sectors (bsc#1063646). - IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()'. - IB/mlx4: Mark user MR as writable if actual virtual memory is writable (bnc#1012382). - IB/mlx5: Fetch soft WQE's on fatal error state (bsc#1015342 bsc#1015343). - IB/mlx5: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1015342 bsc#1015343). - IB/ocrdma: fix out of bounds access to local buffer (bnc#1012382). - Input: elan_i2c - add ACPI ID for lenovo ideapad 330 (bnc#1012382). - Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST (bnc#1012382). - Input: i8042 - add Lenovo LaVie Z to the i8042 reset list (bnc#1012382). - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bnc#1012382). - KVM: MMU: always terminate page walks at level 1 (bsc#1062604). - KVM: MMU: simplify last_pte_bitmap (bsc#1062604). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: arm/arm64: Skip updating PMD entry if no change (bnc#1012382). - KVM: arm/arm64: Skip updating PTE entry if no change (bnc#1012382). - KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer (bnc#1012382). - KVM: nVMX: update last_nonleaf_level when initializing nested EPT (bsc#1062604). - MIPS: Correct the 64-bit DSP accumulator register size (bnc#1012382). - MIPS: Fix off-by-one in pci_resource_to_user() (bnc#1012382). - MIPS: ath79: fix register address in ath79_ddr_wb_flush() (bnc#1012382). - MIPS: lib: Provide MIPS64r6 __multi3() for GCC lower than < 7 (bnc#1012382). - NET: stmmac: align DMA stuff to largest cache line length (bnc#1012382). - PCI: Prevent sysfs disable of device while driver is attached (bnc#1012382). - PCI: Skip MPS logic for Virtual Functions (VFs) (bnc#1012382). - PCI: hotplug: Do not leak pci_slot on registration failure (bnc#1012382). - PCI: pciehp: Fix use-after-free on unplug (bnc#1012382). - PCI: pciehp: Request control of native hotplug only if supported (bnc#1012382). - PM / sleep: wakeup: Fix build error caused by missing SRCU support (bnc#1012382). - RDMA/i40iw: Avoid panic when objects are being created and destroyed (bsc#969476 bsc#969477). - RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint (bsc#969476 bsc#969477). - RDMA/i40iw: Avoid reference leaks when processing the AEQ (bsc#969476 bsc#969477). - RDMA/i40w: Hold read semaphore while looking after VMA (bsc#1024376). - RDMA/mad: Convert BUG_ONs to error flows (bnc#1012382). - RDMA/mlx5: Use proper spec flow label type (bsc#1015342 bsc#1015343). - Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" (bnc#1012382). - Revert "UBIFS: Fix potential integer overflow in allocation" (bnc#1012382). - Revert "f2fs: handle dirty segments inside refresh_sit_entry" (bsc#1106281). - Revert "mm: page_alloc: skip over regions of invalid pfns where possible" (bnc#1107078). - Revert 'block-cancel-workqueue-entries-on-blk_mq_freeze_queue' (bsc#1103717). - Smack: Mark inode instant in smack_task_to_inode (bnc#1012382). - USB: musb: fix external abort on suspend (bsc#1085536). - USB: option: add support for DW5821e (bnc#1012382). - USB: serial: metro-usb: stop I/O after failed open (bsc#1085539). - USB: serial: sierra: fix potential deadlock at close (bnc#1012382). - Workaround kABI breakage by __must_check drop of strscpy() (bsc#1107319). - afs: Fix directory permissions check (bsc#1106283). - arc: fix build errors in arc/include/asm/delay.h (bnc#1012382). - arc: fix type warnings in arc/mm/cache.c (bnc#1012382). - arm64: make secondary_start_kernel() notrace (bnc#1012382). - arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() (bnc#1012382). - ath: Add regulatory mapping for APL13_WORLD (bnc#1012382). - ath: Add regulatory mapping for APL2_FCCA (bnc#1012382). - ath: Add regulatory mapping for Bahamas (bnc#1012382). - ath: Add regulatory mapping for Bermuda (bnc#1012382). - ath: Add regulatory mapping for ETSI8_WORLD (bnc#1012382). - ath: Add regulatory mapping for FCC3_ETSIC (bnc#1012382). - ath: Add regulatory mapping for Serbia (bnc#1012382). - ath: Add regulatory mapping for Tanzania (bnc#1012382). - ath: Add regulatory mapping for Uganda (bnc#1012382). - atl1c: reserve min skb headroom (bnc#1012382). - atm: Preserve value of skb->truesize when accounting to vcc (bsc#1089066). - audit: allow not equal op for audit by executable (bnc#1012382). - backlight: as3711_bl: Fix Device Tree node leaks (bsc#1106929). - backlight: lm3630a: Bump REG_MAX value to 0x50 instead of 0x1F (bsc#1106929). - bcache: avoid unncessary cache prefetch bch_btree_node_get() (bsc#1064232). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes (bsc#1064232). - bcache: display rate debug parameters to 0 when writeback is not running (bsc#1064232). - bcache: do not check return value of debugfs_create_dir() (bsc#1064232). - bcache: finish incremental GC (bsc#1064232). - bcache: fix I/O significant decline while backend devices registering (bsc#1064232). - bcache: fix error setting writeback_rate through sysfs interface (bsc#1064232). - bcache: free heap cache_set->flush_btree in bch_journal_free (bsc#1064232). - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section (bsc#1064232). - bcache: release dc->writeback_lock properly in bch_writeback_thread() (bsc#1064232). - bcache: set max writeback rate when I/O request is idle (bsc#1064232). - bcache: simplify the calculation of the total amount of flash dirty data (bsc#1064232). - be2net: remove unused old custom busy-poll fields (bsc#1021121 ). - blkdev: __blkdev_direct_IO_simple: fix leak in error case (bsc#1083663). - block: bio_iov_iter_get_pages: fix size of last iovec (bsc#1083663). - block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs (bsc#1083663). - block: do not use interruptible wait anywhere (bnc#1012382). - bnx2x: Fix invalid memory access in rss hash config path (bnc#1012382). - bnx2x: Fix receiving tx-timeout in error or recovery state (bnc#1012382). - bnxt_en: Always set output parameters in bnxt_get_max_rings() (bsc#963575). - bnxt_en: Fix for system hang if request_irq fails (bnc#1012382). - bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic (bsc#1020412 ). - bpf: fix references to free_bpf_prog_info() in comments (bnc#1012382). - brcmfmac: Add support for bcm43364 wireless chipset (bnc#1012382). - brcmfmac: stop watchdog before detach and free everything (bnc#1012382). - bridge: Propagate vlan add failure to user (bnc#1012382). - btrfs: Do not remove block group still has pinned down bytes (bsc#1086457). - btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups (bnc#1012382). - btrfs: do not leak ret from do_chunk_alloc (bnc#1012382). - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bnc#1012382). - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf. - btrfs: round down size diff when shrinking/growing device (bsc#1097105). - can: ems_usb: Fix memory leak on ems_usb_disconnect() (bnc#1012382). - can: mpc5xxx_can: check of_iomap return before use (bnc#1012382). - can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK (bnc#1012382). - can: xilinx_can: fix RX overflow interrupt not being enabled (bnc#1012382). - can: xilinx_can: fix device dropping off bus on RX overrun (bnc#1012382). - can: xilinx_can: fix incorrect clear of non-processed interrupts (bnc#1012382). - can: xilinx_can: fix recovery from error states not being propagated (bnc#1012382). - can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting (bnc#1012382). - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (bnc#1012382). - ceph: fix incorrect use of strncpy (bsc#1107319). - ceph: return errors from posix_acl_equiv_mode() correctly (bsc#1107320). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1012382). - cifs: add missing debug entries for kconfig options (bnc#1012382). - cifs: check kmalloc before use (bsc#1012382). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1012382). - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 (bnc#1012382). - crypto: ablkcipher - fix crash flushing dcache in error path (bnc#1012382). - crypto: authenc - do not leak pointers to authenc keys (bnc#1012382). - crypto: authencesn - do not leak pointers to authenc keys (bnc#1012382). - crypto: blkcipher - fix crash flushing dcache in error path (bnc#1012382). - crypto: padlock-aes - Fix Nano workaround data corruption (bnc#1012382). - crypto: vmac - require a block cipher with 128-bit block size (bnc#1012382). - crypto: vmac - separate tfm and request context (bnc#1012382). - crypto: vmx - Fix sleep-in-atomic bugs (bsc#1048317). - cxgb4: when disabling dcb set txq dcb priority to 0 (bnc#1012382). - cxl: Fix wrong comparison in cxl_adapter_context_get() (bsc#1055014). - dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() (bnc#1012382). - disable loading f2fs module on PAGE_SIZE > 4KB (bnc#1012382). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (bnc#1012382). - dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA (bnc#1012382). - dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() (bnc#1012382). - dmaengine: pxa_dma: remove duplicate const qualifier (bnc#1012382). - driver core: Partially revert "driver core: correct device's shutdown order" (bnc#1012382). - drivers: net: lmc: fix case value for target abort error (bnc#1012382). - drm/armada: fix colorkey mode property (bnc#1012382). - drm/atmel-hlcdc: check stride values in the first plane (bsc#1106929). - drm/atomic: Handling the case when setting old crtc for plane (bnc#1012382). - drm/bridge: adv7511: Reset registers on hotplug (bnc#1012382). - drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up (bsc#1101822). - drm/drivers: add support for using the arch wc mapping API. - drm/exynos/dsi: mask frame-done interrupt (bsc#1106929). - drm/exynos: decon5433: Fix WINCONx reset value (bnc#1012382). - drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes (bnc#1012382). - drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes (bnc#1012382). - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type (bnc#1012382). - drm/i915/userptr: reject zero user_size (bsc#1090888). - drm/i915: Correctly handle limited range YCbCr data on VLV/CHV (bsc#1087092). - drm/imx: fix typo in ipu_plane_formats (bsc#1106929). - drm/imx: imx-ldb: check if channel is enabled before printing warning (bnc#1012382). - drm/imx: imx-ldb: disable LDB on driver bind (bnc#1012382). - drm/msm/hdmi: Use bitwise operators when building register values (bsc#1106929). - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bnc#1012382). - drm/panel: type promotion bug in s6e8aa0_read_mtp_id() (bsc#1105769). - drm/radeon: fix mode_valid's return type (bnc#1012382). - drm: Add DP PSR2 sink enable bit (bnc#1012382). - drm: Reject getfb for multi-plane framebuffers (bsc#1106929). - enic: do not call enic_change_mtu in enic_probe - enic: handle mtu change for vf properly (bnc#1012382). - enic: initialize enic->rfs_h.lock in enic_probe (bnc#1012382). - esp6: fix memleak on error path in esp6_input - ext4: check for NUL characters in extended attribute's name (bnc#1012382). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: do not update s_last_mounted of a frozen fs (bsc#1101841). - ext4: factor out helper ext4_sample_last_mounted() (bsc#1101841). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - ext4: fix inline data updates with checksums enabled (bsc#1104494). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bnc#1012382). - ext4: reset error code in ext4_find_entry in fallback (bnc#1012382). - ext4: sysfs: print ext4_super_block fields as little-endian (bsc#1106229). - f2fs: fix to do not trigger writeback during recovery (bnc#1012382). - fat: fix memory allocation failure handling of match_strdup() (bnc#1012382). - fb: fix lost console when the user unplugs a USB adapter (bnc#1012382). - fbdev: omapfb: off by one in omapfb_register_client() (bsc#1106929). - fix __legitimize_mnt()/mntput() race (bnc#1012382). - fix mntput/mntput race (bnc#1012382). - fork: unconditionally clear stack on fork (bnc#1012382). - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed (bnc#1012382). - fs/dax.c: fix inefficiency in dax_writeback_mapping_range() (bsc#1106185). - fs/quota: Fix spectre gadget in do_quotactl (bnc#1012382). - fs: aio: fix the increment of aio-nr and counting against aio-max-nr (bsc#1068075, bsc#1078921). - fuse: Add missed unlock_page() to fuse_readpages_fill() (bnc#1012382). - fuse: Do not access pipe->buffers without pipe_lock() (bnc#1012382). - fuse: Fix oops at process_init_reply() (bnc#1012382). - fuse: fix double request_end() (bnc#1012382). - fuse: fix unlocked access to processing queue (bnc#1012382). - fuse: umount should wait for all requests (bnc#1012382). - genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392). - getxattr: use correct xattr length (bnc#1012382). - hfsplus: Do not clear SGID when inheriting ACLs (bsc#1030552). - hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bnc#1012382). - hwrng: exynos - Disable runtime PM on driver unbind. - i2c: davinci: Avoid zero value of CLKH (bnc#1012382). - i2c: imx: Fix race condition in dma read (bnc#1012382). - i2c: imx: Fix reinit_completion() use (bnc#1012382). - i2c: ismt: fix wrong device address when unmap the data buffer (bnc#1012382). - i40e: use cpumask_copy instead of direct assignment (bsc#1053685). - i40iw: Fix memory leak in error path of create QP (bsc#969476 bsc#969477). - i40iw: Use correct address in dst_neigh_lookup for IPv6 (bsc#969476 bsc#969477). - ibmvnic: Include missing return code checks in reset function (bnc#1107966). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bnc#1012382). - ieee802154: at86rf230: use __func__ macro for debug messages (bnc#1012382). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bnc#1012382). - igb: Fix not adding filter elements to the list (bsc#1024361 bsc#1024365). - iio: ad9523: Fix displayed phase (bnc#1012382). - iio: ad9523: Fix return value for ad952x_store() (bnc#1012382). - inet: frag: enforce memory limits earlier (bnc#1012382 bsc#970506). - iommu/amd: make sure TLB to be flushed before IOVA freed (bsc#1106105). - iommu/vt-d: Add definitions for PFSID (bnc#1012382). - iommu/vt-d: Fix dev iotlb pfsid use (bnc#1012382). - iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105). - ioremap: Update pgtable free interfaces with addr (bnc#1012382). - ip: hash fragments consistently (bnc#1012382). - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull (bnc#1012382). - ipconfig: Correctly initialise ic_nameservers (bnc#1012382). - ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV (bnc#1012382). - ipv4: Return EINVAL when ping_group_range sysctl does not map to user ns (bnc#1012382). - ipv4: remove BUG_ON() from fib_compute_spec_dst (bnc#1012382). - ipv6: fix useless rol32 call on hash (bnc#1012382). - ipv6: mcast: fix unsolicited report interval after receiving querys (bnc#1012382). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1033962). - iscsi target: fix session creation failure handling (bnc#1012382). - isdn: Disable IIOCDBGVAR (bnc#1012382). - iw_cxgb4: remove duplicate memcpy() in c4iw_create_listen() (bsc#969476 bsc#969477). - iwlwifi: pcie: fix race in Rx buffer allocator (bnc#1012382). - ixgbe: Be more careful when modifying MAC filters (bnc#1012382). - jfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - jump_label: Add RELEASE barrier after text changes (bsc#1105271). - jump_label: Fix concurrent static_key_enable/disable() (bsc#1105271). - jump_label: Move CPU hotplug locking (bsc#1105271). - jump_label: Provide hotplug context variants (bsc#1105271). - jump_label: Reduce the size of struct static_key (bsc#1105271). - jump_label: Reorder hotplug lock and jump_label_lock (bsc#1105271). - jump_label: Split out code under the hotplug lock (bsc#1105271). - jump_label: remove bug.h, atomic.h dependencies for HAVE_JUMP_LABEL (bsc#1105271). - kABI: protect enum tcp_ca_event (kabi). - kABI: reexport tcp_send_ack (kabi). - kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597) - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kasan: do not emit builtin calls when sanitization is off (bnc#1012382). - kasan: fix shadow_size calculation error in kasan_module_alloc (bnc#1012382). - kbuild: verify that $DEPMOD is installed (bnc#1012382). - kernel: improve spectre mitigation (bnc#1106934, LTC#171029). - kprobes/x86: Fix %p uses in error messages (bnc#1012382). - kprobes: Make list and blacklist root user read only (bnc#1012382). - kthread, tracing: Do not expose half-written comm when creating kthreads (bsc#1104897). - kvm: x86: vmx: fix vpid leak (bnc#1012382). - l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache (bnc#1012382). - lib/rhashtable: consider param->min_size when setting initial table size (bnc#1012382). - libata: Fix command retry decision (bnc#1012382). - libceph: check authorizer reply/challenge length before reading (bsc#1096748). - libceph: factor out __ceph_x_decrypt() (bsc#1096748). - libceph: factor out __prepare_write_connect() (bsc#1096748). - libceph: factor out encrypt_authorizer() (bsc#1096748). - libceph: store ceph_auth_handshake pointer in ceph_connection (bsc#1096748). - libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() (bsc#1096748). - llc: use refcount_inc_not_zero() for llc_sap_find() (bnc#1012382). - locking/lockdep: Do not record IRQ state within lockdep code (bnc#1012382). - locks: pass inode pointer to locks_free_lock_context (bsc at 1099832). - locks: prink more detail when there are leaked locks (bsc#1099832). - locks: restore a warn for leaked locks on close (bsc#1099832). - m68k: fix "bad page state" oops on ColdFire boot (bnc#1012382). - mac80211: add stations tied to AP_VLANs during hw reconfig (bnc#1012382). - md/raid10: fix that replacement cannot complete recovery after reassemble (bnc#1012382). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (bnc#1012382). - media: omap3isp: fix unbalanced dma_iommu_mapping (bnc#1012382). - media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open() (bnc#1012382). - media: rtl28xxu: be sure that it won't go past the array size (bsc#1050431). - media: s5p-jpeg: fix number of components macro (bsc#1050431). - media: saa7164: Fix driver name in debug output (bnc#1012382). - media: si470x: fix __be16 annotations (bnc#1012382). - media: siano: get rid of __le32/__le16 cast warnings (bnc#1012382). - media: staging: omap4iss: Include asm/cacheflush.h after generic includes (bnc#1012382). - media: videobuf2-core: do not call memop 'finish' when queueing (bnc#1012382). - memory: tegra: Apply interrupts mask per SoC (bnc#1012382). - memory: tegra: Do not handle spurious interrupts (bnc#1012382). - mfd: cros_ec: Fail early if we cannot identify the EC (bnc#1012382). - microblaze: Fix simpleImage format generation (bnc#1012382). - mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported (bnc#1106697). - mm/memory.c: check return value of ioremap_prot (bnc#1012382). - mm/slub.c: add __printf verification to slab_err() (bnc#1012382). - mm/tlb: Remove tlb_remove_table() non-concurrent condition (bnc#1012382). - mm: Add vm_insert_pfn_prot() (bnc#1012382). - mm: fix cache mode tracking in vm_insert_mixed() (bnc#1012382). - mm: memcg: fix use after free in mem_cgroup_iter() (bnc#1012382). - mm: vmalloc: avoid racy handling of debugobjects in vunmap (bnc#1012382). - mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 (bnc#1012382). - mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages (bnc#1012382). - mtd: ubi: wl: Fix error return code in ubi_wl_init(). - mwifiex: correct histogram data with appropriate index (bnc#1012382). - mwifiex: handle race during mwifiex_usb_disconnect (bnc#1012382). - net/9p/client.c: version pointer uninitialized (bnc#1012382). - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() (bnc#1012382). - net/ethernet/freescale/fman: fix cross-build error (bnc#1012382). - net/ipv4: Set oif in fib_compute_spec_dst (bnc#1012382). - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper (bnc#1012382). - net/mlx5: Add missing SET_DRIVER_VERSION command translation (bsc#1015342 bsc#1015343). - net/mlx5: E-Switch, Include VF RDMA stats in vport statistics (bsc#966170 bsc#966172). - net/mlx5: Eswitch, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1015342 bsc#1015343). - net/mlx5: Fix wrong size allocation for QoS ETC TC regitster (bsc#966170 bsc#966172). - net/mlx5: Vport, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#966170 bsc#966172). - net/mlx5e: Do not allow aRFS for encapsulated packets (bsc#1015342 bsc#1015343). - net/mlx5e: Err if asked to offload TC match on frag being first (bsc#1015342 bsc#1015343). - net/mlx5e: Fix quota counting in aRFS expire flow (bsc#1015342 bsc#1015343). - net/mlx5e: Refine ets validation function (bsc#966170 bsc#966172). - net: 6lowpan: fix reserved space for single frames (bnc#1012382). - net: Do not copy pfmemalloc flag in __copy_skb_header() (bnc#1012382). - net: add skb_condense() helper (bsc#1089066). - net: adjust skb->truesize in ___pskb_trim() (bsc#1089066). - net: adjust skb->truesize in pskb_expand_head() (bsc#1089066). - net: axienet: Fix double deregister of mdio (bnc#1012382). - net: caif: Add a missing rcu_read_unlock() in caif_flow_cb (bnc#1012382). - net: davinci_emac: match the mdio device against its compatible if possible (bnc#1012382). - net: dsa: Do not suspend/resume closed slave_dev (bnc#1012382). - net: ena: Fix use of uninitialized DMA address bits field (bsc#1027968). - net: fix amd-xgbe flow-control issue (bnc#1012382). - net: hamradio: use eth_broadcast_addr (bnc#1012382). - net: lan78xx: Fix misplaced tasklet_schedule() call (bnc#1012382). - net: lan78xx: fix rx handling before first packet is send (bnc#1012382). - net: mac802154: tx: expand tailroom if necessary (bnc#1012382). - net: phy: fix flag masking in __set_phy_supported (bnc#1012382). - net: prevent ISA drivers from building on PPC32 (bnc#1012382). - net: propagate dev_get_valid_name return code (bnc#1012382). - net: qca_spi: Avoid packet drop during initial sync (bnc#1012382). - net: qca_spi: Fix log level if probe fails (bnc#1012382). - net: qca_spi: Make sure the QCA7000 reset is triggered (bnc#1012382). - net: socket: fix potential spectre v1 gadget in socketcall (bnc#1012382). - net: usb: rtl8150: demote allmulti message to dev_dbg() (bnc#1012382). - net: vmxnet3: use new api ethtool_{get|set}_link_ksettings (bsc#1091860 bsc#1098253). - net_sched: Fix missing res info when create new tc_index filter (bnc#1012382). - net_sched: fix NULL pointer dereference when delete tcindex filter (bnc#1012382). - netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state (bnc#1012382). - netfilter: ipset: List timing out entries with "timeout 1" instead of zero (bnc#1012382). - netfilter: ipv6: nf_defrag: reduce struct net memory waste (bnc#1012382). - netfilter: ipvs: do not create conn for ABORT packet in sctp_conn_schedule (bsc#1102797). - netfilter: ipvs: fix the issue that sctp_conn_schedule drops non-INIT packet (bsc#1102797). - netfilter: x_tables: set module owner for icmp(6) matches (bnc#1012382). - netlink: Do not shift on 64 for ngroups (bnc#1012382). - netlink: Do not shift with UB on nlk->ngroups (bnc#1012382). - netlink: Do not subscribe to non-existent groups (bnc#1012382). - netlink: Fix spectre v1 gadget in netlink_create() (bnc#1012382). - netlink: do not enter direct reclaim from netlink_trim() (bsc#1042286). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (bnc#1012382). - nl80211: Add a missing break in parse_station_flags (bnc#1012382). - nohz: Fix local_timer_softirq_pending() (bnc#1012382). - nvme-fc: release io queues to allow fast fail (bsc#1102486). - nvme: if_ready checks to fail io to deleting controller (bsc#1102486). - nvme: kABI-compliant version of nvmf_fail_nonready_command() (bsc#1102486). - nvmet-fc: fix target sgl list on large transfers (bsc#1102486). - osf_getdomainname(): use copy_to_user() (bnc#1012382). - ovl: Do d_type check only if work dir creation was successful (bnc#1012382). - ovl: Ensure upper filesystem supports d_type (bnc#1012382). - ovl: warn instead of error if d_type is not supported (bnc#1012382). - packet: refine ring v3 block size test to hold one frame (bnc#1012382). - packet: reset network header if packet shorter than ll reserved space (bnc#1012382). - parisc: Define mb() and add memory barriers to assembler unlock sequences (bnc#1012382). - parisc: Enable CONFIG_MLONGCALLS by default (bnc#1012382). - parisc: Remove ordered stores from syscall.S (bnc#1012382). - parisc: Remove unnecessary barriers from spinlock.h (bnc#1012382). - perf auxtrace: Fix queue resize (bnc#1012382). - perf llvm-utils: Remove bashism from kernel include fetch script (bnc#1012382). - perf report powerpc: Fix crash if callchain is empty (bnc#1012382). - perf test session topology: Fix test on s390 (bnc#1012382). - perf/x86/intel/uncore: Correct fixed counter index check for NHM (bnc#1012382). - perf/x86/intel/uncore: Correct fixed counter index check in generic code (bnc#1012382). - perf: fix invalid bit in diagnostic entry (bnc#1012382). - pinctrl: at91-pio4: add missing of_node_put (bnc#1012382). - pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() (bnc#1012382). - pnfs/blocklayout: off by one in bl_map_stripe() (bnc#1012382). - powerpc/32: Add a missing include header (bnc#1012382). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032). - powerpc/64s: Fix compiler store ordering to SLB shadow area (bnc#1012382). - powerpc/8xx: fix invalid register expression in head_8xx.S (bnc#1012382). - powerpc/chrp/time: Make some functions static, add missing header include (bnc#1012382). - powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet (bnc#1012382). - powerpc/fadump: handle crash memory ranges array index overflow (bsc#1103269). - powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements (bsc#1103269). - powerpc/lib: Fix the feature fixup tests to actually work (bsc#1066223). - powerpc/powermac: Add missing prototype for note_bootable_part() (bnc#1012382). - powerpc/powermac: Mark variable x as unused (bnc#1012382). - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler (bnc#1012382). - powerpc/topology: Get topology for shared processors at boot (bsc#1104683). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc: make feature-fixup tests fortify-safe (bsc#1066223). - provide special timeout module parameters for EC2 (bsc#1065364). - ptp: fix missing break in switch (bnc#1012382). - pwm: tiehrpwm: Fix disabling of output of PWMs (bnc#1012382). - qed: Add sanity check for SIMD fastpath handler (bnc#1012382). - qed: Correct Multicast API to reflect existence of 256 approximate buckets (bsc#1019695 bsc#1019699 bsc#1022604). - qed: Do not advertise DCBX_LLD_MANAGED capability (bsc#1019695 bsc#1019699 bsc#1022604). - qed: Fix possible memory leak in Rx error path handling (bsc#1019695 bsc#1019699 bsc#1022604 ). - qed: Fix possible race for the link state value (bnc#1012382). - qed: Fix setting of incorrect eswitch mode (bsc#1019695 bsc#1019699 bsc#1022604). - qed: Fix use of incorrect size in memcpy call (bsc#1019695 bsc#1019699 bsc#1022604). - qede: Adverstise software timestamp caps when PHC is not available (bsc#1019695 bsc#1019699 bsc#1022604). - qlge: Fix netdev features configuration (bsc#1098822). - qlogic: check kstrtoul() for errors (bnc#1012382). - random: mix rdrand with entropy sent in from userspace (bnc#1012382). - readahead: stricter check for bdi io_pages (VM Functionality). - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops (bnc#1012382). - reiserfs: fix broken xattr handling (heap corruption, bad retval) (bnc#1012382). - ring_buffer: tracing: Inherit the tracing setting to next ring buffer (bnc#1012382). - root dentries need RCU-delayed freeing (bnc#1012382). - rsi: Fix 'invalid vdd' warning in mmc (bnc#1012382). - rtc: ensure rtc_set_alarm fails when alarms are not supported (bnc#1012382). - rtnetlink: add rtnl_link_state check in rtnl_configure_link (bnc#1012382). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (bnc#1012382). - s390/kvm: fix deadlock when killed by oom (bnc#1012382). - s390/lib: use expoline for all bcr instructions (bnc#1106934, LTC#171029). - s390/pci: fix out of bounds access during irq setup (bnc#1012382). - s390/qdio: reset old sbal_state flags (bnc#1012382). - s390/qeth: do not clobber buffer on async TX completion (bnc#1104485, LTC#170349). - s390/qeth: fix race when setting MAC address (bnc#1104485, LTC#170726). - s390: add explicit for jump label (bsc#1105271). - s390: detect etoken facility (bnc#1106934, LTC#171029). - s390: fix br_r1_trampoline for machines without exrl (bnc#1012382 bnc#1106934 LTC#171029). - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - scripts/tar-up.sh: Do not package gitlog-excludes file Also fix the evaluation of gitlog-excludes file, too - scsi: 3w-xxxx: fix a missing-check bug (bnc#1012382). - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bnc#1012382). - scsi: fcoe: drop frames in ELS LOGO error path (bnc#1012382). - scsi: hpsa: limit transfer length to 1MB, not 512kB (bsc#1102346). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bnc#1012382). - scsi: megaraid: silence a static checker bug (bnc#1012382). - scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs (bnc#1012382). - scsi: qla2xxx: Fix ISP recovery on unload (bnc#1012382). - scsi: qla2xxx: Return error when TMF returns (bnc#1012382). - scsi: scsi_dh: replace too broad "TP9" string with the exact models (bnc#1012382). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (bnc#1012382). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bnc#1012382). - scsi: ufs: fix exception event handling (bnc#1012382). - scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED (bnc#1012382). - scsi: xen-scsifront: add error handling for xenbus_printf (bnc#1012382). - scsi_debug: call resp_XXX function after setting host_scribble (bsc#1069138). - scsi_debug: reset injection flags for every_nth > 0 (bsc#1069138). - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC (bnc#1012382). - selftest/seccomp: Fix the seccomp(2) signature (bnc#1012382). - selftests/ftrace: Add snapshot and tracing_on test case (bnc#1012382). - selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs (bnc#1012382). - selftests: pstore: return Kselftest Skip code for skipped tests (bnc#1012382). - selftests: static_keys: return Kselftest Skip code for skipped tests (bnc#1012382). - selftests: sync: add config fragment for testing sync framework (bnc#1012382). - selftests: user: return Kselftest Skip code for skipped tests (bnc#1012382). - selftests: zram: return Kselftest Skip code for skipped tests (bnc#1012382). - serial: 8250_dw: always set baud rate in dw8250_set_termios (bnc#1012382). - sfc: stop the TX queue before pushing new buffers (bsc#1017967 ). - skbuff: Unconditionally copy pfmemalloc in __skb_clone() (bnc#1012382). - slab: __GFP_ZERO is incompatible with a constructor (bnc#1107060). - smb3: Do not send SMB3 SET_INFO if nothing changed (bnc#1012382). - smb3: do not request leases in symlink creation and query (bnc#1012382). - spi: davinci: fix a NULL pointer dereference (bnc#1012382). - squashfs: be more careful about metadata corruption (bnc#1012382). - squashfs: more metadata hardening (bnc#1012382). - squashfs: more metadata hardenings (bnc#1012382). - staging: android: ion: check for kref overflow (bnc#1012382). - string: drop __must_check from strscpy() and restore strscpy() usages in cgroup (bsc#1107319). - sys: do not hold uts_sem while accessing userspace memory (bnc#1106995). - target_core_rbd: use RCU in free_device (bsc#1105524). - tcp: Fix missing range_truesize enlargement in the backport (bnc#1012382). - tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode (bnc#1012382). - tcp: add one more quick ack after after ECN events (bnc#1012382). - tcp: do not aggressively quick ack after ECN events (bnc#1012382). - tcp: do not cancel delay-AcK on DCTCP special ACK (bnc#1012382). - tcp: do not delay ACK in DCTCP upon CE status change (bnc#1012382). - tcp: do not force quickack when receiving out-of-order packets (bnc#1012382). - tcp: fix dctcp delayed ACK schedule (bnc#1012382). - tcp: helpers to send special DCTCP ack (bnc#1012382). - tcp: identify cryptic messages as TCP seq # bugs (bnc#1012382). - tcp: refactor tcp_ecn_check_ce to remove sk type cast (bnc#1012382). - tcp: remove DELAYED ACK events in DCTCP (bnc#1012382). - tg3: Add higher cpu clock for 5762 (bnc#1012382). - thermal: exynos: fix setting rising_threshold for Exynos5433 (bnc#1012382). - timekeeping: Eliminate the stale declaration of ktime_get_raw_and_real_ts64() (bsc#969470). - tools/power turbostat: Read extended processor family from CPUID (bnc#1012382). - tools/power turbostat: fix -S on UP systems (bnc#1012382). - tools: usb: ffs-test: Fix build on big endian systems (bnc#1012382). - tpm: fix race condition in tpm_common_write() (bnc#1012382). - tracing/blktrace: Fix to allow setting same value (bnc#1012382). - tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure (bnc#1012382). - tracing: Do not call start/stop() functions when tracing_on does not change (bnc#1012382). - tracing: Fix double free of event_trigger_data (bnc#1012382). - tracing: Fix possible double free in event_enable_trigger_func() (bnc#1012382). - tracing: Quiet gcc warning about maybe unused link variable (bnc#1012382). - tracing: Use __printf markup to silence compiler (bnc#1012382). - tty: Fix data race in tty_insert_flip_string_fixed_flag (bnc#1012382). - turn off -Wattribute-alias (bnc#1012382). - ubi: Be more paranoid while seaching for the most recent Fastmap (bnc#1012382). - ubi: Fix Fastmap's update_vol() (bnc#1012382). - ubi: Fix races around ubi_refill_pools() (bnc#1012382). - ubi: Introduce vol_ignored() (bnc#1012382). - ubi: Rework Fastmap attach base code (bnc#1012382). - ubi: fastmap: Erase outdated anchor PEBs during attach (bnc#1012382). - ubifs: Check data node size before truncate (bsc#1106276). - ubifs: Fix memory leak in lprobs self-check (bsc#1106278). - ubifs: Fix synced_i_size calculation for xattr inodes (bsc#1106275). - ubifs: xattr: Do not operate on deleted inodes (bsc#1106271). - udl-kms: change down_interruptible to down (bnc#1012382). - udl-kms: fix crash due to uninitialized memory (bnc#1012382). - udl-kms: handle allocation failure (bnc#1012382). - udlfb: set optimal write delay (bnc#1012382). - uprobes: Use synchronize_rcu() not synchronize_sched() (bnc#1012382). - usb/phy: fix PPC64 build errors in phy-fsl-usb.c (bnc#1012382). - usb: audio-v2: Correct the comment for struct uac_clock_selector_descriptor (bsc#1099810). - usb: cdc_acm: Add quirk for Castles VEGA3000 (bnc#1012382). - usb: dwc2: debugfs: Do not touch RX FIFO during register dump (bsc#1100132). - usb: dwc2: fix isoc split in transfer with no data (bnc#1012382). - usb: gadget: composite: fix delayed_status race condition when set_interface (bnc#1012382). - usb: gadget: dwc2: fix memory leak in gadget_init() (bnc#1012382). - usb: gadget: f_fs: Only return delayed status when len is 0 (bnc#1012382). - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' (bnc#1012382). - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() (bnc#1012382). - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() (bnc#1012382). - usb: hub: Do not wait for connect state at resume for powered-off ports (bnc#1012382). - usb: renesas_usbhs: gadget: fix spin_lock_init() for &uep->lock (bsc#1085536). - usb: xhci: increase CRS timeout value (bnc#1012382). - usbip: usbip_detach: Fix memory, udev context and udev leak (bnc#1012382). - userns: move user access out of the mutex (bnc#1012382). - vfs: add the sb_start_intwrite_trylock() helper (bsc#1101841). - virtio_balloon: fix another race between migration and ballooning (bnc#1012382). - vmw_balloon: VMCI_DOORBELL_SET does not check status (bnc#1012382). - vmw_balloon: do not use 2MB without batching (bnc#1012382). - vmw_balloon: fix VMCI use when balloon built into kernel (bnc#1012382). - vmw_balloon: fix inflation of 64-bit GFNs (bnc#1012382). