From sle-updates at lists.suse.com Tue Apr 3 07:07:39 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Apr 2018 15:07:39 +0200 (CEST) Subject: SUSE-SU-2018:0857-1: moderate: Security update for ImageMagick Message-ID: <20180403130739.4369BFC9E@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0857-1 Rating: moderate References: #1043290 #1050087 #1056434 #1058630 #1059735 #1060382 #1066168 #1066170 #1082283 #1082291 #1082348 #1082362 #1082792 #1082837 #1083628 #1083634 #1086011 Cross-References: CVE-2017-11524 CVE-2017-12692 CVE-2017-12693 CVE-2017-13768 CVE-2017-14314 CVE-2017-14505 CVE-2017-14739 CVE-2017-15016 CVE-2017-15017 CVE-2017-16352 CVE-2017-16353 CVE-2017-18209 CVE-2017-18211 CVE-2017-9500 CVE-2018-7443 CVE-2018-7470 CVE-2018-8804 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011). - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087). - CVE-2017-18209: Prevent NULL pointer dereference in the GetOpenCLCachedFilesDirectory function caused by a memory allocation result that was not checked, related to GetOpenCLCacheDirectory (bsc#1083628). - CVE-2017-18211: Prevent NULL pointer dereference in the function saveBinaryCLProgram caused by a program-lookup result not being checked, related to CacheOpenCLKernel (bsc#1083634). - CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290). - CVE-2017-14739: The AcquireResampleFilterThreadSet function mishandled failed memory allocation, which allowed remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors (bsc#1060382). - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170). - CVE-2017-16352: Prevent a heap-based buffer overflow in the "Display visual image directory" feature of the DescribeImage() function. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag (bsc#1066168). - CVE-2017-14314: Prevent off-by-one error in the DrawImage function that allowed remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file (bsc#1058630). - CVE-2017-13768: Prevent NULL pointer dereference in the IdentifyImage function that allowed an attacker to perform denial of service by sending a crafted image file (bsc#1056434). - CVE-2017-14505: Fixed handling of NULL arrays, which allowed attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input (bsc#1059735). - CVE-2018-7470: The IsWEBPImageLossless function allowed attackers to cause a denial of service (segmentation violation) via a crafted file (bsc#1082837). - CVE-2018-7443: The ReadTIFFImage function did not properly validate the amount of image data in a file, which allowed remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c) (bsc#1082792). - CVE-2017-15016: Prevent NULL pointer dereference vulnerability in ReadEnhMetaFile allowing for denial of service (bsc#1082291). - CVE-2017-15017: Prevent NULL pointer dereference vulnerability in ReadOneMNGImage allowing for denial of service (bsc#1082283). - CVE-2017-12692: The ReadVIFFImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file (bsc#1082362). - CVE-2017-12693: The ReadBMPImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted BMP file (bsc#1082348). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-572=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-572=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-572=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-572=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-572=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-572=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-572=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-572=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-572=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.47.1 ImageMagick-debuginfo-6.8.8.1-71.47.1 ImageMagick-debugsource-6.8.8.1-71.47.1 libMagick++-6_Q16-3-6.8.8.1-71.47.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.47.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.47.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.47.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): ImageMagick-6.8.8.1-71.47.1 ImageMagick-debuginfo-6.8.8.1-71.47.1 ImageMagick-debugsource-6.8.8.1-71.47.1 libMagick++-6_Q16-3-6.8.8.1-71.47.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.47.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.47.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.47.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.47.1 ImageMagick-debuginfo-6.8.8.1-71.47.1 ImageMagick-debugsource-6.8.8.1-71.47.1 ImageMagick-devel-6.8.8.1-71.47.1 libMagick++-6_Q16-3-6.8.8.1-71.47.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.47.1 libMagick++-devel-6.8.8.1-71.47.1 perl-PerlMagick-6.8.8.1-71.47.1 perl-PerlMagick-debuginfo-6.8.8.1-71.47.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.47.1 ImageMagick-debuginfo-6.8.8.1-71.47.1 ImageMagick-debugsource-6.8.8.1-71.47.1 ImageMagick-devel-6.8.8.1-71.47.1 libMagick++-6_Q16-3-6.8.8.1-71.47.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.47.1 libMagick++-devel-6.8.8.1-71.47.1 perl-PerlMagick-6.8.8.1-71.47.1 perl-PerlMagick-debuginfo-6.8.8.1-71.47.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ImageMagick-debuginfo-6.8.8.1-71.47.1 ImageMagick-debugsource-6.8.8.1-71.47.1 libMagickCore-6_Q16-1-6.8.8.1-71.47.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1 libMagickWand-6_Q16-1-6.8.8.1-71.47.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.47.1 ImageMagick-debugsource-6.8.8.1-71.47.1 libMagickCore-6_Q16-1-6.8.8.1-71.47.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1 libMagickWand-6_Q16-1-6.8.8.1-71.47.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.47.1 ImageMagick-debugsource-6.8.8.1-71.47.1 libMagickCore-6_Q16-1-6.8.8.1-71.47.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1 libMagickWand-6_Q16-1-6.8.8.1-71.47.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.47.1 ImageMagick-debuginfo-6.8.8.1-71.47.1 ImageMagick-debugsource-6.8.8.1-71.47.1 libMagick++-6_Q16-3-6.8.8.1-71.47.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.47.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.47.1 libMagickCore-6_Q16-1-6.8.8.1-71.47.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.47.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1 libMagickWand-6_Q16-1-6.8.8.1-71.47.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ImageMagick-6.8.8.1-71.47.1 ImageMagick-debuginfo-6.8.8.1-71.47.1 ImageMagick-debugsource-6.8.8.1-71.47.1 libMagick++-6_Q16-3-6.8.8.1-71.47.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.47.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.47.1 libMagickCore-6_Q16-1-6.8.8.1-71.47.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.47.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1 libMagickWand-6_Q16-1-6.8.8.1-71.47.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1 References: https://www.suse.com/security/cve/CVE-2017-11524.html https://www.suse.com/security/cve/CVE-2017-12692.html https://www.suse.com/security/cve/CVE-2017-12693.html https://www.suse.com/security/cve/CVE-2017-13768.html https://www.suse.com/security/cve/CVE-2017-14314.html https://www.suse.com/security/cve/CVE-2017-14505.html https://www.suse.com/security/cve/CVE-2017-14739.html https://www.suse.com/security/cve/CVE-2017-15016.html https://www.suse.com/security/cve/CVE-2017-15017.html https://www.suse.com/security/cve/CVE-2017-16352.html https://www.suse.com/security/cve/CVE-2017-16353.html https://www.suse.com/security/cve/CVE-2017-18209.html https://www.suse.com/security/cve/CVE-2017-18211.html https://www.suse.com/security/cve/CVE-2017-9500.html https://www.suse.com/security/cve/CVE-2018-7443.html https://www.suse.com/security/cve/CVE-2018-7470.html https://www.suse.com/security/cve/CVE-2018-8804.html https://bugzilla.suse.com/1043290 https://bugzilla.suse.com/1050087 https://bugzilla.suse.com/1056434 https://bugzilla.suse.com/1058630 https://bugzilla.suse.com/1059735 https://bugzilla.suse.com/1060382 https://bugzilla.suse.com/1066168 https://bugzilla.suse.com/1066170 https://bugzilla.suse.com/1082283 https://bugzilla.suse.com/1082291 https://bugzilla.suse.com/1082348 https://bugzilla.suse.com/1082362 https://bugzilla.suse.com/1082792 https://bugzilla.suse.com/1082837 https://bugzilla.suse.com/1083628 https://bugzilla.suse.com/1083634 https://bugzilla.suse.com/1086011 From sle-updates at lists.suse.com Tue Apr 3 07:10:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Apr 2018 15:10:17 +0200 (CEST) Subject: SUSE-SU-2018:0858-1: moderate: Security update for graphite2 Message-ID: <20180403131017.01B8EFC9E@maintenance.suse.de> SUSE Security Update: Security update for graphite2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0858-1 Rating: moderate References: #1084850 Cross-References: CVE-2018-7999 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for graphite2 fixes the following issues: - CVE-2018-7999: Fixed a NULL pointer dereference vulnerability in Segment.cpp that may cause a denial of serivce (bsc#1084850). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-573=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-573=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-573=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-573=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-573=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-573=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-573=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): graphite2-debuginfo-1.3.1-10.3.1 graphite2-debugsource-1.3.1-10.3.1 graphite2-devel-1.3.1-10.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): graphite2-debuginfo-1.3.1-10.3.1 graphite2-debugsource-1.3.1-10.3.1 graphite2-devel-1.3.1-10.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): graphite2-debuginfo-1.3.1-10.3.1 graphite2-debugsource-1.3.1-10.3.1 libgraphite2-3-1.3.1-10.3.1 libgraphite2-3-debuginfo-1.3.1-10.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): graphite2-debuginfo-1.3.1-10.3.1 graphite2-debugsource-1.3.1-10.3.1 libgraphite2-3-1.3.1-10.3.1 libgraphite2-3-debuginfo-1.3.1-10.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libgraphite2-3-32bit-1.3.1-10.3.1 libgraphite2-3-debuginfo-32bit-1.3.1-10.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): graphite2-debuginfo-1.3.1-10.3.1 graphite2-debugsource-1.3.1-10.3.1 libgraphite2-3-1.3.1-10.3.1 libgraphite2-3-debuginfo-1.3.1-10.3.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libgraphite2-3-32bit-1.3.1-10.3.1 libgraphite2-3-debuginfo-32bit-1.3.1-10.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): graphite2-debuginfo-1.3.1-10.3.1 graphite2-debugsource-1.3.1-10.3.1 libgraphite2-3-1.3.1-10.3.1 libgraphite2-3-32bit-1.3.1-10.3.1 libgraphite2-3-debuginfo-1.3.1-10.3.1 libgraphite2-3-debuginfo-32bit-1.3.1-10.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): graphite2-debuginfo-1.3.1-10.3.1 graphite2-debugsource-1.3.1-10.3.1 libgraphite2-3-1.3.1-10.3.1 libgraphite2-3-32bit-1.3.1-10.3.1 libgraphite2-3-debuginfo-1.3.1-10.3.1 libgraphite2-3-debuginfo-32bit-1.3.1-10.3.1 References: https://www.suse.com/security/cve/CVE-2018-7999.html https://bugzilla.suse.com/1084850 From sle-updates at lists.suse.com Tue Apr 3 07:10:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Apr 2018 15:10:45 +0200 (CEST) Subject: SUSE-SU-2018:0859-1: moderate: Security update for krb5 Message-ID: <20180403131045.5B627FC98@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0859-1 Rating: moderate References: #1056995 #1083926 #1083927 #970696 Cross-References: CVE-2017-11462 CVE-2018-5729 CVE-2018-5730 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for krb5 fixes several issues. This security issue was fixed: - CVE-2017-11462: Prevent automatic security context deletion to prevent double-free (bsc#1056995). - CVE-2018-5729: Null pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926). - CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). This non-security issue was fixed: - Avoid indefinite polling in KDC communication. (bsc#970696) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-krb5-13541=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-krb5-13541=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-krb5-13541=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.113.7.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.113.7.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): krb5-server-1.6.3-133.49.113.7.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.113.7.1 krb5-apps-clients-1.6.3-133.49.113.7.1 krb5-apps-servers-1.6.3-133.49.113.7.1 krb5-client-1.6.3-133.49.113.7.1 krb5-server-1.6.3-133.49.113.7.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.113.7.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): krb5-x86-1.6.3-133.49.113.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-debuginfo-1.6.3-133.49.113.7.1 krb5-debugsource-1.6.3-133.49.113.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): krb5-debuginfo-32bit-1.6.3-133.49.113.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): krb5-debuginfo-x86-1.6.3-133.49.113.7.1 References: https://www.suse.com/security/cve/CVE-2017-11462.html https://www.suse.com/security/cve/CVE-2018-5729.html https://www.suse.com/security/cve/CVE-2018-5730.html https://bugzilla.suse.com/1056995 https://bugzilla.suse.com/1083926 https://bugzilla.suse.com/1083927 https://bugzilla.suse.com/970696 From sle-updates at lists.suse.com Tue Apr 3 13:07:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Apr 2018 21:07:41 +0200 (CEST) Subject: SUSE-RU-2018:0860-1: Recommended update for pesign-obs-integration Message-ID: <20180403190741.9CD54FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for pesign-obs-integration ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0860-1 Rating: low References: #1012422 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pesign-obs-integration fixes the following issues: - Copy over any *.log files from the first build. (bsc#1012422) - Add aarch64 support. - Fall back to project's certificate in the follow-up spec if it exists. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-575=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-575=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-575=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-575=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-575=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-575=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-575=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-575=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-575=1 Package List: - SUSE OpenStack Cloud 6 (x86_64): pesign-obs-integration-10.0-30.5.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): pesign-obs-integration-10.0-30.5.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): pesign-obs-integration-10.0-30.5.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): pesign-obs-integration-10.0-30.5.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): pesign-obs-integration-10.0-30.5.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): pesign-obs-integration-10.0-30.5.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): pesign-obs-integration-10.0-30.5.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): pesign-obs-integration-10.0-30.5.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): pesign-obs-integration-10.0-30.5.2 References: https://bugzilla.suse.com/1012422 From sle-updates at lists.suse.com Tue Apr 3 13:08:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Apr 2018 21:08:15 +0200 (CEST) Subject: SUSE-SU-2018:0861-1: important: Security update for libvirt Message-ID: <20180403190815.762DDFC98@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0861-1 Rating: important References: #1078808 #1079869 #1080042 #1082041 #1083625 Cross-References: CVE-2017-5715 CVE-2018-1064 CVE-2018-6764 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for libvirt fixes the following issues: Security issues fixed: - CVE-2017-5715: Fixes for speculative side channel attacks aka "SpectreAttack" (var2) (bsc#1079869). - CVE-2018-6764: Fixed guest executable code injection via libnss_dns.so loaded by libvirt_lxc before init (bsc#1080042). - CVE-2018-1064: Fixed denial of service when reading from guest agent (bsc#1083625). Non-security issues fixed: - Error starting domain: internal error: No usable sysfs TPM cancel file could be found (bsc#1078808). - SUSE Linux Enterprise 11 SP4 hvm converted to pvhvm. Unless vm memory is on gig boundary, vm won't boot (bsc#1082041). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-576=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-576=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-576=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-576=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-576=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libvirt-client-32bit-2.0.0-27.34.1 libvirt-client-debuginfo-32bit-2.0.0-27.34.1 libvirt-debugsource-2.0.0-27.34.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-2.0.0-27.34.1 libvirt-devel-2.0.0-27.34.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libvirt-2.0.0-27.34.1 libvirt-client-2.0.0-27.34.1 libvirt-client-debuginfo-2.0.0-27.34.1 libvirt-daemon-2.0.0-27.34.1 libvirt-daemon-config-network-2.0.0-27.34.1 libvirt-daemon-config-nwfilter-2.0.0-27.34.1 libvirt-daemon-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-interface-2.0.0-27.34.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-lxc-2.0.0-27.34.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-network-2.0.0-27.34.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-nodedev-2.0.0-27.34.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-nwfilter-2.0.0-27.34.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-qemu-2.0.0-27.34.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-secret-2.0.0-27.34.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-storage-2.0.0-27.34.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.34.1 libvirt-daemon-lxc-2.0.0-27.34.1 libvirt-daemon-qemu-2.0.0-27.34.1 libvirt-debugsource-2.0.0-27.34.1 libvirt-doc-2.0.0-27.34.1 libvirt-lock-sanlock-2.0.0-27.34.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.34.1 libvirt-nss-2.0.0-27.34.1 libvirt-nss-debuginfo-2.0.0-27.34.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libvirt-2.0.0-27.34.1 libvirt-client-2.0.0-27.34.1 libvirt-client-debuginfo-2.0.0-27.34.1 libvirt-daemon-2.0.0-27.34.1 libvirt-daemon-config-network-2.0.0-27.34.1 libvirt-daemon-config-nwfilter-2.0.0-27.34.1 libvirt-daemon-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-interface-2.0.0-27.34.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-lxc-2.0.0-27.34.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-network-2.0.0-27.34.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-nodedev-2.0.0-27.34.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-nwfilter-2.0.0-27.34.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-qemu-2.0.0-27.34.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-secret-2.0.0-27.34.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-storage-2.0.0-27.34.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.34.1 libvirt-daemon-lxc-2.0.0-27.34.1 libvirt-daemon-qemu-2.0.0-27.34.1 libvirt-debugsource-2.0.0-27.34.1 libvirt-doc-2.0.0-27.34.1 libvirt-lock-sanlock-2.0.0-27.34.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.34.1 libvirt-nss-2.0.0-27.34.1 libvirt-nss-debuginfo-2.0.0-27.34.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.34.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.34.1 libvirt-daemon-hooks-2.0.0-27.34.1 libvirt-daemon-xen-2.0.0-27.34.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libvirt-2.0.0-27.34.1 libvirt-client-2.0.0-27.34.1 libvirt-client-32bit-2.0.0-27.34.1 libvirt-client-debuginfo-2.0.0-27.34.1 libvirt-client-debuginfo-32bit-2.0.0-27.34.1 libvirt-daemon-2.0.0-27.34.1 libvirt-daemon-config-network-2.0.0-27.34.1 libvirt-daemon-config-nwfilter-2.0.0-27.34.1 libvirt-daemon-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-interface-2.0.0-27.34.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-libxl-2.0.0-27.34.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-lxc-2.0.0-27.34.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-network-2.0.0-27.34.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-nodedev-2.0.0-27.34.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-nwfilter-2.0.0-27.34.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-qemu-2.0.0-27.34.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-secret-2.0.0-27.34.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.34.1 libvirt-daemon-driver-storage-2.0.0-27.34.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.34.1 libvirt-daemon-lxc-2.0.0-27.34.1 libvirt-daemon-qemu-2.0.0-27.34.1 libvirt-daemon-xen-2.0.0-27.34.1 libvirt-debugsource-2.0.0-27.34.1 libvirt-doc-2.0.0-27.34.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2018-1064.html https://www.suse.com/security/cve/CVE-2018-6764.html https://bugzilla.suse.com/1078808 https://bugzilla.suse.com/1079869 https://bugzilla.suse.com/1080042 https://bugzilla.suse.com/1082041 https://bugzilla.suse.com/1083625 From sle-updates at lists.suse.com Tue Apr 3 13:09:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Apr 2018 21:09:14 +0200 (CEST) Subject: SUSE-SU-2018:0862-1: moderate: Security update for unrar Message-ID: <20180403190914.1B0B8FC98@maintenance.suse.de> SUSE Security Update: Security update for unrar ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0862-1 Rating: moderate References: #1046882 #1054038 #513804 #693890 Cross-References: CVE-2012-6706 CVE-2017-12938 CVE-2017-12940 CVE-2017-12941 CVE-2017-12942 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed: - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038). - CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038). - CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038). - CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038). These non-security issues were fixed: - Added extraction support for .LZ archives created by Lzip compressor - Enable unpacking of files in ZIP archives compressed with XZ algorithm and encrypted with AES - Added support for PAX extended headers inside of TAR archive - If RAR recovery volumes (.rev files) are present in the same folder as usual RAR volumes, archive test command verifies .rev contents after completing testing .rar files - By default unrar skips symbolic links with absolute paths in link target when extracting unless -ola command line switch is specified - Added support for AES-NI CPU instructions - Support for a new RAR 5.0 archiving format - Wildcard exclusion mask for folders - Added libunrar* and libunrar*-devel subpackages (bsc#513804) - Prevent conditional jumps depending on uninitialised values (bsc#1046882) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-unrar-13542=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-unrar-13542=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): unrar-5.6.1-5.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): unrar-debuginfo-5.6.1-5.3.1 unrar-debugsource-5.6.1-5.3.1 References: https://www.suse.com/security/cve/CVE-2012-6706.html https://www.suse.com/security/cve/CVE-2017-12938.html https://www.suse.com/security/cve/CVE-2017-12940.html https://www.suse.com/security/cve/CVE-2017-12941.html https://www.suse.com/security/cve/CVE-2017-12942.html https://bugzilla.suse.com/1046882 https://bugzilla.suse.com/1054038 https://bugzilla.suse.com/513804 https://bugzilla.suse.com/693890 From sle-updates at lists.suse.com Tue Apr 3 13:10:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Apr 2018 21:10:08 +0200 (CEST) Subject: SUSE-SU-2018:0863-1: important: Security update for clamav Message-ID: <20180403191008.4965DFC98@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0863-1 Rating: important References: #1045315 #1049423 #1052449 #1082858 #1083915 Cross-References: CVE-2012-6706 CVE-2017-11423 CVE-2017-6419 CVE-2018-0202 CVE-2018-1000085 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for clamav fixes the following issues: Security issues fixed: - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315). - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449). - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423). - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858). - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-clamav-13544=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-clamav-13544=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-clamav-13544=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-clamav-13544=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-clamav-13544=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): clamav-0.99.4-0.20.7.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): clamav-0.99.4-0.20.7.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): clamav-0.99.4-0.20.7.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): clamav-debuginfo-0.99.4-0.20.7.2 clamav-debugsource-0.99.4-0.20.7.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): clamav-debuginfo-0.99.4-0.20.7.2 clamav-debugsource-0.99.4-0.20.7.2 References: https://www.suse.com/security/cve/CVE-2012-6706.html https://www.suse.com/security/cve/CVE-2017-11423.html https://www.suse.com/security/cve/CVE-2017-6419.html https://www.suse.com/security/cve/CVE-2018-0202.html https://www.suse.com/security/cve/CVE-2018-1000085.html https://bugzilla.suse.com/1045315 https://bugzilla.suse.com/1049423 https://bugzilla.suse.com/1052449 https://bugzilla.suse.com/1082858 https://bugzilla.suse.com/1083915 From sle-updates at lists.suse.com Tue Apr 3 13:11:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Apr 2018 21:11:08 +0200 (CEST) Subject: SUSE-SU-2018:0864-1: moderate: Security update for GraphicsMagick Message-ID: <20180403191108.5958EFC98@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0864-1 Rating: moderate References: #1050087 #1058630 #1059735 #1066168 #1066170 #1082283 #1082291 #1082348 #1084060 #1084062 #1085233 Cross-References: CVE-2017-11524 CVE-2017-12691 CVE-2017-12693 CVE-2017-14314 CVE-2017-14343 CVE-2017-14505 CVE-2017-15016 CVE-2017-15017 CVE-2017-16352 CVE-2017-16353 CVE-2017-18219 CVE-2017-18220 CVE-2017-18230 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for GraphicsMagick fixes several issues. These security issues were fixed: - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087) - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170) - CVE-2017-16352: Prevent a heap-based buffer overflow in the "Display visual image directory" feature of the DescribeImage() function. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag (bsc#1066168) - CVE-2017-14314: Prevent off-by-one error in the DrawImage function that allowed remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file (bsc#1058630) - CVE-2017-14505: Fixed handling of NULL arrays, which allowed attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input (bsc#1059735) - CVE-2017-15016: Prevent NULL pointer dereference vulnerability in ReadEnhMetaFile allowing for denial of service (bsc#1082291) - CVE-2017-15017: Prevent NULL pointer dereference vulnerability in ReadOneMNGImage allowing for denial of service (bsc#1082283) - CVE-2017-12693: The ReadBMPImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted BMP file (bsc#1082348) - CVE-2017-18219: Prevent allocation failure in the function ReadOnePNGImage, which allowed attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation (bsc#1084060) - CVE-2017-18230: Prevent NULL pointer dereference in the function ReadCINEONImage, which allowed attackers to cause a denial of service via a crafted file (bsc#1085233). - CVE-2017-18220: The ReadOneJNGImage and ReadJNGImage functions allowed remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file (bsc#1084062). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-13543=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-13543=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-13543=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-78.44.1 libGraphicsMagick2-1.2.5-78.44.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-78.44.1 libGraphicsMagick2-1.2.5-78.44.1 perl-GraphicsMagick-1.2.5-78.44.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-78.44.1 GraphicsMagick-debugsource-1.2.5-78.44.1 References: https://www.suse.com/security/cve/CVE-2017-11524.html https://www.suse.com/security/cve/CVE-2017-12691.html https://www.suse.com/security/cve/CVE-2017-12693.html https://www.suse.com/security/cve/CVE-2017-14314.html https://www.suse.com/security/cve/CVE-2017-14343.html https://www.suse.com/security/cve/CVE-2017-14505.html https://www.suse.com/security/cve/CVE-2017-15016.html https://www.suse.com/security/cve/CVE-2017-15017.html https://www.suse.com/security/cve/CVE-2017-16352.html https://www.suse.com/security/cve/CVE-2017-16353.html https://www.suse.com/security/cve/CVE-2017-18219.html https://www.suse.com/security/cve/CVE-2017-18220.html https://www.suse.com/security/cve/CVE-2017-18230.html https://bugzilla.suse.com/1050087 https://bugzilla.suse.com/1058630 https://bugzilla.suse.com/1059735 https://bugzilla.suse.com/1066168 https://bugzilla.suse.com/1066170 https://bugzilla.suse.com/1082283 https://bugzilla.suse.com/1082291 https://bugzilla.suse.com/1082348 https://bugzilla.suse.com/1084060 https://bugzilla.suse.com/1084062 https://bugzilla.suse.com/1085233 From sle-updates at lists.suse.com Tue Apr 3 16:07:18 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Apr 2018 00:07:18 +0200 (CEST) Subject: SUSE-SU-2018:0865-1: moderate: Security update for docker-distribution Message-ID: <20180403220718.E2BC5FC98@maintenance.suse.de> SUSE Security Update: Security update for docker-distribution ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0865-1 Rating: moderate References: #1033172 #1049850 #1083474 Cross-References: CVE-2017-11468 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for docker-distribution fixes the following issues: Security issues fixed: - CVE-2017-11468: Fixed a denial of service (memory consumption) via the manifest endpoint (bsc#1049850). Bug fixes: - bsc#1083474: docker-distirbution-registry overwrites configuration file with update. - bsc#1033172: Garbage collector needed - or kindly release docker-distribution-registry in Version 2.4. - Add SuSEfirewall2 service file for TCP port 5000. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2018-582=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): docker-distribution-registry-2.6.2-13.6.1 References: https://www.suse.com/security/cve/CVE-2017-11468.html https://bugzilla.suse.com/1033172 https://bugzilla.suse.com/1049850 https://bugzilla.suse.com/1083474 From sle-updates at lists.suse.com Tue Apr 3 16:08:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Apr 2018 00:08:02 +0200 (CEST) Subject: SUSE-SU-2018:0866-1: important: Security update for coreutils Message-ID: <20180403220802.BB13FFC98@maintenance.suse.de> SUSE Security Update: Security update for coreutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0866-1 Rating: important References: #1023041 Cross-References: CVE-2017-2616 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for coreutils fixes one issue. This security issue was fixed: - CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges (bsc#1023041) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-coreutils-13546=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-coreutils-13546=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): coreutils-8.12-6.25.33.3.1 coreutils-lang-8.12-6.25.33.3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): coreutils-x86-8.12-6.25.33.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): coreutils-debuginfo-8.12-6.25.33.3.1 coreutils-debugsource-8.12-6.25.33.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): coreutils-debuginfo-x86-8.12-6.25.33.3.1 References: https://www.suse.com/security/cve/CVE-2017-2616.html https://bugzilla.suse.com/1023041 From sle-updates at lists.suse.com Tue Apr 3 16:08:36 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Apr 2018 00:08:36 +0200 (CEST) Subject: SUSE-SU-2018:0867-1: moderate: Security update for wireshark Message-ID: <20180403220836.7259AFC98@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0867-1 Rating: moderate References: #1077080 #1082692 Cross-References: CVE-2017-17997 CVE-2018-7320 CVE-2018-7321 CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7325 CVE-2018-7326 CVE-2018-7327 CVE-2018-7328 CVE-2018-7329 CVE-2018-7330 CVE-2018-7331 CVE-2018-7332 CVE-2018-7333 CVE-2018-7334 CVE-2018-7335 CVE-2018-7336 CVE-2018-7337 CVE-2018-7417 CVE-2018-7418 CVE-2018-7419 CVE-2018-7420 CVE-2018-7421 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: This update for wireshark fixes the following issues: Security issue fixed (bsc#1082692): - CVE-2018-7335: The IEEE 802.11 dissector could crash (wnpa-sec-2018-05) - CVE-2018-7321: thrift long dissector loop (dissect_thrift_map) - CVE-2018-7322: DICOM: inifinite loop (dissect_dcm_tag) - CVE-2018-7323: WCCP: very long loop (dissect_wccp2_alternate_mask_value_set_element) - CVE-2018-7324: SCCP: infinite loop (dissect_sccp_optional_parameters) - CVE-2018-7325: RPKI-Router Protocol: infinite loop (dissect_rpkirtr_pdu) - CVE-2018-7326: LLTD: infinite loop (dissect_lltd_tlv) - CVE-2018-7327: openflow_v6: infinite loop (dissect_openflow_bundle_control_v6) - CVE-2018-7328: USB-DARWIN: long loop (dissect_darwin_usb_iso_transfer) - CVE-2018-7329: S7COMM: infinite loop (s7comm_decode_ud_cpu_alarm_main) - CVE-2018-7330: thread_meshcop: infinite loop (get_chancount) - CVE-2018-7331: GTP: infinite loop (dissect_gprscdr_GGSNPDPRecord, dissect_ber_set) - CVE-2018-7332: RELOAD: infinite loop (dissect_statans) - CVE-2018-7333: RPCoRDMA: infinite loop in get_write_list_chunk_count - CVE-2018-7421: Multiple dissectors could go into large infinite loops (wnpa-sec-2018-06) - CVE-2018-7334: The UMTS MAC dissector could crash (wnpa-sec-2018-07) - CVE-2018-7337: The DOCSIS dissector could crash (wnpa-sec-2018-08) - CVE-2018-7336: The FCP dissector could crash (wnpa-sec-2018-09) - CVE-2018-7320: The SIGCOMP dissector could crash (wnpa-sec-2018-10) - CVE-2018-7420: The pcapng file parser could crash (wnpa-sec-2018-11) - CVE-2018-7417: The IPMI dissector could crash (wnpa-sec-2018-12) - CVE-2018-7418: The SIGCOMP dissector could crash (wnpa-sec-2018-13) - CVE-2018-7419: The NBAP disssector could crash (wnpa-sec-2018-14) - CVE-2017-17997: Misuse of NULL pointer in MRDISC dissector (bsc#1077080). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-wireshark-13547=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wireshark-13547=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wireshark-13547=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-devel-2.2.13-40.22.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libwireshark8-2.2.13-40.22.1 libwiretap6-2.2.13-40.22.1 libwscodecs1-2.2.13-40.22.1 libwsutil7-2.2.13-40.22.1 wireshark-2.2.13-40.22.1 wireshark-gtk-2.2.13-40.22.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libwireshark8-2.2.13-40.22.1 libwiretap6-2.2.13-40.22.1 libwscodecs1-2.2.13-40.22.1 libwsutil7-2.2.13-40.22.1 wireshark-2.2.13-40.22.1 wireshark-gtk-2.2.13-40.22.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-debuginfo-2.2.13-40.22.1 wireshark-debugsource-2.2.13-40.22.1 References: https://www.suse.com/security/cve/CVE-2017-17997.html https://www.suse.com/security/cve/CVE-2018-7320.html https://www.suse.com/security/cve/CVE-2018-7321.html https://www.suse.com/security/cve/CVE-2018-7322.html https://www.suse.com/security/cve/CVE-2018-7323.html https://www.suse.com/security/cve/CVE-2018-7324.html https://www.suse.com/security/cve/CVE-2018-7325.html https://www.suse.com/security/cve/CVE-2018-7326.html https://www.suse.com/security/cve/CVE-2018-7327.html https://www.suse.com/security/cve/CVE-2018-7328.html https://www.suse.com/security/cve/CVE-2018-7329.html https://www.suse.com/security/cve/CVE-2018-7330.html https://www.suse.com/security/cve/CVE-2018-7331.html https://www.suse.com/security/cve/CVE-2018-7332.html https://www.suse.com/security/cve/CVE-2018-7333.html https://www.suse.com/security/cve/CVE-2018-7334.html https://www.suse.com/security/cve/CVE-2018-7335.html https://www.suse.com/security/cve/CVE-2018-7336.html https://www.suse.com/security/cve/CVE-2018-7337.html https://www.suse.com/security/cve/CVE-2018-7417.html https://www.suse.com/security/cve/CVE-2018-7418.html https://www.suse.com/security/cve/CVE-2018-7419.html https://www.suse.com/security/cve/CVE-2018-7420.html https://www.suse.com/security/cve/CVE-2018-7421.html https://bugzilla.suse.com/1077080 https://bugzilla.suse.com/1082692 From sle-updates at lists.suse.com Wed Apr 4 07:07:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Apr 2018 15:07:45 +0200 (CEST) Subject: SUSE-RU-2018:0868-1: moderate: Recommended update for several OpenStack components Message-ID: <20180404130745.D8B12FC9E@maintenance.suse.de> SUSE Recommended Update: Recommended update for several OpenStack components ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0868-1 Rating: moderate References: #1060622 #1076586 #1079070 #1079370 #1080584 #1080883 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for OpenStack fixes the following issues: openstack-cinder: - Raise cinder-volume fd limit. (bsc#1080584) - cinder-volume.service: Raise tasksmax. (bsc#1076586) openstack-dashboard: - Add the ability to configure the default "create volume" value when launching an instance with Cinder enabled. See create_volume in local_settings.py.example. (bsc#1079070) openstack-glance: - Remove policy.json.diff: such configuration breaks deployments with ceph as glance backend (bsc#1079370). + Users have to be adviced not to use this less restricted policy.json with the usage of (deprecated) show_multiple_locations option. openstack-horizon-plugin-gbp-ui: - Sync with Pike. openstack-manila: - Fix migration of MariaDB. (bsc#1080883) openstack-neutron: - Call update_all_ha_network_port_statuses on agent start. - Fix callers of get_devices_with_ip to pass addresses. (bsc#1060622) - Switch from openvswitch-switch to openvswitch, after -switch is an obsolete dependency. - Fix endless router deletion. - Fix DNS connectivity issues with DVR+HA routers and DHCP-HA. - Fix DVR snat creation. openstack-neutron-lbaas: - Add a periodic check to examine the status of all LBaaS agents with loadbalancers scheduled to them. If the agent is dead, the loadbalancer will be rescheduled to an alive agent. - Enable haproxy driver to be monitored and restarted if its dead. Current situation is that the haproxy driver stays dead and you need to restart the lbaas agent manually. - Do not show dead pool members online. openstack-nova: - Raise MarkerNotFound if BuildRequestList.get_by_filters doesn't find marker. - Report reserved_host_disk_mb in GB not KB. - Allow placement endpoint interface to be set. - Use instance.project_id when creating request specs for old instances. - Patch mkisofs calls. - Make request_spec.spec MediumText. - Get original image_id from volume for volume-backed instance rebuild. - Avoid lazy-error when getting instance AZ. - Only query BDMs once in API during rebuild. - Fix 'force' parameter in os-quota-sets PUT schema. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-585=1 Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-cinder-9.1.5~dev6-4.9.5 openstack-cinder-api-9.1.5~dev6-4.9.5 openstack-cinder-backup-9.1.5~dev6-4.9.5 openstack-cinder-doc-9.1.5~dev6-4.9.5 openstack-cinder-scheduler-9.1.5~dev6-4.9.5 openstack-cinder-volume-9.1.5~dev6-4.9.5 openstack-dashboard-10.0.6~dev4-4.9.6 openstack-glance-13.0.1~dev6-4.9.4 openstack-glance-api-13.0.1~dev6-4.9.4 openstack-glance-doc-13.0.1~dev6-4.9.4 openstack-glance-glare-13.0.1~dev6-4.9.4 openstack-glance-registry-13.0.1~dev6-4.9.4 openstack-horizon-plugin-gbp-ui-5.0.1~dev17-2.9.3 openstack-manila-3.0.1~dev30-4.9.4 openstack-manila-api-3.0.1~dev30-4.9.4 openstack-manila-data-3.0.1~dev30-4.9.4 openstack-manila-doc-3.0.1~dev30-4.9.5 openstack-manila-scheduler-3.0.1~dev30-4.9.4 openstack-manila-share-3.0.1~dev30-4.9.4 openstack-neutron-9.4.2~dev21-7.15.4 openstack-neutron-dhcp-agent-9.4.2~dev21-7.15.4 openstack-neutron-doc-9.4.2~dev21-7.15.4 openstack-neutron-ha-tool-9.4.2~dev21-7.15.4 openstack-neutron-l3-agent-9.4.2~dev21-7.15.4 openstack-neutron-lbaas-9.2.2~dev11-4.6.7 openstack-neutron-lbaas-agent-9.2.2~dev11-4.6.7 openstack-neutron-lbaas-doc-9.2.2~dev11-4.6.5 openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.15.4 openstack-neutron-macvtap-agent-9.4.2~dev21-7.15.4 openstack-neutron-metadata-agent-9.4.2~dev21-7.15.4 openstack-neutron-metering-agent-9.4.2~dev21-7.15.4 openstack-neutron-openvswitch-agent-9.4.2~dev21-7.15.4 openstack-neutron-server-9.4.2~dev21-7.15.4 openstack-nova-14.0.11~dev13-4.17.7 openstack-nova-api-14.0.11~dev13-4.17.7 openstack-nova-cells-14.0.11~dev13-4.17.7 openstack-nova-cert-14.0.11~dev13-4.17.7 openstack-nova-compute-14.0.11~dev13-4.17.7 openstack-nova-conductor-14.0.11~dev13-4.17.7 openstack-nova-console-14.0.11~dev13-4.17.7 openstack-nova-consoleauth-14.0.11~dev13-4.17.7 openstack-nova-doc-14.0.11~dev13-4.17.7 openstack-nova-novncproxy-14.0.11~dev13-4.17.7 openstack-nova-placement-api-14.0.11~dev13-4.17.7 openstack-nova-scheduler-14.0.11~dev13-4.17.7 openstack-nova-serialproxy-14.0.11~dev13-4.17.7 openstack-nova-vncproxy-14.0.11~dev13-4.17.7 python-cinder-9.1.5~dev6-4.9.5 python-glance-13.0.1~dev6-4.9.4 python-horizon-10.0.6~dev4-4.9.6 python-horizon-plugin-gbp-ui-5.0.1~dev17-2.9.3 python-manila-3.0.1~dev30-4.9.4 python-neutron-9.4.2~dev21-7.15.4 python-neutron-lbaas-9.2.2~dev11-4.6.7 python-nova-14.0.11~dev13-4.17.7 References: https://bugzilla.suse.com/1060622 https://bugzilla.suse.com/1076586 https://bugzilla.suse.com/1079070 https://bugzilla.suse.com/1079370 https://bugzilla.suse.com/1080584 https://bugzilla.suse.com/1080883 From sle-updates at lists.suse.com Wed Apr 4 07:08:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Apr 2018 15:08:59 +0200 (CEST) Subject: SUSE-RU-2018:0869-1: Recommended update for autoyast2 Message-ID: <20180404130859.8FDFEFC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0869-1 Rating: low References: #1054400 #1057597 #1059617 #1077292 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for autoyast2 provides the following fixes: - When using Btrfs but without subvolumes, export an empty list instead of removing them from the profile. (bsc#1059617) - Shrink needed disks size automatically in order to handle rounding inaccuracies in LVM installations. (bsc#1057597) - Add default subvolumes to the root partition only if the user has not defined any root partition in the autoyast configuration file. (bsc#1059617) - Add the network_before_proposal flag that will be enable if the network is configured during the first stage. (bsc#1054400) - Report packages which cannot be selected for installation, except those packages not included in the AutoYaST profile. (bnc#1077292) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-587=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-587=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): autoyast2-3.2.29-2.22.4 autoyast2-installation-3.2.29-2.22.4 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): autoyast2-3.2.29-2.22.4 autoyast2-installation-3.2.29-2.22.4 References: https://bugzilla.suse.com/1054400 https://bugzilla.suse.com/1057597 https://bugzilla.suse.com/1059617 https://bugzilla.suse.com/1077292 From sle-updates at lists.suse.com Wed Apr 4 07:09:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Apr 2018 15:09:57 +0200 (CEST) Subject: SUSE-RU-2018:0870-1: moderate: Recommended update for yast2-users Message-ID: <20180404130957.EA58FFC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-users ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0870-1 Rating: moderate References: #1053564 #1066342 #1080125 Affected Products: SUSE Linux Enterprise Server Installer 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-users provides the following fixes: - AutoYaST: Write and export SSH authorized keys also for root user. (bsc#1066342) - Fix a freeze while parsing authorized_keys. (bsc#1053564) - Make sure users don't get locked when removing the password expiration date. (bsc#1080125) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server Installer 12-SP3: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP3-2018-584=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-584=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-584=1 Package List: - SUSE Linux Enterprise Server Installer 12-SP3 (aarch64 ppc64le s390x x86_64): yast2-users-3.2.14-3.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): yast2-users-3.2.14-3.9.1 yast2-users-debuginfo-3.2.14-3.9.1 yast2-users-debugsource-3.2.14-3.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): yast2-users-3.2.14-3.9.1 yast2-users-debuginfo-3.2.14-3.9.1 yast2-users-debugsource-3.2.14-3.9.1 References: https://bugzilla.suse.com/1053564 https://bugzilla.suse.com/1066342 https://bugzilla.suse.com/1080125 From sle-updates at lists.suse.com Wed Apr 4 07:10:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Apr 2018 15:10:43 +0200 (CEST) Subject: SUSE-RU-2018:0871-1: Recommended update for aaa_base Message-ID: <20180404131043.BC66EFC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0871-1 Rating: low References: #1025743 #1036895 #1038549 #1049577 #1052182 #1079674 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for aaa_base provides the following fixes: - Support changing PS1 even for mksh and user root. (bsc#1036895) - Unset unused variables on profile files. (bsc#1049577) - Unset id in csh.cshrc instead of profile.csh. (bsc#1049577) - Allow that personal ~/.bashrc is read again. (bsc#1052182) - Avoid that IFS becomes global in _ls ksh shell function. (bsc#1079674, bsc#1025743) - Replace "cat > file" by "mv -f ... file" in pre/post to fix issues with clients having these files mmapped. (bsc#1038549) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-586=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-586=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-586=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-13.2+git20140911.61c1681-38.5.1 aaa_base-debugsource-13.2+git20140911.61c1681-38.5.1 aaa_base-malloccheck-13.2+git20140911.61c1681-38.5.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): aaa_base-13.2+git20140911.61c1681-38.5.1 aaa_base-debuginfo-13.2+git20140911.61c1681-38.5.1 aaa_base-debugsource-13.2+git20140911.61c1681-38.5.1 aaa_base-extras-13.2+git20140911.61c1681-38.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): aaa_base-13.2+git20140911.61c1681-38.5.1 aaa_base-debuginfo-13.2+git20140911.61c1681-38.5.1 aaa_base-debugsource-13.2+git20140911.61c1681-38.5.1 aaa_base-extras-13.2+git20140911.61c1681-38.5.1 - SUSE CaaS Platform ALL (x86_64): aaa_base-13.2+git20140911.61c1681-38.5.1 aaa_base-debuginfo-13.2+git20140911.61c1681-38.5.1 aaa_base-debugsource-13.2+git20140911.61c1681-38.5.1 References: https://bugzilla.suse.com/1025743 https://bugzilla.suse.com/1036895 https://bugzilla.suse.com/1038549 https://bugzilla.suse.com/1049577 https://bugzilla.suse.com/1052182 https://bugzilla.suse.com/1079674 From sle-updates at lists.suse.com Wed Apr 4 10:07:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Apr 2018 18:07:17 +0200 (CEST) Subject: SUSE-RU-2018:0872-1: Recommended update for growpart Message-ID: <20180404160717.BEA6AFC9E@maintenance.suse.de> SUSE Recommended Update: Recommended update for growpart ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0872-1 Rating: low References: #1064755 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for growpart fixes the following issues: - Add rootgrow script to wrap growpart to the Public Cloud Module. - Ignore sfdisk failure in 2.28.1 when due to reread failing. - Add service file to start growpart via systemd. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-590=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-590=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): growpart-0.30-4.5.1 growpart-rootgrow-1.0.0-4.5.1 - SUSE CaaS Platform ALL (noarch): growpart-0.30-4.5.1 - OpenStack Cloud Magnum Orchestration 7 (noarch): growpart-0.30-4.5.1 References: https://bugzilla.suse.com/1064755 From sle-updates at lists.suse.com Wed Apr 4 10:07:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Apr 2018 18:07:45 +0200 (CEST) Subject: SUSE-SU-2018:0873-1: important: Security update for python-paramiko Message-ID: <20180404160745.9DD29FC98@maintenance.suse.de> SUSE Security Update: Security update for python-paramiko ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0873-1 Rating: important References: #1085276 Cross-References: CVE-2018-7750 Affected Products: SUSE OpenStack Cloud 6 SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-paramiko fixes the following issues: - CVE-2018-7750: Fixed transport.py in the SSH server implementation of Paramiko that does not properly check whether authentication is completed before processing other requests (bsc#1085276). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-588=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2018-588=1 Package List: - SUSE OpenStack Cloud 6 (noarch): python-paramiko-1.15.2-2.6.1 - SUSE Enterprise Storage 3 (noarch): python-paramiko-1.15.2-2.6.1 References: https://www.suse.com/security/cve/CVE-2018-7750.html https://bugzilla.suse.com/1085276 From sle-updates at lists.suse.com Thu Apr 5 07:07:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Apr 2018 15:07:27 +0200 (CEST) Subject: SUSE-SU-2018:0874-1: moderate: Security update for glibc Message-ID: <20180405130727.D9285FCE2@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0874-1 Rating: moderate References: #1076871 #1081556 Cross-References: CVE-2017-12133 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-12133: Avoid use-after-free read access in clntudp_call (bsc#1081556) Non security issue fixed: - Fix incorrect getaddrinfo assertion trigger (bsc#1076871) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-glibc-13548=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-glibc-13548=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glibc-13548=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): glibc-html-2.11.3-17.110.9.2 glibc-info-2.11.3-17.110.9.2 - SUSE Linux Enterprise Server 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.110.9.2 glibc-devel-2.11.3-17.110.9.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.110.9.2 glibc-i18ndata-2.11.3-17.110.9.2 glibc-info-2.11.3-17.110.9.2 glibc-locale-2.11.3-17.110.9.2 glibc-profile-2.11.3-17.110.9.2 nscd-2.11.3-17.110.9.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.110.9.2 glibc-devel-32bit-2.11.3-17.110.9.2 glibc-locale-32bit-2.11.3-17.110.9.2 glibc-profile-32bit-2.11.3-17.110.9.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): glibc-locale-x86-2.11.3-17.110.9.2 glibc-profile-x86-2.11.3-17.110.9.2 glibc-x86-2.11.3-17.110.9.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.110.9.2 glibc-debugsource-2.11.3-17.110.9.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.110.9.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): glibc-debuginfo-x86-2.11.3-17.110.9.2 References: https://www.suse.com/security/cve/CVE-2017-12133.html https://bugzilla.suse.com/1076871 https://bugzilla.suse.com/1081556 From sle-updates at lists.suse.com Thu Apr 5 13:07:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Apr 2018 21:07:49 +0200 (CEST) Subject: SUSE-SU-2018:0875-1: moderate: Security update for LibVNCServer Message-ID: <20180405190749.6B138FCE2@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0875-1 Rating: moderate References: #1081493 Cross-References: CVE-2018-7225 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for LibVNCServer fixes the following issues: - CVE-2018-7225: Missing input sanitization inside rfbserver.c rfbProcessClientNormalMessage() (bsc#1081493). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-LibVNCServer-13550=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-LibVNCServer-13550=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-LibVNCServer-13550=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): LibVNCServer-devel-0.9.1-160.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): LibVNCServer-0.9.1-160.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): LibVNCServer-debuginfo-0.9.1-160.3.1 LibVNCServer-debugsource-0.9.1-160.3.1 References: https://www.suse.com/security/cve/CVE-2018-7225.html https://bugzilla.suse.com/1081493 From sle-updates at lists.suse.com Thu Apr 5 13:08:21 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Apr 2018 21:08:21 +0200 (CEST) Subject: SUSE-SU-2018:0876-1: moderate: Security update for postgresql94 Message-ID: <20180405190821.4C79CF38F@maintenance.suse.de> SUSE Security Update: Security update for postgresql94 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0876-1 Rating: moderate References: #1081925 Cross-References: CVE-2018-1058 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2018-1058: Fixed uncontrolled search path element in pg_dump and other client applications (bsc#1081925). Bug fixes: - See release notes for details: * https://www.postgresql.org/docs/9.4/static/release-9-4-17.html * https://www.postgresql.org/docs/9.4/static/release-9-4-16.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-596=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-596=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-596=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-596=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): postgresql94-devel-9.4.17-21.19.1 postgresql94-devel-debuginfo-9.4.17-21.19.1 postgresql94-libs-debugsource-9.4.17-21.19.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): postgresql94-9.4.17-21.19.1 postgresql94-contrib-9.4.17-21.19.1 postgresql94-contrib-debuginfo-9.4.17-21.19.1 postgresql94-debuginfo-9.4.17-21.19.1 postgresql94-debugsource-9.4.17-21.19.1 postgresql94-server-9.4.17-21.19.1 postgresql94-server-debuginfo-9.4.17-21.19.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): postgresql94-docs-9.4.17-21.19.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): postgresql94-9.4.17-21.19.1 postgresql94-contrib-9.4.17-21.19.1 postgresql94-contrib-debuginfo-9.4.17-21.19.1 postgresql94-debuginfo-9.4.17-21.19.1 postgresql94-debugsource-9.4.17-21.19.1 postgresql94-server-9.4.17-21.19.1 postgresql94-server-debuginfo-9.4.17-21.19.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): postgresql94-docs-9.4.17-21.19.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): postgresql94-9.4.17-21.19.1 postgresql94-debuginfo-9.4.17-21.19.1 postgresql94-debugsource-9.4.17-21.19.1 References: https://www.suse.com/security/cve/CVE-2018-1058.html https://bugzilla.suse.com/1081925 From sle-updates at lists.suse.com Thu Apr 5 13:08:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Apr 2018 21:08:49 +0200 (CEST) Subject: SUSE-SU-2018:0877-1: moderate: Security update for spice-gtk Message-ID: <20180405190849.8A767F38F@maintenance.suse.de> SUSE Security Update: Security update for spice-gtk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0877-1 Rating: moderate References: #1085415 Cross-References: CVE-2017-12194 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice-gtk fixes the following issues: - CVE-2017-12194: A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable. (bsc#1085415) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-592=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-592=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-592=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): spice-gtk-debuginfo-0.33-3.3.2 spice-gtk-debugsource-0.33-3.3.2 spice-gtk-devel-0.33-3.3.2 typelib-1_0-SpiceClientGtk-3_0-0.33-3.3.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libspice-client-glib-2_0-8-0.33-3.3.2 libspice-client-glib-2_0-8-debuginfo-0.33-3.3.2 libspice-client-glib-helper-0.33-3.3.2 libspice-client-glib-helper-debuginfo-0.33-3.3.2 libspice-client-gtk-3_0-5-0.33-3.3.2 libspice-client-gtk-3_0-5-debuginfo-0.33-3.3.2 libspice-controller0-0.33-3.3.2 libspice-controller0-debuginfo-0.33-3.3.2 spice-gtk-debuginfo-0.33-3.3.2 spice-gtk-debugsource-0.33-3.3.2 typelib-1_0-SpiceClientGlib-2_0-0.33-3.3.2 typelib-1_0-SpiceClientGtk-3_0-0.33-3.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libspice-client-glib-2_0-8-0.33-3.3.2 libspice-client-glib-2_0-8-debuginfo-0.33-3.3.2 libspice-client-glib-helper-0.33-3.3.2 libspice-client-glib-helper-debuginfo-0.33-3.3.2 libspice-client-gtk-3_0-5-0.33-3.3.2 libspice-client-gtk-3_0-5-debuginfo-0.33-3.3.2 libspice-controller0-0.33-3.3.2 libspice-controller0-debuginfo-0.33-3.3.2 spice-gtk-debuginfo-0.33-3.3.2 spice-gtk-debugsource-0.33-3.3.2 typelib-1_0-SpiceClientGlib-2_0-0.33-3.3.2 typelib-1_0-SpiceClientGtk-3_0-0.33-3.3.2 References: https://www.suse.com/security/cve/CVE-2017-12194.html https://bugzilla.suse.com/1085415 From sle-updates at lists.suse.com Thu Apr 5 13:09:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Apr 2018 21:09:17 +0200 (CEST) Subject: SUSE-SU-2018:0878-1: moderate: Security update for libidn Message-ID: <20180405190917.7AFB9F38F@maintenance.suse.de> SUSE Security Update: Security update for libidn ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0878-1 Rating: moderate References: #1056450 Cross-References: CVE-2017-14062 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libidn fixes one issues. This security issue was fixed: - CVE-2017-14062: Prevent integer overflow in the decode_digit function that allowed remote attackers to cause a denial of service or possibly have unspecified other impact (bsc#1056450). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-594=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-594=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-594=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-594=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libidn-debugsource-1.28-5.3.1 libidn-devel-1.28-5.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libidn-debugsource-1.28-5.3.1 libidn-tools-1.28-5.3.1 libidn-tools-debuginfo-1.28-5.3.1 libidn11-1.28-5.3.1 libidn11-debuginfo-1.28-5.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libidn11-32bit-1.28-5.3.1 libidn11-debuginfo-32bit-1.28-5.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libidn-debugsource-1.28-5.3.1 libidn11-1.28-5.3.1 libidn11-32bit-1.28-5.3.1 libidn11-debuginfo-1.28-5.3.1 libidn11-debuginfo-32bit-1.28-5.3.1 - SUSE CaaS Platform ALL (x86_64): libidn-debugsource-1.28-5.3.1 libidn11-1.28-5.3.1 libidn11-debuginfo-1.28-5.