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1091860 bsc#1098253). - vmxnet3: add receive data ring support (bsc#1091860 bsc#1098253). - vmxnet3: add support for get_coalesce, set_coalesce ethtool operations (bsc#1091860 bsc#1098253). - vmxnet3: allow variable length transmit data ring buffer (bsc#1091860 bsc#1098253). - vmxnet3: avoid assumption about invalid dma_pa in vmxnet3_set_mc() (bsc#1091860 bsc#1098253). - vmxnet3: avoid format strint overflow warning (bsc#1091860 bsc#1098253). - vmxnet3: avoid xmit reset due to a race in vmxnet3 (bsc#1091860 bsc#1098253). - vmxnet3: fix incorrect dereference when rxvlan is disabled (bsc#1091860 bsc#1098253). - vmxnet3: fix non static symbol warning (bsc#1091860 bsc#1098253). - vmxnet3: fix tx data ring copy for variable size (bsc#1091860 bsc#1098253). - vmxnet3: increase default rx ring sizes (bsc#1091860 bsc#1098253). - vmxnet3: introduce command to register memory region (bsc#1091860 bsc#1098253). - vmxnet3: introduce generalized command interface to configure the device (bsc#1091860 bsc#1098253). - vmxnet3: prepare for version 3 changes (bsc#1091860 bsc#1098253). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1091860 bsc#1098253). - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter (bsc#1091860 bsc#1098253). - vmxnet3: set the DMA mask before the first DMA map operation (bsc#1091860 bsc#1098253). - vmxnet3: update to version 3 (bsc#1091860 bsc#1098253). - vmxnet3: use DMA memory barriers where required (bsc#1091860 bsc#1098253). - vmxnet3: use correct flag to indicate LRO feature (bsc#1091860 bsc#1098253). - vsock: split dwork to avoid reinitializations (bnc#1012382). - vti6: Fix dev->max_mtu setting (bsc#1033962). - vti6: fix PMTU caching and reporting on xmit (bnc#1012382). - wlcore: sdio: check for valid platform device data before suspend (bnc#1012382). - x86/MCE: Remove min interval polling limitation (bnc#1012382). - x86/amd: do not set X86_BUG_SYSRET_SS_ATTRS when running under Xen (bnc#1012382). - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs (bnc#1012382). - x86/bugs: Move the l1tf function and define pr_fmt properly (bnc#1012382). - x86/bugs: Respect nospec command line option (bsc#1068032). - x86/cpu/AMD: Fix erratum 1076 (CPB bit) (bnc#1012382). - x86/cpu: Make alternative_msr_write work for 32-bit code (bnc#1012382). - x86/cpu: Re-apply forced caps every time CPU caps are re-read (bnc#1012382). - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bnc#1012382). - x86/cpufeatures: Clean up Spectre v2 related CPUID flags (bnc#1012382). - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface (bnc#1012382). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/init: fix build with CONFIG_SWAP=n (bnc#1012382). - x86/irqflags: Mark native_restore_fl extern inline (bnc#1012382). - x86/irqflags: Provide a declaration for native_save_fl. - x86/mm/kmmio: Make the tracer robust against L1TF (bnc#1012382). - x86/mm/pat: Fix L1TF stable backport for CPA (bnc#1012382). - x86/mm/pat: Fix L1TF stable backport for CPA, 2nd call (bnc#1012382). - x86/mm/pat: Make set_memory_np() L1TF safe (bnc#1012382). - x86/mm: Add TLB purge to free pmd/pte page interfaces (bnc#1012382). - x86/mm: Disable ioremap free page handling on x86-PAE (bnc#1012382). - x86/mm: Give each mm TLB flush generation a unique ID (bnc#1012382). - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (bnc#1012382). - x86/paravirt: Make native_save_fl() extern inline (bnc#1012382). - x86/process: Correct and optimize TIF_BLOCKSTEP switch (bnc#1012382). - x86/process: Optimize TIF checks in __switch_to_xtra() (bnc#1012382). - x86/process: Optimize TIF_NOTSC switch (bnc#1012382). - x86/process: Re-export start_thread() (bnc#1012382). - x86/spectre: Add missing family 6 check to microcode check (bnc#1012382). - x86/spectre_v2: Do not check microcode versions when running under hypervisors (bnc#1012382). - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (bnc#1012382). - x86/speculation/l1tf: Extend 64bit swap file size limit (bnc#1012382). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1012382). - x86/speculation/l1tf: Fix up CPU feature flags (bnc#1012382). - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bnc#1012382). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Invert all not present mappings (bnc#1012382). - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (bnc#1012382). - x86/speculation/l1tf: Protect PAE swap entries against L1TF (bnc#1012382). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (bnc#1012382). - x86/speculation: Add dependency (bnc#1012382). - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (bnc#1012382). - x86/speculation: Clean up various Spectre related details (bnc#1012382). - x86/speculation: Correct Speculation Control microcode blacklist again (bnc#1012382). - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP (bnc#1012382). - x86/speculation: Update Speculation Control microcode blacklist (bnc#1012382). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - x86/speculation: Use IBRS if available before calling into firmware (bnc#1012382). - x86/speculation: Use Indirect Branch Prediction Barrier in context switch (bnc#1012382). - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths (bnc#1012382). - xen-netfront: wait xenbus state change when load module manually (bnc#1012382). - xen/blkback: do not keep persistent grants too long (bsc#1085042). - xen/blkback: move persistent grants flags to bool (bsc#1085042). - xen/blkfront: cleanup stale persistent grants (bsc#1085042). - xen/blkfront: reorder tests in xlblk_init() (bsc#1085042). - xen/netfront: do not cache skb_shinfo() (bnc#1012382). - xen: set cpu capabilities from xen_start_kernel() (bnc#1012382). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (bnc#1012382). - xfrm: free skb if nlsk pointer is NULL (bnc#1012382). - xfrm_user: prevent leaking 2 bytes of kernel memory (bnc#1012382). - xfs: Remove dead code from inode recover function (bsc#1105396). - xfs: repair malformed inode items during log recovery (bsc#1105396). - xhci: Fix perceived dead host due to runtime suspend race with event handler (bnc#1012382). - zswap: re-check zswap_is_full() after do zswap_shrink() (bnc#1012382). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1941=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1941=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1941=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1941=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1941=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): kernel-default-debuginfo-4.4.155-94.50.1 kernel-default-debugsource-4.4.155-94.50.1 kernel-default-extra-4.4.155-94.50.1 kernel-default-extra-debuginfo-4.4.155-94.50.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.155-94.50.1 kernel-obs-build-debugsource-4.4.155-94.50.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.155-94.50.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.155-94.50.1 kernel-default-base-4.4.155-94.50.1 kernel-default-base-debuginfo-4.4.155-94.50.1 kernel-default-debuginfo-4.4.155-94.50.1 kernel-default-debugsource-4.4.155-94.50.1 kernel-default-devel-4.4.155-94.50.1 kernel-syms-4.4.155-94.50.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.155-94.50.1 kernel-macros-4.4.155-94.50.1 kernel-source-4.4.155-94.50.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-man-4.4.155-94.50.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.155-94.50.1 cluster-md-kmp-default-debuginfo-4.4.155-94.50.1 dlm-kmp-default-4.4.155-94.50.1 dlm-kmp-default-debuginfo-4.4.155-94.50.1 gfs2-kmp-default-4.4.155-94.50.1 gfs2-kmp-default-debuginfo-4.4.155-94.50.1 kernel-default-debuginfo-4.4.155-94.50.1 kernel-default-debugsource-4.4.155-94.50.1 ocfs2-kmp-default-4.4.155-94.50.1 ocfs2-kmp-default-debuginfo-4.4.155-94.50.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kernel-default-4.4.155-94.50.1 kernel-default-debuginfo-4.4.155-94.50.1 kernel-default-debugsource-4.4.155-94.50.1 kernel-default-devel-4.4.155-94.50.1 kernel-default-extra-4.4.155-94.50.1 kernel-default-extra-debuginfo-4.4.155-94.50.1 kernel-syms-4.4.155-94.50.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-devel-4.4.155-94.50.1 kernel-macros-4.4.155-94.50.1 kernel-source-4.4.155-94.50.1 - SUSE CaaS Platform ALL (x86_64): kernel-default-4.4.155-94.50.1 kernel-default-debuginfo-4.4.155-94.50.1 kernel-default-debugsource-4.4.155-94.50.1 - SUSE CaaS Platform 3.0 (x86_64): kernel-default-4.4.155-94.50.1 kernel-default-debuginfo-4.4.155-94.50.1 kernel-default-debugsource-4.4.155-94.50.1 References: https://www.suse.com/security/cve/CVE-2018-10876.html https://www.suse.com/security/cve/CVE-2018-10877.html https://www.suse.com/security/cve/CVE-2018-10878.html https://www.suse.com/security/cve/CVE-2018-10879.html https://www.suse.com/security/cve/CVE-2018-10880.html https://www.suse.com/security/cve/CVE-2018-10881.html https://www.suse.com/security/cve/CVE-2018-10882.html https://www.suse.com/security/cve/CVE-2018-10883.html https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10938.html https://www.suse.com/security/cve/CVE-2018-1128.html https://www.suse.com/security/cve/CVE-2018-1129.html https://www.suse.com/security/cve/CVE-2018-12896.html https://www.suse.com/security/cve/CVE-2018-13093.html https://www.suse.com/security/cve/CVE-2018-13094.html https://www.suse.com/security/cve/CVE-2018-13095.html https://www.suse.com/security/cve/CVE-2018-15572.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://www.suse.com/security/cve/CVE-2018-9363.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1015342 https://bugzilla.suse.com/1015343 https://bugzilla.suse.com/1017967 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1019699 https://bugzilla.suse.com/1020412 https://bugzilla.suse.com/1021121 https://bugzilla.suse.com/1022604 https://bugzilla.suse.com/1024361 https://bugzilla.suse.com/1024365 https://bugzilla.suse.com/1024376 https://bugzilla.suse.com/1027968 https://bugzilla.suse.com/1030552 https://bugzilla.suse.com/1031492 https://bugzilla.suse.com/1033962 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1048317 https://bugzilla.suse.com/1050431 https://bugzilla.suse.com/1053685 https://bugzilla.suse.com/1055014 https://bugzilla.suse.com/1056596 https://bugzilla.suse.com/1062604 https://bugzilla.suse.com/1063646 https://bugzilla.suse.com/1064232 https://bugzilla.suse.com/1065364 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068075 https://bugzilla.suse.com/1069138 https://bugzilla.suse.com/1078921 https://bugzilla.suse.com/1080157 https://bugzilla.suse.com/1083663 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1086457 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1089066 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1091860 https://bugzilla.suse.com/1096254 https://bugzilla.suse.com/1096748 https://bugzilla.suse.com/1097105 https://bugzilla.suse.com/1098253 https://bugzilla.suse.com/1098822 https://bugzilla.suse.com/1099597 https://bugzilla.suse.com/1099810 https://bugzilla.suse.com/1099811 https://bugzilla.suse.com/1099813 https://bugzilla.suse.com/1099832 https://bugzilla.suse.com/1099844 https://bugzilla.suse.com/1099845 https://bugzilla.suse.com/1099846 https://bugzilla.suse.com/1099849 https://bugzilla.suse.com/1099863 https://bugzilla.suse.com/1099864 https://bugzilla.suse.com/1099922 https://bugzilla.suse.com/1099999 https://bugzilla.suse.com/1100000 https://bugzilla.suse.com/1100001 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1101822 https://bugzilla.suse.com/1101841 https://bugzilla.suse.com/1102346 https://bugzilla.suse.com/1102486 https://bugzilla.suse.com/1102517 https://bugzilla.suse.com/1102715 https://bugzilla.suse.com/1102797 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1103445 https://bugzilla.suse.com/1103717 https://bugzilla.suse.com/1104319 https://bugzilla.suse.com/1104485 https://bugzilla.suse.com/1104494 https://bugzilla.suse.com/1104495 https://bugzilla.suse.com/1104683 https://bugzilla.suse.com/1104897 https://bugzilla.suse.com/1105271 https://bugzilla.suse.com/1105292 https://bugzilla.suse.com/1105322 https://bugzilla.suse.com/1105323 https://bugzilla.suse.com/1105392 https://bugzilla.suse.com/1105396 https://bugzilla.suse.com/1105524 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1105769 https://bugzilla.suse.com/1106016 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106185 https://bugzilla.suse.com/1106229 https://bugzilla.suse.com/1106271 https://bugzilla.suse.com/1106275 https://bugzilla.suse.com/1106276 https://bugzilla.suse.com/1106278 https://bugzilla.suse.com/1106281 https://bugzilla.suse.com/1106283 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1106697 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1106934 https://bugzilla.suse.com/1106995 https://bugzilla.suse.com/1107060 https://bugzilla.suse.com/1107078 https://bugzilla.suse.com/1107319 https://bugzilla.suse.com/1107320 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1107735 https://bugzilla.suse.com/1107966 https://bugzilla.suse.com/963575 https://bugzilla.suse.com/966170 https://bugzilla.suse.com/966172 https://bugzilla.suse.com/969470 https://bugzilla.suse.com/969476 https://bugzilla.suse.com/969477 https://bugzilla.suse.com/970506 From sle-security-updates at lists.suse.com Fri Sep 21 04:11:29 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Sep 2018 12:11:29 +0200 (CEST) Subject: SUSE-SU-2018:2777-1: important: Security update for python-paramiko Message-ID: <20180921101129.2C7DFFCF0@maintenance.suse.de> SUSE Security Update: Security update for python-paramiko ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2777-1 Rating: important References: #1085276 #1106148 Cross-References: CVE-2018-7750 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for python-paramiko to version 1.18.5 fixes the following issues: This security issue was fixed: - CVE-2018-7750: transport.py in the SSH server implementation of Paramiko did not properly check whether authentication is completed processing other requests. A customized SSH client could have skipped the authentication step (bsc#1085276) This non-security issue was fixed: - Prevent connection problems with ssh servers due to no acceptable macs being available (bsc#1106148) For additional changes please check the changelog. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-1945=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-paramiko-1.18.5-2.12.1 References: https://www.suse.com/security/cve/CVE-2018-7750.html https://bugzilla.suse.com/1085276 https://bugzilla.suse.com/1106148 From sle-security-updates at lists.suse.com Fri Sep 21 04:12:32 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Sep 2018 12:12:32 +0200 (CEST) Subject: SUSE-SU-2018:2778-1: moderate: Security update for ImageMagick Message-ID: <20180921101232.5DE09FCF0@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2778-1 Rating: moderate References: #1102003 #1102004 #1102005 #1102007 #1105592 #1106855 #1106858 Cross-References: CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 CVE-2018-16323 CVE-2018-16329 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for ImageMagick fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-16329: Prevent NULL pointer dereference in the GetMagickProperty function leading to DoS (bsc#1106858) - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855) - CVE-2018-14434: Fixed a memory leak for a colormap in WriteMPCImage (bsc#1102003) - CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c (bsc#1102007) - CVE-2018-14436: Fixed a memory leak in ReadMIFFImage in coders/miff.c (bsc#1102005) - CVE-2018-14437: Fixed a memory leak in parse8BIM in coders/meta.c (bsc#1102004) - Disable PS, PS2, PS3, XPS and PDF coders in default policy.xml (bsc#1105592) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1943=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1943=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1943=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1943=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.74.1 ImageMagick-debuginfo-6.8.8.1-71.74.1 ImageMagick-debugsource-6.8.8.1-71.74.1 libMagick++-6_Q16-3-6.8.8.1-71.74.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.74.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.74.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.74.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.74.1 ImageMagick-debuginfo-6.8.8.1-71.74.1 ImageMagick-debugsource-6.8.8.1-71.74.1 ImageMagick-devel-6.8.8.1-71.74.1 libMagick++-6_Q16-3-6.8.8.1-71.74.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.74.1 libMagick++-devel-6.8.8.1-71.74.1 perl-PerlMagick-6.8.8.1-71.74.1 perl-PerlMagick-debuginfo-6.8.8.1-71.74.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.74.1 ImageMagick-debugsource-6.8.8.1-71.74.1 libMagickCore-6_Q16-1-6.8.8.1-71.74.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.74.1 libMagickWand-6_Q16-1-6.8.8.1-71.74.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.74.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.74.1 ImageMagick-debuginfo-6.8.8.1-71.74.1 ImageMagick-debugsource-6.8.8.1-71.74.1 libMagick++-6_Q16-3-6.8.8.1-71.74.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.74.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.74.1 libMagickCore-6_Q16-1-6.8.8.1-71.74.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.74.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.74.1 libMagickWand-6_Q16-1-6.8.8.1-71.74.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.74.1 References: https://www.suse.com/security/cve/CVE-2018-14434.html https://www.suse.com/security/cve/CVE-2018-14435.html https://www.suse.com/security/cve/CVE-2018-14436.html https://www.suse.com/security/cve/CVE-2018-14437.html https://www.suse.com/security/cve/CVE-2018-16323.html https://www.suse.com/security/cve/CVE-2018-16329.html https://bugzilla.suse.com/1102003 https://bugzilla.suse.com/1102004 https://bugzilla.suse.com/1102005 https://bugzilla.suse.com/1102007 https://bugzilla.suse.com/1105592 https://bugzilla.suse.com/1106855 https://bugzilla.suse.com/1106858 From sle-security-updates at lists.suse.com Fri Sep 21 04:14:23 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Sep 2018 12:14:23 +0200 (CEST) Subject: SUSE-SU-2018:2779-1: important: Security update for openslp Message-ID: <20180921101423.10999FCF0@maintenance.suse.de> SUSE Security Update: Security update for openslp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2779-1 Rating: important References: #1090638 Cross-References: CVE-2017-17833 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1942=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1942=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1942=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1942=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1942=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1942=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1942=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1942=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1942=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1942=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1942=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): openslp-2.0.0-18.15.1 openslp-32bit-2.0.0-18.15.1 openslp-debuginfo-2.0.0-18.15.1 openslp-debuginfo-32bit-2.0.0-18.15.1 openslp-debugsource-2.0.0-18.15.1 openslp-server-2.0.0-18.15.1 openslp-server-debuginfo-2.0.0-18.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): openslp-debuginfo-2.0.0-18.15.1 openslp-debugsource-2.0.0-18.15.1 openslp-devel-2.0.0-18.15.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): openslp-2.0.0-18.15.1 openslp-debuginfo-2.0.0-18.15.1 openslp-debugsource-2.0.0-18.15.1 openslp-server-2.0.0-18.15.1 openslp-server-debuginfo-2.0.0-18.15.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): openslp-32bit-2.0.0-18.15.1 openslp-debuginfo-32bit-2.0.0-18.15.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): openslp-2.0.0-18.15.1 openslp-debuginfo-2.0.0-18.15.1 openslp-debugsource-2.0.0-18.15.1 openslp-server-2.0.0-18.15.1 openslp-server-debuginfo-2.0.0-18.15.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): openslp-32bit-2.0.0-18.15.1 openslp-debuginfo-32bit-2.0.0-18.15.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): openslp-2.0.0-18.15.1 openslp-debuginfo-2.0.0-18.15.1 openslp-debugsource-2.0.0-18.15.1 openslp-server-2.0.0-18.15.1 openslp-server-debuginfo-2.0.0-18.15.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): openslp-32bit-2.0.0-18.15.1 openslp-debuginfo-32bit-2.0.0-18.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): openslp-2.0.0-18.15.1 openslp-debuginfo-2.0.0-18.15.1 openslp-debugsource-2.0.0-18.15.1 openslp-server-2.0.0-18.15.1 openslp-server-debuginfo-2.0.0-18.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): openslp-32bit-2.0.0-18.15.1 openslp-debuginfo-32bit-2.0.0-18.15.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): openslp-2.0.0-18.15.1 openslp-debuginfo-2.0.0-18.15.1 openslp-debugsource-2.0.0-18.15.1 openslp-server-2.0.0-18.15.1 openslp-server-debuginfo-2.0.0-18.15.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): openslp-32bit-2.0.0-18.15.1 openslp-debuginfo-32bit-2.0.0-18.15.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): openslp-2.0.0-18.15.1 openslp-debuginfo-2.0.0-18.15.1 openslp-debugsource-2.0.0-18.15.1 openslp-server-2.0.0-18.15.1 openslp-server-debuginfo-2.0.0-18.15.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): openslp-32bit-2.0.0-18.15.1 openslp-debuginfo-32bit-2.0.0-18.15.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): openslp-2.0.0-18.15.1 openslp-32bit-2.0.0-18.15.1 openslp-debuginfo-2.0.0-18.15.1 openslp-debuginfo-32bit-2.0.0-18.15.1 openslp-debugsource-2.0.0-18.15.1 - SUSE Enterprise Storage 4 (x86_64): openslp-2.0.0-18.15.1 openslp-32bit-2.0.0-18.15.1 openslp-debuginfo-2.0.0-18.15.1 openslp-debuginfo-32bit-2.0.0-18.15.1 openslp-debugsource-2.0.0-18.15.1 openslp-server-2.0.0-18.15.1 openslp-server-debuginfo-2.0.0-18.15.1 - SUSE CaaS Platform ALL (x86_64): openslp-2.0.0-18.15.1 openslp-debuginfo-2.0.0-18.15.1 openslp-debugsource-2.0.0-18.15.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): openslp-2.0.0-18.15.1 openslp-debuginfo-2.0.0-18.15.1 openslp-debugsource-2.0.0-18.15.1 References: https://www.suse.com/security/cve/CVE-2017-17833.html https://bugzilla.suse.com/1090638 From sle-security-updates at lists.suse.com Fri Sep 21 04:15:13 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Sep 2018 12:15:13 +0200 (CEST) Subject: SUSE-SU-2018:2780-1: moderate: Security update for liblouis Message-ID: <20180921101513.CA9E3FCF0@maintenance.suse.de> SUSE Security Update: Security update for liblouis ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2780-1 Rating: moderate References: #1095189 #1095825 #1095826 #1095827 #1095945 #1097103 Cross-References: CVE-2018-11440 CVE-2018-11577 CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 CVE-2018-12085 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for liblouis, python-louis, python3-louis fixes the following issues: Security issues fixed: - CVE-2018-11440: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (bsc#1095189) - CVE-2018-11577: Fixed a segmentation fault in lou_logPrint in logging.c (bsc#1095945) - CVE-2018-11683: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1095827) - CVE-2018-11684: Fixed stack-based buffer overflow in the function includeFile() in compileTranslationTable.c (bsc#1095826) - CVE-2018-11685: Fixed a stack-based buffer overflow in the function compileHyphenation() in compileTranslationTable.c (bsc#1095825) - CVE-2018-12085: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1097103) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1944=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1944=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1944=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): liblouis-debugsource-2.6.4-6.6.1 liblouis-devel-2.6.4-6.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): liblouis-data-2.6.4-6.6.1 liblouis-debugsource-2.6.4-6.6.1 liblouis9-2.6.4-6.6.1 liblouis9-debuginfo-2.6.4-6.6.1 python-louis-2.6.4-6.6.1 python3-louis-2.6.4-6.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): liblouis-data-2.6.4-6.6.1 liblouis-debugsource-2.6.4-6.6.1 liblouis9-2.6.4-6.6.1 liblouis9-debuginfo-2.6.4-6.6.1 python3-louis-2.6.4-6.6.1 References: https://www.suse.com/security/cve/CVE-2018-11440.html https://www.suse.com/security/cve/CVE-2018-11577.html https://www.suse.com/security/cve/CVE-2018-11683.html https://www.suse.com/security/cve/CVE-2018-11684.html https://www.suse.com/security/cve/CVE-2018-11685.html https://www.suse.com/security/cve/CVE-2018-12085.html https://bugzilla.suse.com/1095189 https://bugzilla.suse.com/1095825 https://bugzilla.suse.com/1095826 https://bugzilla.suse.com/1095827 https://bugzilla.suse.com/1095945 https://bugzilla.suse.com/1097103 From sle-security-updates at lists.suse.com Fri Sep 21 07:16:02 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Sep 2018 15:16:02 +0200 (CEST) Subject: SUSE-SU-2018:2787-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12) Message-ID: <20180921131602.4FAB7FD03@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2787-1 Rating: important References: #1102682 #1103203 #1105323 Cross-References: CVE-2018-10902 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_122 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1951=1 SUSE-SLE-SERVER-12-2018-1952=1 SUSE-SLE-SERVER-12-2018-1953=1 SUSE-SLE-SERVER-12-2018-1954=1 SUSE-SLE-SERVER-12-2018-1955=1 SUSE-SLE-SERVER-12-2018-1956=1 SUSE-SLE-SERVER-12-2018-1957=1 SUSE-SLE-SERVER-12-2018-1958=1 SUSE-SLE-SERVER-12-2018-1959=1 SUSE-SLE-SERVER-12-2018-1960=1 SUSE-SLE-SERVER-12-2018-1961=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_101-default-9-2.1 kgraft-patch-3_12_61-52_101-xen-9-2.1 kgraft-patch-3_12_61-52_106-default-9-2.1 kgraft-patch-3_12_61-52_106-xen-9-2.1 kgraft-patch-3_12_61-52_111-default-8-2.1 kgraft-patch-3_12_61-52_111-xen-8-2.1 kgraft-patch-3_12_61-52_119-default-8-2.1 kgraft-patch-3_12_61-52_119-xen-8-2.1 kgraft-patch-3_12_61-52_122-default-8-2.1 kgraft-patch-3_12_61-52_122-xen-8-2.1 kgraft-patch-3_12_61-52_125-default-7-2.1 kgraft-patch-3_12_61-52_125-xen-7-2.1 kgraft-patch-3_12_61-52_128-default-5-2.1 kgraft-patch-3_12_61-52_128-xen-5-2.1 kgraft-patch-3_12_61-52_133-default-4-2.1 kgraft-patch-3_12_61-52_133-xen-4-2.1 kgraft-patch-3_12_61-52_136-default-4-2.1 kgraft-patch-3_12_61-52_136-xen-4-2.1 kgraft-patch-3_12_61-52_141-default-3-2.1 kgraft-patch-3_12_61-52_141-xen-3-2.1 kgraft-patch-3_12_61-52_92-default-11-2.1 kgraft-patch-3_12_61-52_92-xen-11-2.1 References: https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1103203 https://bugzilla.suse.com/1105323 From sle-security-updates at lists.suse.com Fri Sep 21 10:08:11 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Sep 2018 18:08:11 +0200 (CEST) Subject: SUSE-SU-2018:2789-1: moderate: Security update for ant Message-ID: <20180921160811.8AB74FCB2@maintenance.suse.de> SUSE Security Update: Security update for ant ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2789-1 Rating: moderate References: #1100053 Cross-References: CVE-2018-10886 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ant fixes the following issues: Security issue fixed: - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution (bsc#1100053) Other changes made: - Removed support for javadoc - Default value for stripAbsolutePathSpec changed to 'true' Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ant-13781=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ant-13781=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): ant-1.7.1-20.11.5.1 ant-antlr-1.7.1-16.11.5.1 ant-apache-bcel-1.7.1-16.11.5.1 ant-apache-bsf-1.7.1-16.11.5.1 ant-apache-log4j-1.7.1-16.11.5.1 ant-apache-oro-1.7.1-16.11.5.1 ant-apache-regexp-1.7.1-16.11.5.1 ant-apache-resolver-1.7.1-16.11.5.1 ant-commons-logging-1.7.1-16.11.5.1 ant-javamail-1.7.1-16.11.5.1 ant-jdepend-1.7.1-16.11.5.1 ant-jmf-1.7.1-16.11.5.1 ant-junit-1.7.1-16.11.5.1 ant-manual-1.7.1-20.11.5.1 ant-nodeps-1.7.1-16.11.5.1 ant-scripts-1.7.1-20.11.5.1 ant-swing-1.7.1-16.11.5.1 ant-trax-1.7.1-16.11.5.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): ant-1.7.1-20.11.5.1 ant-trax-1.7.1-16.11.5.1 References: https://www.suse.com/security/cve/CVE-2018-10886.html https://bugzilla.suse.com/1100053 From sle-security-updates at lists.suse.com Fri Sep 21 10:09:21 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Sep 2018 18:09:21 +0200 (CEST) Subject: SUSE-SU-2018:2791-1: moderate: Security update for xorg-x11-libs Message-ID: <20180921160921.ECF23FCF0@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libs ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2791-1 Rating: moderate References: #1103511 Cross-References: CVE-2015-9262 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-libs fixes the following security issue: - CVE-2015-9262: _XcursorThemeInherits allowed remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow (bsc#1103511) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-libs-13782=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-libs-13782=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-libs-13782=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-devel-7.4-8.26.50.8.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): xorg-x11-devel-32bit-7.4-8.26.50.8.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libs-7.4-8.26.50.8.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): xorg-x11-libs-32bit-7.4-8.26.50.8.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): xorg-x11-libs-x86-7.4-8.26.50.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libs-debuginfo-7.4-8.26.50.8.1 xorg-x11-libs-debugsource-7.4-8.26.50.8.1 References: https://www.suse.com/security/cve/CVE-2015-9262.html https://bugzilla.suse.com/1103511 From sle-security-updates at lists.suse.com Fri Sep 21 13:49:03 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Sep 2018 21:49:03 +0200 (CEST) Subject: SUSE-SU-2018:2796-1: moderate: Security update for nodejs6 Message-ID: <20180921194903.B7472FCF0@maintenance.suse.de> SUSE Security Update: Security update for nodejs6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2796-1 Rating: moderate References: #1097158 #1097748 #1105019 Cross-References: CVE-2018-0732 CVE-2018-12115 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for nodejs6 to version 6.14.4 fixes the following issues: Security issues fixed: CVE-2018-12115: Fixed an out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding (bsc#1105019) CVE-2018-0732: Upgrade to OpenSSL 1.0.2p, fixing a client DoS due to large DH parameter (bsc#1097158) Other issues fixed: - Recommend same major version npm package (bsc#1097748) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1968=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1968=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-1968=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1968=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): nodejs6-6.14.4-11.18.1 nodejs6-debuginfo-6.14.4-11.18.1 nodejs6-debugsource-6.14.4-11.18.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): nodejs6-6.14.4-11.18.1 nodejs6-debuginfo-6.14.4-11.18.1 nodejs6-debugsource-6.14.4-11.18.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs6-6.14.4-11.18.1 nodejs6-debuginfo-6.14.4-11.18.1 nodejs6-debugsource-6.14.4-11.18.1 nodejs6-devel-6.14.4-11.18.1 npm6-6.14.4-11.18.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs6-docs-6.14.4-11.18.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): nodejs6-6.14.4-11.18.1 nodejs6-debuginfo-6.14.4-11.18.1 nodejs6-debugsource-6.14.4-11.18.1 References: https://www.suse.com/security/cve/CVE-2018-0732.html https://www.suse.com/security/cve/CVE-2018-12115.html https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1097748 https://bugzilla.suse.com/1105019 From sle-security-updates at lists.suse.com Mon Sep 24 04:10:57 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 24 Sep 2018 12:10:57 +0200 (CEST) Subject: SUSE-SU-2018:2812-1: moderate: Security update for nodejs8 Message-ID: <20180924101057.2F556FCD2@maintenance.suse.de> SUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2812-1 Rating: moderate References: #1097158 #1097748 #1105019 Cross-References: CVE-2018-0732 CVE-2018-12115 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for nodejs8 to version 8.11.4 fixes the following issues: Security issues fixed: - CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be used to write to memory outside of a Buffer's memory space buffer (bsc#1105019) - Upgrade to OpenSSL 1.0.2p, which fixed: - CVE-2018-0732: Client denial-of-service due to large DH parameter (bsc#1097158) - ECDSA key extraction via local side-channel Other changes made: - Recommend same major version npm package (bsc#1097748) - Fix parallel/test-tls-passphrase.js test to continue to function with older versions of OpenSSL library. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2018-1971=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): nodejs8-8.11.4-3.8.2 nodejs8-debuginfo-8.11.4-3.8.2 nodejs8-debugsource-8.11.4-3.8.2 nodejs8-devel-8.11.4-3.8.2 npm8-8.11.4-3.8.2 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): nodejs8-docs-8.11.4-3.8.2 References: https://www.suse.com/security/cve/CVE-2018-0732.html https://www.suse.com/security/cve/CVE-2018-12115.html https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1097748 https://bugzilla.suse.com/1105019 From sle-security-updates at lists.suse.com Mon Sep 24 04:12:16 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 24 Sep 2018 12:12:16 +0200 (CEST) Subject: SUSE-SU-2018:2814-1: important: Security update for libzypp, zypper Message-ID: <20180924101216.16F26FCD2@maintenance.suse.de> SUSE Security Update: Security update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2814-1 Rating: important References: #1036304 #1045735 #1049825 #1070851 #1076192 #1088705 #1091624 #1092413 #1096803 #1099847 #1100028 #1101349 #1102429 Cross-References: CVE-2017-9269 CVE-2018-7685 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has 11 fixes is now available. Description: This update for libzypp, zypper fixes the following issues: Update libzypp to version 16.17.20: Security issues fixed: - PackageProvider: Validate deta rpms before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) - PackageProvider: Validate downloaded rpm package signatures before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) Other bugs fixed: - lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304) - Handle http error 502 Bad Gateway in curl backend (bsc#1070851) - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - libzypp-devel should not require cmake (bsc#1101349) - HardLocksFile: Prevent against empty commit without Target having been been loaded (bsc#1096803) - Avoid zombie tar processes (bsc#1076192) Update to zypper to version 1.13.45: Security issues fixed: - Improve signature check callback messages (bsc#1045735, CVE-2017-9269) - add/modify repo: Add options to tune the GPG check settings (bsc#1045735, CVE-2017-9269) Other bugs fixed: - XML attribute `packages-to-change` added (bsc#1102429) - man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028) - Prevent nested calls to exit() if aborted by a signal (bsc#1092413) - ansi.h: Prevent ESC sequence strings from going out of scope (bsc#1092413) - Fix: zypper bash completion expands non-existing options (bsc#1049825) - Improve signature check callback messages (bsc#1045735) - add/modify repo: Add options to tune the GPG check settings (bsc#1045735) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1969=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1969=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1969=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libzypp-debuginfo-16.17.20-2.33.2 libzypp-debugsource-16.17.20-2.33.2 libzypp-devel-16.17.20-2.33.2 libzypp-devel-doc-16.17.20-2.33.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libzypp-16.17.20-2.33.2 libzypp-debuginfo-16.17.20-2.33.2 libzypp-debugsource-16.17.20-2.33.2 zypper-1.13.45-21.21.2 zypper-debuginfo-1.13.45-21.21.2 zypper-debugsource-1.13.45-21.21.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): zypper-log-1.13.45-21.21.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): zypper-log-1.13.45-21.21.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libzypp-16.17.20-2.33.2 libzypp-debuginfo-16.17.20-2.33.2 libzypp-debugsource-16.17.20-2.33.2 zypper-1.13.45-21.21.2 zypper-debuginfo-1.13.45-21.21.2 zypper-debugsource-1.13.45-21.21.2 - SUSE CaaS Platform ALL (x86_64): libzypp-16.17.20-2.33.2 libzypp-debuginfo-16.17.20-2.33.2 libzypp-debugsource-16.17.20-2.33.2 zypper-1.13.45-21.21.2 zypper-debuginfo-1.13.45-21.21.2 zypper-debugsource-1.13.45-21.21.2 - SUSE CaaS Platform 3.0 (x86_64): libzypp-16.17.20-2.33.2 libzypp-debuginfo-16.17.20-2.33.2 libzypp-debugsource-16.17.20-2.33.2 zypper-1.13.45-21.21.2 zypper-debuginfo-1.13.45-21.21.2 zypper-debugsource-1.13.45-21.21.2 References: https://www.suse.com/security/cve/CVE-2017-9269.html https://www.suse.com/security/cve/CVE-2018-7685.html https://bugzilla.suse.com/1036304 https://bugzilla.suse.com/1045735 https://bugzilla.suse.com/1049825 https://bugzilla.suse.com/1070851 https://bugzilla.suse.com/1076192 https://bugzilla.suse.com/1088705 https://bugzilla.suse.com/1091624 https://bugzilla.suse.com/1092413 https://bugzilla.suse.com/1096803 https://bugzilla.suse.com/1099847 https://bugzilla.suse.com/1100028 https://bugzilla.suse.com/1101349 https://bugzilla.suse.com/1102429 From sle-security-updates at lists.suse.com Mon Sep 24 04:15:08 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 24 Sep 2018 12:15:08 +0200 (CEST) Subject: SUSE-SU-2018:2815-1: moderate: Security update for apache2 Message-ID: <20180924101508.6AF4EFCD7@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2815-1 Rating: moderate References: #1016715 #1104826 Cross-References: CVE-2016-4975 CVE-2016-8743 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. (bsc#1016715) - CVE-2016-4975: Fixed possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes which prohibit CR or LF injection into the "Location" or other outbound header key or value. (bsc#1104826) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1970=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1970=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1970=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1970=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1970=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1970=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): apache2-2.4.23-29.24.1 apache2-debuginfo-2.4.23-29.24.1 apache2-debugsource-2.4.23-29.24.1 apache2-example-pages-2.4.23-29.24.1 apache2-prefork-2.4.23-29.24.1 apache2-prefork-debuginfo-2.4.23-29.24.1 apache2-utils-2.4.23-29.24.1 apache2-utils-debuginfo-2.4.23-29.24.1 apache2-worker-2.4.23-29.24.1 apache2-worker-debuginfo-2.4.23-29.24.1 - SUSE OpenStack Cloud 7 (noarch): apache2-doc-2.4.23-29.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.24.1 apache2-debugsource-2.4.23-29.24.1 apache2-devel-2.4.23-29.24.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): apache2-2.4.23-29.24.1 apache2-debuginfo-2.4.23-29.24.1 apache2-debugsource-2.4.23-29.24.1 apache2-example-pages-2.4.23-29.24.1 apache2-prefork-2.4.23-29.24.1 apache2-prefork-debuginfo-2.4.23-29.24.1 apache2-utils-2.4.23-29.24.1 apache2-utils-debuginfo-2.4.23-29.24.1 apache2-worker-2.4.23-29.24.1 apache2-worker-debuginfo-2.4.23-29.24.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): apache2-doc-2.4.23-29.24.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.24.1 apache2-debuginfo-2.4.23-29.24.1 apache2-debugsource-2.4.23-29.24.1 apache2-example-pages-2.4.23-29.24.1 apache2-prefork-2.4.23-29.24.1 apache2-prefork-debuginfo-2.4.23-29.24.1 apache2-utils-2.4.23-29.24.1 apache2-utils-debuginfo-2.4.23-29.24.1 apache2-worker-2.4.23-29.24.1 apache2-worker-debuginfo-2.4.23-29.24.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): apache2-doc-2.4.23-29.24.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): apache2-2.4.23-29.24.1 apache2-debuginfo-2.4.23-29.24.1 apache2-debugsource-2.4.23-29.24.1 apache2-example-pages-2.4.23-29.24.1 apache2-prefork-2.4.23-29.24.1 apache2-prefork-debuginfo-2.4.23-29.24.1 apache2-utils-2.4.23-29.24.1 apache2-utils-debuginfo-2.4.23-29.24.1 apache2-worker-2.4.23-29.24.1 apache2-worker-debuginfo-2.4.23-29.24.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): apache2-doc-2.4.23-29.24.1 - SUSE Enterprise Storage 4 (noarch): apache2-doc-2.4.23-29.24.1 - SUSE Enterprise Storage 4 (x86_64): apache2-2.4.23-29.24.1 apache2-debuginfo-2.4.23-29.24.1 apache2-debugsource-2.4.23-29.24.1 apache2-example-pages-2.4.23-29.24.1 apache2-prefork-2.4.23-29.24.1 apache2-prefork-debuginfo-2.4.23-29.24.1 apache2-utils-2.4.23-29.24.1 apache2-utils-debuginfo-2.4.23-29.24.1 apache2-worker-2.4.23-29.24.1 apache2-worker-debuginfo-2.4.23-29.24.1 References: https://www.suse.com/security/cve/CVE-2016-4975.html https://www.suse.com/security/cve/CVE-2016-8743.html https://bugzilla.suse.com/1016715 https://bugzilla.suse.com/1104826 From sle-security-updates at lists.suse.com Mon Sep 24 07:13:21 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 24 Sep 2018 15:13:21 +0200 (CEST) Subject: SUSE-SU-2018:2825-1: moderate: Security update for gnutls Message-ID: <20180924131321.6467FFCD2@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2825-1 Rating: moderate References: #1047002 #1105437 #1105459 #1105460 Cross-References: CVE-2017-10790 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for gnutls fixes the following issues: This update for gnutls fixes the following issues: Security issues fixed: - Improved mitigations against Lucky 13 class of attacks - "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846, bsc#1105460) - HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845, bsc#1105459) - HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844, bsc#1105437) - The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (CVE-2017-10790, bsc#1047002) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1977=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1977=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1977=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1977=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1977=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1977=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1977=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): gnutls-3.2.15-18.6.1 gnutls-debuginfo-3.2.15-18.6.1 gnutls-debugsource-3.2.15-18.6.1 libgnutls-openssl27-3.2.15-18.6.1 libgnutls-openssl27-debuginfo-3.2.15-18.6.1 libgnutls28-3.2.15-18.6.1 libgnutls28-32bit-3.2.15-18.6.1 libgnutls28-debuginfo-3.2.15-18.6.1 libgnutls28-debuginfo-32bit-3.2.15-18.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): gnutls-3.2.15-18.6.1 gnutls-debuginfo-3.2.15-18.6.1 gnutls-debugsource-3.2.15-18.6.1 libgnutls-openssl27-3.2.15-18.6.1 libgnutls-openssl27-debuginfo-3.2.15-18.6.1 libgnutls28-3.2.15-18.6.1 libgnutls28-debuginfo-3.2.15-18.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libgnutls28-32bit-3.2.15-18.6.1 libgnutls28-debuginfo-32bit-3.2.15-18.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): gnutls-3.2.15-18.6.1 gnutls-debuginfo-3.2.15-18.6.1 gnutls-debugsource-3.2.15-18.6.1 libgnutls-openssl27-3.2.15-18.6.1 libgnutls-openssl27-debuginfo-3.2.15-18.6.1 libgnutls28-3.2.15-18.6.1 libgnutls28-debuginfo-3.2.15-18.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libgnutls28-32bit-3.2.15-18.6.1 libgnutls28-debuginfo-32bit-3.2.15-18.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): gnutls-3.2.15-18.6.1 gnutls-debuginfo-3.2.15-18.6.1 gnutls-debugsource-3.2.15-18.6.1 libgnutls-openssl27-3.2.15-18.6.1 libgnutls-openssl27-debuginfo-3.2.15-18.6.1 libgnutls28-3.2.15-18.6.1 libgnutls28-debuginfo-3.2.15-18.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libgnutls28-32bit-3.2.15-18.6.1 libgnutls28-debuginfo-32bit-3.2.15-18.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): gnutls-3.2.15-18.6.1 gnutls-debuginfo-3.2.15-18.6.1 gnutls-debugsource-3.2.15-18.6.1 libgnutls-openssl27-3.2.15-18.6.1 libgnutls-openssl27-debuginfo-3.2.15-18.6.1 libgnutls28-3.2.15-18.6.1 libgnutls28-debuginfo-3.2.15-18.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libgnutls28-32bit-3.2.15-18.6.1 libgnutls28-debuginfo-32bit-3.2.15-18.6.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): gnutls-3.2.15-18.6.1 gnutls-debuginfo-3.2.15-18.6.1 gnutls-debugsource-3.2.15-18.6.1 libgnutls-openssl27-3.2.15-18.6.1 libgnutls-openssl27-debuginfo-3.2.15-18.6.1 libgnutls28-3.2.15-18.6.1 libgnutls28-debuginfo-3.2.15-18.6.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libgnutls28-32bit-3.2.15-18.6.1 libgnutls28-debuginfo-32bit-3.2.15-18.6.1 - SUSE Enterprise Storage 4 (x86_64): gnutls-3.2.15-18.6.1 gnutls-debuginfo-3.2.15-18.6.1 gnutls-debugsource-3.2.15-18.6.1 libgnutls-openssl27-3.2.15-18.6.1 libgnutls-openssl27-debuginfo-3.2.15-18.6.1 libgnutls28-3.2.15-18.6.1 libgnutls28-32bit-3.2.15-18.6.1 libgnutls28-debuginfo-3.2.15-18.6.1 libgnutls28-debuginfo-32bit-3.2.15-18.6.1 References: https://www.suse.com/security/cve/CVE-2017-10790.html https://www.suse.com/security/cve/CVE-2018-10844.html https://www.suse.com/security/cve/CVE-2018-10845.html https://www.suse.com/security/cve/CVE-2018-10846.html https://bugzilla.suse.com/1047002 https://bugzilla.suse.com/1105437 https://bugzilla.suse.com/1105459 https://bugzilla.suse.com/1105460 From sle-security-updates at lists.suse.com Mon Sep 24 10:09:09 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 24 Sep 2018 18:09:09 +0200 (CEST) Subject: SUSE-SU-2018:2834-1: moderate: Security update for shadow Message-ID: <20180924160909.51CAFFCD2@maintenance.suse.de> SUSE Security Update: Security update for shadow ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2834-1 Rating: moderate References: #1106914 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for shadow fixes the following security issue: - Prevent useradd from creating intermediate directories with mode 0777 (bsc#1106914) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1993=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): shadow-4.5-7.3.1 shadow-debuginfo-4.5-7.3.1 shadow-debugsource-4.5-7.3.1 References: https://bugzilla.suse.com/1106914 From sle-security-updates at lists.suse.com Mon Sep 24 10:09:45 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 24 Sep 2018 18:09:45 +0200 (CEST) Subject: SUSE-SU-2018:2835-1: moderate: Security update for shadow Message-ID: <20180924160945.A9EB6FCD2@maintenance.suse.de> SUSE Security Update: Security update for shadow ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2835-1 Rating: moderate References: #1106914 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for shadow fixes the following security issue: - Prevent useradd from creating intermediate directories with mode 0777 (bsc#1106914) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1994=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1994=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1994=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): shadow-4.2.1-27.19.1 shadow-debuginfo-4.2.1-27.19.1 shadow-debugsource-4.2.1-27.19.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): shadow-4.2.1-27.19.1 shadow-debuginfo-4.2.1-27.19.1 shadow-debugsource-4.2.1-27.19.1 - SUSE CaaS Platform ALL (x86_64): shadow-4.2.1-27.19.1 shadow-debuginfo-4.2.1-27.19.1 shadow-debugsource-4.2.1-27.19.1 - SUSE CaaS Platform 3.0 (x86_64): shadow-4.2.1-27.19.1 shadow-debuginfo-4.2.1-27.19.1 shadow-debugsource-4.2.1-27.19.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): shadow-4.2.1-27.19.1 shadow-debuginfo-4.2.1-27.19.1 shadow-debugsource-4.2.1-27.19.1 References: https://bugzilla.suse.com/1106914 From sle-security-updates at lists.suse.com Mon Sep 24 10:10:19 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 24 Sep 2018 18:10:19 +0200 (CEST) Subject: SUSE-SU-2018:2836-1: moderate: Security update for tiff Message-ID: <20180924161019.A452AFCD7@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2836-1 Rating: moderate References: #1074186 #1092480 #983440 Cross-References: CVE-2016-5319 CVE-2017-17942 CVE-2018-10779 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-10779: Fixed a heap-based buffer overflow in TIFFWriteScanline() in tif_write.c (bsc#1092480) - CVE-2017-17942: Fixed a heap-based buffer overflow in the function PackBitsEncode in tif_packbits.c. (bsc#1074186) - CVE-2016-5319: Fixed a beap-based buffer overflow in bmp2tiff (bsc#983440) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1989=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1989=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1989=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-44.21.1 tiff-debuginfo-4.0.9-44.21.1 tiff-debugsource-4.0.9-44.21.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.21.1 libtiff5-debuginfo-4.0.9-44.21.1 tiff-4.0.9-44.21.1 tiff-debuginfo-4.0.9-44.21.1 tiff-debugsource-4.0.9-44.21.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libtiff5-32bit-4.0.9-44.21.1 libtiff5-debuginfo-32bit-4.0.9-44.21.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libtiff5-32bit-4.0.9-44.21.1 libtiff5-4.0.9-44.21.1 libtiff5-debuginfo-32bit-4.0.9-44.21.1 libtiff5-debuginfo-4.0.9-44.21.1 tiff-debuginfo-4.0.9-44.21.1 tiff-debugsource-4.0.9-44.21.1 References: https://www.suse.com/security/cve/CVE-2016-5319.html https://www.suse.com/security/cve/CVE-2017-17942.html https://www.suse.com/security/cve/CVE-2018-10779.html https://bugzilla.suse.com/1074186 https://bugzilla.suse.com/1092480 https://bugzilla.suse.com/983440 From sle-security-updates at lists.suse.com Mon Sep 24 10:11:21 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 24 Sep 2018 18:11:21 +0200 (CEST) Subject: SUSE-SU-2018:2837-1: moderate: Security update for gd Message-ID: <20180924161121.224E3FCD2@maintenance.suse.de> SUSE Security Update: Security update for gd ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2837-1 Rating: moderate References: #1105434 Cross-References: CVE-2018-1000222 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gd fixes the following issues: Security issue fixed: - CVE-2018-1000222: Fixed a double free vulnerability in gdImageBmpPtr() that could result in remote code execution. This could have been exploited via a specially crafted JPEG image files. (bsc#1105434) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1991=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1991=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1991=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1991=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): gd-32bit-2.1.0-24.9.1 gd-debuginfo-32bit-2.1.0-24.9.1 gd-debugsource-2.1.0-24.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gd-debuginfo-2.1.0-24.9.1 gd-debugsource-2.1.0-24.9.1 gd-devel-2.1.0-24.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gd-2.1.0-24.9.1 gd-debuginfo-2.1.0-24.9.1 gd-debugsource-2.1.0-24.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gd-2.1.0-24.9.1 gd-32bit-2.1.0-24.9.1 gd-debuginfo-2.1.0-24.9.1 gd-debuginfo-32bit-2.1.0-24.9.1 gd-debugsource-2.1.0-24.9.1 References: https://www.suse.com/security/cve/CVE-2018-1000222.html https://bugzilla.suse.com/1105434 From sle-security-updates at lists.suse.com Mon Sep 24 10:12:03 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 24 Sep 2018 18:12:03 +0200 (CEST) Subject: SUSE-SU-2018:2838-1: moderate: Security update for ant Message-ID: <20180924161203.3642FFCD2@maintenance.suse.de> SUSE Security Update: Security update for ant ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2838-1 Rating: moderate References: #1100053 Cross-References: CVE-2018-10886 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ant fixes the following issues: Security issue fixed: - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution (bsc#1100053) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1988=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1988=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): ant-1.9.4-3.3.1 ant-antlr-1.9.4-3.3.1 ant-apache-bcel-1.9.4-3.3.1 ant-apache-bsf-1.9.4-3.3.1 ant-apache-log4j-1.9.4-3.3.1 ant-apache-oro-1.9.4-3.3.1 ant-apache-regexp-1.9.4-3.3.1 ant-apache-resolver-1.9.4-3.3.1 ant-commons-logging-1.9.4-3.3.1 ant-javadoc-1.9.4-3.3.1 ant-javamail-1.9.4-3.3.1 ant-jdepend-1.9.4-3.3.1 ant-jmf-1.9.4-3.3.1 ant-junit-1.9.4-3.3.1 ant-manual-1.9.4-3.3.1 ant-scripts-1.9.4-3.3.1 ant-swing-1.9.4-3.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): ant-1.9.4-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-10886.html https://bugzilla.suse.com/1100053 From sle-security-updates at lists.suse.com Mon Sep 24 10:12:43 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 24 Sep 2018 18:12:43 +0200 (CEST) Subject: SUSE-SU-2018:2839-1: moderate: Security update for java-1_8_0-ibm Message-ID: <20180924161243.E5A7EFCD2@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2839-1 Rating: moderate References: #1104668 Cross-References: CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2964 CVE-2018-2973 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_8_0-ibm to 8.0.5.20 fixes the following security issues: - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1104668) - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1104668) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1104668) - CVE-2018-2964: Vulnerability in subcomponent: Deployment. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. (bsc#1104668) - CVE-2016-0705: Prevent double free in the dsa_priv_decode function that allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key (bsc#1104668) - CVE-2017-3732: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668) - CVE-2017-3736: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668) - CVE-2018-1517: Unspecified vulnerability (bsc#1104668) - CVE-2018-1656: Unspecified vulnerability (bsc#1104668) - CVE-2018-12539: Users other than the process owner might have been able to use Java Attach API to connect to an IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code (bsc#1104668) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1987=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1987=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1987=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1987=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1987=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1987=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1987=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1987=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-devel-1.8.0_sr5.20-30.36.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-plugin-1.8.0_sr5.20-30.36.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr5.20-30.36.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-devel-1.8.0_sr5.20-30.36.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-plugin-1.8.0_sr5.20-30.36.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-devel-1.8.0_sr5.20-30.36.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-plugin-1.8.0_sr5.20-30.36.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.20-30.36.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-plugin-1.8.0_sr5.20-30.36.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-devel-1.8.0_sr5.20-30.36.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-plugin-1.8.0_sr5.20-30.36.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-devel-1.8.0_sr5.20-30.36.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-plugin-1.8.0_sr5.20-30.36.1 - SUSE Enterprise Storage 4 (x86_64): java-1_8_0-ibm-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-alsa-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-devel-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-plugin-1.8.0_sr5.20-30.36.1 References: https://www.suse.com/security/cve/CVE-2016-0705.html https://www.suse.com/security/cve/CVE-2017-3732.html https://www.suse.com/security/cve/CVE-2017-3736.html https://www.suse.com/security/cve/CVE-2018-12539.html https://www.suse.com/security/cve/CVE-2018-1517.html https://www.suse.com/security/cve/CVE-2018-1656.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2964.html https://www.suse.com/security/cve/CVE-2018-2973.html https://bugzilla.suse.com/1104668 From sle-security-updates at lists.suse.com Mon Sep 24 10:13:23 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 24 Sep 2018 18:13:23 +0200 (CEST) Subject: SUSE-SU-2018:2840-1: moderate: Security update for php7 Message-ID: <20180924161323.3BB6AFCD7@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2840-1 Rating: moderate References: #1105434 Cross-References: CVE-2018-1000222 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: Security issue fixed: - CVE-2018-1000222: Fixed a double free vulnerability in gdImageBmpPtr() that could result in remote code execution. This could have been exploited via a specially crafted JPEG image files. (bsc#1105434) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2018-1992=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.9.1 apache2-mod_php7-debuginfo-7.2.5-4.9.1 php7-7.2.5-4.9.1 php7-bcmath-7.2.5-4.9.1 php7-bcmath-debuginfo-7.2.5-4.9.1 php7-bz2-7.2.5-4.9.1 php7-bz2-debuginfo-7.2.5-4.9.1 php7-calendar-7.2.5-4.9.1 php7-calendar-debuginfo-7.2.5-4.9.1 php7-ctype-7.2.5-4.9.1 php7-ctype-debuginfo-7.2.5-4.9.1 php7-curl-7.2.5-4.9.1 php7-curl-debuginfo-7.2.5-4.9.1 php7-dba-7.2.5-4.9.1 php7-dba-debuginfo-7.2.5-4.9.1 php7-debuginfo-7.2.5-4.9.1 php7-debugsource-7.2.5-4.9.1 php7-devel-7.2.5-4.9.1 php7-dom-7.2.5-4.9.1 php7-dom-debuginfo-7.2.5-4.9.1 php7-enchant-7.2.5-4.9.1 php7-enchant-debuginfo-7.2.5-4.9.1 php7-exif-7.2.5-4.9.1 php7-exif-debuginfo-7.2.5-4.9.1 php7-fastcgi-7.2.5-4.9.1 php7-fastcgi-debuginfo-7.2.5-4.9.1 php7-fileinfo-7.2.5-4.9.1 php7-fileinfo-debuginfo-7.2.5-4.9.1 php7-fpm-7.2.5-4.9.1 php7-fpm-debuginfo-7.2.5-4.9.1 php7-ftp-7.2.5-4.9.1 php7-ftp-debuginfo-7.2.5-4.9.1 php7-gd-7.2.5-4.9.1 php7-gd-debuginfo-7.2.5-4.9.1 php7-gettext-7.2.5-4.9.1 php7-gettext-debuginfo-7.2.5-4.9.1 php7-gmp-7.2.5-4.9.1 php7-gmp-debuginfo-7.2.5-4.9.1 php7-iconv-7.2.5-4.9.1 php7-iconv-debuginfo-7.2.5-4.9.1 php7-intl-7.2.5-4.9.1 php7-intl-debuginfo-7.2.5-4.9.1 php7-json-7.2.5-4.9.1 php7-json-debuginfo-7.2.5-4.9.1 php7-ldap-7.2.5-4.9.1 php7-ldap-debuginfo-7.2.5-4.9.1 php7-mbstring-7.2.5-4.9.1 php7-mbstring-debuginfo-7.2.5-4.9.1 php7-mysql-7.2.5-4.9.1 php7-mysql-debuginfo-7.2.5-4.9.1 php7-odbc-7.2.5-4.9.1 php7-odbc-debuginfo-7.2.5-4.9.1 php7-opcache-7.2.5-4.9.1 php7-opcache-debuginfo-7.2.5-4.9.1 php7-openssl-7.2.5-4.9.1 php7-openssl-debuginfo-7.2.5-4.9.1 php7-pcntl-7.2.5-4.9.1 php7-pcntl-debuginfo-7.2.5-4.9.1 php7-pdo-7.2.5-4.9.1 php7-pdo-debuginfo-7.2.5-4.9.1 php7-pgsql-7.2.5-4.9.1 php7-pgsql-debuginfo-7.2.5-4.9.1 php7-phar-7.2.5-4.9.1 php7-phar-debuginfo-7.2.5-4.9.1 php7-posix-7.2.5-4.9.1 php7-posix-debuginfo-7.2.5-4.9.1 php7-shmop-7.2.5-4.9.1 php7-shmop-debuginfo-7.2.5-4.9.1 php7-snmp-7.2.5-4.9.1 php7-snmp-debuginfo-7.2.5-4.9.1 php7-soap-7.2.5-4.9.1 php7-soap-debuginfo-7.2.5-4.9.1 php7-sockets-7.2.5-4.9.1 php7-sockets-debuginfo-7.2.5-4.9.1 php7-sqlite-7.2.5-4.9.1 php7-sqlite-debuginfo-7.2.5-4.9.1 php7-sysvmsg-7.2.5-4.9.1 php7-sysvmsg-debuginfo-7.2.5-4.9.1 php7-sysvsem-7.2.5-4.9.1 php7-sysvsem-debuginfo-7.2.5-4.9.1 php7-sysvshm-7.2.5-4.9.1 php7-sysvshm-debuginfo-7.2.5-4.9.1 php7-tokenizer-7.2.5-4.9.1 php7-tokenizer-debuginfo-7.2.5-4.9.1 php7-wddx-7.2.5-4.9.1 php7-wddx-debuginfo-7.2.5-4.9.1 php7-xmlreader-7.2.5-4.9.1 php7-xmlreader-debuginfo-7.2.5-4.9.1 php7-xmlrpc-7.2.5-4.9.1 php7-xmlrpc-debuginfo-7.2.5-4.9.1 php7-xmlwriter-7.2.5-4.9.1 php7-xmlwriter-debuginfo-7.2.5-4.9.1 php7-xsl-7.2.5-4.9.1 php7-xsl-debuginfo-7.2.5-4.9.1 php7-zip-7.2.5-4.9.1 php7-zip-debuginfo-7.2.5-4.9.1 php7-zlib-7.2.5-4.9.1 php7-zlib-debuginfo-7.2.5-4.9.1 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): php7-pear-7.2.5-4.9.1 php7-pear-Archive_Tar-7.2.5-4.9.1 References: https://www.suse.com/security/cve/CVE-2018-1000222.html https://bugzilla.suse.com/1105434 From sle-security-updates at lists.suse.com Mon Sep 24 10:14:00 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 24 Sep 2018 18:14:00 +0200 (CEST) Subject: SUSE-SU-2018:2841-1: moderate: Security update for libXcursor Message-ID: <20180924161400.E45B0FCD7@maintenance.suse.de> SUSE Security Update: Security update for libXcursor ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2841-1 Rating: moderate References: #1103511 Cross-References: CVE-2015-9262 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libXcursor fixes the following security issue: - CVE-2015-9262: _XcursorThemeInherits allowed remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow (bsc#1103511). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1986=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1986=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1986=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libXcursor-debugsource-1.1.14-4.6.1 libXcursor-devel-1.1.14-4.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libXcursor-debugsource-1.1.14-4.6.1 libXcursor1-1.1.14-4.6.1 libXcursor1-debuginfo-1.1.14-4.6.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libXcursor1-32bit-1.1.14-4.6.1 libXcursor1-debuginfo-32bit-1.1.14-4.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libXcursor-debugsource-1.1.14-4.6.1 libXcursor1-1.1.14-4.6.1 libXcursor1-32bit-1.1.14-4.6.1 libXcursor1-debuginfo-1.1.14-4.6.1 libXcursor1-debuginfo-32bit-1.1.14-4.6.1 References: https://www.suse.com/security/cve/CVE-2015-9262.html https://bugzilla.suse.com/1103511 From sle-security-updates at lists.suse.com Mon Sep 24 10:14:37 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 24 Sep 2018 18:14:37 +0200 (CEST) Subject: SUSE-SU-2018:2842-1: moderate: Security update for gnutls Message-ID: <20180924161437.A4D6EFCD7@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2842-1 Rating: moderate References: #1047002 #1105437 #1105459 #1105460 Cross-References: CVE-2017-10790 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for gnutls fixes the following issues: Security issues fixed: - Improved mitigations against Lucky 13 class of attacks - "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846, bsc#1105460) - HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845, bsc#1105459) - HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844, bsc#1105437) - The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (CVE-2017-10790, bsc#1047002) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1990=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1990=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1990=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gnutls-debuginfo-3.3.27-3.3.1 gnutls-debugsource-3.3.27-3.3.1 libgnutls-devel-3.3.27-3.3.1 libgnutls-openssl-devel-3.3.27-3.3.1 libgnutlsxx-devel-3.3.27-3.3.1 libgnutlsxx28-3.3.27-3.3.1 libgnutlsxx28-debuginfo-3.3.27-3.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gnutls-3.3.27-3.3.1 gnutls-debuginfo-3.3.27-3.3.1 gnutls-debugsource-3.3.27-3.3.1 libgnutls-openssl27-3.3.27-3.3.1 libgnutls-openssl27-debuginfo-3.3.27-3.3.1 libgnutls28-3.3.27-3.3.1 libgnutls28-debuginfo-3.3.27-3.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libgnutls28-32bit-3.3.27-3.3.1 libgnutls28-debuginfo-32bit-3.3.27-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gnutls-3.3.27-3.3.1 gnutls-debuginfo-3.3.27-3.3.1 gnutls-debugsource-3.3.27-3.3.1 libgnutls28-3.3.27-3.3.1 libgnutls28-32bit-3.3.27-3.3.1 libgnutls28-debuginfo-3.3.27-3.3.1 libgnutls28-debuginfo-32bit-3.3.27-3.3.1 References: https://www.suse.com/security/cve/CVE-2017-10790.html https://www.suse.com/security/cve/CVE-2018-10844.html https://www.suse.com/security/cve/CVE-2018-10845.html https://www.suse.com/security/cve/CVE-2018-10846.html https://bugzilla.suse.com/1047002 https://bugzilla.suse.com/1105437 https://bugzilla.suse.com/1105459 https://bugzilla.suse.com/1105460 From sle-security-updates at lists.suse.com Mon Sep 24 13:08:15 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 24 Sep 2018 21:08:15 +0200 (CEST) Subject: SUSE-SU-2018:2843-1: moderate: Security update for pam_pkcs11 Message-ID: <20180924190815.4686CFCD2@maintenance.suse.de> SUSE Security Update: Security update for pam_pkcs11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2843-1 Rating: moderate References: #1105012 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for pam_pkcs11 fixes the following security issues: - It was possible to replay an authentication by using a specially prepared smartcard or token (bsc#1105012) - Prevent buffer overflow if a user has a home directory with a length of more than 512 bytes (bsc#1105012) - Memory not cleaned properly before free() (bsc#1105012) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-pam_pkcs11-13784=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-pam_pkcs11-13784=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): pam_pkcs11-0.6.0-141.3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): pam_pkcs11-32bit-0.6.0-141.3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): pam_pkcs11-x86-0.6.0-141.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): pam_pkcs11-debuginfo-0.6.0-141.3.1 pam_pkcs11-debugsource-0.6.0-141.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): pam_pkcs11-debuginfo-32bit-0.6.0-141.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): pam_pkcs11-debuginfo-x86-0.6.0-141.3.1 References: https://bugzilla.suse.com/1105012 From sle-security-updates at lists.suse.com Tue Sep 25 07:08:42 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 25 Sep 2018 15:08:42 +0200 (CEST) Subject: SUSE-SU-2018:2850-1: important: Security update for mgetty Message-ID: <20180925130842.9CD60FCD2@maintenance.suse.de> SUSE Security Update: Security update for mgetty ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2850-1 Rating: important References: #1108752 #1108756 #1108757 #1108761 #1108762 Cross-References: CVE-2018-16741 CVE-2018-16742 CVE-2018-16743 CVE-2018-16744 CVE-2018-16745 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for mgetty fixes the following issues: - CVE-2018-16741: The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (bsc#1108752) - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it (bsc#1108756) - CVE-2018-16744: The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it (bsc#1108757) - CVE-2018-16742: Prevent stack-based buffer overflow that could have been triggered via a command-line parameter (bsc#1108762) - CVE-2018-16743: The command-line parameter username wsa passed unsanitized to strcpy(), which could have caused a stack-based buffer overflow (bsc#1108761) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mgetty-13785=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mgetty-13785=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): g3utils-1.1.36-28.3.1 mgetty-1.1.36-28.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mgetty-debuginfo-1.1.36-28.3.1 mgetty-debugsource-1.1.36-28.3.1 References: https://www.suse.com/security/cve/CVE-2018-16741.html https://www.suse.com/security/cve/CVE-2018-16742.html https://www.suse.com/security/cve/CVE-2018-16743.html https://www.suse.com/security/cve/CVE-2018-16744.html https://www.suse.com/security/cve/CVE-2018-16745.html https://bugzilla.suse.com/1108752 https://bugzilla.suse.com/1108756 https://bugzilla.suse.com/1108757 https://bugzilla.suse.com/1108761 https://bugzilla.suse.com/1108762 From sle-security-updates at lists.suse.com Tue Sep 25 07:10:53 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 25 Sep 2018 15:10:53 +0200 (CEST) Subject: SUSE-SU-2018:2853-1: important: Security update for python-paramiko Message-ID: <20180925131053.D3396FCD2@maintenance.suse.de> SUSE Security Update: Security update for python-paramiko ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2853-1 Rating: important References: #1085276 #1106148 Cross-References: CVE-2018-7750 Affected Products: SUSE CaaS Platform ALL ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for python-paramiko to version 1.18.5 fixes the following issues: This security issue was fixed: - CVE-2018-7750: transport.py in the SSH server implementation of Paramiko did not properly check whether authentication is completed processing other requests. A customized SSH client could have skipped the authentication step (bsc#1085276) This non-security issue was fixed: - Prevent connection problems with ssh servers due to no acceptable macs being available (bsc#1106148) For additional changes please check the changelog. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform ALL (noarch): python-paramiko-1.18.5-10.6.1 References: https://www.suse.com/security/cve/CVE-2018-7750.html https://bugzilla.suse.com/1085276 https://bugzilla.suse.com/1106148 From sle-security-updates at lists.suse.com Tue Sep 25 10:09:17 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 25 Sep 2018 18:09:17 +0200 (CEST) Subject: SUSE-SU-2018:2858-1: important: Security update for the Linux Kernel Message-ID: <20180925160917.615B9FCD7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2858-1 Rating: important References: #1012382 #1015342 #1015343 #1017967 #1019695 #1019699 #1020412 #1021121 #1022604 #1024361 #1024365 #1024376 #1027968 #1030552 #1033962 #1042286 #1048317 #1050431 #1053685 #1055014 #1056596 #1062604 #1063646 #1064232 #1065364 #1066223 #1068032 #1068075 #1069138 #1078921 #1080157 #1083663 #1085042 #1085536 #1085539 #1086457 #1087092 #1089066 #1090888 #1091171 #1091860 #1092903 #1096254 #1096748 #1097105 #1098253 #1098822 #1099597 #1099810 #1099811 #1099813 #1099832 #1099844 #1099845 #1099846 #1099849 #1099863 #1099864 #1099922 #1099999 #1100000 #1100001 #1100132 #1101822 #1101841 #1102346 #1102486 #1102517 #1102715 #1102797 #1103269 #1103445 #1104319 #1104485 #1104494 #1104495 #1104683 #1104897 #1105271 #1105292 #1105322 #1105392 #1105396 #1105524 #1105536 #1105769 #1106016 #1106105 #1106185 #1106229 #1106271 #1106275 #1106276 #1106278 #1106281 #1106283 #1106369 #1106509 #1106511 #1106594 #1106697 #1106929 #1106934 #1106995 #1107060 #1107078 #1107319 #1107320 #1107689 #1107735 #1107966 #963575 #966170 #966172 #969470 #969476 #969477 #970506 Cross-References: CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-10902 CVE-2018-10938 CVE-2018-10940 CVE-2018-1128 CVE-2018-1129 CVE-2018-12896 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-15572 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 CVE-2018-9363 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that solves 22 vulnerabilities and has 96 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 azure kernel was updated to 4.4.155 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001) - CVE-2018-13095: Prevent denial of service (memory corruption and BUG) that could have occurred for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999) - CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000) - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (bnc#1096748) - CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (bnc#1096748) - CVE-2018-10938: A crafted network packet sent remotely by an attacker forced the kernel to enter an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service (bnc#1106016) - CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517) - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322). - CVE-2018-9363: Prevent buffer overflow in hidp_process_report (bsc#1105292) - CVE-2018-10883: A local user could have caused an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099863) - CVE-2018-10879: A local user could have caused a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact by renaming a file in a crafted ext4 filesystem image (bsc#1099844) - CVE-2018-10878: A local user could have caused an out-of-bounds write and a denial of service or unspecified other impact by mounting and operating a crafted ext4 filesystem image (bsc#1099813) - CVE-2018-10876: A use-after-free was possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image (bsc#1099811) - CVE-2018-10877: Prevent out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image (bsc#1099846) - CVE-2018-10881: A local user could have caused an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099864) - CVE-2018-10882: A local user could have caused an out-of-bound write, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image (bsc#1099849) - CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could have used this to cause a system crash and a denial of service (bsc#1099845) The following non-security bugs were fixed: - 9p/net: Fix zero-copy path in the 9p virtio transport (bnc#1012382). - 9p/virtio: fix off-by-one error in sg list bounds check (bnc#1012382). - 9p: fix multiple NULL-pointer-dereferences (bnc#1012382). - ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices (bnc#1012382). - ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle (bnc#1012382). - ACPI / PM: save NVS memory for ASUS 1025C laptop (bnc#1012382). - ACPI: save NVS memory for Lenovo G50-45 (bnc#1012382). - ALSA: cs5535audio: Fix invalid endian conversion (bnc#1012382). - ALSA: emu10k1: Rate-limit error messages about page errors (bnc#1012382). - ALSA: emu10k1: add error handling for snd_ctl_add (bnc#1012382). - ALSA: fm801: add error handling for snd_ctl_add (bnc#1012382). - ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs (bnc#1012382). - ALSA: hda - Turn CX8200 into D3 as well upon reboot (bnc#1012382). - ALSA: hda/ca0132: fix build failure when a local macro is defined (bnc#1012382). - ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry (bnc#1012382). - ALSA: memalloc: Do not exceed over the requested size (bnc#1012382). - ALSA: rawmidi: Change resized buffers atomically (bnc#1012382). - ALSA: snd-aoa: add of_node_put() in error path (bsc#1099810). - ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback (bnc#1012382). - ALSA: virmidi: Fix too long output trigger loop (bnc#1012382). - ALSA: vx222: Fix invalid endian conversions (bnc#1012382). - ALSA: vxpocket: Fix invalid endian conversions (bnc#1012382). - ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP (bnc#1012382). - ARC: Explicitly add -mmedium-calls to CFLAGS (bnc#1012382). - ARC: Fix CONFIG_SWAP (bnc#1012382). - ARC: mm: allow mprotect to make stack mappings executable (bnc#1012382). - ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot (bnc#1012382). - ARM: dts: Cygnus: Fix I2C controller interrupt type (bnc#1012382). - ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller (bnc#1012382). - ARM: dts: am437x: make edt-ft5x06 a wakeup source (bnc#1012382). - ARM: dts: da850: Fix interrups property for gpio (bnc#1012382). - ARM: dts: imx6sx: fix irq for pcie bridge (bnc#1012382). - ARM: fix put_user() for gcc-8 (bnc#1012382). - ARM: imx_v4_v5_defconfig: Select ULPI support (bnc#1012382). - ARM: imx_v6_v7_defconfig: Select ULPI support (bnc#1012382). - ARM: pxa: irq: fix handling of ICMR registers in suspend/resume (bnc#1012382). - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset (bnc#1012382). - ASoC: Intel: cht_bsw_max98090: remove useless code, align with ChromeOS driver. - ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization (bnc#1012382). - ASoC: dpcm: do not merge format from invalid codec dai (bnc#1012382). - ASoC: dpcm: fix BE dai not hw_free and shutdown (bnc#1012382). - ASoC: pxa: Fix module autoload for platform drivers (bnc#1012382). - ASoC: sirf: Fix potential NULL pointer dereference (bnc#1012382). - Add reference to bsc#1091171 (bnc#1012382; bsc#1091171). - Bluetooth: avoid killing an already killed socket (bnc#1012382). - Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 (bnc#1012382). - Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table (bsc#1087092). - Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking (bsc#1087092). - Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning (bnc#1012382). - Documentation/spec_ctrl: Do some minor cleanups (bnc#1012382). - HID: hid-plantronics: Re-resend Update to map button for PTT products (bnc#1012382). - HID: i2c-hid: check if device is there before really probing (bnc#1012382). - HID: wacom: Correct touch maximum XY of 2nd-gen Intuos (bnc#1012382). - IB/core: Make testing MR flags for writability a static inline function (bnc#1012382). - IB/core: Remove duplicate declaration of gid_cache_wq (bsc#1056596). - IB/iser: Do not reduce max_sectors (bsc#1063646). - IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()'. - IB/mlx4: Mark user MR as writable if actual virtual memory is writable (bnc#1012382). - IB/mlx5: Fetch soft WQE's on fatal error state (bsc#1015342 bsc#1015343). - IB/mlx5: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1015342 bsc#1015343). - IB/ocrdma: fix out of bounds access to local buffer (bnc#1012382). - Input: elan_i2c - add ACPI ID for lenovo ideapad 330 (bnc#1012382). - Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST (bnc#1012382). - Input: i8042 - add Lenovo LaVie Z to the i8042 reset list (bnc#1012382). - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bnc#1012382). - KVM: MMU: always terminate page walks at level 1 (bsc#1062604). - KVM: MMU: simplify last_pte_bitmap (bsc#1062604). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: arm/arm64: Skip updating PMD entry if no change (bnc#1012382). - KVM: arm/arm64: Skip updating PTE entry if no change (bnc#1012382). - KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer (bnc#1012382). - KVM: nVMX: update last_nonleaf_level when initializing nested EPT (bsc#1062604). - MIPS: Correct the 64-bit DSP accumulator register size (bnc#1012382). - MIPS: Fix off-by-one in pci_resource_to_user() (bnc#1012382). - MIPS: ath79: fix register address in ath79_ddr_wb_flush() (bnc#1012382). - MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7 (bnc#1012382). - NET: stmmac: align DMA stuff to largest cache line length (bnc#1012382). - PCI: Prevent sysfs disable of device while driver is attached (bnc#1012382). - PCI: Skip MPS logic for Virtual Functions (VFs) (bnc#1012382). - PCI: hotplug: Do not leak pci_slot on registration failure (bnc#1012382). - PCI: pciehp: Fix use-after-free on unplug (bnc#1012382). - PCI: pciehp: Request control of native hotplug only if supported (bnc#1012382). - PM / sleep: wakeup: Fix build error caused by missing SRCU support (bnc#1012382). - RDMA/i40iw: Avoid panic when objects are being created and destroyed (bsc#969476 bsc#969477). - RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint (bsc#969476 bsc#969477). - RDMA/i40iw: Avoid reference leaks when processing the AEQ (bsc#969476 bsc#969477). - RDMA/i40w: Hold read semaphore while looking after VMA (bsc#1024376). - RDMA/mad: Convert BUG_ONs to error flows (bnc#1012382). - RDMA/mlx5: Use proper spec flow label type (bsc#1015342 bsc#1015343). - Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" (bnc#1012382). - Revert "UBIFS: Fix potential integer overflow in allocation" (bnc#1012382). - Revert "f2fs: handle dirty segments inside refresh_sit_entry" (bsc#1106281). - Revert "mm: page_alloc: skip over regions of invalid pfns where possible" (bnc#1107078). - Revert "net: Do not copy pfmemalloc flag in __copy_skb_header()" (kabi). - Revert "netfilter: ipv6: nf_defrag: reduce struct net memory waste" (kabi). - Revert "skbuff: Unconditionally copy pfmemalloc in __skb_clone()" (kabi). - Revert "vsock: split dwork to avoid reinitializations" (kabi). - Revert "x86/mm: Give each mm TLB flush generation a unique ID" (kabi). - Revert "x86/speculation/l1tf: Fix up CPU feature flags" (kabi). - Revert "x86/speculation: Use Indirect Branch Prediction Barrier in context switch" (kabi). - Smack: Mark inode instant in smack_task_to_inode (bnc#1012382). - USB: musb: fix external abort on suspend (bsc#1085536). - USB: option: add support for DW5821e (bnc#1012382). - USB: serial: metro-usb: stop I/O after failed open (bsc#1085539). - USB: serial: sierra: fix potential deadlock at close (bnc#1012382). - Workaround kABI breakage by __must_check drop of strscpy() (bsc#1107319). - afs: Fix directory permissions check (bsc#1106283). - arc: fix build errors in arc/include/asm/delay.h (bnc#1012382). - arc: fix type warnings in arc/mm/cache.c (bnc#1012382). - arm64: make secondary_start_kernel() notrace (bnc#1012382). - arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() (bnc#1012382). - ath: Add regulatory mapping for APL13_WORLD (bnc#1012382). - ath: Add regulatory mapping for APL2_FCCA (bnc#1012382). - ath: Add regulatory mapping for Bahamas (bnc#1012382). - ath: Add regulatory mapping for Bermuda (bnc#1012382). - ath: Add regulatory mapping for ETSI8_WORLD (bnc#1012382). - ath: Add regulatory mapping for FCC3_ETSIC (bnc#1012382). - ath: Add regulatory mapping for Serbia (bnc#1012382). - ath: Add regulatory mapping for Tanzania (bnc#1012382). - ath: Add regulatory mapping for Uganda (bnc#1012382). - atl1c: reserve min skb headroom (bnc#1012382). - atm: Preserve value of skb->truesize when accounting to vcc (bsc#1089066). - audit: allow not equal op for audit by executable (bnc#1012382). - backlight: as3711_bl: Fix Device Tree node leaks (bsc#1106929). - backlight: lm3630a: Bump REG_MAX value to 0x50 instead of 0x1F (bsc#1106929). - bcache: avoid unncessary cache prefetch bch_btree_node_get() (bsc#1064232). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes (bsc#1064232). - bcache: display rate debug parameters to 0 when writeback is not running (bsc#1064232). - bcache: do not check return value of debugfs_create_dir() (bsc#1064232). - bcache: finish incremental GC (bsc#1064232). - bcache: fix I/O significant decline while backend devices registering (bsc#1064232). - bcache: fix error setting writeback_rate through sysfs interface (bsc#1064232). - bcache: free heap cache_set->flush_btree in bch_journal_free (bsc#1064232). - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section (bsc#1064232). - bcache: release dc->writeback_lock properly in bch_writeback_thread() (bsc#1064232). - bcache: set max writeback rate when I/O request is idle (bsc#1064232). - bcache: simplify the calculation of the total amount of flash dirty data (bsc#1064232). - be2net: remove unused old custom busy-poll fields (bsc#1021121 ). - blkdev: __blkdev_direct_IO_simple: fix leak in error case (bsc#1083663). - block: bio_iov_iter_get_pages: fix size of last iovec (bsc#1083663). - block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs (bsc#1083663). - block: do not use interruptible wait anywhere (bnc#1012382). - bnx2x: Fix invalid memory access in rss hash config path (bnc#1012382). - bnx2x: Fix receiving tx-timeout in error or recovery state (bnc#1012382). - bnxt_en: Always set output parameters in bnxt_get_max_rings() (bsc#963575). - bnxt_en: Fix for system hang if request_irq fails (bnc#1012382). - bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic (bsc#1020412 ). - bpf: fix references to free_bpf_prog_info() in comments (bnc#1012382). - brcmfmac: Add support for bcm43364 wireless chipset (bnc#1012382). - brcmfmac: stop watchdog before detach and free everything (bnc#1012382). - bridge: Propagate vlan add failure to user (bnc#1012382). - btrfs: Do not remove block group still has pinned down bytes (bsc#1086457). - btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups (bnc#1012382). - btrfs: do not leak ret from do_chunk_alloc (bnc#1012382). - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bnc#1012382). - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf. - btrfs: round down size diff when shrinking/growing device (bsc#1097105). - can: ems_usb: Fix memory leak on ems_usb_disconnect() (bnc#1012382). - can: mpc5xxx_can: check of_iomap return before use (bnc#1012382). - can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK (bnc#1012382). - can: xilinx_can: fix RX overflow interrupt not being enabled (bnc#1012382). - can: xilinx_can: fix device dropping off bus on RX overrun (bnc#1012382). - can: xilinx_can: fix incorrect clear of non-processed interrupts (bnc#1012382). - can: xilinx_can: fix recovery from error states not being propagated (bnc#1012382). - can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting (bnc#1012382). - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (bnc#1012382). - ceph: fix incorrect use of strncpy (bsc#1107319). - ceph: return errors from posix_acl_equiv_mode() correctly (bsc#1107320). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1012382). - cifs: add missing debug entries for kconfig options (bnc#1012382). - cifs: check kmalloc before use (bsc#1012382). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1012382). - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 (bnc#1012382). - crypto: ablkcipher - fix crash flushing dcache in error path (bnc#1012382). - crypto: authenc - do not leak pointers to authenc keys (bnc#1012382). - crypto: authencesn - do not leak pointers to authenc keys (bnc#1012382). - crypto: blkcipher - fix crash flushing dcache in error path (bnc#1012382). - crypto: padlock-aes - Fix Nano workaround data corruption (bnc#1012382). - crypto: vmac - require a block cipher with 128-bit block size (bnc#1012382). - crypto: vmac - separate tfm and request context (bnc#1012382). - crypto: vmx - Fix sleep-in-atomic bugs (bsc#1048317). - cxgb4: when disabling dcb set txq dcb priority to 0 (bnc#1012382). - cxl: Fix wrong comparison in cxl_adapter_context_get() (bsc#1055014). - dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() (bnc#1012382). - disable loading f2fs module on PAGE_SIZE > 4KB (bnc#1012382). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (bnc#1012382). - dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA (bnc#1012382). - dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() (bnc#1012382). - dmaengine: pxa_dma: remove duplicate const qualifier (bnc#1012382). - driver core: Partially revert "driver core: correct device's shutdown order" (bnc#1012382). - drivers: net: lmc: fix case value for target abort error (bnc#1012382). - drm/armada: fix colorkey mode property (bnc#1012382). - drm/atmel-hlcdc: check stride values in the first plane (bsc#1106929). - drm/atomic: Handling the case when setting old crtc for plane (bnc#1012382). - drm/bridge: adv7511: Reset registers on hotplug (bnc#1012382). - drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up (bsc#1101822). - drm/drivers: add support for using the arch wc mapping API. - drm/exynos/dsi: mask frame-done interrupt (bsc#1106929). - drm/exynos: decon5433: Fix WINCONx reset value (bnc#1012382). - drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes (bnc#1012382). - drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes (bnc#1012382). - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type (bnc#1012382). - drm/i915/userptr: reject zero user_size (bsc#1090888). - drm/i915: Correctly handle limited range YCbCr data on VLV/CHV (bsc#1087092). - drm/imx: fix typo in ipu_plane_formats (bsc#1106929). - drm/imx: imx-ldb: check if channel is enabled before printing warning (bnc#1012382). - drm/imx: imx-ldb: disable LDB on driver bind (bnc#1012382). - drm/msm/hdmi: Use bitwise operators when building register values (bsc#1106929). - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bnc#1012382). - drm/panel: type promotion bug in s6e8aa0_read_mtp_id() (bsc#1105769). - drm/radeon: fix mode_valid's return type (bnc#1012382). - drm: Add DP PSR2 sink enable bit (bnc#1012382). - drm: Reject getfb for multi-plane framebuffers (bsc#1106929). - enic: do not call enic_change_mtu in enic_probe. - enic: handle mtu change for vf properly (bnc#1012382). - enic: initialize enic->rfs_h.lock in enic_probe (bnc#1012382). - ext4: check for NUL characters in extended attribute's name (bnc#1012382). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: do not update s_last_mounted of a frozen fs (bsc#1101841). - ext4: factor out helper ext4_sample_last_mounted() (bsc#1101841). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - ext4: fix inline data updates with checksums enabled (bsc#1104494). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bnc#1012382). - ext4: reset error code in ext4_find_entry in fallback (bnc#1012382). - ext4: sysfs: print ext4_super_block fields as little-endian (bsc#1106229). - f2fs: fix to do not trigger writeback during recovery (bnc#1012382). - fat: fix memory allocation failure handling of match_strdup() (bnc#1012382). - fb: fix lost console when the user unplugs a USB adapter (bnc#1012382). - fbdev: omapfb: off by one in omapfb_register_client() (bsc#1106929). - fix __legitimize_mnt()/mntput() race (bnc#1012382). - fix mntput/mntput race (bnc#1012382). - fork: unconditionally clear stack on fork (bnc#1012382). - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed (bnc#1012382). - fs/dax.c: fix inefficiency in dax_writeback_mapping_range() (bsc#1106185). - fs/quota: Fix spectre gadget in do_quotactl (bnc#1012382). - fs: aio: fix the increment of aio-nr and counting against aio-max-nr (bsc#1068075, bsc#1078921). - fuse: Add missed unlock_page() to fuse_readpages_fill() (bnc#1012382). - fuse: Do not access pipe->buffers without pipe_lock() (bnc#1012382). - fuse: Fix oops at process_init_reply() (bnc#1012382). - fuse: fix double request_end() (bnc#1012382). - fuse: fix unlocked access to processing queue (bnc#1012382). - fuse: umount should wait for all requests (bnc#1012382). - genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392). - getxattr: use correct xattr length (bnc#1012382). - hfsplus: Do not clear SGID when inheriting ACLs (bsc#1030552). - hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bnc#1012382). - hwrng: exynos - Disable runtime PM on driver unbind. - i2c: davinci: Avoid zero value of CLKH (bnc#1012382). - i2c: imx: Fix race condition in dma read (bnc#1012382). - i2c: imx: Fix reinit_completion() use (bnc#1012382). - i2c: ismt: fix wrong device address when unmap the data buffer (bnc#1012382). - i40e: use cpumask_copy instead of direct assignment (bsc#1053685). - i40iw: Fix memory leak in error path of create QP (bsc#969476 bsc#969477). - i40iw: Use correct address in dst_neigh_lookup for IPv6 (bsc#969476 bsc#969477). - ibmvnic: Include missing return code checks in reset function (bnc#1107966). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bnc#1012382). - ieee802154: at86rf230: use __func__ macro for debug messages (bnc#1012382). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bnc#1012382). - igb: Fix not adding filter elements to the list (bsc#1024361 bsc#1024365). - iio: ad9523: Fix displayed phase (bnc#1012382). - iio: ad9523: Fix return value for ad952x_store() (bnc#1012382). - inet: frag: enforce memory limits earlier (bnc#1012382 bsc#970506). - iommu/amd: make sure TLB to be flushed before IOVA freed (bsc#1106105). - iommu/vt-d: Add definitions for PFSID (bnc#1012382). - iommu/vt-d: Fix dev iotlb pfsid use (bnc#1012382). - iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105). - ioremap: Update pgtable free interfaces with addr (bnc#1012382). - ip: hash fragments consistently (bnc#1012382). - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull (bnc#1012382). - ipconfig: Correctly initialise ic_nameservers (bnc#1012382). - ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV (bnc#1012382). - ipv4: Return EINVAL when ping_group_range sysctl does not map to user ns (bnc#1012382). - ipv4: remove BUG_ON() from fib_compute_spec_dst (bnc#1012382). - ipv6: fix useless rol32 call on hash (bnc#1012382). - ipv6: mcast: fix unsolicited report interval after receiving querys (bnc#1012382). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1033962). - iscsi target: fix session creation failure handling (bnc#1012382). - isdn: Disable IIOCDBGVAR (bnc#1012382). - iw_cxgb4: remove duplicate memcpy() in c4iw_create_listen() (bsc#969476 bsc#969477). - iwlwifi: pcie: fix race in Rx buffer allocator (bnc#1012382). - ixgbe: Be more careful when modifying MAC filters (bnc#1012382). - jfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - jump_label: Add RELEASE barrier after text changes (bsc#1105271). - jump_label: Fix concurrent static_key_enable/disable() (bsc#1105271). - jump_label: Move CPU hotplug locking (bsc#1105271). - jump_label: Provide hotplug context variants (bsc#1105271). - jump_label: Reduce the size of struct static_key (bsc#1105271). - jump_label: Reorder hotplug lock and jump_label_lock (bsc#1105271). - jump_label: Split out code under the hotplug lock (bsc#1105271). - jump_label: remove bug.h, atomic.h dependencies for HAVE_JUMP_LABEL (bsc#1105271). - kABI: protect enum tcp_ca_event (kabi). - kABI: reexport tcp_send_ack (kabi). - kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597) - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kasan: do not emit builtin calls when sanitization is off (bnc#1012382). - kasan: fix shadow_size calculation error in kasan_module_alloc (bnc#1012382). - kbuild: verify that $DEPMOD is installed (bnc#1012382). - kernel: improve spectre mitigation (bnc#1106934, LTC#171029). - kprobes/x86: Fix %p uses in error messages (bnc#1012382). - kprobes: Make list and blacklist root user read only (bnc#1012382). - kthread, tracing: Do not expose half-written comm when creating kthreads (bsc#1104897). - kvm: x86: vmx: fix vpid leak (bnc#1012382). - l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache (bnc#1012382). - lib/rhashtable: consider param->min_size when setting initial table size (bnc#1012382). - libata: Fix command retry decision (bnc#1012382). - libceph: check authorizer reply/challenge length before reading (bsc#1096748). - libceph: factor out __ceph_x_decrypt() (bsc#1096748). - libceph: factor out __prepare_write_connect() (bsc#1096748). - libceph: factor out encrypt_authorizer() (bsc#1096748). - libceph: store ceph_auth_handshake pointer in ceph_connection (bsc#1096748). - libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() (bsc#1096748). - llc: use refcount_inc_not_zero() for llc_sap_find() (bnc#1012382). - locking/lockdep: Do not record IRQ state within lockdep code (bnc#1012382). - locks: pass inode pointer to locks_free_lock_context (bsc at 1099832). - locks: prink more detail when there are leaked locks (bsc#1099832). - locks: restore a warn for leaked locks on close (bsc#1099832). - m68k: fix "bad page state" oops on ColdFire boot (bnc#1012382). - mac80211: add stations tied to AP_VLANs during hw reconfig (bnc#1012382). - md/raid10: fix that replacement cannot complete recovery after reassemble (bnc#1012382). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (bnc#1012382). - media: omap3isp: fix unbalanced dma_iommu_mapping (bnc#1012382). - media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open() (bnc#1012382). - media: rtl28xxu: be sure that it won't go past the array size (bsc#1050431). - media: s5p-jpeg: fix number of components macro (bsc#1050431). - media: saa7164: Fix driver name in debug output (bnc#1012382). - media: si470x: fix __be16 annotations (bnc#1012382). - media: siano: get rid of __le32/__le16 cast warnings (bnc#1012382). - media: staging: omap4iss: Include asm/cacheflush.h after generic includes (bnc#1012382). - media: videobuf2-core: do not call memop 'finish' when queueing (bnc#1012382). - memory: tegra: Apply interrupts mask per SoC (bnc#1012382). - memory: tegra: Do not handle spurious interrupts (bnc#1012382). - mfd: cros_ec: Fail early if we cannot identify the EC (bnc#1012382). - microblaze: Fix simpleImage format generation (bnc#1012382). - mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported (bnc#1106697). - mm/memory.c: check return value of ioremap_prot (bnc#1012382). - mm/slub.c: add __printf verification to slab_err() (bnc#1012382). - mm/tlb: Remove tlb_remove_table() non-concurrent condition (bnc#1012382). - mm: Add vm_insert_pfn_prot() (bnc#1012382). - mm: fix cache mode tracking in vm_insert_mixed() (bnc#1012382). - mm: memcg: fix use after free in mem_cgroup_iter() (bnc#1012382). - mm: vmalloc: avoid racy handling of debugobjects in vunmap (bnc#1012382). - mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 (bnc#1012382). - mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages (bnc#1012382). - mtd: ubi: wl: Fix error return code in ubi_wl_init(). - mwifiex: correct histogram data with appropriate index (bnc#1012382). - mwifiex: handle race during mwifiex_usb_disconnect (bnc#1012382). - net/9p/client.c: version pointer uninitialized (bnc#1012382). - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() (bnc#1012382). - net/ethernet/freescale/fman: fix cross-build error (bnc#1012382). - net/ipv4: Set oif in fib_compute_spec_dst (bnc#1012382). - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper (bnc#1012382). - net/mlx5: Add missing SET_DRIVER_VERSION command translation (bsc#1015342 bsc#1015343). - net/mlx5: E-Switch, Include VF RDMA stats in vport statistics (bsc#966170 bsc#966172). - net/mlx5: Eswitch, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1015342 bsc#1015343). - net/mlx5: Fix wrong size allocation for QoS ETC TC regitster (bsc#966170 bsc#966172). - net/mlx5: Vport, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#966170 bsc#966172). - net/mlx5e: Do not allow aRFS for encapsulated packets (bsc#1015342 bsc#1015343). - net/mlx5e: Err if asked to offload TC match on frag being first (bsc#1015342 bsc#1015343). - net/mlx5e: Fix quota counting in aRFS expire flow (bsc#1015342 bsc#1015343). - net/mlx5e: Refine ets validation function (bsc#966170 bsc#966172). - net: 6lowpan: fix reserved space for single frames (bnc#1012382). - net: Do not copy pfmemalloc flag in __copy_skb_header() (bnc#1012382). - net: add skb_condense() helper (bsc#1089066). - net: adjust skb->truesize in ___pskb_trim() (bsc#1089066). - net: adjust skb->truesize in pskb_expand_head() (bsc#1089066). - net: axienet: Fix double deregister of mdio (bnc#1012382). - net: caif: Add a missing rcu_read_unlock() in caif_flow_cb (bnc#1012382). - net: davinci_emac: match the mdio device against its compatible if possible (bnc#1012382). - net: dsa: Do not suspend/resume closed slave_dev (bnc#1012382). - net: ena: Fix use of uninitialized DMA address bits field (bsc#1027968). - net: fix amd-xgbe flow-control issue (bnc#1012382). - net: hamradio: use eth_broadcast_addr (bnc#1012382). - net: lan78xx: Fix misplaced tasklet_schedule() call (bnc#1012382). - net: lan78xx: fix rx handling before first packet is send (bnc#1012382). - net: mac802154: tx: expand tailroom if necessary (bnc#1012382). - net: phy: fix flag masking in __set_phy_supported (bnc#1012382). - net: prevent ISA drivers from building on PPC32 (bnc#1012382). - net: propagate dev_get_valid_name return code (bnc#1012382). - net: qca_spi: Avoid packet drop during initial sync (bnc#1012382). - net: qca_spi: Fix log level if probe fails (bnc#1012382). - net: qca_spi: Make sure the QCA7000 reset is triggered (bnc#1012382). - net: socket: fix potential spectre v1 gadget in socketcall (bnc#1012382). - net: usb: rtl8150: demote allmulti message to dev_dbg() (bnc#1012382). - net: vmxnet3: use new api ethtool_{get|set}_link_ksettings (bsc#1091860 bsc#1098253). - net_sched: Fix missing res info when create new tc_index filter (bnc#1012382). - net_sched: fix NULL pointer dereference when delete tcindex filter (bnc#1012382). - netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state (bnc#1012382). - netfilter: ipset: List timing out entries with "timeout 1" instead of zero (bnc#1012382). - netfilter: ipv6: nf_defrag: reduce struct net memory waste (bnc#1012382). - netfilter: ipvs: do not create conn for ABORT packet in sctp_conn_schedule (bsc#1102797). - netfilter: ipvs: fix the issue that sctp_conn_schedule drops non-INIT packet (bsc#1102797). - netfilter: x_tables: set module owner for icmp(6) matches (bnc#1012382). - netlink: Do not shift on 64 for ngroups (bnc#1012382). - netlink: Do not shift with UB on nlk->ngroups (bnc#1012382). - netlink: Do not subscribe to non-existent groups (bnc#1012382). - netlink: Fix spectre v1 gadget in netlink_create() (bnc#1012382). - netlink: do not enter direct reclaim from netlink_trim() (bsc#1042286). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (bnc#1012382). - nl80211: Add a missing break in parse_station_flags (bnc#1012382). - nohz: Fix local_timer_softirq_pending() (bnc#1012382). - nvme-fc: release io queues to allow fast fail (bsc#1102486). - nvme: if_ready checks to fail io to deleting controller (bsc#1102486). - nvme: kABI-compliant version of nvmf_fail_nonready_command() (bsc#1102486). - nvmet-fc: fix target sgl list on large transfers (bsc#1102486). - osf_getdomainname(): use copy_to_user() (bnc#1012382). - ovl: Do d_type check only if work dir creation was successful (bnc#1012382). - ovl: Ensure upper filesystem supports d_type (bnc#1012382). - ovl: warn instead of error if d_type is not supported (bnc#1012382). - packet: refine ring v3 block size test to hold one frame (bnc#1012382). - packet: reset network header if packet shorter than ll reserved space (bnc#1012382). - parisc: Define mb() and add memory barriers to assembler unlock sequences (bnc#1012382). - parisc: Enable CONFIG_MLONGCALLS by default (bnc#1012382). - parisc: Remove ordered stores from syscall.S (bnc#1012382). - parisc: Remove unnecessary barriers from spinlock.h (bnc#1012382). - perf auxtrace: Fix queue resize (bnc#1012382). - perf llvm-utils: Remove bashism from kernel include fetch script (bnc#1012382). - perf report powerpc: Fix crash if callchain is empty (bnc#1012382). - perf test session topology: Fix test on s390 (bnc#1012382). - perf/x86/intel/uncore: Correct fixed counter index check for NHM (bnc#1012382). - perf/x86/intel/uncore: Correct fixed counter index check in generic code (bnc#1012382). - perf: fix invalid bit in diagnostic entry (bnc#1012382). - pinctrl: at91-pio4: add missing of_node_put (bnc#1012382). - pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() (bnc#1012382). - pnfs/blocklayout: off by one in bl_map_stripe() (bnc#1012382). - powerpc/32: Add a missing include header (bnc#1012382). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032). - powerpc/64s: Fix compiler store ordering to SLB shadow area (bnc#1012382). - powerpc/8xx: fix invalid register expression in head_8xx.S (bnc#1012382). - powerpc/chrp/time: Make some functions static, add missing header include (bnc#1012382). - powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet (bnc#1012382). - powerpc/fadump: handle crash memory ranges array index overflow (bsc#1103269). - powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements (bsc#1103269). - powerpc/lib: Fix the feature fixup tests to actually work (bsc#1066223). - powerpc/powermac: Add missing prototype for note_bootable_part() (bnc#1012382). - powerpc/powermac: Mark variable x as unused (bnc#1012382). - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler (bnc#1012382). - powerpc/topology: Get topology for shared processors at boot (bsc#1104683). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc: make feature-fixup tests fortify-safe (bsc#1066223). - provide special timeout module parameters for EC2 (bsc#1065364). - ptp: fix missing break in switch (bnc#1012382). - pwm: tiehrpwm: Fix disabling of output of PWMs (bnc#1012382). - qed: Add sanity check for SIMD fastpath handler (bnc#1012382). - qed: Correct Multicast API to reflect existence of 256 approximate buckets (bsc#1019695 bsc#1019699 bsc#1022604). - qed: Do not advertise DCBX_LLD_MANAGED capability (bsc#1019695 bsc#1019699 bsc#1022604). - qed: Fix possible memory leak in Rx error path handling (bsc#1019695 bsc#1019699 bsc#1022604 ). - qed: Fix possible race for the link state value (bnc#1012382). - qed: Fix setting of incorrect eswitch mode (bsc#1019695 bsc#1019699 bsc#1022604). - qed: Fix use of incorrect size in memcpy call (bsc#1019695 bsc#1019699 bsc#1022604). - qede: Adverstise software timestamp caps when PHC is not available (bsc#1019695 bsc#1019699 bsc#1022604). - qlge: Fix netdev features configuration (bsc#1098822). - qlogic: check kstrtoul() for errors (bnc#1012382). - random: mix rdrand with entropy sent in from userspace (bnc#1012382). - readahead: stricter check for bdi io_pages (VM Functionality). - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops (bnc#1012382). - reiserfs: fix broken xattr handling (heap corruption, bad retval) (bnc#1012382). - ring_buffer: tracing: Inherit the tracing setting to next ring buffer (bnc#1012382). - root dentries need RCU-delayed freeing (bnc#1012382). - rsi: Fix 'invalid vdd' warning in mmc (bnc#1012382). - rtc: ensure rtc_set_alarm fails when alarms are not supported (bnc#1012382). - rtnetlink: add rtnl_link_state check in rtnl_configure_link (bnc#1012382). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (bnc#1012382). - s390/kvm: fix deadlock when killed by oom (bnc#1012382). - s390/lib: use expoline for all bcr instructions (bnc#1106934, LTC#171029). - s390/pci: fix out of bounds access during irq setup (bnc#1012382). - s390/qdio: reset old sbal_state flags (bnc#1012382). - s390/qeth: do not clobber buffer on async TX completion (bnc#1104485, LTC#170349). - s390/qeth: fix race when setting MAC address (bnc#1104485, LTC#170726). - s390: add explicit for jump label (bsc#1105271). - s390: detect etoken facility (bnc#1106934, LTC#171029). - s390: fix br_r1_trampoline for machines without exrl (bnc#1012382 bnc#1106934 LTC#171029). - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - scsi: 3w-9xxx: fix a missing-check bug (bnc#1012382). - scsi: 3w-xxxx: fix a missing-check bug (bnc#1012382). - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bnc#1012382). - scsi: fcoe: drop frames in ELS LOGO error path (bnc#1012382). - scsi: hpsa: limit transfer length to 1MB, not 512kB (bsc#1102346). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bnc#1012382). - scsi: megaraid: silence a static checker bug (bnc#1012382). - scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs (bnc#1012382). - scsi: qla2xxx: Fix ISP recovery on unload (bnc#1012382). - scsi: qla2xxx: Return error when TMF returns (bnc#1012382). - scsi: scsi_dh: replace too broad "TP9" string with the exact models (bnc#1012382). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (bnc#1012382). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bnc#1012382). - scsi: ufs: fix exception event handling (bnc#1012382). - scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED (bnc#1012382). - scsi: xen-scsifront: add error handling for xenbus_printf (bnc#1012382). - scsi_debug: call resp_XXX function after setting host_scribble (bsc#1069138). - scsi_debug: reset injection flags for every_nth > 0 (bsc#1069138). - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC (bnc#1012382). - selftest/seccomp: Fix the seccomp(2) signature (bnc#1012382). - selftests/ftrace: Add snapshot and tracing_on test case (bnc#1012382). - selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs (bnc#1012382). - selftests: pstore: return Kselftest Skip code for skipped tests (bnc#1012382). - selftests: static_keys: return Kselftest Skip code for skipped tests (bnc#1012382). - selftests: sync: add config fragment for testing sync framework (bnc#1012382). - selftests: user: return Kselftest Skip code for skipped tests (bnc#1012382). - selftests: zram: return Kselftest Skip code for skipped tests (bnc#1012382). - serial: 8250_dw: always set baud rate in dw8250_set_termios (bnc#1012382). - sfc: stop the TX queue before pushing new buffers (bsc#1017967 ). - skbuff: Unconditionally copy pfmemalloc in __skb_clone() (bnc#1012382). - slab: __GFP_ZERO is incompatible with a constructor (bnc#1107060). - smb3: Do not send SMB3 SET_INFO if nothing changed (bnc#1012382). - smb3: do not request leases in symlink creation and query (bnc#1012382). - spi: davinci: fix a NULL pointer dereference (bnc#1012382). - squashfs: be more careful about metadata corruption (bnc#1012382). - squashfs: more metadata hardening (bnc#1012382). - squashfs: more metadata hardenings (bnc#1012382). - staging: android: ion: check for kref overflow (bnc#1012382). - string: drop __must_check from strscpy() and restore strscpy() usages in cgroup (bsc#1107319). - sys: do not hold uts_sem while accessing userspace memory (bnc#1106995). - target_core_rbd: use RCU in free_device (bsc#1105524). - tcp: Fix missing range_truesize enlargement in the backport (bnc#1012382). - tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode (bnc#1012382). - tcp: add one more quick ack after after ECN events (bnc#1012382). - tcp: do not aggressively quick ack after ECN events (bnc#1012382). - tcp: do not cancel delay-AcK on DCTCP special ACK (bnc#1012382). - tcp: do not delay ACK in DCTCP upon CE status change (bnc#1012382). - tcp: do not force quickack when receiving out-of-order packets (bnc#1012382). - tcp: fix dctcp delayed ACK schedule (bnc#1012382). - tcp: helpers to send special DCTCP ack (bnc#1012382). - tcp: identify cryptic messages as TCP seq # bugs (bnc#1012382). - tcp: refactor tcp_ecn_check_ce to remove sk type cast (bnc#1012382). - tcp: remove DELAYED ACK events in DCTCP (bnc#1012382). - tg3: Add higher cpu clock for 5762 (bnc#1012382). - thermal: exynos: fix setting rising_threshold for Exynos5433 (bnc#1012382). - timekeeping: Eliminate the stale declaration of ktime_get_raw_and_real_ts64() (bsc#969470). - tools/power turbostat: Read extended processor family from CPUID (bnc#1012382). - tools/power turbostat: fix -S on UP systems (bnc#1012382). - tools: usb: ffs-test: Fix build on big endian systems (bnc#1012382). - tpm: fix race condition in tpm_common_write() (bnc#1012382). - tracing/blktrace: Fix to allow setting same value (bnc#1012382). - tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure (bnc#1012382). - tracing: Do not call start/stop() functions when tracing_on does not change (bnc#1012382). - tracing: Fix double free of event_trigger_data (bnc#1012382). - tracing: Fix possible double free in event_enable_trigger_func() (bnc#1012382). - tracing: Quiet gcc warning about maybe unused link variable (bnc#1012382). - tracing: Use __printf markup to silence compiler (bnc#1012382). - tty: Fix data race in tty_insert_flip_string_fixed_flag (bnc#1012382). - turn off -Wattribute-alias (bnc#1012382). - ubi: Be more paranoid while seaching for the most recent Fastmap (bnc#1012382). - ubi: Fix Fastmap's update_vol() (bnc#1012382). - ubi: Fix races around ubi_refill_pools() (bnc#1012382). - ubi: Introduce vol_ignored() (bnc#1012382). - ubi: Rework Fastmap attach base code (bnc#1012382). - ubi: fastmap: Erase outdated anchor PEBs during attach (bnc#1012382). - ubifs: Check data node size before truncate (bsc#1106276). - ubifs: Fix memory leak in lprobs self-check (bsc#1106278). - ubifs: Fix synced_i_size calculation for xattr inodes (bsc#1106275). - ubifs: xattr: Do not operate on deleted inodes (bsc#1106271). - udl-kms: change down_interruptible to down (bnc#1012382). - udl-kms: fix crash due to uninitialized memory (bnc#1012382). - udl-kms: handle allocation failure (bnc#1012382). - udlfb: set optimal write delay (bnc#1012382). - uprobes: Use synchronize_rcu() not synchronize_sched() (bnc#1012382). - usb/phy: fix PPC64 build errors in phy-fsl-usb.c (bnc#1012382). - usb: audio-v2: Correct the comment for struct uac_clock_selector_descriptor (bsc#1099810). - usb: cdc_acm: Add quirk for Castles VEGA3000 (bnc#1012382). - usb: dwc2: debugfs: Do not touch RX FIFO during register dump (bsc#1100132). - usb: dwc2: fix isoc split in transfer with no data (bnc#1012382). - usb: gadget: composite: fix delayed_status race condition when set_interface (bnc#1012382). - usb: gadget: dwc2: fix memory leak in gadget_init() (bnc#1012382). - usb: gadget: f_fs: Only return delayed status when len is 0 (bnc#1012382). - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' (bnc#1012382). - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() (bnc#1012382). - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() (bnc#1012382). - usb: hub: Do not wait for connect state at resume for powered-off ports (bnc#1012382). - usb: renesas_usbhs: gadget: fix spin_lock_init() for &uep->lock (bsc#1085536). - usb: xhci: increase CRS timeout value (bnc#1012382). - usbip: usbip_detach: Fix memory, udev context and udev leak (bnc#1012382). - userns: move user access out of the mutex (bnc#1012382). - vfs: add the sb_start_intwrite_trylock() helper (bsc#1101841). - virtio_balloon: fix another race between migration and ballooning (bnc#1012382). - virtio_console: fix uninitialized variable use. - vmw_balloon: VMCI_DOORBELL_SET does not check status (bnc#1012382). - vmw_balloon: do not use 2MB without batching (bnc#1012382). - vmw_balloon: fix VMCI use when balloon built into kernel (bnc#1012382). - vmw_balloon: fix inflation of 64-bit GFNs (bnc#1012382). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1091860 bsc#1098253). - vmxnet3: add receive data ring support (bsc#1091860 bsc#1098253). - vmxnet3: add support for get_coalesce, set_coalesce ethtool operations (bsc#1091860 bsc#1098253). - vmxnet3: allow variable length transmit data ring buffer (bsc#1091860 bsc#1098253). - vmxnet3: avoid assumption about invalid dma_pa in vmxnet3_set_mc() (bsc#1091860 bsc#1098253). - vmxnet3: avoid format strint overflow warning (bsc#1091860 bsc#1098253). - vmxnet3: avoid xmit reset due to a race in vmxnet3 (bsc#1091860 bsc#1098253). - vmxnet3: fix incorrect dereference when rxvlan is disabled (bsc#1091860 bsc#1098253). - vmxnet3: fix non static symbol warning (bsc#1091860 bsc#1098253). - vmxnet3: fix tx data ring copy for variable size (bsc#1091860 bsc#1098253). - vmxnet3: increase default rx ring sizes (bsc#1091860 bsc#1098253). - vmxnet3: introduce command to register memory region (bsc#1091860 bsc#1098253). - vmxnet3: introduce generalized command interface to configure the device (bsc#1091860 bsc#1098253). - vmxnet3: prepare for version 3 changes (bsc#1091860 bsc#1098253). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1091860 bsc#1098253). - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter (bsc#1091860 bsc#1098253). - vmxnet3: set the DMA mask before the first DMA map operation (bsc#1091860 bsc#1098253). - vmxnet3: update to version 3 (bsc#1091860 bsc#1098253). - vmxnet3: use DMA memory barriers where required (bsc#1091860 bsc#1098253). - vmxnet3: use correct flag to indicate LRO feature (bsc#1091860 bsc#1098253). - vsock: split dwork to avoid reinitializations (bnc#1012382). - vti6: Fix dev->max_mtu setting (bsc#1033962). - vti6: fix PMTU caching and reporting on xmit (bnc#1012382). - wlcore: sdio: check for valid platform device data before suspend (bnc#1012382). - x86/MCE: Remove min interval polling limitation (bnc#1012382). - x86/amd: do not set X86_BUG_SYSRET_SS_ATTRS when running under Xen (bnc#1012382). - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs (bnc#1012382). - x86/bugs: Move the l1tf function and define pr_fmt properly (bnc#1012382). - x86/bugs: Respect nospec command line option (bsc#1068032). - x86/cpu/AMD: Fix erratum 1076 (CPB bit) (bnc#1012382). - x86/cpu: Make alternative_msr_write work for 32-bit code (bnc#1012382). - x86/cpu: Re-apply forced caps every time CPU caps are re-read (bnc#1012382). - x86/cpufeature: preserve numbers (kabi). - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bnc#1012382). - x86/cpufeatures: Clean up Spectre v2 related CPUID flags (bnc#1012382). - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface (bnc#1012382). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/init: fix build with CONFIG_SWAP=n (bnc#1012382). - x86/irqflags: Mark native_restore_fl extern inline (bnc#1012382). - x86/irqflags: Provide a declaration for native_save_fl. - x86/mm/kmmio: Make the tracer robust against L1TF (bnc#1012382). - x86/mm/pat: Fix L1TF stable backport for CPA (bnc#1012382). - x86/mm/pat: Fix L1TF stable backport for CPA, 2nd call (bnc#1012382). - x86/mm/pat: Make set_memory_np() L1TF safe (bnc#1012382). - x86/mm: Add TLB purge to free pmd/pte page interfaces (bnc#1012382). - x86/mm: Disable ioremap free page handling on x86-PAE (bnc#1012382). - x86/mm: Give each mm TLB flush generation a unique ID (bnc#1012382). - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (bnc#1012382). - x86/paravirt: Make native_save_fl() extern inline (bnc#1012382). - x86/process: Correct and optimize TIF_BLOCKSTEP switch (bnc#1012382). - x86/process: Optimize TIF checks in __switch_to_xtra() (bnc#1012382). - x86/process: Optimize TIF_NOTSC switch (bnc#1012382). - x86/process: Re-export start_thread() (bnc#1012382). - x86/spectre: Add missing family 6 check to microcode check (bnc#1012382). - x86/spectre_v2: Do not check microcode versions when running under hypervisors (bnc#1012382). - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (bnc#1012382). - x86/speculation/l1tf: Extend 64bit swap file size limit (bnc#1012382). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1012382). - x86/speculation/l1tf: Fix up CPU feature flags (bnc#1012382). - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bnc#1012382). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Invert all not present mappings (bnc#1012382). - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (bnc#1012382). - x86/speculation/l1tf: Protect PAE swap entries against L1TF (bnc#1012382). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (bnc#1012382). - x86/speculation: Add dependency (bnc#1012382). - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (bnc#1012382). - x86/speculation: Clean up various Spectre related details (bnc#1012382). - x86/speculation: Correct Speculation Control microcode blacklist again (bnc#1012382). - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP (bnc#1012382). - x86/speculation: Update Speculation Control microcode blacklist (bnc#1012382). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - x86/speculation: Use IBRS if available before calling into firmware (bnc#1012382). - x86/speculation: Use Indirect Branch Prediction Barrier in context switch (bnc#1012382). - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths (bnc#1012382). - xen-netfront: wait xenbus state change when load module manually (bnc#1012382). - xen/blkback: do not keep persistent grants too long (bsc#1085042). - xen/blkback: move persistent grants flags to bool (bsc#1085042). - xen/blkfront: cleanup stale persistent grants (bsc#1085042). - xen/blkfront: reorder tests in xlblk_init() (bsc#1085042). - xen/netfront: do not cache skb_shinfo() (bnc#1012382). - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xen: set cpu capabilities from xen_start_kernel() (bnc#1012382). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (bnc#1012382). - xfrm: free skb if nlsk pointer is NULL (bnc#1012382). - xfrm_user: prevent leaking 2 bytes of kernel memory (bnc#1012382). - xfs: Remove dead code from inode recover function (bsc#1105396). - xfs: repair malformed inode items during log recovery (bsc#1105396). - xhci: Fix perceived dead host due to runtime suspend race with event handler (bnc#1012382). - zswap: re-check zswap_is_full() after do zswap_shrink() (bnc#1012382). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2004=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2004=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-azure-4.4.155-4.16.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): kernel-azure-4.4.155-4.16.1 kernel-azure-base-4.4.155-4.16.1 kernel-azure-base-debuginfo-4.4.155-4.16.1 kernel-azure-debuginfo-4.4.155-4.16.1 kernel-azure-debugsource-4.4.155-4.16.1 kernel-azure-devel-4.4.155-4.16.1 kernel-syms-azure-4.4.155-4.16.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-azure-4.4.155-4.16.1 kernel-source-azure-4.4.155-4.16.1 References: https://www.suse.com/security/cve/CVE-2018-10876.html https://www.suse.com/security/cve/CVE-2018-10877.html https://www.suse.com/security/cve/CVE-2018-10878.html https://www.suse.com/security/cve/CVE-2018-10879.html https://www.suse.com/security/cve/CVE-2018-10880.html https://www.suse.com/security/cve/CVE-2018-10881.html https://www.suse.com/security/cve/CVE-2018-10882.html https://www.suse.com/security/cve/CVE-2018-10883.html https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10938.html https://www.suse.com/security/cve/CVE-2018-10940.html https://www.suse.com/security/cve/CVE-2018-1128.html https://www.suse.com/security/cve/CVE-2018-1129.html https://www.suse.com/security/cve/CVE-2018-12896.html https://www.suse.com/security/cve/CVE-2018-13093.html https://www.suse.com/security/cve/CVE-2018-13094.html https://www.suse.com/security/cve/CVE-2018-13095.html https://www.suse.com/security/cve/CVE-2018-15572.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://www.suse.com/security/cve/CVE-2018-9363.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1015342 https://bugzilla.suse.com/1015343 https://bugzilla.suse.com/1017967 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1019699 https://bugzilla.suse.com/1020412 https://bugzilla.suse.com/1021121 https://bugzilla.suse.com/1022604 https://bugzilla.suse.com/1024361 https://bugzilla.suse.com/1024365 https://bugzilla.suse.com/1024376 https://bugzilla.suse.com/1027968 https://bugzilla.suse.com/1030552 https://bugzilla.suse.com/1033962 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1048317 https://bugzilla.suse.com/1050431 https://bugzilla.suse.com/1053685 https://bugzilla.suse.com/1055014 https://bugzilla.suse.com/1056596 https://bugzilla.suse.com/1062604 https://bugzilla.suse.com/1063646 https://bugzilla.suse.com/1064232 https://bugzilla.suse.com/1065364 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068075 https://bugzilla.suse.com/1069138 https://bugzilla.suse.com/1078921 https://bugzilla.suse.com/1080157 https://bugzilla.suse.com/1083663 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1086457 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1089066 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1091860 https://bugzilla.suse.com/1092903 https://bugzilla.suse.com/1096254 https://bugzilla.suse.com/1096748 https://bugzilla.suse.com/1097105 https://bugzilla.suse.com/1098253 https://bugzilla.suse.com/1098822 https://bugzilla.suse.com/1099597 https://bugzilla.suse.com/1099810 https://bugzilla.suse.com/1099811 https://bugzilla.suse.com/1099813 https://bugzilla.suse.com/1099832 https://bugzilla.suse.com/1099844 https://bugzilla.suse.com/1099845 https://bugzilla.suse.com/1099846 https://bugzilla.suse.com/1099849 https://bugzilla.suse.com/1099863 https://bugzilla.suse.com/1099864 https://bugzilla.suse.com/1099922 https://bugzilla.suse.com/1099999 https://bugzilla.suse.com/1100000 https://bugzilla.suse.com/1100001 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1101822 https://bugzilla.suse.com/1101841 https://bugzilla.suse.com/1102346 https://bugzilla.suse.com/1102486 https://bugzilla.suse.com/1102517 https://bugzilla.suse.com/1102715 https://bugzilla.suse.com/1102797 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1103445 https://bugzilla.suse.com/1104319 https://bugzilla.suse.com/1104485 https://bugzilla.suse.com/1104494 https://bugzilla.suse.com/1104495 https://bugzilla.suse.com/1104683 https://bugzilla.suse.com/1104897 https://bugzilla.suse.com/1105271 https://bugzilla.suse.com/1105292 https://bugzilla.suse.com/1105322 https://bugzilla.suse.com/1105392 https://bugzilla.suse.com/1105396 https://bugzilla.suse.com/1105524 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1105769 https://bugzilla.suse.com/1106016 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106185 https://bugzilla.suse.com/1106229 https://bugzilla.suse.com/1106271 https://bugzilla.suse.com/1106275 https://bugzilla.suse.com/1106276 https://bugzilla.suse.com/1106278 https://bugzilla.suse.com/1106281 https://bugzilla.suse.com/1106283 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1106594 https://bugzilla.suse.com/1106697 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1106934 https://bugzilla.suse.com/1106995 https://bugzilla.suse.com/1107060 https://bugzilla.suse.com/1107078 https://bugzilla.suse.com/1107319 https://bugzilla.suse.com/1107320 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1107735 https://bugzilla.suse.com/1107966 https://bugzilla.suse.com/963575 https://bugzilla.suse.com/966170 https://bugzilla.suse.com/966172 https://bugzilla.suse.com/969470 https://bugzilla.suse.com/969476 https://bugzilla.suse.com/969477 https://bugzilla.suse.com/970506 From sle-security-updates at lists.suse.com Tue Sep 25 13:08:02 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 25 Sep 2018 21:08:02 +0200 (CEST) Subject: SUSE-SU-2018:2860-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) Message-ID: <20180925190802.5C229FCD2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2860-1 Rating: important References: #1096723 #1102682 #1105323 #1106191 Cross-References: CVE-2018-1000026 CVE-2018-10902 CVE-2018-10938 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-1000026: Fixed an insufficient input validation in bnx2x network card driver that can result in DoS via very large, specially crafted packet to the bnx2x card due to a network card firmware assertion that will take the card offline (bsc#1096723). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2011=1 SUSE-SLE-SAP-12-SP2-2018-2012=1 SUSE-SLE-SAP-12-SP2-2018-2013=1 SUSE-SLE-SAP-12-SP2-2018-2014=1 SUSE-SLE-SAP-12-SP2-2018-2015=1 SUSE-SLE-SAP-12-SP2-2018-2016=1 SUSE-SLE-SAP-12-SP2-2018-2017=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2011=1 SUSE-SLE-SERVER-12-SP2-2018-2012=1 SUSE-SLE-SERVER-12-SP2-2018-2013=1 SUSE-SLE-SERVER-12-SP2-2018-2014=1 SUSE-SLE-SERVER-12-SP2-2018-2015=1 SUSE-SLE-SERVER-12-SP2-2018-2016=1 SUSE-SLE-SERVER-12-SP2-2018-2017=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_103-92_53-default-9-2.1 kgraft-patch-4_4_103-92_56-default-9-2.1 kgraft-patch-4_4_114-92_64-default-7-2.1 kgraft-patch-4_4_114-92_67-default-7-2.1 kgraft-patch-4_4_74-92_38-default-12-2.1 kgraft-patch-4_4_90-92_45-default-10-2.1 kgraft-patch-4_4_90-92_50-default-10-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_103-92_53-default-9-2.1 kgraft-patch-4_4_103-92_56-default-9-2.1 kgraft-patch-4_4_114-92_64-default-7-2.1 kgraft-patch-4_4_114-92_67-default-7-2.1 kgraft-patch-4_4_74-92_38-default-12-2.1 kgraft-patch-4_4_90-92_45-default-10-2.1 kgraft-patch-4_4_90-92_50-default-10-2.1 References: https://www.suse.com/security/cve/CVE-2018-1000026.html https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10938.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1096723 https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1105323 https://bugzilla.suse.com/1106191 From sle-security-updates at lists.suse.com Tue Sep 25 13:09:06 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 25 Sep 2018 21:09:06 +0200 (CEST) Subject: SUSE-SU-2018:2861-1: moderate: Security update for dom4j Message-ID: <20180925190906.18C48FCD2@maintenance.suse.de> SUSE Security Update: Security update for dom4j ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2861-1 Rating: moderate References: #1105443 Cross-References: CVE-2018-1000632 Affected Products: SUSE Manager Server 3.2 SUSE Manager Server 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dom4j fixes the following issues: - CVE-2018-1000632: Prevent XML injection vulnerability that allowed an attacker to tamper with XML documents (bsc#1105443) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2018-2018=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-2018=1 Package List: - SUSE Manager Server 3.2 (noarch): dom4j-1.6.1-27.4.1 - SUSE Manager Server 3.0 (noarch): dom4j-1.6.1-27.4.1 References: https://www.suse.com/security/cve/CVE-2018-1000632.html https://bugzilla.suse.com/1105443 From sle-security-updates at lists.suse.com Tue Sep 25 13:09:39 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 25 Sep 2018 21:09:39 +0200 (CEST) Subject: SUSE-SU-2018:2862-1: important: Security update for the Linux Kernel Message-ID: <20180925190939.7F5ABFCD2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2862-1 Rating: important References: #1012382 #1015342 #1015343 #1017967 #1019695 #1019699 #1020412 #1021121 #1022604 #1024361 #1024365 #1024376 #1027968 #1030552 #1031492 #1033962 #1042286 #1048317 #1050431 #1053685 #1055014 #1056596 #1062604 #1063646 #1064232 #1066223 #1068032 #1068075 #1069138 #1078921 #1080157 #1083663 #1085042 #1085536 #1085539 #1087092 #1089066 #1090888 #1092903 #1096748 #1097105 #1098822 #1099597 #1099810 #1099832 #1099922 #1099999 #1100000 #1100001 #1100132 #1102346 #1102486 #1102517 #1104485 #1104683 #1105271 #1105296 #1105322 #1105323 #1105392 #1105396 #1105524 #1105536 #1105769 #1106016 #1106105 #1106185 #1106191 #1106229 #1106271 #1106275 #1106276 #1106278 #1106281 #1106283 #1106369 #1106509 #1106511 #1106697 #1106929 #1106934 #1106995 #1107060 #1107078 #1107319 #1107320 #1107689 #1107735 #1107966 #963575 #966170 #966172 #969470 #969476 #969477 Cross-References: CVE-2018-10902 CVE-2018-10938 CVE-2018-1128 CVE-2018-1129 CVE-2018-12896 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-15572 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP3 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 83 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 RT kernel was updated to 4.4.155 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001) - CVE-2018-13095: Prevent denial of service (memory corruption and BUG) that could have occurred for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999) - CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000) - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (bnc#1096748) - CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (bnc#1096748) - CVE-2018-10938: A crafted network packet sent remotely by an attacker forced the kernel to enter an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service (bnc#1106016) - CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517) - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322). The following non-security bugs were fixed: - 9p/net: Fix zero-copy path in the 9p virtio transport (bnc#1012382). - 9p/virtio: fix off-by-one error in sg list bounds check (bnc#1012382). - 9p: fix multiple NULL-pointer-dereferences (bnc#1012382). - ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices (bnc#1012382). - ACPI / PM: save NVS memory for ASUS 1025C laptop (bnc#1012382). - ACPI: save NVS memory for Lenovo G50-45 (bnc#1012382). - ALSA: cs5535audio: Fix invalid endian conversion (bnc#1012382). - ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs (bnc#1012382). - ALSA: hda - Turn CX8200 into D3 as well upon reboot (bnc#1012382). - ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry (bnc#1012382). - ALSA: memalloc: Do not exceed over the requested size (bnc#1012382). - ALSA: snd-aoa: add of_node_put() in error path (bsc#1099810). - ALSA: virmidi: Fix too long output trigger loop (bnc#1012382). - ALSA: vx222: Fix invalid endian conversions (bnc#1012382). - ALSA: vxpocket: Fix invalid endian conversions (bnc#1012382). - ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP (bnc#1012382). - ARC: Explicitly add -mmedium-calls to CFLAGS (bnc#1012382). - ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot (bnc#1012382). - ARM: dts: Cygnus: Fix I2C controller interrupt type (bnc#1012382). - ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller (bnc#1012382). - ARM: dts: am437x: make edt-ft5x06 a wakeup source (bnc#1012382). - ARM: dts: da850: Fix interrups property for gpio (bnc#1012382). - ARM: dts: imx6sx: fix irq for pcie bridge (bnc#1012382). - ARM: imx_v4_v5_defconfig: Select ULPI support (bnc#1012382). - ARM: imx_v6_v7_defconfig: Select ULPI support (bnc#1012382). - ARM: pxa: irq: fix handling of ICMR registers in suspend/resume (bnc#1012382). - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset (bnc#1012382). - ASoC: Intel: cht_bsw_max98090: remove useless code, align with ChromeOS driver (git-fixes). - ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization (bnc#1012382). - ASoC: dpcm: do not merge format from invalid codec dai (bnc#1012382). - ASoC: sirf: Fix potential NULL pointer dereference (bnc#1012382). - Bluetooth: avoid killing an already killed socket (bnc#1012382). - Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table (bsc#1087092). - Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking (bsc#1087092). - HID: wacom: Correct touch maximum XY of 2nd-gen Intuos (bnc#1012382). - IB/core: Make testing MR flags for writability a static inline function (bnc#1012382). - IB/core: Remove duplicate declaration of gid_cache_wq (bsc#1056596). - IB/iser: Do not reduce max_sectors (bsc#1063646). - IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' (git-fixes). - IB/mlx4: Mark user MR as writable if actual virtual memory is writable (bnc#1012382). - IB/mlx5: Fetch soft WQE's on fatal error state (bsc#1015342 bsc#1015343). - IB/mlx5: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1015342 bsc#1015343). - IB/ocrdma: fix out of bounds access to local buffer (bnc#1012382). - KVM: MMU: always terminate page walks at level 1 (bsc#1062604). - KVM: MMU: simplify last_pte_bitmap (bsc#1062604). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: arm/arm64: Skip updating PMD entry if no change (bnc#1012382). - KVM: arm/arm64: Skip updating PTE entry if no change (bnc#1012382). - KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer (bnc#1012382). - KVM: nVMX: update last_nonleaf_level when initializing nested EPT (bsc#1062604). - MIPS: Correct the 64-bit DSP accumulator register size (bnc#1012382). - MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7 (bnc#1012382). - PCI: Skip MPS logic for Virtual Functions (VFs) (bnc#1012382). - PCI: hotplug: Do not leak pci_slot on registration failure (bnc#1012382). - PCI: pciehp: Fix use-after-free on unplug (bnc#1012382). - PM / sleep: wakeup: Fix build error caused by missing SRCU support (bnc#1012382). - RDMA/i40iw: Avoid panic when objects are being created and destroyed (bsc#969476 bsc#969477). - RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint (bsc#969476 bsc#969477). - RDMA/i40iw: Avoid reference leaks when processing the AEQ (bsc#969476 bsc#969477). - RDMA/i40w: Hold read semaphore while looking after VMA (bsc#1024376). - RDMA/mlx5: Use proper spec flow label type (bsc#1015342 bsc#1015343). - Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" (bnc#1012382). - Revert "UBIFS: Fix potential integer overflow in allocation" (bnc#1012382). - Revert "f2fs: handle dirty segments inside refresh_sit_entry" (bsc#1106281). - Revert "mm: page_alloc: skip over regions of invalid pfns where possible" (bnc#1107078). - Smack: Mark inode instant in smack_task_to_inode (bnc#1012382). - USB: musb: fix external abort on suspend (bsc#1085536). - USB: option: add support for DW5821e (bnc#1012382). - USB: serial: metro-usb: stop I/O after failed open (bsc#1085539). - USB: serial: sierra: fix potential deadlock at close (bnc#1012382). - Workaround kABI breakage by __must_check drop of strscpy() (bsc#1107319). - afs: Fix directory permissions check (bsc#1106283). - arc: fix build errors in arc/include/asm/delay.h (bnc#1012382). - arc: fix type warnings in arc/mm/cache.c (bnc#1012382). - arm64: make secondary_start_kernel() notrace (bnc#1012382). - arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() (bnc#1012382). - atl1c: reserve min skb headroom (bnc#1012382). - atm: Preserve value of skb->truesize when accounting to vcc (bsc#1089066). - backlight: as3711_bl: Fix Device Tree node leaks (bsc#1106929). - backlight: lm3630a: Bump REG_MAX value to 0x50 instead of 0x1F (bsc#1106929). - bcache: avoid unncessary cache prefetch bch_btree_node_get() (bsc#1064232). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes (bsc#1064232). - bcache: display rate debug parameters to 0 when writeback is not running (bsc#1064232). - bcache: do not check return value of debugfs_create_dir() (bsc#1064232). - bcache: finish incremental GC (bsc#1064232). - bcache: fix I/O significant decline while backend devices registering (bsc#1064232). - bcache: fix error setting writeback_rate through sysfs interface (bsc#1064232). - bcache: free heap cache_set->flush_btree in bch_journal_free (bsc#1064232). - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section (bsc#1064232). - bcache: release dc->writeback_lock properly in bch_writeback_thread() (bsc#1064232). - bcache: set max writeback rate when I/O request is idle (bsc#1064232). - bcache: simplify the calculation of the total amount of flash dirty data (bsc#1064232). - be2net: remove unused old custom busy-poll fields (bsc#1021121 ). - blkdev: __blkdev_direct_IO_simple: fix leak in error case (bsc#1083663). - block: bio_iov_iter_get_pages: fix size of last iovec (bsc#1083663). - block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs (bsc#1083663). - bnx2x: Fix invalid memory access in rss hash config path (bnc#1012382). - bnx2x: Fix receiving tx-timeout in error or recovery state (bnc#1012382). - bnxt_en: Always set output parameters in bnxt_get_max_rings() (bsc#963575). - bnxt_en: Fix for system hang if request_irq fails (bnc#1012382). - bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic (bsc#1020412 ). - brcmfmac: stop watchdog before detach and free everything (bnc#1012382). - bridge: Propagate vlan add failure to user (bnc#1012382). - btrfs: do not leak ret from do_chunk_alloc (bnc#1012382). - btrfs: round down size diff when shrinking/growing device (bsc#1097105). - can: mpc5xxx_can: check of_iomap return before use (bnc#1012382). - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (bnc#1012382). - ceph: fix incorrect use of strncpy (bsc#1107319). - ceph: return errors from posix_acl_equiv_mode() correctly (bsc#1107320). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1012382). - cifs: add missing debug entries for kconfig options (bnc#1012382). - cifs: check kmalloc before use (bsc#1012382). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1012382). - crypto: ablkcipher - fix crash flushing dcache in error path (bnc#1012382). - crypto: blkcipher - fix crash flushing dcache in error path (bnc#1012382). - crypto: vmac - require a block cipher with 128-bit block size (bnc#1012382). - crypto: vmac - separate tfm and request context (bnc#1012382). - crypto: vmx - Fix sleep-in-atomic bugs (bsc#1048317). - cxgb4: when disabling dcb set txq dcb priority to 0 (bnc#1012382). - cxl: Fix wrong comparison in cxl_adapter_context_get() (bsc#1055014, git-fixes). - dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() (bnc#1012382). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (bnc#1012382). - dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() (bnc#1012382). - drivers: net: lmc: fix case value for target abort error (bnc#1012382). - drm/armada: fix colorkey mode property (bnc#1012382). - drm/atmel-hlcdc: check stride values in the first plane (bsc#1106929). - drm/bridge: adv7511: Reset registers on hotplug (bnc#1012382). - drm/drivers: add support for using the arch wc mapping API (git-fixes). - drm/exynos/dsi: mask frame-done interrupt (bsc#1106929). - drm/exynos: decon5433: Fix WINCONx reset value (bnc#1012382). - drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes (bnc#1012382). - drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes (bnc#1012382). - drm/i915/userptr: reject zero user_size (bsc#1090888). - drm/i915: Correctly handle limited range YCbCr data on VLV/CHV (bsc#1087092). - drm/imx: fix typo in ipu_plane_formats (bsc#1106929). - drm/imx: imx-ldb: check if channel is enabled before printing warning (bnc#1012382). - drm/imx: imx-ldb: disable LDB on driver bind (bnc#1012382). - drm/msm/hdmi: Use bitwise operators when building register values (bsc#1106929). - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bnc#1012382). - drm/panel: type promotion bug in s6e8aa0_read_mtp_id() (bsc#1105769). - drm: Reject getfb for multi-plane framebuffers (bsc#1106929). - enic: do not call enic_change_mtu in enic_probe (git-fixes). - enic: handle mtu change for vf properly (bnc#1012382). - enic: initialize enic->rfs_h.lock in enic_probe (bnc#1012382). - ext4: check for NUL characters in extended attribute's name (bnc#1012382). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bnc#1012382). - ext4: reset error code in ext4_find_entry in fallback (bnc#1012382). - ext4: sysfs: print ext4_super_block fields as little-endian (bsc#1106229). - fb: fix lost console when the user unplugs a USB adapter (bnc#1012382). - fbdev: omapfb: off by one in omapfb_register_client() (bsc#1106929). - fix __legitimize_mnt()/mntput() race (bnc#1012382). - fix mntput/mntput race (bnc#1012382). - fork: unconditionally clear stack on fork (bnc#1012382). - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed (bnc#1012382). - fs/dax.c: fix inefficiency in dax_writeback_mapping_range() (bsc#1106185). - fs/quota: Fix spectre gadget in do_quotactl (bnc#1012382). - fs: aio: fix the increment of aio-nr and counting against aio-max-nr (bsc#1068075, bsc#1078921). - fuse: Add missed unlock_page() to fuse_readpages_fill() (bnc#1012382). - fuse: Do not access pipe->buffers without pipe_lock() (bnc#1012382). - fuse: Fix oops at process_init_reply() (bnc#1012382). - fuse: fix double request_end() (bnc#1012382). - fuse: fix unlocked access to processing queue (bnc#1012382). - fuse: umount should wait for all requests (bnc#1012382). - genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392). - getxattr: use correct xattr length (bnc#1012382). - hfsplus: Do not clear SGID when inheriting ACLs (bsc#1030552). - hwrng: exynos - Disable runtime PM on driver unbind (git-fixes). - i2c: davinci: Avoid zero value of CLKH (bnc#1012382). - i2c: imx: Fix race condition in dma read (bnc#1012382). - i2c: ismt: fix wrong device address when unmap the data buffer (bnc#1012382). - i40e: use cpumask_copy instead of direct assignment (bsc#1053685). - i40iw: Fix memory leak in error path of create QP (bsc#969476 bsc#969477). - i40iw: Use correct address in dst_neigh_lookup for IPv6 (bsc#969476 bsc#969477). - ibmvnic: Include missing return code checks in reset function (bnc#1107966). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bnc#1012382). - ieee802154: at86rf230: use __func__ macro for debug messages (bnc#1012382). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bnc#1012382). - igb: Fix not adding filter elements to the list (bsc#1024361 bsc#1024365). - iio: ad9523: Fix displayed phase (bnc#1012382). - iio: ad9523: Fix return value for ad952x_store() (bnc#1012382). - iommu/amd: make sure TLB to be flushed before IOVA freed (bsc#1106105). - iommu/vt-d: Add definitions for PFSID (bnc#1012382). - iommu/vt-d: Fix dev iotlb pfsid use (bnc#1012382). - iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105). - ioremap: Update pgtable free interfaces with addr (bnc#1012382). - ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV (bnc#1012382). - ipv6: mcast: fix unsolicited report interval after receiving querys (bnc#1012382). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1033962). - iscsi target: fix session creation failure handling (bnc#1012382). - isdn: Disable IIOCDBGVAR (bnc#1012382). - iw_cxgb4: remove duplicate memcpy() in c4iw_create_listen() (bsc#969476 bsc#969477). - ixgbe: Be more careful when modifying MAC filters (bnc#1012382). - jfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - jump_label: Add RELEASE barrier after text changes (bsc#1105271). - jump_label: Fix concurrent static_key_enable/disable() (bsc#1105271). - jump_label: Move CPU hotplug locking (bsc#1105271). - jump_label: Provide hotplug context variants (bsc#1105271). - jump_label: Reduce the size of struct static_key (bsc#1105271). - jump_label: Reorder hotplug lock and jump_label_lock (bsc#1105271). - jump_label: Split out code under the hotplug lock (bsc#1105271). - jump_label: remove bug.h, atomic.h dependencies for HAVE_JUMP_LABEL (bsc#1105271). - kABI: protect enum tcp_ca_event (kabi). - kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597) - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kasan: do not emit builtin calls when sanitization is off (bnc#1012382). - kasan: fix shadow_size calculation error in kasan_module_alloc (bnc#1012382). - kbuild: verify that $DEPMOD is installed (bnc#1012382). - kernel: improve spectre mitigation (bnc#1106934. - kprobes/x86: Fix %p uses in error messages (bnc#1012382). - kprobes: Make list and blacklist root user read only (bnc#1012382). - l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache (bnc#1012382). - libceph: check authorizer reply/challenge length before reading (bsc#1096748). - libceph: factor out __ceph_x_decrypt() (bsc#1096748). - libceph: factor out __prepare_write_connect() (bsc#1096748). - libceph: factor out encrypt_authorizer() (bsc#1096748). - libceph: store ceph_auth_handshake pointer in ceph_connection (bsc#1096748). - libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() (bsc#1096748). - llc: use refcount_inc_not_zero() for llc_sap_find() (bnc#1012382). - locking/lockdep: Do not record IRQ state within lockdep code (bnc#1012382). - locks: pass inode pointer to locks_free_lock_context (bsc at 1099832). - locks: prink more detail when there are leaked locks (bsc#1099832). - locks: restore a warn for leaked locks on close (bsc#1099832). - m68k: fix "bad page state" oops on ColdFire boot (bnc#1012382). - mac80211: add stations tied to AP_VLANs during hw reconfig (bnc#1012382). - md/raid10: fix that replacement cannot complete recovery after reassemble (bnc#1012382). - media: rtl28xxu: be sure that it won't go past the array size (bsc#1050431). - media: s5p-jpeg: fix number of components macro (bsc#1050431). - media: staging: omap4iss: Include asm/cacheflush.h after generic includes (bnc#1012382). - mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported (bnc#1106697). - mm/memory.c: check return value of ioremap_prot (bnc#1012382). - mm/tlb: Remove tlb_remove_table() non-concurrent condition (bnc#1012382). - mm: Add vm_insert_pfn_prot() (bnc#1012382). - mm: fix cache mode tracking in vm_insert_mixed() (bnc#1012382). - mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 (bnc#1012382). - net/9p/client.c: version pointer uninitialized (bnc#1012382). - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() (bnc#1012382). - net/ethernet/freescale/fman: fix cross-build error (bnc#1012382). - net/mlx5: Add missing SET_DRIVER_VERSION command translation (bsc#1015342 bsc#1015343). - net/mlx5: E-Switch, Include VF RDMA stats in vport statistics (bsc#966170 bsc#966172). - net/mlx5: Eswitch, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1015342 bsc#1015343). - net/mlx5: Fix wrong size allocation for QoS ETC TC regitster (bsc#966170 bsc#966172). - net/mlx5: Vport, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#966170 bsc#966172). - net/mlx5e: Do not allow aRFS for encapsulated packets (bsc#1015342 bsc#1015343). - net/mlx5e: Err if asked to offload TC match on frag being first (bsc#1015342 bsc#1015343). - net/mlx5e: Fix quota counting in aRFS expire flow (bsc#1015342 bsc#1015343). - net/mlx5e: Refine ets validation function (bsc#966170 bsc#966172). - net: 6lowpan: fix reserved space for single frames (bnc#1012382). - net: add skb_condense() helper (bsc#1089066). - net: adjust skb->truesize in ___pskb_trim() (bsc#1089066). - net: adjust skb->truesize in pskb_expand_head() (bsc#1089066). - net: axienet: Fix double deregister of mdio (bnc#1012382). - net: caif: Add a missing rcu_read_unlock() in caif_flow_cb (bnc#1012382). - net: davinci_emac: match the mdio device against its compatible if possible (bnc#1012382). - net: ena: Fix use of uninitialized DMA address bits field (bsc#1027968). - net: hamradio: use eth_broadcast_addr (bnc#1012382). - net: lan78xx: Fix misplaced tasklet_schedule() call (bnc#1012382). - net: mac802154: tx: expand tailroom if necessary (bnc#1012382). - net: prevent ISA drivers from building on PPC32 (bnc#1012382). - net: propagate dev_get_valid_name return code (bnc#1012382). - net: qca_spi: Avoid packet drop during initial sync (bnc#1012382). - net: qca_spi: Fix log level if probe fails (bnc#1012382). - net: qca_spi: Make sure the QCA7000 reset is triggered (bnc#1012382). - net: usb: rtl8150: demote allmulti message to dev_dbg() (bnc#1012382). - net_sched: Fix missing res info when create new tc_index filter (bnc#1012382). - net_sched: fix NULL pointer dereference when delete tcindex filter (bnc#1012382). - netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state (bnc#1012382). - netfilter: ipv6: nf_defrag: reduce struct net memory waste (bnc#1012382). - netfilter: x_tables: set module owner for icmp(6) matches (bnc#1012382). - netlink: do not enter direct reclaim from netlink_trim() (bsc#1042286). - nl80211: Add a missing break in parse_station_flags (bnc#1012382). - nvme-fc: release io queues to allow fast fail (bsc#1102486). - nvme: if_ready checks to fail io to deleting controller (bsc#1102486). - nvme: kABI-compliant version of nvmf_fail_nonready_command() (bsc#1102486). - nvmet-fc: fix target sgl list on large transfers (bsc#1102486). - osf_getdomainname(): use copy_to_user() (bnc#1012382). - ovl: Do d_type check only if work dir creation was successful (bnc#1012382). - ovl: Ensure upper filesystem supports d_type (bnc#1012382). - ovl: warn instead of error if d_type is not supported (bnc#1012382). - packet: refine ring v3 block size test to hold one frame (bnc#1012382). - packet: reset network header if packet shorter than ll reserved space (bnc#1012382). - parisc: Define mb() and add memory barriers to assembler unlock sequences (bnc#1012382). - parisc: Enable CONFIG_MLONGCALLS by default (bnc#1012382). - parisc: Remove ordered stores from syscall.S (bnc#1012382). - parisc: Remove unnecessary barriers from spinlock.h (bnc#1012382). - perf auxtrace: Fix queue resize (bnc#1012382). - perf llvm-utils: Remove bashism from kernel include fetch script (bnc#1012382). - perf report powerpc: Fix crash if callchain is empty (bnc#1012382). - perf test session topology: Fix test on s390 (bnc#1012382). - pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() (bnc#1012382). - pnfs/blocklayout: off by one in bl_map_stripe() (bnc#1012382). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes). - powerpc/lib: Fix the feature fixup tests to actually work (bsc#1066223). - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler (bnc#1012382). - powerpc/topology: Get topology for shared processors at boot (bsc#1104683). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc: make feature-fixup tests fortify-safe (bsc#1066223). - pwm: tiehrpwm: Fix disabling of output of PWMs (bnc#1012382). - qed: Add sanity check for SIMD fastpath handler (bnc#1012382). - qed: Correct Multicast API to reflect existence of 256 approximate buckets (bsc#1019695 bsc#1019699 bsc#1022604). - qed: Do not advertise DCBX_LLD_MANAGED capability (bsc#1019695 bsc#1019699 bsc#1022604). - qed: Fix possible memory leak in Rx error path handling (bsc#1019695 bsc#1019699 bsc#1022604 ). - qed: Fix possible race for the link state value (bnc#1012382). - qed: Fix setting of incorrect eswitch mode (bsc#1019695 bsc#1019699 bsc#1022604). - qed: Fix use of incorrect size in memcpy call (bsc#1019695 bsc#1019699 bsc#1022604). - qede: Adverstise software timestamp caps when PHC is not available (bsc#1019695 bsc#1019699 bsc#1022604). - qlge: Fix netdev features configuration (bsc#1098822). - qlogic: check kstrtoul() for errors (bnc#1012382). - readahead: stricter check for bdi io_pages (VM Functionality, git fixes). - reiserfs: fix broken xattr handling (heap corruption, bad retval) (bnc#1012382). - root dentries need RCU-delayed freeing (bnc#1012382). - s390/kvm: fix deadlock when killed by oom (bnc#1012382). - s390/lib: use expoline for all bcr instructions (bnc#1106934. - s390/pci: fix out of bounds access during irq setup (bnc#1012382). - s390/qdio: reset old sbal_state flags (bnc#1012382). - s390/qeth: do not clobber buffer on async TX completion (bnc#1104485. - s390/qeth: fix race when setting MAC address (bnc#1104485. - s390: add explicit for jump label (bsc#1105271). - s390: detect etoken facility (bnc#1106934. - s390: fix br_r1_trampoline for machines without exrl (bnc#1012382 bnc#1106934. - scripts/tar-up.sh: Do not package gitlog-excludes file Also fix the evaluation of gitlog-excludes file, too - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bnc#1012382). - scsi: fcoe: drop frames in ELS LOGO error path (bnc#1012382). - scsi: hpsa: limit transfer length to 1MB, not 512kB (bsc#1102346). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bnc#1012382). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (bnc#1012382). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bnc#1012382). - scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED (bnc#1012382). - scsi: xen-scsifront: add error handling for xenbus_printf (bnc#1012382). - scsi_debug: call resp_XXX function after setting host_scribble (bsc#1069138). - scsi_debug: reset injection flags for every_nth > 0 (bsc#1069138). - selftests/ftrace: Add snapshot and tracing_on test case (bnc#1012382). - selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs (bnc#1012382). - selftests: pstore: return Kselftest Skip code for skipped tests (bnc#1012382). - selftests: static_keys: return Kselftest Skip code for skipped tests (bnc#1012382). - selftests: sync: add config fragment for testing sync framework (bnc#1012382). - selftests: user: return Kselftest Skip code for skipped tests (bnc#1012382). - selftests: zram: return Kselftest Skip code for skipped tests (bnc#1012382). - serial: 8250_dw: always set baud rate in dw8250_set_termios (bnc#1012382). - sfc: stop the TX queue before pushing new buffers (bsc#1017967 ). - slab: __GFP_ZERO is incompatible with a constructor (bnc#1107060). - smb3: Do not send SMB3 SET_INFO if nothing changed (bnc#1012382). - smb3: do not request leases in symlink creation and query (bnc#1012382). - spi: davinci: fix a NULL pointer dereference (bnc#1012382). - staging: android: ion: check for kref overflow (bnc#1012382). - string: drop __must_check from strscpy() and restore strscpy() usages in cgroup (bsc#1107319). - sys: do not hold uts_sem while accessing userspace memory (bnc#1106995). - target_core_rbd: use RCU in free_device (bsc#1105524). - tcp: Fix missing range_truesize enlargement in the backport (bnc#1012382). - tcp: identify cryptic messages as TCP seq # bugs (bnc#1012382). - tcp: remove DELAYED ACK events in DCTCP (bnc#1012382). - timekeeping: Eliminate the stale declaration of ktime_get_raw_and_real_ts64() (bsc#969470). - tools/power turbostat: Read extended processor family from CPUID (bnc#1012382). - tools/power turbostat: fix -S on UP systems (bnc#1012382). - tools: usb: ffs-test: Fix build on big endian systems (bnc#1012382). - tpm: fix race condition in tpm_common_write() (bnc#1012382). - tracing/blktrace: Fix to allow setting same value (bnc#1012382). - tracing: Do not call start/stop() functions when tracing_on does not change (bnc#1012382). - tracing: Use __printf markup to silence compiler (bnc#1012382). - ubifs: Check data node size before truncate (bsc#1106276). - ubifs: Fix memory leak in lprobs self-check (bsc#1106278). - ubifs: Fix synced_i_size calculation for xattr inodes (bsc#1106275). - ubifs: xattr: Do not operate on deleted inodes (bsc#1106271). - udl-kms: change down_interruptible to down (bnc#1012382). - udl-kms: fix crash due to uninitialized memory (bnc#1012382). - udl-kms: handle allocation failure (bnc#1012382). - udlfb: set optimal write delay (bnc#1012382). - uprobes: Use synchronize_rcu() not synchronize_sched() (bnc#1012382). - usb/phy: fix PPC64 build errors in phy-fsl-usb.c (bnc#1012382). - usb: audio-v2: Correct the comment for struct uac_clock_selector_descriptor (bsc#1099810). - usb: dwc2: debugfs: Do not touch RX FIFO during register dump (bsc#1100132). - usb: dwc2: fix isoc split in transfer with no data (bnc#1012382). - usb: gadget: composite: fix delayed_status race condition when set_interface (bnc#1012382). - usb: gadget: dwc2: fix memory leak in gadget_init() (bnc#1012382). - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' (bnc#1012382). - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() (bnc#1012382). - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() (bnc#1012382). - usb: renesas_usbhs: gadget: fix spin_lock_init() for uep->lock (bsc#1085536). - usb: xhci: increase CRS timeout value (bnc#1012382). - userns: move user access out of the mutex (bnc#1012382). - virtio_console: fix uninitialized variable use (git-fixes). - vmw_balloon: VMCI_DOORBELL_SET does not check status (bnc#1012382). - vmw_balloon: do not use 2MB without batching (bnc#1012382). - vmw_balloon: fix VMCI use when balloon built into kernel (bnc#1012382). - vmw_balloon: fix inflation of 64-bit GFNs (bnc#1012382). - vsock: split dwork to avoid reinitializations (bnc#1012382). - vti6: Fix dev->max_mtu setting (bsc#1033962). - vti6: fix PMTU caching and reporting on xmit (bnc#1012382). - x86/bugs: Move the l1tf function and define pr_fmt properly (bnc#1012382). - x86/init: fix build with CONFIG_SWAP=n (bnc#1012382). - x86/irqflags: Mark native_restore_fl extern inline (bnc#1012382). - x86/mm/kmmio: Make the tracer robust against L1TF (bnc#1012382). - x86/mm/pat: Fix L1TF stable backport for CPA (bnc#1012382). - x86/mm/pat: Fix L1TF stable backport for CPA, 2nd call (bnc#1012382). - x86/mm/pat: Make set_memory_np() L1TF safe (bnc#1012382). - x86/mm: Add TLB purge to free pmd/pte page interfaces (bnc#1012382). - x86/mm: Disable ioremap free page handling on x86-PAE (bnc#1012382). - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (bnc#1012382). - x86/process: Re-export start_thread() (bnc#1012382). - x86/spectre: Add missing family 6 check to microcode check (bnc#1012382). - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (bnc#1012382). - x86/speculation/l1tf: Extend 64bit swap file size limit (bnc#1012382). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1012382). - x86/speculation/l1tf: Fix up CPU feature flags (bnc#1012382). - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bnc#1012382). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Invert all not present mappings (bnc#1012382). - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (bnc#1012382). - x86/speculation/l1tf: Protect PAE swap entries against L1TF (bnc#1012382). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (bnc#1012382). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - xen/blkback: do not keep persistent grants too long (bsc#1085042). - xen/blkback: move persistent grants flags to bool (bsc#1085042). - xen/blkfront: cleanup stale persistent grants (bsc#1085042). - xen/blkfront: reorder tests in xlblk_init() (bsc#1085042). - xen/netfront: do not cache skb_shinfo() (bnc#1012382). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (bnc#1012382). - xfrm: free skb if nlsk pointer is NULL (bnc#1012382). - xfrm_user: prevent leaking 2 bytes of kernel memory (bnc#1012382). - xfs: Remove dead code from inode recover function (bsc#1105396). - xfs: repair malformed inode items during log recovery (bsc#1105396). - zswap: re-check zswap_is_full() after do zswap_shrink() (bnc#1012382). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP3: zypper in -t patch SUSE-SLE-RT-12-SP3-2018-2019=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP3 (noarch): kernel-devel-rt-4.4.155-3.23.1 kernel-source-rt-4.4.155-3.23.1 - SUSE Linux Enterprise Real Time Extension 12-SP3 (x86_64): cluster-md-kmp-rt-4.4.155-3.23.1 cluster-md-kmp-rt-debuginfo-4.4.155-3.23.1 dlm-kmp-rt-4.4.155-3.23.1 dlm-kmp-rt-debuginfo-4.4.155-3.23.1 gfs2-kmp-rt-4.4.155-3.23.1 gfs2-kmp-rt-debuginfo-4.4.155-3.23.1 kernel-rt-4.4.155-3.23.1 kernel-rt-base-4.4.155-3.23.1 kernel-rt-base-debuginfo-4.4.155-3.23.1 kernel-rt-debuginfo-4.4.155-3.23.1 kernel-rt-debugsource-4.4.155-3.23.1 kernel-rt-devel-4.4.155-3.23.1 kernel-rt_debug-debuginfo-4.4.155-3.23.1 kernel-rt_debug-debugsource-4.4.155-3.23.1 kernel-rt_debug-devel-4.4.155-3.23.1 kernel-rt_debug-devel-debuginfo-4.4.155-3.23.1 kernel-syms-rt-4.4.155-3.23.1 ocfs2-kmp-rt-4.4.155-3.23.1 ocfs2-kmp-rt-debuginfo-4.4.155-3.23.1 References: https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10938.html https://www.suse.com/security/cve/CVE-2018-1128.html https://www.suse.com/security/cve/CVE-2018-1129.html https://www.suse.com/security/cve/CVE-2018-12896.html https://www.suse.com/security/cve/CVE-2018-13093.html https://www.suse.com/security/cve/CVE-2018-13094.html https://www.suse.com/security/cve/CVE-2018-13095.html https://www.suse.com/security/cve/CVE-2018-15572.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1015342 https://bugzilla.suse.com/1015343 https://bugzilla.suse.com/1017967 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1019699 https://bugzilla.suse.com/1020412 https://bugzilla.suse.com/1021121 https://bugzilla.suse.com/1022604 https://bugzilla.suse.com/1024361 https://bugzilla.suse.com/1024365 https://bugzilla.suse.com/1024376 https://bugzilla.suse.com/1027968 https://bugzilla.suse.com/1030552 https://bugzilla.suse.com/1031492 https://bugzilla.suse.com/1033962 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1048317 https://bugzilla.suse.com/1050431 https://bugzilla.suse.com/1053685 https://bugzilla.suse.com/1055014 https://bugzilla.suse.com/1056596 https://bugzilla.suse.com/1062604 https://bugzilla.suse.com/1063646 https://bugzilla.suse.com/1064232 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068075 https://bugzilla.suse.com/1069138 https://bugzilla.suse.com/1078921 https://bugzilla.suse.com/1080157 https://bugzilla.suse.com/1083663 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1089066 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1092903 https://bugzilla.suse.com/1096748 https://bugzilla.suse.com/1097105 https://bugzilla.suse.com/1098822 https://bugzilla.suse.com/1099597 https://bugzilla.suse.com/1099810 https://bugzilla.suse.com/1099832 https://bugzilla.suse.com/1099922 https://bugzilla.suse.com/1099999 https://bugzilla.suse.com/1100000 https://bugzilla.suse.com/1100001 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1102346 https://bugzilla.suse.com/1102486 https://bugzilla.suse.com/1102517 https://bugzilla.suse.com/1104485 https://bugzilla.suse.com/1104683 https://bugzilla.suse.com/1105271 https://bugzilla.suse.com/1105296 https://bugzilla.suse.com/1105322 https://bugzilla.suse.com/1105323 https://bugzilla.suse.com/1105392 https://bugzilla.suse.com/1105396 https://bugzilla.suse.com/1105524 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1105769 https://bugzilla.suse.com/1106016 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106185 https://bugzilla.suse.com/1106191 https://bugzilla.suse.com/1106229 https://bugzilla.suse.com/1106271 https://bugzilla.suse.com/1106275 https://bugzilla.suse.com/1106276 https://bugzilla.suse.com/1106278 https://bugzilla.suse.com/1106281 https://bugzilla.suse.com/1106283 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1106697 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1106934 https://bugzilla.suse.com/1106995 https://bugzilla.suse.com/1107060 https://bugzilla.suse.com/1107078 https://bugzilla.suse.com/1107319 https://bugzilla.suse.com/1107320 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1107735 https://bugzilla.suse.com/1107966 https://bugzilla.suse.com/963575 https://bugzilla.suse.com/966170 https://bugzilla.suse.com/966172 https://bugzilla.suse.com/969470 https://bugzilla.suse.com/969476 https://bugzilla.suse.com/969477 From sle-security-updates at lists.suse.com Tue Sep 25 13:30:02 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 25 Sep 2018 21:30:02 +0200 (CEST) Subject: SUSE-SU-2018:2863-1: moderate: Security update for dom4j Message-ID: <20180925193002.78293FCD2@maintenance.suse.de> SUSE Security Update: Security update for dom4j ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2863-1 Rating: moderate References: #1105443 Cross-References: CVE-2018-1000632 Affected Products: SUSE Manager Server 3.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dom4j fixes the following issues: - CVE-2018-1000632: Prevent XML injection vulnerability that allowed an attacker to tamper with XML documents (bsc#1105443). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-2005=1 Package List: - SUSE Manager Server 3.1 (noarch): dom4j-1.6.1-3.3.2 References: https://www.suse.com/security/cve/CVE-2018-1000632.html https://bugzilla.suse.com/1105443 From sle-security-updates at lists.suse.com Tue Sep 25 13:30:40 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 25 Sep 2018 21:30:40 +0200 (CEST) Subject: SUSE-SU-2018:2864-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP2) Message-ID: <20180925193040.A97E7FCD2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2864-1 Rating: important References: #1102682 #1103203 #1105323 #1106191 Cross-References: CVE-2018-10902 CVE-2018-10938 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.121-92_92 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2006=1 SUSE-SLE-SAP-12-SP2-2018-2007=1 SUSE-SLE-SAP-12-SP2-2018-2008=1 SUSE-SLE-SAP-12-SP2-2018-2009=1 SUSE-SLE-SAP-12-SP2-2018-2010=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2006=1 SUSE-SLE-SERVER-12-SP2-2018-2007=1 SUSE-SLE-SERVER-12-SP2-2018-2008=1 SUSE-SLE-SERVER-12-SP2-2018-2009=1 SUSE-SLE-SERVER-12-SP2-2018-2010=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_120-92_70-default-6-2.1 kgraft-patch-4_4_121-92_73-default-5-2.1 kgraft-patch-4_4_121-92_80-default-5-2.1 kgraft-patch-4_4_121-92_85-default-3-2.1 kgraft-patch-4_4_121-92_92-default-3-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_120-92_70-default-6-2.1 kgraft-patch-4_4_121-92_73-default-5-2.1 kgraft-patch-4_4_121-92_80-default-5-2.1 kgraft-patch-4_4_121-92_85-default-3-2.1 kgraft-patch-4_4_121-92_92-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10938.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1103203 https://bugzilla.suse.com/1105323 https://bugzilla.suse.com/1106191 From sle-security-updates at lists.suse.com Wed Sep 26 04:11:35 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 26 Sep 2018 12:11:35 +0200 (CEST) Subject: SUSE-SU-2018:2866-1: moderate: Security update for ant Message-ID: <20180926101135.398F7FCD2@maintenance.suse.de> SUSE Security Update: Security update for ant ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2866-1 Rating: moderate References: #1100053 Cross-References: CVE-2018-10886 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ant fixes the following issues: Security issue fixed: - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution (bsc#1100053) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2021=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (noarch): ant-1.9.10-3.3.1 ant-antlr-1.9.10-3.3.1 ant-apache-bcel-1.9.10-3.3.1 ant-apache-bsf-1.9.10-3.3.1 ant-apache-log4j-1.9.10-3.3.1 ant-apache-oro-1.9.10-3.3.1 ant-apache-regexp-1.9.10-3.3.1 ant-apache-resolver-1.9.10-3.3.1 ant-commons-logging-1.9.10-3.3.1 ant-javamail-1.9.10-3.3.1 ant-jdepend-1.9.10-3.3.1 ant-jmf-1.9.10-3.3.1 ant-junit-1.9.10-3.3.1 ant-manual-1.9.10-3.3.1 ant-scripts-1.9.10-3.3.1 ant-swing-1.9.10-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-10886.html https://bugzilla.suse.com/1100053 From sle-security-updates at lists.suse.com Wed Sep 26 07:13:06 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 26 Sep 2018 15:13:06 +0200 (CEST) Subject: SUSE-SU-2018:2872-1: moderate: Security update for wireshark Message-ID: <20180926131306.364ABFCD2@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2872-1 Rating: moderate References: #1106514 Cross-References: CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for wireshark fixes the following issues: Update wireshark to version 2.2.17 (bsc#1106514): Security issues fixed: - CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44) - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45) - CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.17.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-wireshark-13792=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wireshark-13792=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wireshark-13792=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-devel-2.2.17-40.31.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libwireshark8-2.2.17-40.31.1 libwiretap6-2.2.17-40.31.1 libwscodecs1-2.2.17-40.31.1 libwsutil7-2.2.17-40.31.1 wireshark-2.2.17-40.31.1 wireshark-gtk-2.2.17-40.31.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libwireshark8-2.2.17-40.31.1 libwiretap6-2.2.17-40.31.1 libwscodecs1-2.2.17-40.31.1 libwsutil7-2.2.17-40.31.1 wireshark-2.2.17-40.31.1 wireshark-gtk-2.2.17-40.31.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-debuginfo-2.2.17-40.31.1 wireshark-debugsource-2.2.17-40.31.1 References: https://www.suse.com/security/cve/CVE-2018-16056.html https://www.suse.com/security/cve/CVE-2018-16057.html https://www.suse.com/security/cve/CVE-2018-16058.html https://bugzilla.suse.com/1106514 From sle-security-updates at lists.suse.com Wed Sep 26 10:08:21 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 26 Sep 2018 18:08:21 +0200 (CEST) Subject: SUSE-SU-2018:2879-1: important: Security update for the Linux Kernel Message-ID: <20180926160821.15586FCD2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2879-1 Rating: important References: #1037441 #1045538 #1047487 #1048185 #1050381 #1050431 #1057199 #1060245 #1064861 #1068032 #1080157 #1087081 #1092772 #1092903 #1093666 #1096547 #1097562 #1098822 #1099922 #1100132 #1100705 #1102517 #1102870 #1103119 #1103884 #1103909 #1104481 #1104684 #1104818 #1104901 #1105100 #1105322 #1105348 #1105536 #1105723 #1106095 #1106105 #1106199 #1106202 #1106206 #1106209 #1106212 #1106369 #1106509 #1106511 #1106609 #1106886 #1106930 #1106995 #1107001 #1107064 #1107071 #1107650 #1107689 #1107735 #1107949 #1108096 #1108170 #1108823 #1108912 Cross-References: CVE-2018-10902 CVE-2018-10940 CVE-2018-12896 CVE-2018-14617 CVE-2018-14634 CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 48 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870). - CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095). - CVE-2018-15594: Ensure correct handling of indirect calls, to prevent attackers for conducting Spectre-v2 attacks against paravirtual guests (bsc#1105348). - CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912) - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517) - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322) - CVE-2018-14734: ucma_leave_multicast accessed a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bsc#1103119) The following non-security bugs were fixed: - ACPI: APEI / ERST: Fix missing error handling in erst_reader() (bsc#1045538). - ALSA: fm801: propagate TUNER_ONLY bit when autodetected (bsc#1045538). - ALSA: pcm: Fix snd_pcm_hw_params struct copy in compat mode (bsc#1045538). - ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() (bsc#1045538). - ALSA: pcm: fix fifo_size frame calculation (bsc#1045538). - ALSA: snd-aoa: add of_node_put() in error path (bsc#1045538). - ALSA: usb-audio: Add sanity checks in v2 clock parsers (bsc#1045538). - ALSA: usb-audio: Add sanity checks to FE parser (bsc#1045538). - ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute (bsc#1045538). - ALSA: usb-audio: Fix bogus error return in snd_usb_create_stream() (bsc#1045538). - ALSA: usb-audio: Fix parameter block size for UAC2 control requests (bsc#1045538). - ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit (bsc#1045538). - ALSA: usb-audio: Fix potential out-of-bound access at parsing SU (bsc#1045538). - ALSA: usb-audio: Set correct type for some UAC2 mixer controls (bsc#1045538). - ASoC: blackfin: Fix missing break (bsc#1045538). - Enforce module signatures if the kernel is locked down (bsc#1093666). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - PCI: Fix TI816X class code quirk (bsc#1050431). - Refresh patches.xen/xen3-x86-l1tf-04-protect-PROT_NONE-ptes.patch (bsc#1105100). - TPM: Zero buffer whole after copying to userspace (bsc#1050381). - USB: add USB_DEVICE_INTERFACE_CLASS macro (bsc#1047487). - USB: hub: fix non-SS hub-descriptor handling (bsc#1047487). - USB: serial: ftdi_sio: fix latency-timer error handling (bsc#1037441). - USB: serial: io_edgeport: fix possible sleep-in-atomic (bsc#1037441). - USB: serial: io_ti: fix NULL-deref in interrupt callback (bsc#1106609). - USB: serial: sierra: fix potential deadlock at close (bsc#1100132). - USB: visor: Match I330 phone more precisely (bsc#1047487). - applicom: dereferencing NULL on error path (git-fixes). - ath5k: Change led pin configuration for compaq c700 laptop (bsc#1048185). - base: make module_create_drivers_dir race-free (git-fixes). - block: fix an error code in add_partition() (bsc#1106209). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (bsc#1108096). - btrfs: scrub: Do not use inode pages for device replace (bsc#1107949). - dasd: Add IFCC notice message (bnc#1104481, LTC#170484). - drm/i915: Remove bogus __init annotation from DMI callbacks (bsc#1106886). - drm/i915: fix use-after-free in page_flip_completed() (bsc#1103909). - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bsc#1106886). - drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve() (bsc#1106886). - drm: crtc: integer overflow in drm_property_create_blob() (bsc#1106886). - drm: re-enable error handling (bsc#1103884) - fbdev: omapfb: off by one in omapfb_register_client() (bsc#1106886). - iommu/amd: Finish TLB flush in amd_iommu_unmap() (bsc#1106105). - iommu/amd: Fix the left value check of cmd buffer (bsc#1106105). - iommu/amd: Free domain id when free a domain of struct dma_ops_domain (bsc#1106105). - iommu/amd: Update Alias-DTE in update_device_table() (bsc#1106105). - iommu/vt-d: Do not over-free page table directories (bsc#1106105). - iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105). - ipv6: Regenerate host route according to node pointer upon loopback up (bsc#1100705). - ipv6: correctly add local routes when lo goes up (bsc#1100705). - ipv6: introduce ip6_rt_put() (bsc#1100705). - ipv6: reallocate addrconf router for ipv6 address when lo device up (bsc#1100705). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kthread, tracing: Do not expose half-written comm when creating kthreads (Git-fixes). - mm/hugetlb: add migration/hwpoisoned entry check in hugetlb_change_protection (bnc#1107071). - mm/mempolicy.c: avoid use uninitialized preferred_node (bnc#1107064). - modsign: log module name in the event of an error (bsc#1093666). - modsign: print module name along with error message (bsc#1093666). - module: make it clear when we're handling the module copy in info->hdr (bsc#1093666). - module: setup load info before module_sig_check() (bsc#1093666). - nbd: ratelimit error msgs after socket close (bsc#1106206). - ncpfs: return proper error from NCP_IOC_SETROOT ioctl (bsc#1106199). - nvme: add device id's with intel stripe quirk (bsc#1097562). - perf/core: Fix group scheduling with mixed hw and sw events (Git-fixes). - perf/x86/intel: Add cpu_(prepare|starting|dying) for core_pmu (bsc#1104901). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes). - powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772, bsc#1107650). - powerpc/fadump: exclude memory holes while reserving memory in second kernel (bsc#1092772, bsc#1107650). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc/lib: Fix off-by-one in alternate feature patching (bsc#1064861). - powerpc/lib: Fix the feature fixup tests to actually work (bsc#1064861). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc: make feature-fixup tests fortify-safe (bsc#1064861). - ptrace: fix PTRACE_LISTEN race corrupting task->state (bnc#1107001). - qlge: Fix netdev features configuration (bsc#1098822). - resource: fix integer overflow at reallocation (bsc#1045538). - rpm/kernel-docs.spec.in: Expand kernel tree directly from sources (bsc#1057199) - s390/ftrace: use expoline for indirect branches (bnc#1106930, LTC#171029). - s390/kernel: use expoline for indirect branches (bnc#1106930, LTC#171029). - s390/qeth: do not clobber buffer on async TX completion (bnc#1060245, LTC#170349). - s390: Correct register corruption in critical section cleanup (bnc#1106930, LTC#171029). - s390: add assembler macros for CPU alternatives (bnc#1106930, LTC#171029). - s390: detect etoken facility (bnc#1106930, LTC#171029). - s390: move expoline assembler macros to a header (bnc#1106930, LTC#171029). - s390: move spectre sysfs attribute code (bnc#1106930, LTC#171029). - s390: remove indirect branch from do_softirq_own_stack (bnc#1106930, LTC#171029). - smsc75xx: Add workaround for gigabit link up hardware errata (bsc#1100132). - sys: do not hold uts_sem while accessing userspace memory (bnc#1106995). - tpm: fix race condition in tpm_common_write() (bsc#1050381). - tracing/blktrace: Fix to allow setting same value (bsc#1106212). - tty: vt, fix bogus division in csi_J (git-fixes). - tty: vt, return error when con_startup fails (git-fixes). - uml: fix hostfs mknod() (bsc#1106202). - usb: audio-v2: Correct the comment for struct uac_clock_selector_descriptor (bsc#1045538). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). - x86/init: fix build with CONFIG_SWAP=n (bsc#1105723). - x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y (bsc#1106105). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/vdso: Fix vDSO build if a retpoline is emitted (git-fixes). - xen x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - xen x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen, x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - xen: x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-13796=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-13796=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-13796=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-13796=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-108.71.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-108.71.1 kernel-default-base-3.0.101-108.71.1 kernel-default-devel-3.0.101-108.71.1 kernel-source-3.0.101-108.71.1 kernel-syms-3.0.101-108.71.1 kernel-trace-3.0.101-108.71.1 kernel-trace-base-3.0.101-108.71.1 kernel-trace-devel-3.0.101-108.71.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-108.71.1 kernel-ec2-base-3.0.101-108.71.1 kernel-ec2-devel-3.0.101-108.71.1 kernel-xen-3.0.101-108.71.1 kernel-xen-base-3.0.101-108.71.1 kernel-xen-devel-3.0.101-108.71.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-108.71.1 kernel-bigmem-base-3.0.101-108.71.1 kernel-bigmem-devel-3.0.101-108.71.1 kernel-ppc64-3.0.101-108.71.1 kernel-ppc64-base-3.0.101-108.71.1 kernel-ppc64-devel-3.0.101-108.71.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-108.71.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-108.71.1 kernel-pae-base-3.0.101-108.71.1 kernel-pae-devel-3.0.101-108.71.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.71.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.71.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.71.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.71.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.71.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.71.1 kernel-default-debugsource-3.0.101-108.71.1 kernel-trace-debuginfo-3.0.101-108.71.1 kernel-trace-debugsource-3.0.101-108.71.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.71.1 kernel-trace-devel-debuginfo-3.0.101-108.71.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.71.1 kernel-ec2-debugsource-3.0.101-108.71.1 kernel-xen-debuginfo-3.0.101-108.71.1 kernel-xen-debugsource-3.0.101-108.71.1 kernel-xen-devel-debuginfo-3.0.101-108.71.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.71.1 kernel-bigmem-debugsource-3.0.101-108.71.1 kernel-ppc64-debuginfo-3.0.101-108.71.1 kernel-ppc64-debugsource-3.0.101-108.71.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.71.1 kernel-pae-debugsource-3.0.101-108.71.1 kernel-pae-devel-debuginfo-3.0.101-108.71.1 References: https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10940.html https://www.suse.com/security/cve/CVE-2018-12896.html https://www.suse.com/security/cve/CVE-2018-14617.html https://www.suse.com/security/cve/CVE-2018-14634.html https://www.suse.com/security/cve/CVE-2018-14734.html https://www.suse.com/security/cve/CVE-2018-15572.html https://www.suse.com/security/cve/CVE-2018-15594.html https://www.suse.com/security/cve/CVE-2018-16276.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://bugzilla.suse.com/1037441 https://bugzilla.suse.com/1045538 https://bugzilla.suse.com/1047487 https://bugzilla.suse.com/1048185 https://bugzilla.suse.com/1050381 https://bugzilla.suse.com/1050431 https://bugzilla.suse.com/1057199 https://bugzilla.suse.com/1060245 https://bugzilla.suse.com/1064861 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1080157 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1092772 https://bugzilla.suse.com/1092903 https://bugzilla.suse.com/1093666 https://bugzilla.suse.com/1096547 https://bugzilla.suse.com/1097562 https://bugzilla.suse.com/1098822 https://bugzilla.suse.com/1099922 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1100705 https://bugzilla.suse.com/1102517 https://bugzilla.suse.com/1102870 https://bugzilla.suse.com/1103119 https://bugzilla.suse.com/1103884 https://bugzilla.suse.com/1103909 https://bugzilla.suse.com/1104481 https://bugzilla.suse.com/1104684 https://bugzilla.suse.com/1104818 https://bugzilla.suse.com/1104901 https://bugzilla.suse.com/1105100 https://bugzilla.suse.com/1105322 https://bugzilla.suse.com/1105348 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1105723 https://bugzilla.suse.com/1106095 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106199 https://bugzilla.suse.com/1106202 https://bugzilla.suse.com/1106206 https://bugzilla.suse.com/1106209 https://bugzilla.suse.com/1106212 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1106609 https://bugzilla.suse.com/1106886 https://bugzilla.suse.com/1106930 https://bugzilla.suse.com/1106995 https://bugzilla.suse.com/1107001 https://bugzilla.suse.com/1107064 https://bugzilla.suse.com/1107071 https://bugzilla.suse.com/1107650 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1107735 https://bugzilla.suse.com/1107949 https://bugzilla.suse.com/1108096 https://bugzilla.suse.com/1108170 https://bugzilla.suse.com/1108823 https://bugzilla.suse.com/1108912 From sle-security-updates at lists.suse.com Wed Sep 26 10:26:05 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 26 Sep 2018 18:26:05 +0200 (CEST) Subject: SUSE-SU-2018:2883-1: important: Security update for glibc Message-ID: <20180926162605.51AD8FCD2@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2883-1 Rating: important References: #1058774 #1064580 #1064583 #941234 Cross-References: CVE-2015-5180 CVE-2017-15670 CVE-2017-15804 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for glibc fixes the following security issues: - CVE-2017-15670: Prevent off-by-one error that lead to a heap-based buffer overflow in the glob function, related to the processing of home directories using the ~ operator followed by a long string (bsc#1064583) - CVE-2017-15804: The glob function contained a buffer overflow during unescaping of user names with the ~ operator (bsc#1064580) - CVE-2015-5180: res_query in libresolv allowed remote attackers to cause a denial of service (NULL pointer dereference and process crash) (bsc#941234). This non-security issue was fixed: - Fix inaccuracies in casin, cacos, casinh, cacosh (bsc#1058774) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-glibc-13795=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-glibc-13795=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-glibc-13795=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-glibc-13795=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glibc-13795=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-glibc-13795=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): glibc-html-2.11.3-17.110.19.2 glibc-info-2.11.3-17.110.19.2 - SUSE Linux Enterprise Server 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.110.19.2 glibc-devel-2.11.3-17.110.19.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.110.19.2 glibc-i18ndata-2.11.3-17.110.19.2 glibc-info-2.11.3-17.110.19.2 glibc-locale-2.11.3-17.110.19.2 glibc-profile-2.11.3-17.110.19.2 nscd-2.11.3-17.110.19.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.110.19.2 glibc-devel-32bit-2.11.3-17.110.19.2 glibc-locale-32bit-2.11.3-17.110.19.2 glibc-profile-32bit-2.11.3-17.110.19.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): glibc-locale-x86-2.11.3-17.110.19.2 glibc-profile-x86-2.11.3-17.110.19.2 glibc-x86-2.11.3-17.110.19.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 i686 s390x x86_64): glibc-2.11.3-17.110.19.2 glibc-devel-2.11.3-17.110.19.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): glibc-html-2.11.3-17.110.19.2 glibc-i18ndata-2.11.3-17.110.19.2 glibc-info-2.11.3-17.110.19.2 glibc-locale-2.11.3-17.110.19.2 glibc-profile-2.11.3-17.110.19.2 nscd-2.11.3-17.110.19.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): glibc-32bit-2.11.3-17.110.19.2 glibc-devel-32bit-2.11.3-17.110.19.2 glibc-locale-32bit-2.11.3-17.110.19.2 glibc-profile-32bit-2.11.3-17.110.19.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 i686): glibc-2.11.3-17.110.19.2 glibc-devel-2.11.3-17.110.19.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): glibc-html-2.11.3-17.110.19.2 glibc-i18ndata-2.11.3-17.110.19.2 glibc-info-2.11.3-17.110.19.2 glibc-locale-2.11.3-17.110.19.2 glibc-profile-2.11.3-17.110.19.2 nscd-2.11.3-17.110.19.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.110.19.2 glibc-debugsource-2.11.3-17.110.19.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.110.19.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): glibc-debuginfo-x86-2.11.3-17.110.19.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 i686 s390x x86_64): glibc-debuginfo-2.11.3-17.110.19.2 glibc-debugsource-2.11.3-17.110.19.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.110.19.2 References: https://www.suse.com/security/cve/CVE-2015-5180.html https://www.suse.com/security/cve/CVE-2017-15670.html https://www.suse.com/security/cve/CVE-2017-15804.html https://bugzilla.suse.com/1058774 https://bugzilla.suse.com/1064580 https://bugzilla.suse.com/1064583 https://bugzilla.suse.com/941234 From sle-security-updates at lists.suse.com Wed Sep 26 16:08:09 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 27 Sep 2018 00:08:09 +0200 (CEST) Subject: SUSE-SU-2018:2887-1: moderate: Security update for php7 Message-ID: <20180926220809.1FDC7FCD2@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2887-1 Rating: moderate References: #1108753 Cross-References: CVE-2018-17082 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade was mishandled in the php_handler function (bsc#1108753). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2046=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-2046=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.52.1 php7-debugsource-7.0.7-50.52.1 php7-devel-7.0.7-50.52.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.52.1 apache2-mod_php7-debuginfo-7.0.7-50.52.1 php7-7.0.7-50.52.1 php7-bcmath-7.0.7-50.52.1 php7-bcmath-debuginfo-7.0.7-50.52.1 php7-bz2-7.0.7-50.52.1 php7-bz2-debuginfo-7.0.7-50.52.1 php7-calendar-7.0.7-50.52.1 php7-calendar-debuginfo-7.0.7-50.52.1 php7-ctype-7.0.7-50.52.1 php7-ctype-debuginfo-7.0.7-50.52.1 php7-curl-7.0.7-50.52.1 php7-curl-debuginfo-7.0.7-50.52.1 php7-dba-7.0.7-50.52.1 php7-dba-debuginfo-7.0.7-50.52.1 php7-debuginfo-7.0.7-50.52.1 php7-debugsource-7.0.7-50.52.1 php7-dom-7.0.7-50.52.1 php7-dom-debuginfo-7.0.7-50.52.1 php7-enchant-7.0.7-50.52.1 php7-enchant-debuginfo-7.0.7-50.52.1 php7-exif-7.0.7-50.52.1 php7-exif-debuginfo-7.0.7-50.52.1 php7-fastcgi-7.0.7-50.52.1 php7-fastcgi-debuginfo-7.0.7-50.52.1 php7-fileinfo-7.0.7-50.52.1 php7-fileinfo-debuginfo-7.0.7-50.52.1 php7-fpm-7.0.7-50.52.1 php7-fpm-debuginfo-7.0.7-50.52.1 php7-ftp-7.0.7-50.52.1 php7-ftp-debuginfo-7.0.7-50.52.1 php7-gd-7.0.7-50.52.1 php7-gd-debuginfo-7.0.7-50.52.1 php7-gettext-7.0.7-50.52.1 php7-gettext-debuginfo-7.0.7-50.52.1 php7-gmp-7.0.7-50.52.1 php7-gmp-debuginfo-7.0.7-50.52.1 php7-iconv-7.0.7-50.52.1 php7-iconv-debuginfo-7.0.7-50.52.1 php7-imap-7.0.7-50.52.1 php7-imap-debuginfo-7.0.7-50.52.1 php7-intl-7.0.7-50.52.1 php7-intl-debuginfo-7.0.7-50.52.1 php7-json-7.0.7-50.52.1 php7-json-debuginfo-7.0.7-50.52.1 php7-ldap-7.0.7-50.52.1 php7-ldap-debuginfo-7.0.7-50.52.1 php7-mbstring-7.0.7-50.52.1 php7-mbstring-debuginfo-7.0.7-50.52.1 php7-mcrypt-7.0.7-50.52.1 php7-mcrypt-debuginfo-7.0.7-50.52.1 php7-mysql-7.0.7-50.52.1 php7-mysql-debuginfo-7.0.7-50.52.1 php7-odbc-7.0.7-50.52.1 php7-odbc-debuginfo-7.0.7-50.52.1 php7-opcache-7.0.7-50.52.1 php7-opcache-debuginfo-7.0.7-50.52.1 php7-openssl-7.0.7-50.52.1 php7-openssl-debuginfo-7.0.7-50.52.1 php7-pcntl-7.0.7-50.52.1 php7-pcntl-debuginfo-7.0.7-50.52.1 php7-pdo-7.0.7-50.52.1 php7-pdo-debuginfo-7.0.7-50.52.1 php7-pgsql-7.0.7-50.52.1 php7-pgsql-debuginfo-7.0.7-50.52.1 php7-phar-7.0.7-50.52.1 php7-phar-debuginfo-7.0.7-50.52.1 php7-posix-7.0.7-50.52.1 php7-posix-debuginfo-7.0.7-50.52.1 php7-pspell-7.0.7-50.52.1 php7-pspell-debuginfo-7.0.7-50.52.1 php7-shmop-7.0.7-50.52.1 php7-shmop-debuginfo-7.0.7-50.52.1 php7-snmp-7.0.7-50.52.1 php7-snmp-debuginfo-7.0.7-50.52.1 php7-soap-7.0.7-50.52.1 php7-soap-debuginfo-7.0.7-50.52.1 php7-sockets-7.0.7-50.52.1 php7-sockets-debuginfo-7.0.7-50.52.1 php7-sqlite-7.0.7-50.52.1 php7-sqlite-debuginfo-7.0.7-50.52.1 php7-sysvmsg-7.0.7-50.52.1 php7-sysvmsg-debuginfo-7.0.7-50.52.1 php7-sysvsem-7.0.7-50.52.1 php7-sysvsem-debuginfo-7.0.7-50.52.1 php7-sysvshm-7.0.7-50.52.1 php7-sysvshm-debuginfo-7.0.7-50.52.1 php7-tokenizer-7.0.7-50.52.1 php7-tokenizer-debuginfo-7.0.7-50.52.1 php7-wddx-7.0.7-50.52.1 php7-wddx-debuginfo-7.0.7-50.52.1 php7-xmlreader-7.0.7-50.52.1 php7-xmlreader-debuginfo-7.0.7-50.52.1 php7-xmlrpc-7.0.7-50.52.1 php7-xmlrpc-debuginfo-7.0.7-50.52.1 php7-xmlwriter-7.0.7-50.52.1 php7-xmlwriter-debuginfo-7.0.7-50.52.1 php7-xsl-7.0.7-50.52.1 php7-xsl-debuginfo-7.0.7-50.52.1 php7-zip-7.0.7-50.52.1 php7-zip-debuginfo-7.0.7-50.52.1 php7-zlib-7.0.7-50.52.1 php7-zlib-debuginfo-7.0.7-50.52.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.52.1 php7-pear-Archive_Tar-7.0.7-50.52.1 References: https://www.suse.com/security/cve/CVE-2018-17082.html https://bugzilla.suse.com/1108753 From sle-security-updates at lists.suse.com Thu Sep 27 04:10:52 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 27 Sep 2018 12:10:52 +0200 (CEST) Subject: SUSE-SU-2018:2888-1: moderate: Security update for gd Message-ID: <20180927101052.74B98FD2E@maintenance.suse.de> SUSE Security Update: Security update for gd ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2888-1 Rating: moderate References: #1105434 Cross-References: CVE-2018-1000222 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gd fixes the following issues: Security issue fixed: - CVE-2018-1000222: Fixed a double free vulnerability in gdImageBmpPtr() that could result in remote code execution. This could have been exploited via a specially crafted JPEG image files. (bsc#1105434) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2047=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2047=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gd-2.2.5-4.3.1 gd-debuginfo-2.2.5-4.3.1 gd-debugsource-2.2.5-4.3.1 gd-devel-2.2.5-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): gd-debuginfo-2.2.5-4.3.1 gd-debugsource-2.2.5-4.3.1 libgd3-2.2.5-4.3.1 libgd3-debuginfo-2.2.5-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-1000222.html https://bugzilla.suse.com/1105434 From sle-security-updates at lists.suse.com Thu Sep 27 07:08:24 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 27 Sep 2018 15:08:24 +0200 (CEST) Subject: SUSE-SU-2018:2889-1: moderate: Security update for wireshark Message-ID: <20180927130824.C66A6FD41@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2889-1 Rating: moderate References: #1106514 Cross-References: CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for wireshark to version 2.4.9 fixes the following issues: Security issues fixed (bsc#1106514): - CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44) - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45) - CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.9.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2052=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2052=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.9-3.9.1 wireshark-debugsource-2.4.9-3.9.1 wireshark-devel-2.4.9-3.9.1 wireshark-ui-qt-2.4.9-3.9.1 wireshark-ui-qt-debuginfo-2.4.9-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.9-3.9.1 libwireshark9-debuginfo-2.4.9-3.9.1 libwiretap7-2.4.9-3.9.1 libwiretap7-debuginfo-2.4.9-3.9.1 libwscodecs1-2.4.9-3.9.1 libwscodecs1-debuginfo-2.4.9-3.9.1 libwsutil8-2.4.9-3.9.1 libwsutil8-debuginfo-2.4.9-3.9.1 wireshark-2.4.9-3.9.1 wireshark-debuginfo-2.4.9-3.9.1 wireshark-debugsource-2.4.9-3.9.1 References: https://www.suse.com/security/cve/CVE-2018-16056.html https://www.suse.com/security/cve/CVE-2018-16057.html https://www.suse.com/security/cve/CVE-2018-16058.html https://bugzilla.suse.com/1106514 From sle-security-updates at lists.suse.com Thu Sep 27 07:09:08 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 27 Sep 2018 15:09:08 +0200 (CEST) Subject: SUSE-SU-2018:2890-1: important: Security update for MozillaFirefox Message-ID: <20180927130908.110FAFD4B@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2890-1 Rating: important References: #1107343 Cross-References: CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12381 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for MozillaFirefox to ESR 60.2 fixes several issues. These general changes are part of the version 60 release. - New browser engine with speed improvements - Redesigned graphical user interface elements - Unified address and search bar for new installations - New tab page listing top visited, recently visited and recommended pages - Support for configuration policies in enterprise deployments via JSON files - Support for Web Authentication, allowing the use of USB tokens for authentication to web sites The following changes affect compatibility: - Now exclusively supports extensions built using the WebExtension API. - Unsupported legacy extensions will no longer work in Firefox 60 ESR - TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted The "security.pki.distrust_ca_policy" preference can be set to 0 to reinstate trust in those certificates The following issues affect performance: - new format for storing private keys, certificates and certificate trust If the user home or data directory is on a network file system, it is recommended that users set the following environment variable to avoid slowdowns: NSS_SDB_USE_CACHE=yes This setting is not recommended for local, fast file systems. These security issues were fixed: - CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation (bsc#1107343). - CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1107343). - CVE-2018-12376: Various memory safety bugs (bsc#1107343). - CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343). - CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343). - CVE-2018-12379: Out-of-bounds write with malicious MAR file (bsc#1107343). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2053=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le x86_64): MozillaFirefox-60.2.0-3.10.1 MozillaFirefox-branding-SLE-60-4.3.1 MozillaFirefox-debuginfo-60.2.0-3.10.1 MozillaFirefox-debugsource-60.2.0-3.10.1 MozillaFirefox-devel-60.2.0-3.10.1 MozillaFirefox-translations-common-60.2.0-3.10.1 MozillaFirefox-translations-other-60.2.0-3.10.1 References: https://www.suse.com/security/cve/CVE-2017-16541.html https://www.suse.com/security/cve/CVE-2018-12376.html https://www.suse.com/security/cve/CVE-2018-12377.html https://www.suse.com/security/cve/CVE-2018-12378.html https://www.suse.com/security/cve/CVE-2018-12379.html https://www.suse.com/security/cve/CVE-2018-12381.html https://bugzilla.suse.com/1107343 From sle-security-updates at lists.suse.com Thu Sep 27 07:09:49 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 27 Sep 2018 15:09:49 +0200 (CEST) Subject: SUSE-SU-2018:2891-1: moderate: Security update for wireshark Message-ID: <20180927130949.EFF23FD41@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2891-1 Rating: moderate References: #1094301 #1101776 #1101777 #1101786 #1101788 #1101791 #1101794 #1101800 #1101802 #1101804 #1101810 #1106514 Cross-References: CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. Description: This update for wireshark to version 2.4.9 fixes the following issues: Wireshark was updated to 2.4.9 (bsc#1094301, bsc#1106514). Security issues fixed: - CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44) - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45) - CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46) - CVE-2018-11355: Fix RTCP dissector crash (bsc#1094301). - CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802) - CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794) - CVE-2018-11362: Fix LDSS dissector crash (bsc#1094301). - CVE-2018-11361: Fix IEEE 802.11 dissector crash (bsc#1094301). - CVE-2018-11360: Fix GSM A DTAP dissector crash (bsc#1094301). - CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777) - CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786) - CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804) - CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776) - CVE-2018-11358: Fix Q.931 dissector crash (bsc#1094301). - CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788) - CVE-2018-11359: Fix multiple dissectors crashs (bsc#1094301). - CVE-2018-11356: Fix DNS dissector crash (bsc#1094301). - CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810) - CVE-2018-11357: Fix multiple dissectors that could consume excessive memory (bsc#1094301). - CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791) - CVE-2018-11354: Fix IEEE 1905.1a dissector crash (bsc#1094301). - CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.9.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2051=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2051=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2051=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2051=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2051=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2051=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2051=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2051=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2051=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2051=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libwireshark9-2.4.9-48.29.1 libwireshark9-debuginfo-2.4.9-48.29.1 libwiretap7-2.4.9-48.29.1 libwiretap7-debuginfo-2.4.9-48.29.1 libwscodecs1-2.4.9-48.29.1 libwscodecs1-debuginfo-2.4.9-48.29.1 libwsutil8-2.4.9-48.29.1 libwsutil8-debuginfo-2.4.9-48.29.1 wireshark-2.4.9-48.29.1 wireshark-debuginfo-2.4.9-48.29.1 wireshark-debugsource-2.4.9-48.29.1 wireshark-gtk-2.4.9-48.29.1 wireshark-gtk-debuginfo-2.4.9-48.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.9-48.29.1 wireshark-debugsource-2.4.9-48.29.1 wireshark-devel-2.4.9-48.29.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libwireshark9-2.4.9-48.29.1 libwireshark9-debuginfo-2.4.9-48.29.1 libwiretap7-2.4.9-48.29.1 libwiretap7-debuginfo-2.4.9-48.29.1 libwscodecs1-2.4.9-48.29.1 libwscodecs1-debuginfo-2.4.9-48.29.1 libwsutil8-2.4.9-48.29.1 libwsutil8-debuginfo-2.4.9-48.29.1 wireshark-2.4.9-48.29.1 wireshark-debuginfo-2.4.9-48.29.1 wireshark-debugsource-2.4.9-48.29.1 wireshark-gtk-2.4.9-48.29.1 wireshark-gtk-debuginfo-2.4.9-48.29.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libwireshark9-2.4.9-48.29.1 libwireshark9-debuginfo-2.4.9-48.29.1 libwiretap7-2.4.9-48.29.1 libwiretap7-debuginfo-2.4.9-48.29.1 libwscodecs1-2.4.9-48.29.1 libwscodecs1-debuginfo-2.4.9-48.29.1 libwsutil8-2.4.9-48.29.1 libwsutil8-debuginfo-2.4.9-48.29.1 wireshark-2.4.9-48.29.1 wireshark-debuginfo-2.4.9-48.29.1 wireshark-debugsource-2.4.9-48.29.1 wireshark-gtk-2.4.9-48.29.1 wireshark-gtk-debuginfo-2.4.9-48.29.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.9-48.29.1 libwireshark9-debuginfo-2.4.9-48.29.1 libwiretap7-2.4.9-48.29.1 libwiretap7-debuginfo-2.4.9-48.29.1 libwscodecs1-2.4.9-48.29.1 libwscodecs1-debuginfo-2.4.9-48.29.1 libwsutil8-2.4.9-48.29.1 libwsutil8-debuginfo-2.4.9-48.29.1 wireshark-2.4.9-48.29.1 wireshark-debuginfo-2.4.9-48.29.1 wireshark-debugsource-2.4.9-48.29.1 wireshark-gtk-2.4.9-48.29.1 wireshark-gtk-debuginfo-2.4.9-48.29.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libwireshark9-2.4.9-48.29.1 libwireshark9-debuginfo-2.4.9-48.29.1 libwiretap7-2.4.9-48.29.1 libwiretap7-debuginfo-2.4.9-48.29.1 libwscodecs1-2.4.9-48.29.1 libwscodecs1-debuginfo-2.4.9-48.29.1 libwsutil8-2.4.9-48.29.1 libwsutil8-debuginfo-2.4.9-48.29.1 wireshark-2.4.9-48.29.1 wireshark-debuginfo-2.4.9-48.29.1 wireshark-debugsource-2.4.9-48.29.1 wireshark-gtk-2.4.9-48.29.1 wireshark-gtk-debuginfo-2.4.9-48.29.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libwireshark9-2.4.9-48.29.1 libwireshark9-debuginfo-2.4.9-48.29.1 libwiretap7-2.4.9-48.29.1 libwiretap7-debuginfo-2.4.9-48.29.1 libwscodecs1-2.4.9-48.29.1 libwscodecs1-debuginfo-2.4.9-48.29.1 libwsutil8-2.4.9-48.29.1 libwsutil8-debuginfo-2.4.9-48.29.1 wireshark-2.4.9-48.29.1 wireshark-debuginfo-2.4.9-48.29.1 wireshark-debugsource-2.4.9-48.29.1 wireshark-gtk-2.4.9-48.29.1 wireshark-gtk-debuginfo-2.4.9-48.29.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libwireshark9-2.4.9-48.29.1 libwireshark9-debuginfo-2.4.9-48.29.1 libwiretap7-2.4.9-48.29.1 libwiretap7-debuginfo-2.4.9-48.29.1 libwscodecs1-2.4.9-48.29.1 libwscodecs1-debuginfo-2.4.9-48.29.1 libwsutil8-2.4.9-48.29.1 libwsutil8-debuginfo-2.4.9-48.29.1 wireshark-2.4.9-48.29.1 wireshark-debuginfo-2.4.9-48.29.1 wireshark-debugsource-2.4.9-48.29.1 wireshark-gtk-2.4.9-48.29.1 wireshark-gtk-debuginfo-2.4.9-48.29.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libwireshark9-2.4.9-48.29.1 libwireshark9-debuginfo-2.4.9-48.29.1 libwiretap7-2.4.9-48.29.1 libwiretap7-debuginfo-2.4.9-48.29.1 libwscodecs1-2.4.9-48.29.1 libwscodecs1-debuginfo-2.4.9-48.29.1 libwsutil8-2.4.9-48.29.1 libwsutil8-debuginfo-2.4.9-48.29.1 wireshark-2.4.9-48.29.1 wireshark-debuginfo-2.4.9-48.29.1 wireshark-debugsource-2.4.9-48.29.1 wireshark-gtk-2.4.9-48.29.1 wireshark-gtk-debuginfo-2.4.9-48.29.1 - SUSE Enterprise Storage 4 (x86_64): libwireshark9-2.4.9-48.29.1 libwireshark9-debuginfo-2.4.9-48.29.1 libwiretap7-2.4.9-48.29.1 libwiretap7-debuginfo-2.4.9-48.29.1 libwscodecs1-2.4.9-48.29.1 libwscodecs1-debuginfo-2.4.9-48.29.1 libwsutil8-2.4.9-48.29.1 libwsutil8-debuginfo-2.4.9-48.29.1 wireshark-2.4.9-48.29.1 wireshark-debuginfo-2.4.9-48.29.1 wireshark-debugsource-2.4.9-48.29.1 wireshark-gtk-2.4.9-48.29.1 wireshark-gtk-debuginfo-2.4.9-48.29.1 References: https://www.suse.com/security/cve/CVE-2018-11354.html https://www.suse.com/security/cve/CVE-2018-11355.html https://www.suse.com/security/cve/CVE-2018-11356.html https://www.suse.com/security/cve/CVE-2018-11357.html https://www.suse.com/security/cve/CVE-2018-11358.html https://www.suse.com/security/cve/CVE-2018-11359.html https://www.suse.com/security/cve/CVE-2018-11360.html https://www.suse.com/security/cve/CVE-2018-11361.html https://www.suse.com/security/cve/CVE-2018-11362.html https://www.suse.com/security/cve/CVE-2018-14339.html https://www.suse.com/security/cve/CVE-2018-14340.html https://www.suse.com/security/cve/CVE-2018-14341.html https://www.suse.com/security/cve/CVE-2018-14342.html https://www.suse.com/security/cve/CVE-2018-14343.html https://www.suse.com/security/cve/CVE-2018-14344.html https://www.suse.com/security/cve/CVE-2018-14367.html https://www.suse.com/security/cve/CVE-2018-14368.html https://www.suse.com/security/cve/CVE-2018-14369.html https://www.suse.com/security/cve/CVE-2018-14370.html https://www.suse.com/security/cve/CVE-2018-16056.html https://www.suse.com/security/cve/CVE-2018-16057.html https://www.suse.com/security/cve/CVE-2018-16058.html https://bugzilla.suse.com/1094301 https://bugzilla.suse.com/1101776 https://bugzilla.suse.com/1101777 https://bugzilla.suse.com/1101786 https://bugzilla.suse.com/1101788 https://bugzilla.suse.com/1101791 https://bugzilla.suse.com/1101794 https://bugzilla.suse.com/1101800 https://bugzilla.suse.com/1101802 https://bugzilla.suse.com/1101804 https://bugzilla.suse.com/1101810 https://bugzilla.suse.com/1106514 From sle-security-updates at lists.suse.com Thu Sep 27 07:19:32 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 27 Sep 2018 15:19:32 +0200 (CEST) Subject: SUSE-SU-2018:2894-1: important: Security update for mgetty Message-ID: <20180927131932.06EBEFD41@maintenance.suse.de> SUSE Security Update: Security update for mgetty ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2894-1 Rating: important References: #1108752 #1108756 #1108757 #1108761 #1108762 Cross-References: CVE-2018-16741 CVE-2018-16742 CVE-2018-16743 CVE-2018-16744 CVE-2018-16745 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for mgetty fixes the following issues: - CVE-2018-16741: The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (bsc#1108752). - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it (bsc#1108756). - CVE-2018-16744: The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it (bsc#1108757). - CVE-2018-16742: Prevent stack-based buffer overflow that could have been triggered via a command-line parameter (bsc#1108762). - CVE-2018-16743: The command-line parameter username wsa passed unsanitized to strcpy(), which could have caused a stack-based buffer overflow (bsc#1108761). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2054=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): g3utils-1.1.37-3.3.2 g3utils-debuginfo-1.1.37-3.3.2 mgetty-1.1.37-3.3.2 mgetty-debuginfo-1.1.37-3.3.2 mgetty-debugsource-1.1.37-3.3.2 References: https://www.suse.com/security/cve/CVE-2018-16741.html https://www.suse.com/security/cve/CVE-2018-16742.html https://www.suse.com/security/cve/CVE-2018-16743.html https://www.suse.com/security/cve/CVE-2018-16744.html https://www.suse.com/security/cve/CVE-2018-16745.html https://bugzilla.suse.com/1108752 https://bugzilla.suse.com/1108756 https://bugzilla.suse.com/1108757 https://bugzilla.suse.com/1108761 https://bugzilla.suse.com/1108762 From sle-security-updates at lists.suse.com Thu Sep 27 10:09:03 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 27 Sep 2018 18:09:03 +0200 (CEST) Subject: SUSE-SU-2018:2898-1: important: Security update for smt, yast2-smt Message-ID: <20180927160903.680E8FD41@maintenance.suse.de> SUSE Security Update: Security update for smt, yast2-smt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2898-1 Rating: important References: #1006984 #1006989 #1037811 #1097560 #1097824 #1103809 #1103810 #1104076 #977043 Cross-References: CVE-2018-12470 CVE-2018-12471 CVE-2018-12472 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves three vulnerabilities and has 6 fixes is now available. Description: This update for yast2-smt to 3.0.14 and smt to 3.0.37 fixes the following issues: These security issues were fixed in SMT: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read (bsc#1103809). - CVE-2018-12470: SQL injection in RegistrationSharing module allows remote attackers to run arbitrary SQL statements (bsc#1103810). - CVE-2018-12472: Authentication bypass in sibling check facilitated further attacks on SMT (bsc#1104076). SUSE would like to thank Jake Miller for reporting these issues to us. These non-security issues were fixed in SMT: - Fix cron jobs randomization (bsc#1097560) - Fix duplicate migration paths (bsc#1097824) This non-security issue was fixed in yast2-smt: - Remove cron job rescheduling (bsc#1097560) - Added missing translation marks (bsc#1037811) - Explicitly mention "Organization Credentials" (fate#321759) - Rearrange the SMT set-up dialog (bsc#977043) - Make the Filter button default (bsc#1006984) - Prevent exiting the repo selection dialog via hitting Enter in the repository filter (bsc#1006984) - report when error occurs during repo mirroring (bsc#1006989) - Use TextEntry-based filter for repos (fate#319777) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2056=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2056=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2056=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2056=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2056=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2056=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-2056=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2056=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): res-signingkeys-3.0.37-52.23.6 smt-3.0.37-52.23.6 smt-debuginfo-3.0.37-52.23.6 smt-debugsource-3.0.37-52.23.6 smt-support-3.0.37-52.23.6 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): res-signingkeys-3.0.37-52.23.6 smt-3.0.37-52.23.6 smt-debuginfo-3.0.37-52.23.6 smt-debugsource-3.0.37-52.23.6 smt-support-3.0.37-52.23.6 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): res-signingkeys-3.0.37-52.23.6 smt-3.0.37-52.23.6 smt-debuginfo-3.0.37-52.23.6 smt-debugsource-3.0.37-52.23.6 smt-support-3.0.37-52.23.6 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): yast2-smt-3.0.14-10.6.