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libidn-debugsource-1.28-5.3.1 libidn11-1.28-5.3.1 libidn11-debuginfo-1.28-5.3.1 References: https://www.suse.com/security/cve/CVE-2017-14062.html https://bugzilla.suse.com/1056450 From sle-updates at lists.suse.com Thu Apr 5 13:09:44 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Apr 2018 21:09:44 +0200 (CEST) Subject: SUSE-SU-2018:0879-1: important: Security update for apache2 Message-ID: <20180405190944.E194CF38F@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0879-1 Rating: important References: #1057406 #1086774 #1086775 #1086813 #1086814 #1086817 #1086820 Cross-References: CVE-2017-15710 CVE-2017-15715 CVE-2018-1283 CVE-2018-1301 CVE-2018-1303 CVE-2018-1312 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for apache2 fixes the following issues: * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header leading to unexpected behavior [bsc#1086814]. * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, a specially crafted request could lead to remote denial of service. [bsc#1086817] * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read while preparing data to be cached in shared memory.[bsc#1086813] * CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774] * CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775] * CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. [bsc#1086820] * gensslcert: fall back to 'localhost' as hostname [bsc#1057406] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-593=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-593=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-593=1 Package List: - SUSE OpenStack Cloud 6 (x86_64): apache2-2.4.16-20.16.1 apache2-debuginfo-2.4.16-20.16.1 apache2-debugsource-2.4.16-20.16.1 apache2-example-pages-2.4.16-20.16.1 apache2-prefork-2.4.16-20.16.1 apache2-prefork-debuginfo-2.4.16-20.16.1 apache2-utils-2.4.16-20.16.1 apache2-utils-debuginfo-2.4.16-20.16.1 apache2-worker-2.4.16-20.16.1 apache2-worker-debuginfo-2.4.16-20.16.1 - SUSE OpenStack Cloud 6 (noarch): apache2-doc-2.4.16-20.16.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): apache2-2.4.16-20.16.1 apache2-debuginfo-2.4.16-20.16.1 apache2-debugsource-2.4.16-20.16.1 apache2-example-pages-2.4.16-20.16.1 apache2-prefork-2.4.16-20.16.1 apache2-prefork-debuginfo-2.4.16-20.16.1 apache2-utils-2.4.16-20.16.1 apache2-utils-debuginfo-2.4.16-20.16.1 apache2-worker-2.4.16-20.16.1 apache2-worker-debuginfo-2.4.16-20.16.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): apache2-doc-2.4.16-20.16.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): apache2-2.4.16-20.16.1 apache2-debuginfo-2.4.16-20.16.1 apache2-debugsource-2.4.16-20.16.1 apache2-example-pages-2.4.16-20.16.1 apache2-prefork-2.4.16-20.16.1 apache2-prefork-debuginfo-2.4.16-20.16.1 apache2-utils-2.4.16-20.16.1 apache2-utils-debuginfo-2.4.16-20.16.1 apache2-worker-2.4.16-20.16.1 apache2-worker-debuginfo-2.4.16-20.16.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): apache2-doc-2.4.16-20.16.1 References: https://www.suse.com/security/cve/CVE-2017-15710.html https://www.suse.com/security/cve/CVE-2017-15715.html https://www.suse.com/security/cve/CVE-2018-1283.html https://www.suse.com/security/cve/CVE-2018-1301.html https://www.suse.com/security/cve/CVE-2018-1303.html https://www.suse.com/security/cve/CVE-2018-1312.html https://bugzilla.suse.com/1057406 https://bugzilla.suse.com/1086774 https://bugzilla.suse.com/1086775 https://bugzilla.suse.com/1086813 https://bugzilla.suse.com/1086814 https://bugzilla.suse.com/1086817 https://bugzilla.suse.com/1086820 From sle-updates at lists.suse.com Thu Apr 5 13:10:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Apr 2018 21:10:58 +0200 (CEST) Subject: SUSE-SU-2018:0880-1: moderate: Security update for ImageMagick Message-ID: <20180405191058.60E0BF38F@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0880-1 Rating: moderate References: #1043290 #1050087 #1056434 #1058630 #1059735 #1066168 #1066170 #1082283 #1082291 #1082348 #1082362 #1082792 #1084060 #1086011 Cross-References: CVE-2017-11524 CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-13768 CVE-2017-14314 CVE-2017-14343 CVE-2017-14505 CVE-2017-15016 CVE-2017-15017 CVE-2017-16352 CVE-2017-16353 CVE-2017-18219 CVE-2017-9500 CVE-2018-7443 CVE-2018-8804 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011) - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087) - CVE-2017-18219: Prevent allocation failure in the function ReadOnePNGImage, which allowed attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation (bsc#1084060). - CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290) - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170) - CVE-2017-16352: Prevent a heap-based buffer overflow in the "Display visual image directory" feature of the DescribeImage() function. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag (bsc#1066168) - CVE-2017-14314: Prevent off-by-one error in the DrawImage function that allowed remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file (bsc#1058630) - CVE-2017-13768: Prevent NULL pointer dereference in the IdentifyImage function that allowed an attacker to perform denial of service by sending a crafted image file (bsc#1056434) - CVE-2017-14505: Fixed handling of NULL arrays, which allowed attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input (bsc#1059735) - CVE-2018-7443: The ReadTIFFImage function did not properly validate the amount of image data in a file, which allowed remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c) (bsc#1082792) - CVE-2017-15016: Prevent NULL pointer dereference vulnerability in ReadEnhMetaFile allowing for denial of service (bsc#1082291) - CVE-2017-15017: Prevent NULL pointer dereference vulnerability in ReadOneMNGImage allowing for denial of service (bsc#1082283) - CVE-2017-12692: The ReadVIFFImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file (bsc#1082362) - CVE-2017-12693: The ReadBMPImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted BMP file (bsc#1082348) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-13549=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-13549=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-13549=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-78.40.1 ImageMagick-devel-6.4.3.6-78.40.1 libMagick++-devel-6.4.3.6-78.40.1 libMagick++1-6.4.3.6-78.40.1 libMagickWand1-6.4.3.6-78.40.1 perl-PerlMagick-6.4.3.6-78.40.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-78.40.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-78.40.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-78.40.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-78.40.1 ImageMagick-debugsource-6.4.3.6-78.40.1 References: https://www.suse.com/security/cve/CVE-2017-11524.html https://www.suse.com/security/cve/CVE-2017-12691.html https://www.suse.com/security/cve/CVE-2017-12692.html https://www.suse.com/security/cve/CVE-2017-12693.html https://www.suse.com/security/cve/CVE-2017-13768.html https://www.suse.com/security/cve/CVE-2017-14314.html https://www.suse.com/security/cve/CVE-2017-14343.html https://www.suse.com/security/cve/CVE-2017-14505.html https://www.suse.com/security/cve/CVE-2017-15016.html https://www.suse.com/security/cve/CVE-2017-15017.html https://www.suse.com/security/cve/CVE-2017-16352.html https://www.suse.com/security/cve/CVE-2017-16353.html https://www.suse.com/security/cve/CVE-2017-18219.html https://www.suse.com/security/cve/CVE-2017-9500.html https://www.suse.com/security/cve/CVE-2018-7443.html https://www.suse.com/security/cve/CVE-2018-8804.html https://bugzilla.suse.com/1043290 https://bugzilla.suse.com/1050087 https://bugzilla.suse.com/1056434 https://bugzilla.suse.com/1058630 https://bugzilla.suse.com/1059735 https://bugzilla.suse.com/1066168 https://bugzilla.suse.com/1066170 https://bugzilla.suse.com/1082283 https://bugzilla.suse.com/1082291 https://bugzilla.suse.com/1082348 https://bugzilla.suse.com/1082362 https://bugzilla.suse.com/1082792 https://bugzilla.suse.com/1084060 https://bugzilla.suse.com/1086011 From sle-updates at lists.suse.com Fri Apr 6 16:10:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Apr 2018 00:10:15 +0200 (CEST) Subject: SUSE-RU-2018:0895-1: Recommended update for openCryptoki Message-ID: <20180406221015.904D5FCE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for openCryptoki ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0895-1 Rating: low References: #1007081 #1026450 #983938 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for openCryptoki fixes the following issues: - Make ICA token mechanism list initialization thread safe. (bsc#1026450) - Remove reference to pkcs1_startup from pkcsslotd. (bsc#1007081) - Remove "syslog.target" leftover from systemd service files. (bsc#983938) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-598=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-598=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-598=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): openCryptoki-debuginfo-3.5-15.7.35 openCryptoki-debugsource-3.5-15.7.35 openCryptoki-devel-3.5-15.7.35 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): openCryptoki-3.5-15.7.35 openCryptoki-debuginfo-3.5-15.7.35 openCryptoki-debugsource-3.5-15.7.35 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390 s390x x86_64): openCryptoki-3.5-15.7.35 openCryptoki-debuginfo-3.5-15.7.35 openCryptoki-debugsource-3.5-15.7.35 - SUSE Linux Enterprise Server 12-SP2 (ppc64le s390x x86_64): openCryptoki-64bit-3.5-15.7.35 - SUSE Linux Enterprise Server 12-SP2 (s390): openCryptoki-32bit-3.5-15.7.35 References: https://bugzilla.suse.com/1007081 https://bugzilla.suse.com/1026450 https://bugzilla.suse.com/983938 From sle-updates at lists.suse.com Fri Apr 6 16:11:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Apr 2018 00:11:04 +0200 (CEST) Subject: SUSE-RU-2018:0896-1: Recommended update for nvme-cli Message-ID: <20180406221104.C08D8FCE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0896-1 Rating: low References: #1058538 #1076113 #1076127 #1076417 #1078032 #1080672 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for nvme-cli provides the following fix: - Make it possible to pass the full device path when requesting the disconnection. (bsc#1058538) - Return 0 if the disconnect command is successful. (bsc#1076417) - Add ability to specify controller loss timeout when connecting. (bsc#1078032) - Fix identifying active or allocated namespaces list. (bsc#1076113) - Fix the "nvme ns-desc" command by making it request a CNS of 0x03 (Namespace descriptors) instead of a CNS of 0x13 (Controller list). (bsc#1076127) - Add NetApp vendor plugin. (bsc#1080672) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-599=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): nvme-cli-1.2-6.15.1 nvme-cli-debuginfo-1.2-6.15.1 nvme-cli-debugsource-1.2-6.15.1 References: https://bugzilla.suse.com/1058538 https://bugzilla.suse.com/1076113 https://bugzilla.suse.com/1076127 https://bugzilla.suse.com/1076417 https://bugzilla.suse.com/1078032 https://bugzilla.suse.com/1080672 From sle-updates at lists.suse.com Fri Apr 6 16:12:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Apr 2018 00:12:08 +0200 (CEST) Subject: SUSE-RU-2018:0897-1: Recommended update for kdump Message-ID: <20180406221208.2A06AFCE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0897-1 Rating: low References: #1002617 #1021484 #1036223 #1047606 #1047781 #1048178 #1056497 #1068234 #951144 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for kdump provides the following fixes: - Fix a ssh login issue. Only field hosts in /etc/nsswitch is needed for /etc/hosts. (bsc#1048178, bsc#1002617) - Don't exit even if the initrd is not built. (bsc#1047781) - Limit kdump CPUs to the number provided in the configuration. (bsc#1036223, bsc#1068234) - Don't split vmcore by default. (bsc#1036223, bsc#1068234) - Ensure added kdump-early.service is enabled properly after update. (bsc#1021484, bsc#1047606) - Change the logic in load.sh to use kexec_load first. If it fails or if it is blocked by the kernel, then try kexec_load_file on x86_64. (bsc#951144, bsc#1056497) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-600=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-600=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kdump-0.8.16-7.5.2 kdump-debuginfo-0.8.16-7.5.2 kdump-debugsource-0.8.16-7.5.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kdump-0.8.16-7.5.2 kdump-debuginfo-0.8.16-7.5.2 kdump-debugsource-0.8.16-7.5.2 - SUSE CaaS Platform ALL (x86_64): kdump-0.8.16-7.5.2 kdump-debuginfo-0.8.16-7.5.2 kdump-debugsource-0.8.16-7.5.2 References: https://bugzilla.suse.com/1002617 https://bugzilla.suse.com/1021484 https://bugzilla.suse.com/1036223 https://bugzilla.suse.com/1047606 https://bugzilla.suse.com/1047781 https://bugzilla.suse.com/1048178 https://bugzilla.suse.com/1056497 https://bugzilla.suse.com/1068234 https://bugzilla.suse.com/951144 From sle-updates at lists.suse.com Sun Apr 8 19:07:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Apr 2018 03:07:20 +0200 (CEST) Subject: SUSE-SU-2018:0901-1: important: Security update for apache2 Message-ID: <20180409010720.319A9FCEA@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0901-1 Rating: important References: #1057406 #1086774 #1086775 #1086813 #1086814 #1086817 #1086820 Cross-References: CVE-2017-15710 CVE-2017-15715 CVE-2018-1283 CVE-2018-1301 CVE-2018-1303 CVE-2018-1312 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for apache2 fixes the following issues: * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header leading to unexpected behavior [bsc#1086814]. * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, a specially crafted request could lead to remote denial of service. [bsc#1086817] * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read while preparing data to be cached in shared memory.[bsc#1086813] * CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774] * CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775] * CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. [bsc#1086820] * gensslcert: fall back to 'localhost' as hostname [bsc#1057406] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-602=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): apache2-2.4.10-14.31.1 apache2-debuginfo-2.4.10-14.31.1 apache2-debugsource-2.4.10-14.31.1 apache2-example-pages-2.4.10-14.31.1 apache2-prefork-2.4.10-14.31.1 apache2-prefork-debuginfo-2.4.10-14.31.1 apache2-utils-2.4.10-14.31.1 apache2-utils-debuginfo-2.4.10-14.31.1 apache2-worker-2.4.10-14.31.1 apache2-worker-debuginfo-2.4.10-14.31.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): apache2-doc-2.4.10-14.31.1 References: https://www.suse.com/security/cve/CVE-2017-15710.html https://www.suse.com/security/cve/CVE-2017-15715.html https://www.suse.com/security/cve/CVE-2018-1283.html https://www.suse.com/security/cve/CVE-2018-1301.html https://www.suse.com/security/cve/CVE-2018-1303.html https://www.suse.com/security/cve/CVE-2018-1312.html https://bugzilla.suse.com/1057406 https://bugzilla.suse.com/1086774 https://bugzilla.suse.com/1086775 https://bugzilla.suse.com/1086813 https://bugzilla.suse.com/1086814 https://bugzilla.suse.com/1086817 https://bugzilla.suse.com/1086820 From sle-updates at lists.suse.com Sun Apr 8 19:08:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Apr 2018 03:08:41 +0200 (CEST) Subject: SUSE-SU-2018:0902-1: important: Security update for openssl Message-ID: <20180409010841.6A73BFCE5@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0902-1 Rating: important References: #1087102 Cross-References: CVE-2018-0739 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl fixes the following issues: - CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack. This could result in a Denial Of Service attack. (bsc#1087102) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-601=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-601=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-601=1 Package List: - SUSE OpenStack Cloud 6 (x86_64): libopenssl1_0_0-1.0.1i-54.11.1 libopenssl1_0_0-32bit-1.0.1i-54.11.1 libopenssl1_0_0-debuginfo-1.0.1i-54.11.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.11.1 libopenssl1_0_0-hmac-1.0.1i-54.11.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1 openssl-1.0.1i-54.11.1 openssl-debuginfo-1.0.1i-54.11.1 openssl-debugsource-1.0.1i-54.11.1 - SUSE OpenStack Cloud 6 (noarch): openssl-doc-1.0.1i-54.11.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libopenssl1_0_0-1.0.1i-54.11.1 libopenssl1_0_0-debuginfo-1.0.1i-54.11.1 libopenssl1_0_0-hmac-1.0.1i-54.11.1 openssl-1.0.1i-54.11.1 openssl-debuginfo-1.0.1i-54.11.1 openssl-debugsource-1.0.1i-54.11.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libopenssl1_0_0-32bit-1.0.1i-54.11.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.11.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): openssl-doc-1.0.1i-54.11.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-54.11.1 libopenssl1_0_0-debuginfo-1.0.1i-54.11.1 libopenssl1_0_0-hmac-1.0.1i-54.11.1 openssl-1.0.1i-54.11.1 openssl-debuginfo-1.0.1i-54.11.1 openssl-debugsource-1.0.1i-54.11.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-54.11.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.11.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): openssl-doc-1.0.1i-54.11.1 References: https://www.suse.com/security/cve/CVE-2018-0739.html https://bugzilla.suse.com/1087102 From sle-updates at lists.suse.com Sun Apr 8 19:09:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Apr 2018 03:09:12 +0200 (CEST) Subject: SUSE-SU-2018:0903-1: moderate: Security update for libidn Message-ID: <20180409010912.56BDCFCE5@maintenance.suse.de> SUSE Security Update: Security update for libidn ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0903-1 Rating: moderate References: #1056450 Cross-References: CVE-2017-14062 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libidn fixes one issues. This security issue was fixed: - CVE-2017-14062: Prevent integer overflow in the decode_digit function that allowed remote attackers to cause a denial of service or possibly have unspecified other impact (bsc#1056450). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libidn-13551=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libidn-13551=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libidn-13551=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libidn-devel-1.10-7.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libidn-1.10-7.3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libidn-32bit-1.10-7.3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libidn-x86-1.10-7.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libidn-debuginfo-1.10-7.3.1 libidn-debugsource-1.10-7.3.1 References: https://www.suse.com/security/cve/CVE-2017-14062.html https://bugzilla.suse.com/1056450 From sle-updates at lists.suse.com Mon Apr 9 13:07:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Apr 2018 21:07:17 +0200 (CEST) Subject: SUSE-RU-2018:0904-1: important: Recommended update for yast2-users Message-ID: <20180409190717.D8F79FCE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-users ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0904-1 Rating: important References: #1088183 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-users fixes the following issues: - Remedy a regression that would cause yast2-users to crash when the root user is undefined in the configuration. [bsc#1088183] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-606=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-606=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): yast2-users-3.2.15-3.13.1 yast2-users-debuginfo-3.2.15-3.13.1 yast2-users-debugsource-3.2.15-3.13.