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): res-signingkeys-3.0.37-52.23.6 smt-3.0.37-52.23.6 smt-debuginfo-3.0.37-52.23.6 smt-debugsource-3.0.37-52.23.6 smt-support-3.0.37-52.23.6 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): res-signingkeys-3.0.37-52.23.6 smt-3.0.37-52.23.6 smt-debuginfo-3.0.37-52.23.6 smt-debugsource-3.0.37-52.23.6 smt-support-3.0.37-52.23.6 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): res-signingkeys-3.0.37-52.23.6 smt-3.0.37-52.23.6 smt-debuginfo-3.0.37-52.23.6 smt-debugsource-3.0.37-52.23.6 smt-support-3.0.37-52.23.6 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): yast2-smt-3.0.14-10.6.2 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): smt-ha-3.0.37-52.23.6 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): perl-File-Touch-0.11-3.2.2 - SUSE Enterprise Storage 4 (x86_64): res-signingkeys-3.0.37-52.23.6 smt-3.0.37-52.23.6 smt-debuginfo-3.0.37-52.23.6 smt-debugsource-3.0.37-52.23.6 smt-support-3.0.37-52.23.6 References: https://www.suse.com/security/cve/CVE-2018-12470.html https://www.suse.com/security/cve/CVE-2018-12471.html https://www.suse.com/security/cve/CVE-2018-12472.html https://bugzilla.suse.com/1006984 https://bugzilla.suse.com/1006989 https://bugzilla.suse.com/1037811 https://bugzilla.suse.com/1097560 https://bugzilla.suse.com/1097824 https://bugzilla.suse.com/1103809 https://bugzilla.suse.com/1103810 https://bugzilla.suse.com/1104076 https://bugzilla.suse.com/977043 From sle-security-updates at lists.suse.com Thu Sep 27 10:12:05 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 27 Sep 2018 18:12:05 +0200 (CEST) Subject: SUSE-SU-2018:2899-1: important: Security update for smt Message-ID: <20180927161205.49A50FD4A@maintenance.suse.de> SUSE Security Update: Security update for smt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2899-1 Rating: important References: #1072921 #1074608 #1103809 #1103810 #1104076 Cross-References: CVE-2018-12470 CVE-2018-12471 CVE-2018-12472 Affected Products: Subscription Management Tool for SUSE Linux Enterprise 11-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for smt to 2.0.34 fixes the following issues: These security issues were fixed: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read (bsc#1103809) - CVE-2018-12470: SQL injection in RegistrationSharing module allows remote attackers to run arbitary SQL statements (bsc#1103810) - CVE-2018-12472: Authentication bypass in sibling check facilitated further attacks on SMT (bsc#1104076) SUSE would like to thank Jake Miller for reporting these issues to us. This non-security issue was fixed: - More verbose incomplete registration logging (bsc#1072921, bsc#1074608) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3: zypper in -t patch slesmtsp3-smt-13798=1 Package List: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3 (i586 s390x x86_64): res-signingkeys-2.0.34-50.8.1 smt-2.0.34-50.8.1 smt-support-2.0.34-50.8.1 References: https://www.suse.com/security/cve/CVE-2018-12470.html https://www.suse.com/security/cve/CVE-2018-12471.html https://www.suse.com/security/cve/CVE-2018-12472.html https://bugzilla.suse.com/1072921 https://bugzilla.suse.com/1074608 https://bugzilla.suse.com/1103809 https://bugzilla.suse.com/1103810 https://bugzilla.suse.com/1104076 From sle-security-updates at lists.suse.com Thu Sep 27 10:14:58 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 27 Sep 2018 18:14:58 +0200 (CEST) Subject: SUSE-SU-2018:2902-1: important: Security update for yast2-smt Message-ID: <20180927161458.6D795FD41@maintenance.suse.de> SUSE Security Update: Security update for yast2-smt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2902-1 Rating: important References: #1037811 #1097560 #977043 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update fixes the following issues in yast2-smt: - Explicitly mention "Organization Credentials" (fate#321759) - Rearrange the SMT set-up dialog (bsc#977043) - Added missing translation marks (bsc#1037811) - Remove cron job rescheduling (bsc#1097560) This update is a requirement for the security update for SMT. Because of that it is tagged as security to ensure that all users, even those that only install security updates, install it. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2059=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2059=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2059=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2059=1 Package List: - SUSE OpenStack Cloud 7 (noarch): yast2-smt-3.0.14-17.3.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): yast2-smt-3.0.14-17.3.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): yast2-smt-3.0.14-17.3.2 - SUSE Enterprise Storage 4 (noarch): yast2-smt-3.0.14-17.3.2 References: https://bugzilla.suse.com/1037811 https://bugzilla.suse.com/1097560 https://bugzilla.suse.com/977043 From sle-security-updates at lists.suse.com Thu Sep 27 10:16:48 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 27 Sep 2018 18:16:48 +0200 (CEST) Subject: SUSE-SU-2018:2904-1: important: Security update for yast2-smt Message-ID: <20180927161648.95D7AFD41@maintenance.suse.de> SUSE Security Update: Security update for yast2-smt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2904-1 Rating: important References: #1097560 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update fixes the following issue in yast2-smt: - Remove cron job rescheduling (bsc#1097560) This update is a requirement for the security update for SMT. Because of that it is tagged as security to ensure that all users, even those that only install security updates, install it. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2058=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-smt-3.0.14-3.3.1 References: https://bugzilla.suse.com/1097560 From sle-security-updates at lists.suse.com Thu Sep 27 13:08:12 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 27 Sep 2018 21:08:12 +0200 (CEST) Subject: SUSE-SU-2018:2907-1: important: Security update for the Linux Kernel Message-ID: <20180927190812.6B02BFD41@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2907-1 Rating: important References: #1057199 #1087081 #1092903 #1102517 #1103119 #1104367 #1104684 #1104818 #1105100 #1105296 #1105322 #1105323 #1105536 #1106369 #1106509 #1106511 #1107001 #1107689 #1108912 Cross-References: CVE-2018-10902 CVE-2018-10940 CVE-2018-14634 CVE-2018-14734 CVE-2018-15572 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 11 fixes is now available. Description: The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912). - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517) - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322). - CVE-2018-14734: ucma_leave_multicast accessed a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bsc#1103119). The following non-security bugs were fixed: - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: x86: Free vmx_msr_bitmap_longmode while kvm_init failed (bsc#1104367). - Refresh patches.xen/xen3-x86-l1tf-04-protect-PROT_NONE-ptes.patch (bsc#1105100). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - ptrace: fix PTRACE_LISTEN race corrupting task->state (bnc#1107001). - rpm/kernel-docs.spec.in: Expand kernel tree directly from sources (bsc#1057199) - x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - xen x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - xen x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen, x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - xen: x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-13799=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-13799=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-13799=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-13799=1 Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.106.50.1 kernel-default-base-3.0.101-0.47.106.50.1 kernel-default-devel-3.0.101-0.47.106.50.1 kernel-source-3.0.101-0.47.106.50.1 kernel-syms-3.0.101-0.47.106.50.1 kernel-trace-3.0.101-0.47.106.50.1 kernel-trace-base-3.0.101-0.47.106.50.1 kernel-trace-devel-3.0.101-0.47.106.50.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.106.50.1 kernel-ec2-base-3.0.101-0.47.106.50.1 kernel-ec2-devel-3.0.101-0.47.106.50.1 kernel-xen-3.0.101-0.47.106.50.1 kernel-xen-base-3.0.101-0.47.106.50.1 kernel-xen-devel-3.0.101-0.47.106.50.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.106.50.1 kernel-bigsmp-base-3.0.101-0.47.106.50.1 kernel-bigsmp-devel-3.0.101-0.47.106.50.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.106.50.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.106.50.1 kernel-pae-base-3.0.101-0.47.106.50.1 kernel-pae-devel-3.0.101-0.47.106.50.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.106.50.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.106.50.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.106.50.1 kernel-trace-extra-3.0.101-0.47.106.50.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.106.50.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.106.50.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.106.50.1 kernel-default-base-3.0.101-0.47.106.50.1 kernel-default-devel-3.0.101-0.47.106.50.1 kernel-ec2-3.0.101-0.47.106.50.1 kernel-ec2-base-3.0.101-0.47.106.50.1 kernel-ec2-devel-3.0.101-0.47.106.50.1 kernel-pae-3.0.101-0.47.106.50.1 kernel-pae-base-3.0.101-0.47.106.50.1 kernel-pae-devel-3.0.101-0.47.106.50.1 kernel-source-3.0.101-0.47.106.50.1 kernel-syms-3.0.101-0.47.106.50.1 kernel-trace-3.0.101-0.47.106.50.1 kernel-trace-base-3.0.101-0.47.106.50.1 kernel-trace-devel-3.0.101-0.47.106.50.1 kernel-xen-3.0.101-0.47.106.50.1 kernel-xen-base-3.0.101-0.47.106.50.1 kernel-xen-devel-3.0.101-0.47.106.50.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.106.50.1 kernel-default-debugsource-3.0.101-0.47.106.50.1 kernel-trace-debuginfo-3.0.101-0.47.106.50.1 kernel-trace-debugsource-3.0.101-0.47.106.50.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.106.50.1 kernel-ec2-debugsource-3.0.101-0.47.106.50.1 kernel-xen-debuginfo-3.0.101-0.47.106.50.1 kernel-xen-debugsource-3.0.101-0.47.106.50.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.106.50.1 kernel-bigsmp-debugsource-3.0.101-0.47.106.50.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.106.50.1 kernel-pae-debugsource-3.0.101-0.47.106.50.1 References: https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10940.html https://www.suse.com/security/cve/CVE-2018-14634.html https://www.suse.com/security/cve/CVE-2018-14734.html https://www.suse.com/security/cve/CVE-2018-15572.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://bugzilla.suse.com/1057199 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1092903 https://bugzilla.suse.com/1102517 https://bugzilla.suse.com/1103119 https://bugzilla.suse.com/1104367 https://bugzilla.suse.com/1104684 https://bugzilla.suse.com/1104818 https://bugzilla.suse.com/1105100 https://bugzilla.suse.com/1105296 https://bugzilla.suse.com/1105322 https://bugzilla.suse.com/1105323 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1107001 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1108912 From sle-security-updates at lists.suse.com Thu Sep 27 13:13:02 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 27 Sep 2018 21:13:02 +0200 (CEST) Subject: SUSE-SU-2018:2908-1: important: Security update for the Linux Kernel Message-ID: <20180927191302.1EE0EFD41@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2908-1 Rating: important References: #1012382 #1024788 #1062604 #1064233 #1065999 #1090534 #1090955 #1091171 #1092903 #1096547 #1097104 #1097108 #1099811 #1099813 #1099844 #1099845 #1099846 #1099849 #1099863 #1099864 #1099922 #1100001 #1102870 #1103445 #1104319 #1104495 #1104818 #1104906 #1105100 #1105322 #1105323 #1105396 #1106095 #1106369 #1106509 #1106511 #1107689 #1108912 Cross-References: CVE-2018-10853 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-10902 CVE-2018-10940 CVE-2018-12896 CVE-2018-13093 CVE-2018-14617 CVE-2018-14634 CVE-2018-16276 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 19 vulnerabilities and has 19 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912) - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) - CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095) - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) - CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001) - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322) - CVE-2018-10879: A local user could have caused a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact by renaming a file in a crafted ext4 filesystem image (bsc#1099844) - CVE-2018-10883: A local user could have caused an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099863) - CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could have used this to cause a system crash and a denial of service (bsc#1099845) - CVE-2018-10882: A local user could have caused an out-of-bound write, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image (bsc#1099849) - CVE-2018-10881: A local user could have caused an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099864) - CVE-2018-10877: Prevent out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image (bsc#1099846) - CVE-2018-10876: A use-after-free was possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image (bsc#1099811) - CVE-2018-10878: A local user could have caused an out-of-bounds write and a denial of service or unspecified other impact by mounting and operating a crafted ext4 filesystem image (bsc#1099813) - CVE-2018-10853: The KVM hypervisor did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could have used this flaw to potentially escalate privileges inside guest (bsc#1097104). The following non-security bugs were fixed: - KEYS: prevent creating a different user's keyrings (bnc#1065999). - KVM: MMU: always terminate page walks at level 1 (bsc#1062604). - KVM: MMU: simplify last_pte_bitmap (bsc#1062604). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: nVMX: update last_nonleaf_level when initializing nested EPT (bsc#1062604). - Refresh patches.xen/xen3-x86-l1tf-04-protect-PROT_NONE-ptes.patch (bsc#1105100). - Do not report CPU affected by L1TF when ARCH_CAP_RDCL_NO bit is set (bsc#1104906). - Revert "- Disable patches.arch/x86-mm-Simplify-p-g4um-d_page-macros.patch" (bnc#1104818) - bcache: avoid unncessary cache prefetch bch_btree_node_get(). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes. - bcache: display rate debug parameters to 0 when writeback is not running. - bcache: do not check return value of debugfs_create_dir(). - bcache: finish incremental GC. - bcache: fix I/O significant decline while backend devices registering. - bcache: fix error setting writeback_rate through sysfs interface (bsc#1064233). - bcache: free heap cache_set->flush_btree in bch_journal_free. - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section. - bcache: release dc->writeback_lock properly in bch_writeback_thread(). - bcache: set max writeback rate when I/O request is idle (bsc#1064233). - bcache: simplify the calculation of the total amount of flash dirty data. - cifs: Fix infinite loop when using hard mount option (bsc#1091171). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: do not update checksum of new initialized bitmaps (bnc#1012382). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - restore cond_resched() in shrink_dcache_parent(). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104818). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - xen, x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104818). - xfs: Remove dead code from inode recover function (bsc#1105396). - xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955, bsc#1090534). - xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534). - xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955). - xfs: protect inode ->di_dmstate with a spinlock (bsc#1024788). - xfs: repair malformed inode items during log recovery (bsc#1105396). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2063=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-2063=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.104.1 kernel-default-base-3.12.74-60.64.104.1 kernel-default-base-debuginfo-3.12.74-60.64.104.1 kernel-default-debuginfo-3.12.74-60.64.104.1 kernel-default-debugsource-3.12.74-60.64.104.1 kernel-default-devel-3.12.74-60.64.104.1 kernel-syms-3.12.74-60.64.104.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.104.1 kernel-macros-3.12.74-60.64.104.1 kernel-source-3.12.74-60.64.104.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.104.1 kernel-xen-base-3.12.74-60.64.104.1 kernel-xen-base-debuginfo-3.12.74-60.64.104.1 kernel-xen-debuginfo-3.12.74-60.64.104.1 kernel-xen-debugsource-3.12.74-60.64.104.1 kernel-xen-devel-3.12.74-60.64.104.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.104.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.104.1 kernel-ec2-debuginfo-3.12.74-60.64.104.1 kernel-ec2-debugsource-3.12.74-60.64.104.1 kernel-ec2-devel-3.12.74-60.64.104.1 kernel-ec2-extra-3.12.74-60.64.104.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.104.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-10876.html https://www.suse.com/security/cve/CVE-2018-10877.html https://www.suse.com/security/cve/CVE-2018-10878.html https://www.suse.com/security/cve/CVE-2018-10879.html https://www.suse.com/security/cve/CVE-2018-10880.html https://www.suse.com/security/cve/CVE-2018-10881.html https://www.suse.com/security/cve/CVE-2018-10882.html https://www.suse.com/security/cve/CVE-2018-10883.html https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10940.html https://www.suse.com/security/cve/CVE-2018-12896.html https://www.suse.com/security/cve/CVE-2018-13093.html https://www.suse.com/security/cve/CVE-2018-14617.html https://www.suse.com/security/cve/CVE-2018-14634.html https://www.suse.com/security/cve/CVE-2018-16276.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1024788 https://bugzilla.suse.com/1062604 https://bugzilla.suse.com/1064233 https://bugzilla.suse.com/1065999 https://bugzilla.suse.com/1090534 https://bugzilla.suse.com/1090955 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1092903 https://bugzilla.suse.com/1096547 https://bugzilla.suse.com/1097104 https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099811 https://bugzilla.suse.com/1099813 https://bugzilla.suse.com/1099844 https://bugzilla.suse.com/1099845 https://bugzilla.suse.com/1099846 https://bugzilla.suse.com/1099849 https://bugzilla.suse.com/1099863 https://bugzilla.suse.com/1099864 https://bugzilla.suse.com/1099922 https://bugzilla.suse.com/1100001 https://bugzilla.suse.com/1102870 https://bugzilla.suse.com/1103445 https://bugzilla.suse.com/1104319 https://bugzilla.suse.com/1104495 https://bugzilla.suse.com/1104818 https://bugzilla.suse.com/1104906 https://bugzilla.suse.com/1105100 https://bugzilla.suse.com/1105322 https://bugzilla.suse.com/1105323 https://bugzilla.suse.com/1105396 https://bugzilla.suse.com/1106095 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1108912 From sle-security-updates at lists.suse.com Fri Sep 28 04:11:11 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Sep 2018 12:11:11 +0200 (CEST) Subject: SUSE-SU-2018:2928-1: moderate: Security update for openssl Message-ID: <20180928101111.A1BCCFD41@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2928-1 Rating: moderate References: #1089039 #1101246 #1101470 #1104789 #1106197 #997043 Cross-References: CVE-2018-0737 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for openssl fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) These non-security issues were fixed: - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) - Fixed path to the engines which are under /lib64 on SLE-12 (bsc#1101246, bsc#997043) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2069=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2069=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2069=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2069=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2069=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2069=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2069=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2069=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libopenssl-devel-1.0.2j-60.39.1 libopenssl1_0_0-1.0.2j-60.39.1 libopenssl1_0_0-32bit-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.39.1 libopenssl1_0_0-hmac-1.0.2j-60.39.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.39.1 openssl-1.0.2j-60.39.1 openssl-debuginfo-1.0.2j-60.39.1 openssl-debugsource-1.0.2j-60.39.1 - SUSE OpenStack Cloud 7 (noarch): openssl-doc-1.0.2j-60.39.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.39.1 openssl-debuginfo-1.0.2j-60.39.1 openssl-debugsource-1.0.2j-60.39.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libopenssl-devel-1.0.2j-60.39.1 libopenssl1_0_0-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-1.0.2j-60.39.1 libopenssl1_0_0-hmac-1.0.2j-60.39.1 openssl-1.0.2j-60.39.1 openssl-debuginfo-1.0.2j-60.39.1 openssl-debugsource-1.0.2j-60.39.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libopenssl1_0_0-32bit-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.39.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.39.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): openssl-doc-1.0.2j-60.39.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.39.1 libopenssl1_0_0-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-1.0.2j-60.39.1 libopenssl1_0_0-hmac-1.0.2j-60.39.1 openssl-1.0.2j-60.39.1 openssl-debuginfo-1.0.2j-60.39.1 openssl-debugsource-1.0.2j-60.39.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.39.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.39.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): openssl-doc-1.0.2j-60.39.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.39.1 libopenssl1_0_0-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-1.0.2j-60.39.1 libopenssl1_0_0-hmac-1.0.2j-60.39.1 openssl-1.0.2j-60.39.1 openssl-debuginfo-1.0.2j-60.39.1 openssl-debugsource-1.0.2j-60.39.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.39.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.39.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): openssl-doc-1.0.2j-60.39.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libopenssl-devel-1.0.2j-60.39.1 libopenssl1_0_0-1.0.2j-60.39.1 libopenssl1_0_0-32bit-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.39.1 openssl-1.0.2j-60.39.1 openssl-debuginfo-1.0.2j-60.39.1 openssl-debugsource-1.0.2j-60.39.1 - SUSE Enterprise Storage 4 (x86_64): libopenssl-devel-1.0.2j-60.39.1 libopenssl1_0_0-1.0.2j-60.39.1 libopenssl1_0_0-32bit-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.39.1 libopenssl1_0_0-hmac-1.0.2j-60.39.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.39.1 openssl-1.0.2j-60.39.1 openssl-debuginfo-1.0.2j-60.39.1 openssl-debugsource-1.0.2j-60.39.1 - SUSE Enterprise Storage 4 (noarch): openssl-doc-1.0.2j-60.39.1 - SUSE CaaS Platform ALL (x86_64): libopenssl1_0_0-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-1.0.2j-60.39.1 openssl-1.0.2j-60.39.1 openssl-debuginfo-1.0.2j-60.39.1 openssl-debugsource-1.0.2j-60.39.1 - SUSE CaaS Platform 3.0 (x86_64): libopenssl1_0_0-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-1.0.2j-60.39.1 openssl-1.0.2j-60.39.1 openssl-debuginfo-1.0.2j-60.39.1 openssl-debugsource-1.0.2j-60.39.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libopenssl1_0_0-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-1.0.2j-60.39.1 openssl-1.0.2j-60.39.1 openssl-debuginfo-1.0.2j-60.39.1 openssl-debugsource-1.0.2j-60.39.1 References: https://www.suse.com/security/cve/CVE-2018-0737.html https://bugzilla.suse.com/1089039 https://bugzilla.suse.com/1101246 https://bugzilla.suse.com/1101470 https://bugzilla.suse.com/1104789 https://bugzilla.suse.com/1106197 https://bugzilla.suse.com/997043 From sle-security-updates at lists.suse.com Fri Sep 28 04:13:04 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Sep 2018 12:13:04 +0200 (CEST) Subject: SUSE-SU-2018:2930-1: moderate: Security update for gnutls Message-ID: <20180928101304.C75A7FD41@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2930-1 Rating: moderate References: #1047002 #1105437 #1105459 #1105460 Cross-References: CVE-2017-10790 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for gnutls fixes the following security issues: - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (bsc#1105460) - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (bsc#1105459) - CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (bsc#1105437) - CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (bsc#1047002) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2070=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2070=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): gnutls-debugsource-3.6.2-6.3.1 libgnutls30-32bit-3.6.2-6.3.1 libgnutls30-32bit-debuginfo-3.6.2-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): gnutls-3.6.2-6.3.1 gnutls-debuginfo-3.6.2-6.3.1 gnutls-debugsource-3.6.2-6.3.1 libgnutls-devel-3.6.2-6.3.1 libgnutls30-3.6.2-6.3.1 libgnutls30-debuginfo-3.6.2-6.3.1 libgnutlsxx-devel-3.6.2-6.3.1 libgnutlsxx28-3.6.2-6.3.1 libgnutlsxx28-debuginfo-3.6.2-6.3.1 References: https://www.suse.com/security/cve/CVE-2017-10790.html https://www.suse.com/security/cve/CVE-2018-10844.html https://www.suse.com/security/cve/CVE-2018-10845.html https://www.suse.com/security/cve/CVE-2018-10846.html https://bugzilla.suse.com/1047002 https://bugzilla.suse.com/1105437 https://bugzilla.suse.com/1105459 https://bugzilla.suse.com/1105460 From sle-security-updates at lists.suse.com Fri Sep 28 07:08:14 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Sep 2018 15:08:14 +0200 (CEST) Subject: SUSE-SU-2018:2933-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15) Message-ID: <20180928130814.35D8DFD4B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2933-1 Rating: important References: #1097108 #1103203 #1105026 Cross-References: CVE-2018-10853 CVE-2018-15471 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.12.14-25_11 fixes several issues. The following security issues were fixed: - CVE-2018-15471: An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c. The Linux netback driver allowed frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks (bsc#1105026). - CVE-2018-10853: A KVM guest userspace to guest kernel write was fixed, which could be used by guest users to crash the guest kernel (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-2072=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-25_13-default-2-2.2 kernel-livepatch-4_12_14-25_13-default-debuginfo-2-2.2 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-15471.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1103203 https://bugzilla.suse.com/1105026 From sle-security-updates at lists.suse.com Fri Sep 28 07:09:12 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Sep 2018 15:09:12 +0200 (CEST) Subject: SUSE-SU-2018:2934-1: moderate: Security update for xorg-x11-libX11 Message-ID: <20180928130912.75889FD4E@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2934-1 Rating: moderate References: #1102062 #1102068 #1102073 Cross-References: CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xorg-x11-libX11 fixes the following issues: - CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact (bsc#1102062) - CVE-2018-14600: The function XListExtensions interpreted a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution (bsc#1102068) - CVE-2018-14598: A malicious server could have sent a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault) (bsc#1102073) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-libX11-13801=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-libX11-13801=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-xorg-x11-libX11-13801=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xorg-x11-libX11-13801=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-libX11-13801=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xorg-x11-libX11-13801=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-devel-7.4-5.11.72.9.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): xorg-x11-libX11-devel-32bit-7.4-5.11.72.9.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-7.4-5.11.72.9.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): xorg-x11-libX11-32bit-7.4-5.11.72.9.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): xorg-x11-libX11-x86-7.4-5.11.72.9.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): xorg-x11-libX11-7.4-5.11.72.9.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): xorg-x11-libX11-32bit-7.4-5.11.72.9.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xorg-x11-libX11-7.4-5.11.72.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-debuginfo-7.4-5.11.72.9.1 xorg-x11-libX11-debugsource-7.4-5.11.72.9.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): xorg-x11-libX11-debuginfo-7.4-5.11.72.9.1 xorg-x11-libX11-debugsource-7.4-5.11.72.9.1 References: https://www.suse.com/security/cve/CVE-2018-14598.html https://www.suse.com/security/cve/CVE-2018-14599.html https://www.suse.com/security/cve/CVE-2018-14600.html https://bugzilla.suse.com/1102062 https://bugzilla.suse.com/1102068 https://bugzilla.suse.com/1102073 From sle-security-updates at lists.suse.com Fri Sep 28 10:08:01 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Sep 2018 18:08:01 +0200 (CEST) Subject: SUSE-SU-2018:2935-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15) Message-ID: <20180928160801.B583BFD41@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2935-1 Rating: important References: #1097108 #1103203 #1105026 #1106191 Cross-References: CVE-2018-10853 CVE-2018-10938 CVE-2018-15471 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.12.14-25_13 fixes several issues. The following security issues were fixed: - CVE-2018-10938: It was found that a crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system an attacker could leverage this flaw (bsc#1106191). - CVE-2018-15471: It was found that the netback driver allowed frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may caused the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks (bsc#1105026). - CVE-2018-10853: It was found that the KVM hypervisor emulated instructions did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-2076=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-25_13-default-3-2.3 kernel-livepatch-4_12_14-25_13-default-debuginfo-3-2.3 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-10938.html https://www.suse.com/security/cve/CVE-2018-15471.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1103203 https://bugzilla.suse.com/1105026 https://bugzilla.suse.com/1106191 From sle-security-updates at lists.suse.com Fri Sep 28 10:10:28 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Sep 2018 18:10:28 +0200 (CEST) Subject: SUSE-SU-2018:2938-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15) Message-ID: <20180928161028.090AAFD41@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 2 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2938-1 Rating: important References: #1106191 Cross-References: CVE-2018-10938 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-25_6 fixes one issue. The following security issue was fixed: - CVE-2018-10938: It was found that a crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system an attacker could leverage this flaw (bsc#1106191). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-2075=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-25_6-default-4-2.1 kernel-livepatch-4_12_14-25_6-default-debuginfo-4-2.1 References: https://www.suse.com/security/cve/CVE-2018-10938.html https://bugzilla.suse.com/1106191 From sle-security-updates at lists.suse.com Fri Sep 28 10:12:02 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Sep 2018 18:12:02 +0200 (CEST) Subject: SUSE-SU-2018:2940-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15) Message-ID: <20180928161202.2BC83FD41@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2940-1 Rating: important References: #1105323 #1106191 Cross-References: CVE-2018-10902 CVE-2018-10938 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-25_3 fixes several issues. The following security issues were fixed: - CVE-2018-10938: It was found that a crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system an attacker could leverage this flaw. - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-2073=1 SUSE-SLE-Module-Live-Patching-15-2018-2074=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-23-default-4-10.2 kernel-livepatch-4_12_14-23-default-debuginfo-4-10.2 kernel-livepatch-4_12_14-25_3-default-4-2.1 kernel-livepatch-4_12_14-25_3-default-debuginfo-4-2.1 kernel-livepatch-SLE15_Update_0-debugsource-4-10.2 References: https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10938.html https://bugzilla.suse.com/1105323 https://bugzilla.suse.com/1106191 From sle-security-updates at lists.suse.com Sun Sep 30 10:08:01 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 30 Sep 2018 18:08:01 +0200 (CEST) Subject: SUSE-SU-2018:2955-1: moderate: Security update for libX11 Message-ID: <20180930160801.20726FD4A@maintenance.suse.de> SUSE Security Update: Security update for libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2955-1 Rating: moderate References: #1102062 #1102068 #1102073 Cross-References: CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libX11 fixes the following security issues: - CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact (bsc#1102062) - CVE-2018-14600: The function XListExtensions interpreted a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution (bsc#1102068) - CVE-2018-14598: A malicious server could have sent a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault) (bsc#1102073) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2082=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.5-3.3.1 libX11-6-debuginfo-1.6.5-3.3.1 libX11-debugsource-1.6.5-3.3.1 libX11-devel-1.6.5-3.3.1 libX11-xcb1-1.6.5-3.3.1 libX11-xcb1-debuginfo-1.6.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libX11-data-1.6.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libX11-6-32bit-1.6.5-3.3.1 libX11-6-32bit-debuginfo-1.6.5-3.3.1 libX11-xcb1-32bit-1.6.5-3.3.1 libX11-xcb1-32bit-debuginfo-1.6.5-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-14598.html https://www.suse.com/security/cve/CVE-2018-14599.html https://www.suse.com/security/cve/CVE-2018-14600.html https://bugzilla.suse.com/1102062 https://bugzilla.suse.com/1102068 https://bugzilla.suse.com/1102073 From sle-security-updates at lists.suse.com Sun Sep 30 10:09:00 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 30 Sep 2018 18:09:00 +0200 (CEST) Subject: SUSE-SU-2018:2956-1: moderate: Security update for openssl-1_1 Message-ID: <20180930160900.027A3FD41@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2956-1 Rating: moderate References: #1097158 #1101470 Cross-References: CVE-2018-0732 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openssl-1_1 to 1.1.0i fixes the following issues: These security issues were fixed: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Make problematic ECDSA sign addition length-invariant - Add blinding to ECDSA and DSA signatures to protect against side channel attacks These non-security issues were fixed: - When unlocking a pass phrase protected PEM file or PKCS#8 container, we now allow empty (zero character) pass phrases. - Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. - Fixed a text canonicalisation bug in CMS - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2083=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.0i-4.9.2 libopenssl1_1-1.1.0i-4.9.2 libopenssl1_1-debuginfo-1.1.0i-4.9.2 libopenssl1_1-hmac-1.1.0i-4.9.2 openssl-1_1-1.1.0i-4.9.2 openssl-1_1-debuginfo-1.1.0i-4.9.2 openssl-1_1-debugsource-1.1.0i-4.9.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libopenssl-devel-1.1.0i-3.3.1 openssl-1.1.0i-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libopenssl1_1-32bit-1.1.0i-4.9.2 libopenssl1_1-32bit-debuginfo-1.1.0i-4.9.2 libopenssl1_1-hmac-32bit-1.1.0i-4.9.2 References: https://www.suse.com/security/cve/CVE-2018-0732.html https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1101470