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): yast2-users-3.2.15-3.13.1 yast2-users-debuginfo-3.2.15-3.13.1 yast2-users-debugsource-3.2.15-3.13.1 References: https://bugzilla.suse.com/1088183 From sle-updates at lists.suse.com Mon Apr 9 19:07:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Apr 2018 03:07:16 +0200 (CEST) Subject: SUSE-SU-2018:0905-1: important: Security update for openssl1 Message-ID: <20180410010716.4B2A1FCB8@maintenance.suse.de> SUSE Security Update: Security update for openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0905-1 Rating: important References: #1087102 Cross-References: CVE-2018-0739 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl1 fixes the following issues: - CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack. This could result in a Denial Of Service attack. (bsc#1087102) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssl1-13554=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.58.9.1 libopenssl1_0_0-1.0.1g-0.58.9.1 openssl1-1.0.1g-0.58.9.1 openssl1-doc-1.0.1g-0.58.9.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.58.9.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libopenssl1_0_0-x86-1.0.1g-0.58.9.1 References: https://www.suse.com/security/cve/CVE-2018-0739.html https://bugzilla.suse.com/1087102 From sle-updates at lists.suse.com Mon Apr 9 19:07:46 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Apr 2018 03:07:46 +0200 (CEST) Subject: SUSE-SU-2018:0906-1: important: Security update for openssl Message-ID: <20180410010746.E9CD7FCB8@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0906-1 Rating: important References: #1087102 Cross-References: CVE-2018-0739 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl fixes the following issues: - CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack. This could result in a Denial Of Service attack. (bsc#1087102) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-608=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-27.31.1 libopenssl1_0_0-debuginfo-1.0.1i-27.31.1 libopenssl1_0_0-hmac-1.0.1i-27.31.1 openssl-1.0.1i-27.31.1 openssl-debuginfo-1.0.1i-27.31.1 openssl-debugsource-1.0.1i-27.31.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-27.31.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.31.1 libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): openssl-doc-1.0.1i-27.31.1 References: https://www.suse.com/security/cve/CVE-2018-0739.html https://bugzilla.suse.com/1087102 From sle-updates at lists.suse.com Tue Apr 10 07:07:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Apr 2018 15:07:29 +0200 (CEST) Subject: SUSE-SU-2018:0907-1: moderate: Security update for MozillaFirefox Message-ID: <20180410130729.BEE6DFD19@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0907-1 Rating: moderate References: #1085130 #1085671 #1087059 Cross-References: CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 CVE-2018-5147 CVE-2018-5148 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Security issues fixed in Firefox ESR 52.7.3 (bsc#1085130): - CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 - CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList - CVE-2018-5129: Out-of-bounds write with malformed IPC messages - CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption - CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources - CVE-2018-5144: Integer overflow during Unicode conversion - CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 - CVE-2018-5146: Out of bounds memory write in libvorbis (bsc#1085671) - CVE-2018-5147: Out of bounds memory write in libtremor (bsc#1085671) - CVE-2018-5148: Use-after-free in compositor (MFSA 2018-10) (bsc#1087059) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-13555=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-13555=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-MozillaFirefox-13555=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-MozillaFirefox-13555=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-13555=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-13555=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-52.7.3esr-72.27.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-52.7.3esr-72.27.2 MozillaFirefox-translations-52.7.3esr-72.27.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): MozillaFirefox-52.7.3esr-72.27.2 MozillaFirefox-translations-52.7.3esr-72.27.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): MozillaFirefox-52.7.3esr-72.27.2 MozillaFirefox-translations-52.7.3esr-72.27.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-52.7.3esr-72.27.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): MozillaFirefox-debuginfo-52.7.3esr-72.27.2 References: https://www.suse.com/security/cve/CVE-2018-5125.html https://www.suse.com/security/cve/CVE-2018-5127.html https://www.suse.com/security/cve/CVE-2018-5129.html https://www.suse.com/security/cve/CVE-2018-5130.html https://www.suse.com/security/cve/CVE-2018-5131.html https://www.suse.com/security/cve/CVE-2018-5144.html https://www.suse.com/security/cve/CVE-2018-5145.html https://www.suse.com/security/cve/CVE-2018-5146.html https://www.suse.com/security/cve/CVE-2018-5147.html https://www.suse.com/security/cve/CVE-2018-5148.html https://bugzilla.suse.com/1085130 https://bugzilla.suse.com/1085671 https://bugzilla.suse.com/1087059 From sle-updates at lists.suse.com Tue Apr 10 10:07:39 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Apr 2018 18:07:39 +0200 (CEST) Subject: SUSE-SU-2018:0909-1: important: Security update for xen Message-ID: <20180410160739.739FEFD19@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0909-1 Rating: important References: #1027519 #1072834 #1074562 #1080635 #1080662 #1087251 Cross-References: CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-7540 CVE-2018-7541 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: Update to Xen 4.7.5 bug fix only release (bsc#1027519) Security issues fixed: - CVE-2018-7540: Fixed DoS via non-preemptable L3/L4 pagetable freeing (XSA-252) (bsc#1080635) - CVE-2018-7541: A grant table v2 -> v1 transition may crash Xen (XSA-255) (bsc#1080662) - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 Fixed information leaks via side effects of speculative execution (XSA-254). Includes Spectre v2 mitigation. (bsc#1074562) - Preserve xen-syms from xen-dbg.gz to allow processing vmcores with crash(1) (bsc#1087251) - Xen HVM: Fixed unchecked MSR access error (bsc#1072834) - Add script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU They are triggered via xl vcpu-set domU N (fate#324965) - Make sure tools and tools-domU require libs from the very same build Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-612=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-612=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-612=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64): xen-debugsource-4.7.5_02-43.27.1 xen-devel-4.7.5_02-43.27.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): xen-4.7.5_02-43.27.1 xen-debugsource-4.7.5_02-43.27.1 xen-doc-html-4.7.5_02-43.27.1 xen-libs-32bit-4.7.5_02-43.27.1 xen-libs-4.7.5_02-43.27.1 xen-libs-debuginfo-32bit-4.7.5_02-43.27.1 xen-libs-debuginfo-4.7.5_02-43.27.1 xen-tools-4.7.5_02-43.27.1 xen-tools-debuginfo-4.7.5_02-43.27.1 xen-tools-domU-4.7.5_02-43.27.1 xen-tools-domU-debuginfo-4.7.5_02-43.27.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): xen-4.7.5_02-43.27.1 xen-debugsource-4.7.5_02-43.27.1 xen-libs-32bit-4.7.5_02-43.27.1 xen-libs-4.7.5_02-43.27.1 xen-libs-debuginfo-32bit-4.7.5_02-43.27.1 xen-libs-debuginfo-4.7.5_02-43.27.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2017-5754.html https://www.suse.com/security/cve/CVE-2018-7540.html https://www.suse.com/security/cve/CVE-2018-7541.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1072834 https://bugzilla.suse.com/1074562 https://bugzilla.suse.com/1080635 https://bugzilla.suse.com/1080662 https://bugzilla.suse.com/1087251 From sle-updates at lists.suse.com Tue Apr 10 13:07:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Apr 2018 21:07:27 +0200 (CEST) Subject: SUSE-RU-2018:0910-1: Recommended update for patterns-sap Message-ID: <20180410190727.BD990FD19@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0910-1 Rating: low References: #1045516 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-sap provides the following fix: - Remove the requirement of some unused packages that were causing conflicts: wxWidgets-lang and wxWidgets-compat-lib-config. (bsc#1045516) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2018-613=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): patterns-sap-b1-12.3-6.8.2 patterns-sap-hana-12.3-6.8.2 patterns-sap-nw-12.3-6.8.2 References: https://bugzilla.suse.com/1045516 From sle-updates at lists.suse.com Tue Apr 10 13:07:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Apr 2018 21:07:53 +0200 (CEST) Subject: SUSE-RU-2018:0911-1: Recommended update for aaa_base Message-ID: <20180410190753.92FFCFD18@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0911-1 Rating: low References: #1025743 #1036895 #1038549 #1049577 #1052182 #1079674 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for aaa_base provides the following fixes: - Support changing PS1 even for mksh and user root. (bsc#1036895) - Unset unused variables on profile files. (bsc#1049577) - Unset id in csh.cshrc instead of profile.csh. (bsc#1049577) - Allow that personal ~/.bashrc is read again. (bsc#1052182) - Avoid that IFS becomes global in _ls ksh shell function. (bsc#1079674, bsc#1025743) - Replace "cat > file" by "mv -f ... file" in pre/post to fix issues with clients having these files mmapped. (bsc#1038549) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-614=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-614=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-614=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-614=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-614=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-13.2+git20140911.61c1681-34.9.1 aaa_base-debugsource-13.2+git20140911.61c1681-34.9.1 aaa_base-malloccheck-13.2+git20140911.61c1681-34.9.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): aaa_base-13.2+git20140911.61c1681-34.9.1 aaa_base-debuginfo-13.2+git20140911.61c1681-34.9.1 aaa_base-debugsource-13.2+git20140911.61c1681-34.9.1 aaa_base-extras-13.2+git20140911.61c1681-34.9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): aaa_base-13.2+git20140911.61c1681-34.9.1 aaa_base-debuginfo-13.2+git20140911.61c1681-34.9.1 aaa_base-debugsource-13.2+git20140911.61c1681-34.9.1 aaa_base-extras-13.2+git20140911.61c1681-34.9.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): aaa_base-13.2+git20140911.61c1681-34.9.1 aaa_base-debuginfo-13.2+git20140911.61c1681-34.9.1 aaa_base-debugsource-13.2+git20140911.61c1681-34.9.1 aaa_base-extras-13.2+git20140911.61c1681-34.9.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): aaa_base-13.2+git20140911.61c1681-34.9.1 aaa_base-debuginfo-13.2+git20140911.61c1681-34.9.1 aaa_base-debugsource-13.2+git20140911.61c1681-34.9.1 aaa_base-extras-13.2+git20140911.61c1681-34.9.1 References: https://bugzilla.suse.com/1025743 https://bugzilla.suse.com/1036895 https://bugzilla.suse.com/1038549 https://bugzilla.suse.com/1049577 https://bugzilla.suse.com/1052182 https://bugzilla.suse.com/1079674 From sle-updates at lists.suse.com Tue Apr 10 13:09:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Apr 2018 21:09:11 +0200 (CEST) Subject: SUSE-OU-2018:0912-1: Initial release of python3-cffi and -pyasn1 Message-ID: <20180410190911.B5424FD18@maintenance.suse.de> SUSE Optional Update: Initial release of python3-cffi and -pyasn1 ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:0912-1 Rating: low References: #1073879 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 modules for the SUSE Linux Enterprise Server: - python3-cffi - python3-pyasn1 Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-615=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): python-cffi-0.8.2-3.3.1 python-cffi-debuginfo-0.8.2-3.3.1 python-cffi-debugsource-0.8.2-3.3.1 python3-cffi-0.8.2-3.3.1 python3-cffi-debuginfo-0.8.2-3.3.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): python-pyasn1-0.1.7-7.3.1 python3-pyasn1-0.1.7-7.3.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Tue Apr 10 16:08:25 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Apr 2018 00:08:25 +0200 (CEST) Subject: SUSE-RU-2018:0915-1: Recommended update for xfsprogs Message-ID: <20180410220825.AD69FFD19@maintenance.suse.de> SUSE Recommended Update: Recommended update for xfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0915-1 Rating: low References: #1019938 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xfsprogs fixes the following issues: - Fix segfaults in initramfs with many AGs. (bsc#1019938) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-616=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-616=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-616=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-616=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-616=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-616=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-616=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): xfsprogs-debuginfo-4.3.0-13.3.13 xfsprogs-debugsource-4.3.0-13.3.13 xfsprogs-devel-4.3.0-13.3.13 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): xfsprogs-debuginfo-4.3.0-13.3.13 xfsprogs-debugsource-4.3.0-13.3.13 xfsprogs-devel-4.3.0-13.3.13 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): xfsprogs-4.3.0-13.3.13 xfsprogs-debuginfo-4.3.0-13.3.13 xfsprogs-debugsource-4.3.0-13.3.13 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): xfsprogs-4.3.0-13.3.13 xfsprogs-debuginfo-4.3.0-13.3.13 xfsprogs-debugsource-4.3.0-13.3.13 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): xfsprogs-4.3.0-13.3.13 xfsprogs-debuginfo-4.3.0-13.3.13 xfsprogs-debugsource-4.3.0-13.3.13 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): xfsprogs-4.3.0-13.3.13 xfsprogs-debuginfo-4.3.0-13.3.13 xfsprogs-debugsource-4.3.0-13.3.13 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): xfsprogs-4.3.0-13.3.13 xfsprogs-debuginfo-4.3.0-13.3.13 xfsprogs-debugsource-4.3.0-13.3.13 - SUSE CaaS Platform ALL (x86_64): xfsprogs-4.3.0-13.3.13 xfsprogs-debuginfo-4.3.0-13.3.13 xfsprogs-debugsource-4.3.0-13.3.13 References: https://bugzilla.suse.com/1019938 From sle-updates at lists.suse.com Wed Apr 11 04:10:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Apr 2018 12:10:47 +0200 (CEST) Subject: SUSE-SU-2018:0919-1: Security update for zziplib Message-ID: <20180411101047.3AD72FD19@maintenance.suse.de> SUSE Security Update: Security update for zziplib ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0919-1 Rating: low References: #1084517 #1084519 Cross-References: CVE-2018-7725 CVE-2018-7726 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for zziplib fixes the following issues: Security issues fixed: - CVE-2018-7726: There is a bus error caused by the__zzip_parse_root_directory function of zip.c. Attackers could leverage thisvulnerability to cause a denial of service (bsc#1084517). - CVE-2018-7725: An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service (bsc#1084519). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-619=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-619=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-619=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libzzip-0-13-0.13.67-10.8.1 libzzip-0-13-debuginfo-0.13.67-10.8.1 zziplib-debugsource-0.13.67-10.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libzzip-0-13-0.13.67-10.8.1 libzzip-0-13-debuginfo-0.13.67-10.8.1 zziplib-debugsource-0.13.67-10.8.1 zziplib-devel-0.13.67-10.8.1 zziplib-devel-debuginfo-0.13.67-10.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libzzip-0-13-0.13.67-10.8.1 libzzip-0-13-debuginfo-0.13.67-10.8.1 zziplib-debugsource-0.13.67-10.8.1 References: https://www.suse.com/security/cve/CVE-2018-7725.html https://www.suse.com/security/cve/CVE-2018-7726.html https://bugzilla.suse.com/1084517 https://bugzilla.suse.com/1084519 From sle-updates at lists.suse.com Wed Apr 11 04:11:25 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Apr 2018 12:11:25 +0200 (CEST) Subject: SUSE-SU-2018:0920-1: important: Security update for libvirt Message-ID: <20180411101125.81062FD18@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0920-1 Rating: important References: #1054986 #1067018 #1070615 #1079869 #1080042 #1082041 #1082161 #1083625 #1085757 #1086038 Cross-References: CVE-2017-5715 CVE-2018-1064 CVE-2018-6764 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has 7 fixes is now available. Description: This update for libvirt and virt-manager fixes the following issues: Security issues fixed: - CVE-2017-5715: Fixes for speculative side channel attacks aka "SpectreAttack" (var2) (bsc#1079869). - CVE-2018-6764: Fixed guest executable code injection via libnss_dns.so loaded by libvirt_lxc before init (bsc#1080042). - CVE-2018-1064: Fixed denial of service when reading from guest agent (bsc#1083625). Non-security issues fixed in libvirt: - bsc#1070615: Fixed TPM device passthrough failure on kernels >= 4.0. - bsc#1082041: SUSE Linux Enterprise 11 SP4 hvm converted to pvhvm. Unless vm memory is on gig boundary, vm won't boot. - bsc#1082161: Unable to change RTC basis or adjustment for Xen HVM guests using libvirt. Non-security issues fixed in virt-manager: - bsc#1086038: VM guests cannot be properly installed with virt-install - bsc#1067018: KVM Guest creation failed - Property .cmt not found - bsc#1054986: Fix openSUSE 15.0 detection. It has no content file or .treeinfo file - bsc#1085757: Fallback to latest version of openSUSE when opensuse-unknown is detected for the ISO Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-618=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-618=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-618=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-3.3.0-5.19.2 libvirt-devel-3.3.0-5.19.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libvirt-3.3.0-5.19.2 libvirt-admin-3.3.0-5.19.2 libvirt-admin-debuginfo-3.3.0-5.19.2 libvirt-client-3.3.0-5.19.2 libvirt-client-debuginfo-3.3.0-5.19.2 libvirt-daemon-3.3.0-5.19.2 libvirt-daemon-config-network-3.3.0-5.19.2 libvirt-daemon-config-nwfilter-3.3.0-5.19.2 libvirt-daemon-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-interface-3.3.0-5.19.2 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-lxc-3.3.0-5.19.2 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-network-3.3.0-5.19.2 libvirt-daemon-driver-network-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-nodedev-3.3.0-5.19.2 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-nwfilter-3.3.0-5.19.2 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-qemu-3.3.0-5.19.2 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-secret-3.3.0-5.19.2 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-3.3.0-5.19.2 libvirt-daemon-driver-storage-core-3.3.0-5.19.2 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-disk-3.3.0-5.19.2 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-iscsi-3.3.0-5.19.2 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-logical-3.3.0-5.19.2 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-mpath-3.3.0-5.19.2 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-scsi-3.3.0-5.19.2 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.19.2 libvirt-daemon-lxc-3.3.0-5.19.2 libvirt-daemon-qemu-3.3.0-5.19.2 libvirt-debugsource-3.3.0-5.19.2 libvirt-doc-3.3.0-5.19.2 libvirt-libs-3.3.0-5.19.2 libvirt-libs-debuginfo-3.3.0-5.19.2 libvirt-lock-sanlock-3.3.0-5.19.2 libvirt-lock-sanlock-debuginfo-3.3.0-5.19.2 libvirt-nss-3.3.0-5.19.2 libvirt-nss-debuginfo-3.3.0-5.19.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-3.3.0-5.19.2 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.19.2 - SUSE Linux Enterprise Server 12-SP3 (x86_64): libvirt-daemon-driver-libxl-3.3.0-5.19.2 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.19.2 libvirt-daemon-hooks-3.3.0-5.19.2 libvirt-daemon-xen-3.3.0-5.19.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): virt-install-1.4.1-5.8.1 virt-manager-1.4.1-5.8.1 virt-manager-common-1.4.1-5.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): virt-install-1.4.1-5.8.1 virt-manager-1.4.1-5.8.1 virt-manager-common-1.4.1-5.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libvirt-3.3.0-5.19.2 libvirt-admin-3.3.0-5.19.2 libvirt-admin-debuginfo-3.3.0-5.19.2 libvirt-client-3.3.0-5.19.2 libvirt-client-debuginfo-3.3.0-5.19.2 libvirt-daemon-3.3.0-5.19.2 libvirt-daemon-config-network-3.3.0-5.19.2 libvirt-daemon-config-nwfilter-3.3.0-5.19.2 libvirt-daemon-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-interface-3.3.0-5.19.2 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-libxl-3.3.0-5.19.2 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-lxc-3.3.0-5.19.2 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-network-3.3.0-5.19.2 libvirt-daemon-driver-network-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-nodedev-3.3.0-5.19.2 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-nwfilter-3.3.0-5.19.2 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-qemu-3.3.0-5.19.2 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-secret-3.3.0-5.19.2 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-3.3.0-5.19.2 libvirt-daemon-driver-storage-core-3.3.0-5.19.2 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-disk-3.3.0-5.19.2 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-iscsi-3.3.0-5.19.2 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-logical-3.3.0-5.19.2 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-mpath-3.3.0-5.19.2 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-rbd-3.3.0-5.19.2 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-scsi-3.3.0-5.19.2 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.19.2 libvirt-daemon-lxc-3.3.0-5.19.2 libvirt-daemon-qemu-3.3.0-5.19.2 libvirt-daemon-xen-3.3.0-5.19.2 libvirt-debugsource-3.3.0-5.19.2 libvirt-doc-3.3.0-5.19.2 libvirt-libs-3.3.0-5.19.2 libvirt-libs-debuginfo-3.3.0-5.19.2 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2018-1064.html https://www.suse.com/security/cve/CVE-2018-6764.html https://bugzilla.suse.com/1054986 https://bugzilla.suse.com/1067018 https://bugzilla.suse.com/1070615 https://bugzilla.suse.com/1079869 https://bugzilla.suse.com/1080042 https://bugzilla.suse.com/1082041 https://bugzilla.suse.com/1082161 https://bugzilla.suse.com/1083625 https://bugzilla.suse.com/1085757 https://bugzilla.suse.com/1086038 From sle-updates at lists.suse.com Wed Apr 11 04:13:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Apr 2018 12:13:30 +0200 (CEST) Subject: SUSE-RU-2018:0921-1: moderate: Recommended update for pesign Message-ID: <20180411101330.7CA08FD19@maintenance.suse.de> SUSE Recommended Update: Recommended update for pesign ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0921-1 Rating: moderate References: #1088820 Affected Products: SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pesign fixes the following issues: - Enable and ship it on the Arm Arch64. (bsc#1088820) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-617=1 - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-617=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-617=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-617=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-617=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-617=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-617=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-617=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-617=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-617=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-617=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-617=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): pesign-0.109-6.3.1 pesign-debuginfo-0.109-6.3.1 pesign-debugsource-0.109-6.3.1 - SUSE OpenStack Cloud 6 (x86_64): pesign-0.109-6.3.1 pesign-debuginfo-0.109-6.3.1 pesign-debugsource-0.109-6.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): pesign-0.109-6.3.1 pesign-debuginfo-0.109-6.3.1 pesign-debugsource-0.109-6.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): pesign-0.109-6.3.1 pesign-debuginfo-0.109-6.3.1 pesign-debugsource-0.109-6.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): pesign-0.109-6.3.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): pesign-debuginfo-0.109-6.3.1 pesign-debugsource-0.109-6.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): pesign-0.109-6.3.1 pesign-debuginfo-0.109-6.3.1 pesign-debugsource-0.109-6.3.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): pesign-0.109-6.3.1 pesign-debuginfo-0.109-6.3.1 pesign-debugsource-0.109-6.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): pesign-0.109-6.3.1 pesign-debuginfo-0.109-6.3.1 pesign-debugsource-0.109-6.3.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): pesign-0.109-6.3.1 pesign-debuginfo-0.109-6.3.1 pesign-debugsource-0.109-6.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): pesign-0.109-6.3.1 pesign-debuginfo-0.109-6.3.1 pesign-debugsource-0.109-6.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): pesign-0.109-6.3.1 pesign-debuginfo-0.109-6.3.1 pesign-debugsource-0.109-6.3.1 - SUSE Enterprise Storage 4 (x86_64): pesign-0.109-6.3.1 pesign-debuginfo-0.109-6.3.1 pesign-debugsource-0.109-6.3.1 References: https://bugzilla.suse.com/1088820 From sle-updates at lists.suse.com Wed Apr 11 10:07:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Apr 2018 18:07:52 +0200 (CEST) Subject: SUSE-OU-2018:0923-1: Initial release of python3-ipaddress and -pyasn1 Message-ID: <20180411160752.38A75FD19@maintenance.suse.de> SUSE Optional Update: Initial release of python3-ipaddress and -pyasn1 ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:0923-1 Rating: low References: #1073879 Affected Products: SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module for the SUSE Linux Enterprise Server and the Public Cloud Module: - python3-ipaddress - python3-pyasn1 Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-620=1 - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-620=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-620=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-620=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-620=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-620=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-620=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-620=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-ipaddress-1.0.14-3.3.1 python-pyasn1-0.1.9-4.3.1 python3-pyasn1-0.1.9-4.3.1 - SUSE OpenStack Cloud 6 (noarch): python-ipaddress-1.0.14-3.3.1 python-pyasn1-0.1.9-4.3.1 python3-pyasn1-0.1.9-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): python-ipaddress-1.0.14-3.3.1 python-pyasn1-0.1.9-4.3.1 python3-pyasn1-0.1.9-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): python-ipaddress-1.0.14-3.3.1 python-pyasn1-0.1.9-4.3.1 python3-pyasn1-0.1.9-4.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): python-ipaddress-1.0.14-3.3.1 python-pyasn1-0.1.9-4.3.1 python3-pyasn1-0.1.9-4.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): python-ipaddress-1.0.14-3.3.1 python-pyasn1-0.1.9-4.3.1 python3-pyasn1-0.1.9-4.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): python-ipaddress-1.0.14-3.3.1 python-pyasn1-0.1.9-4.3.1 python3-pyasn1-0.1.9-4.3.1 - SUSE Enterprise Storage 4 (noarch): python-ipaddress-1.0.14-3.3.1 python-pyasn1-0.1.9-4.3.1 python3-pyasn1-0.1.9-4.3.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Wed Apr 11 13:07:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Apr 2018 21:07:48 +0200 (CEST) Subject: SUSE-OU-2018:0924-1: Initial release of sles-ltss-release Message-ID: <20180411190748.46ACDFD19@maintenance.suse.de> SUSE Optional Update: Initial release of sles-ltss-release ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:0924-1 Rating: low References: #1088636 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides product definitions for SUSE Linux Enterprise Server 12 SP2 LTSS. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-621=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-621=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-621=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-621=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): sles-ltss-release-12.2-8.4.1 sles-ltss-release-POOL-12.2-8.4.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): sles-ltss-release-12.2-8.4.1 sles-ltss-release-POOL-12.2-8.4.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): sles-ltss-release-12.2-8.4.1 sles-ltss-release-POOL-12.2-8.4.1 - SUSE Enterprise Storage 4 (x86_64): sles-ltss-release-12.2-8.4.1 sles-ltss-release-POOL-12.2-8.4.1 References: https://bugzilla.suse.com/1088636 From sle-updates at lists.suse.com Wed Apr 11 13:08:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Apr 2018 21:08:19 +0200 (CEST) Subject: SUSE-SU-2018:0925-1: moderate: Security update for openssl Message-ID: <20180411190819.01D94FD18@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0925-1 Rating: moderate References: #1087102 Cross-References: CVE-2018-0739 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl fixes the following issues: - CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. (bsc#1087102). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-624=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-624=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-624=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-624=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-624=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-624=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-624=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-624=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.24.1 openssl-debuginfo-1.0.2j-60.24.1 openssl-debugsource-1.0.2j-60.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.24.1 openssl-debuginfo-1.0.2j-60.24.1 openssl-debugsource-1.0.2j-60.24.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libopenssl-devel-1.0.2j-60.24.1 libopenssl1_0_0-1.0.2j-60.24.1 libopenssl1_0_0-debuginfo-1.0.2j-60.24.1 libopenssl1_0_0-hmac-1.0.2j-60.24.1 openssl-1.0.2j-60.24.1 openssl-debuginfo-1.0.2j-60.24.1 openssl-debugsource-1.0.2j-60.24.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): openssl-doc-1.0.2j-60.24.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.24.1 libopenssl1_0_0-1.0.2j-60.24.1 libopenssl1_0_0-debuginfo-1.0.2j-60.24.1 libopenssl1_0_0-hmac-1.0.2j-60.24.1 openssl-1.0.2j-60.24.1 openssl-debuginfo-1.0.2j-60.24.1 openssl-debugsource-1.0.2j-60.24.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.24.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.24.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): openssl-doc-1.0.2j-60.24.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.24.1 libopenssl1_0_0-1.0.2j-60.24.1 libopenssl1_0_0-debuginfo-1.0.2j-60.24.1 libopenssl1_0_0-hmac-1.0.2j-60.24.1 openssl-1.0.2j-60.24.1 openssl-debuginfo-1.0.2j-60.24.1 openssl-debugsource-1.0.2j-60.24.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.24.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.24.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): openssl-doc-1.0.2j-60.24.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libopenssl-devel-1.0.2j-60.24.1 libopenssl1_0_0-1.0.2j-60.24.1 libopenssl1_0_0-32bit-1.0.2j-60.24.1 libopenssl1_0_0-debuginfo-1.0.2j-60.24.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.24.1 openssl-1.0.2j-60.24.1 openssl-debuginfo-1.0.2j-60.24.1 openssl-debugsource-1.0.2j-60.24.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libopenssl-devel-1.0.2j-60.24.1 libopenssl1_0_0-1.0.2j-60.24.1 libopenssl1_0_0-32bit-1.0.2j-60.24.1 libopenssl1_0_0-debuginfo-1.0.2j-60.24.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.24.1 openssl-1.0.2j-60.24.1 openssl-debuginfo-1.0.2j-60.24.1 openssl-debugsource-1.0.2j-60.24.1 - SUSE CaaS Platform ALL (x86_64): libopenssl1_0_0-1.0.2j-60.24.1 libopenssl1_0_0-debuginfo-1.0.2j-60.24.1 openssl-1.0.2j-60.24.1 openssl-debuginfo-1.0.2j-60.24.1 openssl-debugsource-1.0.2j-60.24.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libopenssl1_0_0-1.0.2j-60.24.1 libopenssl1_0_0-debuginfo-1.0.2j-60.24.1 openssl-1.0.2j-60.24.1 openssl-debuginfo-1.0.2j-60.24.1 openssl-debugsource-1.0.2j-60.24.1 References: https://www.suse.com/security/cve/CVE-2018-0739.html https://bugzilla.suse.com/1087102 From sle-updates at lists.suse.com Wed Apr 11 13:08:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Apr 2018 21:08:49 +0200 (CEST) Subject: SUSE-SU-2018:0926-1: moderate: Security update for policycoreutils Message-ID: <20180411190849.41E42FD18@maintenance.suse.de> SUSE Security Update: Security update for policycoreutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0926-1 Rating: moderate References: #1083624 Cross-References: CVE-2018-1063 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for policycoreutils fixes the following issues: - CVE-2018-1063: Fixed problem to prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-622=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-622=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-622=1 Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): policycoreutils-2.5-10.3.1 policycoreutils-debuginfo-2.5-10.3.1 policycoreutils-debugsource-2.5-10.3.1 policycoreutils-python-2.5-10.3.1 policycoreutils-python-debuginfo-2.5-10.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): policycoreutils-2.5-10.3.1 policycoreutils-debuginfo-2.5-10.3.1 policycoreutils-debugsource-2.5-10.3.1 policycoreutils-python-2.5-10.3.1 policycoreutils-python-debuginfo-2.5-10.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): policycoreutils-2.5-10.3.1 policycoreutils-debuginfo-2.5-10.3.1 policycoreutils-debugsource-2.5-10.3.1 policycoreutils-python-2.5-10.3.1 policycoreutils-python-debuginfo-2.5-10.3.1 References: https://www.suse.com/security/cve/CVE-2018-1063.html https://bugzilla.suse.com/1083624 From sle-updates at lists.suse.com Wed Apr 11 13:09:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Apr 2018 21:09:17 +0200 (CEST) Subject: SUSE-SU-2018:0927-1: moderate: Security update for policycoreutils Message-ID: <20180411190917.D2276FD18@maintenance.suse.de> SUSE Security Update: Security update for policycoreutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0927-1 Rating: moderate References: #1083624 Cross-References: CVE-2018-1063 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for policycoreutils fixes the following issues: - CVE-2018-1063: Prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-policycoreutils-13556=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-policycoreutils-13556=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): policycoreutils-2.0.79-4.9.3.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): policycoreutils-debuginfo-2.0.79-4.9.3.3 policycoreutils-debugsource-2.0.79-4.9.3.3 References: https://www.suse.com/security/cve/CVE-2018-1063.html https://bugzilla.suse.com/1083624 From sle-updates at lists.suse.com Wed Apr 11 16:07:33 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Apr 2018 00:07:33 +0200 (CEST) Subject: SUSE-RU-2018:0928-1: Recommended update for yast2-installation Message-ID: <20180411220733.68330FD1D@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-installation ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0928-1 Rating: low References: #1018037 #1022784 #1031840 #1042554 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for yast2-installation and yast2-services-manager provides the following fixes: yast2-installation: - Change CheckFreeSpaceNow to use LANG=en_US.UTF-8. (bsc#1031840) - Call services-manager_finish in order to write AutoYaST service settings if needed. (fate#321738) - Downloading release notes: Do not try again if the host or the proxy cannot be resolved. (bsc#1022784) - Initialize tty1 in order to remove old YaST output and to show the cursor again. (bsc#1018037) - Update YaST2-Firstboot.service: Deprecate `plymouth --wait` and add conflict to plymouth start service. - Update YaST2-Second-Stage.service: Deprecate the plymouth deactivate command and add conflict to plymouth start service. (bsc#1042554) yast2-services-manager: - Added lib/services-manager/clients/*.rb to the package. (fate#321738) - AutoYaST: "Write" can be called in first and second installation stages. (fate#321738) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-626=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-626=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-626=1 Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): yast2-installation-3.1.223-46.5.4 yast2-services-manager-3.1.45-5.9.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): yast2-installation-3.1.223-46.5.4 yast2-services-manager-3.1.45-5.9.2 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): yast2-installation-3.1.223-46.5.4 yast2-services-manager-3.1.45-5.9.2 References: https://bugzilla.suse.com/1018037 https://bugzilla.suse.com/1022784 https://bugzilla.suse.com/1031840 https://bugzilla.suse.com/1042554 From sle-updates at lists.suse.com Wed Apr 11 16:08:37 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Apr 2018 00:08:37 +0200 (CEST) Subject: SUSE-RU-2018:0929-1: Recommended update for python-kiwi Message-ID: <20180411220837.12783FD1D@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0929-1 Rating: low References: #1077619 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-kiwi provides the following fixes: - Make sure toplevel target directory keeps its permissions. (bsc#1077619) - Fixed use of stat result in os.chmod. The oct method returns a string representation which was mistakenly used in a subsequent os.chmod call. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2018-625=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-625=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-625=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): kiwi-pxeboot-8.33.5-9.14.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kiwi-man-pages-8.33.5-9.14.1 kiwi-tools-8.33.5-9.14.1 kiwi-tools-debuginfo-8.33.5-9.14.1 python-kiwi-debugsource-8.33.5-9.14.1 python2-kiwi-8.33.5-9.14.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kiwi-tools-8.33.5-9.14.1 kiwi-tools-debuginfo-8.33.5-9.14.1 python-kiwi-debugsource-8.33.5-9.14.1 References: https://bugzilla.suse.com/1077619 From sle-updates at lists.suse.com Thu Apr 12 07:07:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Apr 2018 15:07:27 +0200 (CEST) Subject: SUSE-RU-2018:0931-1: Recommended update for tftp Message-ID: <20180412130727.98C47FD1E@maintenance.suse.de> SUSE Recommended Update: Recommended update for tftp ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0931-1 Rating: low References: #1064297 #1075543 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for tftp provides the following fixes: - Allow tftpd to be configured by sysconfig file. (bsc#1075543) - Fix starting tftpd via tftp.service file. (bsc#1064297) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-627=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-627=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): tftp-5.2-11.6.1 tftp-debuginfo-5.2-11.6.1 tftp-debugsource-5.2-11.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): tftp-5.2-11.6.1 tftp-debuginfo-5.2-11.6.1 tftp-debugsource-5.2-11.6.1 References: https://bugzilla.suse.com/1064297 https://bugzilla.suse.com/1075543 From sle-updates at lists.suse.com Thu Apr 12 13:07:37 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Apr 2018 21:07:37 +0200 (CEST) Subject: SUSE-SU-2018:0933-1: moderate: Security update for mercurial Message-ID: <20180412190737.73223FD20@maintenance.suse.de> SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0933-1 Rating: moderate References: #1085211 Cross-References: CVE-2018-1000132 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mercurial fixes the following issues: - Fix HTTP server permissions bypass (CVE-2018-1000132, bsc#1085211): Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-630=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): mercurial-2.8.2-15.10.1 mercurial-debuginfo-2.8.2-15.10.1 mercurial-debugsource-2.8.2-15.10.1 References: https://www.suse.com/security/cve/CVE-2018-1000132.html https://bugzilla.suse.com/1085211 From sle-updates at lists.suse.com Thu Apr 12 13:08:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Apr 2018 21:08:04 +0200 (CEST) Subject: SUSE-SU-2018:0934-1: moderate: Security update for python3 Message-ID: <20180412190805.00B15FD1F@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0934-1 Rating: moderate References: #1083507 Cross-References: CVE-2017-18207 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2017-18207: Fixed possible denial of service vulnerability by adding a check to Lib/wave.py that verifies that at least one channel is provided (bsc#1083507). Bug fixes: - Require python-Sphinx-latex for building on Leap 42.3 or newer. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-632=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-632=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-632=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-632=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.6-25.7.1 python3-base-debugsource-3.4.6-25.7.1 python3-devel-3.4.6-25.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.6-25.7.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.7.1 libpython3_4m1_0-debuginfo-3.4.6-25.7.1 python3-3.4.6-25.7.1 python3-base-3.4.6-25.7.1 python3-base-debuginfo-3.4.6-25.7.1 python3-base-debugsource-3.4.6-25.7.1 python3-curses-3.4.6-25.7.1 python3-curses-debuginfo-3.4.6-25.7.1 python3-debuginfo-3.4.6-25.7.1 python3-debugsource-3.4.6-25.7.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.7.1 libpython3_4m1_0-debuginfo-3.4.6-25.7.1 python3-3.4.6-25.7.1 python3-base-3.4.6-25.7.1 python3-base-debuginfo-3.4.6-25.7.1 python3-base-debugsource-3.4.6-25.7.1 python3-debuginfo-3.4.6-25.7.1 python3-debugsource-3.4.6-25.7.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpython3_4m1_0-3.4.6-25.7.1 libpython3_4m1_0-debuginfo-3.4.6-25.7.1 python3-3.4.6-25.7.1 python3-base-3.4.6-25.7.1 python3-base-debuginfo-3.4.6-25.7.1 python3-base-debugsource-3.4.6-25.7.1 python3-curses-3.4.6-25.7.1 python3-curses-debuginfo-3.4.6-25.7.1 python3-debuginfo-3.4.6-25.7.1 python3-debugsource-3.4.6-25.7.1 References: https://www.suse.com/security/cve/CVE-2017-18207.html https://bugzilla.suse.com/1083507 From sle-updates at lists.suse.com Fri Apr 13 07:07:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Apr 2018 15:07:31 +0200 (CEST) Subject: SUSE-RU-2018:0941-1: important: Recommended update for libvirt Message-ID: <20180413130731.DF954FD20@maintenance.suse.de> SUSE Recommended Update: Recommended update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0941-1 Rating: important References: #1074014 #1084773 #1088147 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes a regression in the previous libvirt update, which caused instances not to start: - cpu: fix backport of Spectre patches (bsc#1088147) Also the following fix was added: - Explicit dependency on systemd-machined (bsc#1074014, bsc#1084773) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-633=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-633=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-633=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-633=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-633=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-633=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-633=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-633=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-633=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libvirt-2.0.0-27.37.1 libvirt-client-2.0.0-27.37.1 libvirt-client-debuginfo-2.0.0-27.37.1 libvirt-daemon-2.0.0-27.37.1 libvirt-daemon-config-network-2.0.0-27.37.1 libvirt-daemon-config-nwfilter-2.0.0-27.37.1 libvirt-daemon-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-interface-2.0.0-27.37.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-lxc-2.0.0-27.37.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-network-2.0.0-27.37.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-nodedev-2.0.0-27.37.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-nwfilter-2.0.0-27.37.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-qemu-2.0.0-27.37.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-secret-2.0.0-27.37.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-storage-2.0.0-27.37.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.37.1 libvirt-daemon-hooks-2.0.0-27.37.1 libvirt-daemon-lxc-2.0.0-27.37.1 libvirt-daemon-qemu-2.0.0-27.37.1 libvirt-debugsource-2.0.0-27.37.1 libvirt-doc-2.0.0-27.37.1 libvirt-lock-sanlock-2.0.0-27.37.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.37.1 libvirt-nss-2.0.0-27.37.1 libvirt-nss-debuginfo-2.0.0-27.37.1 - SUSE OpenStack Cloud 7 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.37.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.37.1 libvirt-daemon-xen-2.0.0-27.37.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libvirt-client-32bit-2.0.0-27.37.1 libvirt-client-debuginfo-32bit-2.0.0-27.37.1 libvirt-debugsource-2.0.0-27.37.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-2.0.0-27.37.1 libvirt-devel-2.0.0-27.37.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libvirt-2.0.0-27.37.1 libvirt-client-2.0.0-27.37.1 libvirt-client-debuginfo-2.0.0-27.37.1 libvirt-daemon-2.0.0-27.37.1 libvirt-daemon-config-network-2.0.0-27.37.1 libvirt-daemon-config-nwfilter-2.0.0-27.37.1 libvirt-daemon-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-interface-2.0.0-27.37.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-lxc-2.0.0-27.37.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-network-2.0.0-27.37.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-nodedev-2.0.0-27.37.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-nwfilter-2.0.0-27.37.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-qemu-2.0.0-27.37.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-secret-2.0.0-27.37.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-storage-2.0.0-27.37.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.37.1 libvirt-daemon-hooks-2.0.0-27.37.1 libvirt-daemon-lxc-2.0.0-27.37.1 libvirt-daemon-qemu-2.0.0-27.37.1 libvirt-debugsource-2.0.0-27.37.1 libvirt-doc-2.0.0-27.37.1 libvirt-lock-sanlock-2.0.0-27.37.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.37.1 libvirt-nss-2.0.0-27.37.1 libvirt-nss-debuginfo-2.0.0-27.37.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.37.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.37.1 libvirt-daemon-xen-2.0.0-27.37.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libvirt-2.0.0-27.37.1 libvirt-client-2.0.0-27.37.1 libvirt-client-debuginfo-2.0.0-27.37.1 libvirt-daemon-2.0.0-27.37.1 libvirt-daemon-config-network-2.0.0-27.37.1 libvirt-daemon-config-nwfilter-2.0.0-27.37.1 libvirt-daemon-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-interface-2.0.0-27.37.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-lxc-2.0.0-27.37.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-network-2.0.0-27.37.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-nodedev-2.0.0-27.37.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-nwfilter-2.0.0-27.37.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-qemu-2.0.0-27.37.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-secret-2.0.0-27.37.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-storage-2.0.0-27.37.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.37.1 libvirt-daemon-lxc-2.0.0-27.37.1 libvirt-daemon-qemu-2.0.0-27.37.1 libvirt-debugsource-2.0.0-27.37.1 libvirt-doc-2.0.0-27.37.1 libvirt-lock-sanlock-2.0.0-27.37.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.37.1 libvirt-nss-2.0.0-27.37.1 libvirt-nss-debuginfo-2.0.0-27.37.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libvirt-2.0.0-27.37.1 libvirt-client-2.0.0-27.37.1 libvirt-client-debuginfo-2.0.0-27.37.1 libvirt-daemon-2.0.0-27.37.1 libvirt-daemon-config-network-2.0.0-27.37.1 libvirt-daemon-config-nwfilter-2.0.0-27.37.1 libvirt-daemon-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-interface-2.0.0-27.37.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-lxc-2.0.0-27.37.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-network-2.0.0-27.37.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-nodedev-2.0.0-27.37.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-nwfilter-2.0.0-27.37.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-qemu-2.0.0-27.37.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-secret-2.0.0-27.37.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-storage-2.0.0-27.37.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.37.1 libvirt-daemon-hooks-2.0.0-27.37.1 libvirt-daemon-lxc-2.0.0-27.37.1 libvirt-daemon-qemu-2.0.0-27.37.1 libvirt-debugsource-2.0.0-27.37.1 libvirt-doc-2.0.0-27.37.1 libvirt-lock-sanlock-2.0.0-27.37.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.37.1 libvirt-nss-2.0.0-27.37.1 libvirt-nss-debuginfo-2.0.0-27.37.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.37.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.37.1 libvirt-daemon-xen-2.0.0-27.37.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libvirt-2.0.0-27.37.1 libvirt-client-2.0.0-27.37.1 libvirt-client-debuginfo-2.0.0-27.37.1 libvirt-daemon-2.0.0-27.37.1 libvirt-daemon-config-network-2.0.0-27.37.1 libvirt-daemon-config-nwfilter-2.0.0-27.37.1 libvirt-daemon-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-interface-2.0.0-27.37.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-lxc-2.0.0-27.37.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-network-2.0.0-27.37.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-nodedev-2.0.0-27.37.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-nwfilter-2.0.0-27.37.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-qemu-2.0.0-27.37.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-secret-2.0.0-27.37.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-storage-2.0.0-27.37.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.37.1 libvirt-daemon-lxc-2.0.0-27.37.1 libvirt-daemon-qemu-2.0.0-27.37.1 libvirt-debugsource-2.0.0-27.37.1 libvirt-doc-2.0.0-27.37.1 libvirt-lock-sanlock-2.0.0-27.37.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.37.1 libvirt-nss-2.0.0-27.37.1 libvirt-nss-debuginfo-2.0.0-27.37.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.37.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.37.1 libvirt-daemon-hooks-2.0.0-27.37.1 libvirt-daemon-xen-2.0.0-27.37.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libvirt-2.0.0-27.37.1 libvirt-client-2.0.0-27.37.1 libvirt-client-32bit-2.0.0-27.37.1 libvirt-client-debuginfo-2.0.0-27.37.1 libvirt-client-debuginfo-32bit-2.0.0-27.37.1 libvirt-daemon-2.0.0-27.37.1 libvirt-daemon-config-network-2.0.0-27.37.1 libvirt-daemon-config-nwfilter-2.0.0-27.37.1 libvirt-daemon-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-interface-2.0.0-27.37.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-libxl-2.0.0-27.37.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-lxc-2.0.0-27.37.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-network-2.0.0-27.37.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-nodedev-2.0.0-27.37.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-nwfilter-2.0.0-27.37.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-qemu-2.0.0-27.37.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-secret-2.0.0-27.37.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-storage-2.0.0-27.37.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.37.1 libvirt-daemon-lxc-2.0.0-27.37.1 libvirt-daemon-qemu-2.0.0-27.37.1 libvirt-daemon-xen-2.0.0-27.37.1 libvirt-debugsource-2.0.0-27.37.1 libvirt-doc-2.0.0-27.37.1 - SUSE Enterprise Storage 4 (x86_64): libvirt-2.0.0-27.37.1 libvirt-client-2.0.0-27.37.1 libvirt-client-debuginfo-2.0.0-27.37.1 libvirt-daemon-2.0.0-27.37.1 libvirt-daemon-config-network-2.0.0-27.37.1 libvirt-daemon-config-nwfilter-2.0.0-27.37.1 libvirt-daemon-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-interface-2.0.0-27.37.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-libxl-2.0.0-27.37.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-lxc-2.0.0-27.37.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-network-2.0.0-27.37.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-nodedev-2.0.0-27.37.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-nwfilter-2.0.0-27.37.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-qemu-2.0.0-27.37.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-secret-2.0.0-27.37.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-storage-2.0.0-27.37.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.37.1 libvirt-daemon-hooks-2.0.0-27.37.1 libvirt-daemon-lxc-2.0.0-27.37.1 libvirt-daemon-qemu-2.0.0-27.37.1 libvirt-daemon-xen-2.0.0-27.37.1 libvirt-debugsource-2.0.0-27.37.1 libvirt-doc-2.0.0-27.37.1 libvirt-lock-sanlock-2.0.0-27.37.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.37.1 libvirt-nss-2.0.0-27.37.1 libvirt-nss-debuginfo-2.0.0-27.37.1 References: https://bugzilla.suse.com/1074014 https://bugzilla.suse.com/1084773 https://bugzilla.suse.com/1088147 From sle-updates at lists.suse.com Fri Apr 13 19:07:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Apr 2018 03:07:12 +0200 (CEST) Subject: SUSE-RU-2018:0944-1: moderate: Recommended update for evolution-ews Message-ID: <20180414010712.DA8A9FD1E@maintenance.suse.de> SUSE Recommended Update: Recommended update for evolution-ews ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0944-1 Rating: moderate References: #1071254 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for evolution-ews provides the following fixes: - Fix a libsoup issue with evolution-ews. (bsc#1071254) - Fix a few memory leaks. - Autodiscover can cause deadlock in GCancellable code. - Runtime warnings when calling ResolveNames. - Do not restrict/remove From address on message send. - Customized timezones not recognized. - Always build ESExp structure as a GObject descendant. - Initialize connection variable to NULL in camel_ews_folder_get_message(). - Fix a memory leak when creating a contact. - Fix some issues found by Coverity Scan. - Ask for password after NTLM/SSO authentication failure. - Updated translations. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-635=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-635=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-635=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): evolution-ews-3.22.6-11.3.6 evolution-ews-debuginfo-3.22.6-11.3.6 evolution-ews-debugsource-3.22.6-11.3.6 libeews-1_2-0-3.22.6-11.3.6 libeews-1_2-0-debuginfo-3.22.6-11.3.6 libewsutils0-3.22.6-11.3.6 libewsutils0-debuginfo-3.22.6-11.3.6 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): evolution-ews-lang-3.22.6-11.3.6 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): evolution-ews-debuginfo-3.22.6-11.3.6 evolution-ews-debugsource-3.22.6-11.3.6 evolution-ews-devel-3.22.6-11.3.6 libeews-1_2-0-3.22.6-11.3.6 libeews-1_2-0-debuginfo-3.22.6-11.3.6 libewsutils0-3.22.6-11.3.6 libewsutils0-debuginfo-3.22.6-11.3.6 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): evolution-ews-lang-3.22.6-11.3.6 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): evolution-ews-3.22.6-11.3.6 evolution-ews-debuginfo-3.22.6-11.3.6 evolution-ews-debugsource-3.22.6-11.3.6 libeews-1_2-0-3.22.6-11.3.6 libeews-1_2-0-debuginfo-3.22.6-11.3.6 libewsutils0-3.22.6-11.3.6 libewsutils0-debuginfo-3.22.6-11.3.6 References: https://bugzilla.suse.com/1071254 From sle-updates at lists.suse.com Fri Apr 13 19:07:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Apr 2018 03:07:45 +0200 (CEST) Subject: SUSE-RU-2018:0945-1: Recommended update for hwloc Message-ID: <20180414010745.AE8D5FD1D@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwloc ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0945-1 Rating: low References: #1024269 #1088103 #1088882 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for hwloc fixes the following issues: The hwloc-dump-hwdata is x86 specific and does not need to be present on AArch64. (bsc#1088103) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2018-637=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (noarch): hwloc-data-2.0.0.1.11.5-4.5.1 hwloc-doc-2.0.0.1.11.5-4.5.1 - SUSE Linux Enterprise Module for HPC 12 (x86_64): hwloc-2.0.0.1.11.5-4.5.1 hwloc-debuginfo-2.0.0.1.11.5-4.5.1 hwloc-debugsource-2.0.0.1.11.5-4.5.1 hwloc-devel-2.0.0.1.11.5-4.5.1 libhwloc5-2.0.0.1.11.5-4.5.1 libhwloc5-debuginfo-2.0.0.1.11.5-4.5.1 References: https://bugzilla.suse.com/1024269 https://bugzilla.suse.com/1088103 https://bugzilla.suse.com/1088882 From sle-updates at lists.suse.com Fri Apr 13 19:08:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Apr 2018 03:08:30 +0200 (CEST) Subject: SUSE-RU-2018:0946-1: Recommended update for freetds Message-ID: <20180414010830.88A57FD1D@maintenance.suse.de> SUSE Recommended Update: Recommended update for freetds ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0946-1 Rating: low References: #1026910 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for freetds provides the following fix: - Add dependency on libtdsodbc0 in develpkg wrt (bsc#1026910) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-636=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): freetds-debugsource-0.91-11.4.1 freetds-devel-0.91-11.4.1 freetds-doc-0.91-11.4.1 freetds-tools-0.91-11.4.1 freetds-tools-debuginfo-0.91-11.4.1 libfreetds-0.91-11.4.1 libfreetds-debuginfo-0.91-11.4.1 libtdsodbc0-0.91-11.4.1 References: https://bugzilla.suse.com/1026910 From sle-updates at lists.suse.com Mon Apr 16 04:11:23 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Apr 2018 12:11:23 +0200 (CEST) Subject: SUSE-SU-2018:0947-1: moderate: Security update for evince Message-ID: <20180416101123.C3D7DFD1E@maintenance.suse.de> SUSE Security Update: Security update for evince ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0947-1 Rating: moderate References: #1070046 Cross-References: CVE-2017-1000159 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for evince fixes the following issues: - CVE-2017-1000159: Command injection in evince via filename when printing to PDF could lead to command execution (bsc#1070046) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-638=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-638=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-638=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-638=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): evince-debuginfo-3.20.2-6.22.9 evince-debugsource-3.20.2-6.22.9 typelib-1_0-EvinceDocument-3_0-3.20.2-6.22.9 typelib-1_0-EvinceView-3_0-3.20.2-6.22.9 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): evince-debuginfo-3.20.2-6.22.9 evince-debugsource-3.20.2-6.22.9 evince-devel-3.20.2-6.22.9 typelib-1_0-EvinceDocument-3_0-3.20.2-6.22.9 typelib-1_0-EvinceView-3_0-3.20.2-6.22.9 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): evince-3.20.2-6.22.9 evince-browser-plugin-3.20.2-6.22.9 evince-browser-plugin-debuginfo-3.20.2-6.22.9 evince-debuginfo-3.20.2-6.22.9 evince-debugsource-3.20.2-6.22.9 evince-plugin-djvudocument-3.20.2-6.22.9 evince-plugin-djvudocument-debuginfo-3.20.2-6.22.9 evince-plugin-dvidocument-3.20.2-6.22.9 evince-plugin-dvidocument-debuginfo-3.20.2-6.22.9 evince-plugin-pdfdocument-3.20.2-6.22.9 evince-plugin-pdfdocument-debuginfo-3.20.2-6.22.9 evince-plugin-psdocument-3.20.2-6.22.9 evince-plugin-psdocument-debuginfo-3.20.2-6.22.9 evince-plugin-tiffdocument-3.20.2-6.22.9 evince-plugin-tiffdocument-debuginfo-3.20.2-6.22.9 evince-plugin-xpsdocument-3.20.2-6.22.9 evince-plugin-xpsdocument-debuginfo-3.20.2-6.22.9 libevdocument3-4-3.20.2-6.22.9 libevdocument3-4-debuginfo-3.20.2-6.22.9 libevview3-3-3.20.2-6.22.9 libevview3-3-debuginfo-3.20.2-6.22.9 nautilus-evince-3.20.2-6.22.9 nautilus-evince-debuginfo-3.20.2-6.22.9 - SUSE Linux Enterprise Server 12-SP3 (noarch): evince-lang-3.20.2-6.22.9 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): evince-lang-3.20.2-6.22.9 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): evince-3.20.2-6.22.9 evince-browser-plugin-3.20.2-6.22.9 evince-browser-plugin-debuginfo-3.20.2-6.22.9 evince-debuginfo-3.20.2-6.22.9 evince-debugsource-3.20.2-6.22.9 evince-plugin-djvudocument-3.20.2-6.22.9 evince-plugin-djvudocument-debuginfo-3.20.2-6.22.9 evince-plugin-dvidocument-3.20.2-6.22.9 evince-plugin-dvidocument-debuginfo-3.20.2-6.22.9 evince-plugin-pdfdocument-3.20.2-6.22.9 evince-plugin-pdfdocument-debuginfo-3.20.2-6.22.9 evince-plugin-psdocument-3.20.2-6.22.9 evince-plugin-psdocument-debuginfo-3.20.2-6.22.9 evince-plugin-tiffdocument-3.20.2-6.22.9 evince-plugin-tiffdocument-debuginfo-3.20.2-6.22.9 evince-plugin-xpsdocument-3.20.2-6.22.9 evince-plugin-xpsdocument-debuginfo-3.20.2-6.22.9 libevdocument3-4-3.20.2-6.22.9 libevdocument3-4-debuginfo-3.20.2-6.22.9 libevview3-3-3.20.2-6.22.9 libevview3-3-debuginfo-3.20.2-6.22.9 nautilus-evince-3.20.2-6.22.9 nautilus-evince-debuginfo-3.20.2-6.22.9 typelib-1_0-EvinceDocument-3_0-3.20.2-6.22.9 typelib-1_0-EvinceView-3_0-3.20.2-6.22.9 References: https://www.suse.com/security/cve/CVE-2017-1000159.html https://bugzilla.suse.com/1070046 From sle-updates at lists.suse.com Mon Apr 16 10:07:38 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Apr 2018 18:07:38 +0200 (CEST) Subject: SUSE-RU-2018:0948-1: moderate: Recommended update for icinga2 Message-ID: <20180416160738.327D9FD1E@maintenance.suse.de> SUSE Recommended Update: Recommended update for icinga2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0948-1 Rating: moderate References: #1087745 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Icinga 2 (2.8.2) is provided as a monitoring solution for HPC alongside with Ganglia. (FATE#324994) Icinga 2 is an open source monitoring system which checks the availability of your network resources, notifies users of outages and generates performance data for reporting. Scalable and extensible, Icinga 2 can monitor large, complex environments across multiple locations. Icinga 2 is provided with the HPC module for SUSE Linux Enterprise Server 'as is', support for it is available under special contract. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2018-641=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): icinga2-2.8.2-3.3.1 icinga2-bin-2.8.2-3.3.1 icinga2-bin-debuginfo-2.8.2-3.3.1 icinga2-common-2.8.2-3.3.1 icinga2-debugsource-2.8.2-3.3.1 icinga2-doc-2.8.2-3.3.1 icinga2-ido-mysql-2.8.2-3.3.1 icinga2-ido-mysql-debuginfo-2.8.2-3.3.1 icinga2-ido-pgsql-2.8.2-3.3.1 icinga2-ido-pgsql-debuginfo-2.8.2-3.3.1 icinga2-libs-2.8.2-3.3.1 icinga2-libs-debuginfo-2.8.2-3.3.1 vim-icinga2-2.8.2-3.3.1 References: https://bugzilla.suse.com/1087745 From sle-updates at lists.suse.com Mon Apr 16 10:08:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Apr 2018 18:08:07 +0200 (CEST) Subject: SUSE-RU-2018:0949-1: moderate: Recommended update for microcode_ctl Message-ID: <20180416160807.93F05FD1D@maintenance.suse.de> SUSE Recommended Update: Recommended update for microcode_ctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0949-1 Rating: moderate References: #1086511 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for microcode_ctl fixes the following issues: The included microcode.dat file contained extra content due to a packaging bug, which lead to non-loading Intel CPU microcode. (bsc#1086511) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-microcode_ctl-13561=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-microcode_ctl-13561=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-microcode_ctl-13561=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): microcode_ctl-1.17-102.83.18.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): microcode_ctl-1.17-102.83.18.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): microcode_ctl-1.17-102.83.18.2 References: https://bugzilla.suse.com/1086511 From sle-updates at lists.suse.com Mon Apr 16 10:08:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Apr 2018 18:08:35 +0200 (CEST) Subject: SUSE-RU-2018:0950-1: moderate: Recommended update for susemanager-build-keys Message-ID: <20180416160835.D7B46FD1D@maintenance.suse.de> SUSE Recommended Update: Recommended update for susemanager-build-keys ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0950-1 Rating: moderate References: #1086802 Affected Products: SUSE Manager Server 3.1 SUSE Manager Server 3.0 SUSE Manager Proxy 3.1 SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for susemanager-build-keys fixes the following issues: - Created GPG key compatibility symlinks as other software uses exact filenames (bsc#1086802) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-642=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-642=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-642=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-642=1 Package List: - SUSE Manager Server 3.1 (noarch): susemanager-build-keys-12.0-4.8.1 susemanager-build-keys-web-12.0-4.8.1 - SUSE Manager Server 3.0 (noarch): susemanager-build-keys-12.0-4.8.1 susemanager-build-keys-web-12.0-4.8.1 - SUSE Manager Proxy 3.1 (noarch): susemanager-build-keys-12.0-4.8.1 susemanager-build-keys-web-12.0-4.8.1 - SUSE Manager Proxy 3.0 (noarch): susemanager-build-keys-12.0-4.8.1 susemanager-build-keys-web-12.0-4.8.1 References: https://bugzilla.suse.com/1086802 From sle-updates at lists.suse.com Mon Apr 16 10:09:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Apr 2018 18:09:07 +0200 (CEST) Subject: SUSE-RU-2018:0951-1: Recommended update for sssd Message-ID: <20180416160907.19F9EFD1D@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0951-1 Rating: low References: #1034977 #1038853 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sssd fixes provides the following fixes: - Fix a crash triggered by asking sss_cache to clear the cache of a specific domain. - Fix a DBus related crash when processing sudo rules. (bsc#1038853) - Enhance debug logging for all stages of LDAP connection, and make timeout of each stage of LDAP connection customisable. (bsc#1034977) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-sssd-13562=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-sssd-13562=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sssd-13562=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsss_idmap-devel-1.9.4-0.34.5.1 libsss_sudo-devel-1.9.4-0.34.5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsss_idmap0-1.9.4-0.34.5.1 python-sssd-config-1.9.4-0.34.5.1 sssd-1.9.4-0.34.5.1 sssd-tools-1.9.4-0.34.5.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): sssd-32bit-1.9.4-0.34.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): sssd-debuginfo-1.9.4-0.34.5.1 sssd-debugsource-1.9.4-0.34.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): sssd-debuginfo-32bit-1.9.4-0.34.5.1 References: https://bugzilla.suse.com/1034977 https://bugzilla.suse.com/1038853 From sle-updates at lists.suse.com Mon Apr 16 13:07:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Apr 2018 21:07:43 +0200 (CEST) Subject: SUSE-SU-2018:0952-1: moderate: Security update for nodejs4 Message-ID: <20180416190743.F0F48FD1D@maintenance.suse.de> SUSE Security Update: Security update for nodejs4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0952-1 Rating: moderate References: #1087453 #1087459 Cross-References: CVE-2018-7158 CVE-2018-7159 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nodejs4 fixes the following issues: - Fix some node-gyp permissions - New upstream maintenance 4.9.1: * Security fixes: + CVE-2018-7158: Fix for 'path' module regular expression denial of service (bsc#1087459) + CVE-2018-7159: Reject spaces in HTTP Content-Length header values (bsc#1087453) * Upgrade to OpenSSL 1.0.2o * deps: reject interior blanks in Content-Length * deps: upgrade http-parser to v2.8.0 - remove any old manpage files in %pre from before update-alternatives were used to manage symlinks to these manpages. - Add Recommends and BuildRequire on python2 for npm. node-gyp requires this old version of python for now. This is only needed for binary modules. - even on recent codestreams there is no binutils gold on s390 only on s390x - Enable CI tests in %check target Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-649=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-649=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le x86_64): nodejs4-4.9.1-15.11.1 nodejs4-debuginfo-4.9.1-15.11.1 nodejs4-debugsource-4.9.1-15.11.1 nodejs4-devel-4.9.1-15.11.1 npm4-4.9.1-15.11.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs4-docs-4.9.1-15.11.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): nodejs4-4.9.1-15.11.1 nodejs4-debuginfo-4.9.1-15.11.1 nodejs4-debugsource-4.9.1-15.11.1 References: https://www.suse.com/security/cve/CVE-2018-7158.html https://www.suse.com/security/cve/CVE-2018-7159.html https://bugzilla.suse.com/1087453 https://bugzilla.suse.com/1087459 From sle-updates at lists.suse.com Mon Apr 16 13:08:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Apr 2018 21:08:45 +0200 (CEST) Subject: SUSE-RU-2018:0954-1: moderate: Recommended update for ganglia, ganglia-web Message-ID: <20180416190845.44F38FD1E@maintenance.suse.de> SUSE Recommended Update: Recommended update for ganglia, ganglia-web ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0954-1 Rating: moderate References: #1085087 #1085219 #1087257 #1087487 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for the HPC Module introduces the Ganglia Monitoring solution. (FATE#323979 bsc#1085087) Ganglia is a scalable distributed monitoring system for high-performance computing systems such as clusters and Grids. It is based on a hierarchical design targeted at federations of clusters. It has been used to link clusters across university campuses and around the world and can scale to handle clusters with 2000 nodes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2018-646=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): ganglia-debugsource-3.7.2-3.5.1 ganglia-devel-3.7.2-3.5.1 ganglia-gmetad-3.7.2-3.5.1 ganglia-gmetad-debuginfo-3.7.2-3.5.1 ganglia-gmetad-skip-bcheck-3.7.2-3.5.1 ganglia-gmond-3.7.2-3.5.1 ganglia-gmond-debuginfo-3.7.2-3.5.1 ganglia-gmond-modules-python-3.7.2-3.5.1 ganglia-gmond-modules-python-debuginfo-3.7.2-3.5.1 libconfuse-devel-2.8-3.3.1 libconfuse0-2.8-3.3.1 libconfuse0-debuginfo-2.8-3.3.1 libconfuse0-debugsource-2.8-3.3.1 libganglia0-3.7.2-3.5.1 libganglia0-debuginfo-3.7.2-3.5.1 - SUSE Linux Enterprise Module for HPC 12 (noarch): ganglia-web-3.7.2-3.5.1 libconfuse0-lang-2.8-3.3.1 References: https://bugzilla.suse.com/1085087 https://bugzilla.suse.com/1085219 https://bugzilla.suse.com/1087257 https://bugzilla.suse.com/1087487 From sle-updates at lists.suse.com Mon Apr 16 13:09:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Apr 2018 21:09:35 +0200 (CEST) Subject: SUSE-SU-2018:0955-1: moderate: Security update for memcached Message-ID: <20180416190935.8D4C0FD1E@maintenance.suse.de> SUSE Security Update: Security update for memcached ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0955-1 Rating: moderate References: #1077718 #1083903 Cross-References: CVE-2018-1000115 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for memcached fixes the following issues: - CVE-2018-1000115: Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server could result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). (bsc#1083903) - Home directory shouldn't be world readable bsc#1077718 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-647=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): memcached-1.4.39-4.6.1 memcached-debuginfo-1.4.39-4.6.1 memcached-debugsource-1.4.39-4.6.1 References: https://www.suse.com/security/cve/CVE-2018-1000115.html https://bugzilla.suse.com/1077718 https://bugzilla.suse.com/1083903 From sle-updates at lists.suse.com Mon Apr 16 13:10:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Apr 2018 21:10:14 +0200 (CEST) Subject: SUSE-SU-2018:0956-1: moderate: Security update for ntp Message-ID: <20180416191014.33F97FD1E@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0956-1 Rating: moderate References: #1077445 #1082063 #1082210 #1083417 #1083420 #1083422 #1083424 #1083426 Cross-References: CVE-2016-1549 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that solves 6 vulnerabilities and has two fixes is now available. Description: This update for ntp fixes the following issues: - Update to 4.2.8p11 (bsc#1082210): * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. (bsc#1083426) * CVE-2018-7170: Multiple authenticated ephemeral associations. (bsc#1083424) * CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state. (bsc#1083422) * CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association. (bsc#1083420) * CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit.(bsc#1083417) - Don't use libevent's cached time stamps in sntp. (bsc#1077445) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-648=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-648=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ntp-4.2.8p11-64.3.2 ntp-debuginfo-4.2.8p11-64.3.2 ntp-debugsource-4.2.8p11-64.3.2 ntp-doc-4.2.8p11-64.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ntp-4.2.8p11-64.3.2 ntp-debuginfo-4.2.8p11-64.3.2 ntp-debugsource-4.2.8p11-64.3.2 ntp-doc-4.2.8p11-64.3.2 - SUSE CaaS Platform ALL (x86_64): ntp-4.2.8p11-64.3.2 ntp-debuginfo-4.2.8p11-64.3.2 ntp-debugsource-4.2.8p11-64.3.2 References: https://www.suse.com/security/cve/CVE-2016-1549.html https://www.suse.com/security/cve/CVE-2018-7170.html https://www.suse.com/security/cve/CVE-2018-7182.html https://www.suse.com/security/cve/CVE-2018-7183.html https://www.suse.com/security/cve/CVE-2018-7184.html https://www.suse.com/security/cve/CVE-2018-7185.html https://bugzilla.suse.com/1077445 https://bugzilla.suse.com/1082063 https://bugzilla.suse.com/1082210 https://bugzilla.suse.com/1083417 https://bugzilla.suse.com/1083420 https://bugzilla.suse.com/1083422 https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1083426 From sle-updates at lists.suse.com Mon Apr 16 16:07:33 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Apr 2018 00:07:33 +0200 (CEST) Subject: SUSE-RU-2018:0957-1: Recommended update for timezone, timezone-java Message-ID: <20180416220733.7FCC1FD1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone, timezone-java ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0957-1 Rating: low References: #1086729 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest timezone information (2018d) for your system, including following changes: - In 2018, Palestine starts DST on March 24, not March 31. - Casey Station in Antarctica changed from +11 to +08 on 2018-03-11 at 04:00 (bsc#1086729). - corrections for historical transitions. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-timezone-13563=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-timezone-13563=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-timezone-13563=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-timezone-13563=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-timezone-13563=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): timezone-java-2018d-0.52.9.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-2018d-0.52.9.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): timezone-java-2018d-0.52.9.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): timezone-2018d-0.52.9.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): timezone-java-2018d-0.52.9.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): timezone-java-2018d-0.52.9.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): timezone-2018d-0.52.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-debuginfo-2018d-0.52.9.1 timezone-debugsource-2018d-0.52.9.1 References: https://bugzilla.suse.com/1086729 From sle-updates at lists.suse.com Mon Apr 16 16:08:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Apr 2018 00:08:04 +0200 (CEST) Subject: SUSE-OU-2018:0958-1: Initial release of python3-cssselect, -lxml, -pycparser, -simplejson and -pycurl Message-ID: <20180416220804.563FDFD1E@maintenance.suse.de> SUSE Optional Update: Initial release of python3-cssselect, -lxml, -pycparser, -simplejson and -pycurl ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:0958-1 Rating: low References: #1073879 Affected Products: SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 modules for the SUSE Linux Enterprise Server: - python3-cssselect - python3-lxml - python3-pycparser - python3-pycurl - python3-simplejson Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-651=1 - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-651=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-651=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-651=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-651=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-651=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-651=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-651=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-651=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): python-simplejson-3.8.2-9.1 python-simplejson-debuginfo-3.8.2-9.1 python-simplejson-debugsource-3.8.2-9.1 python3-lxml-3.3.5-3.4.1 python3-pycurl-7.43.0-1.3.2 python3-simplejson-3.8.2-9.1 - SUSE OpenStack Cloud 7 (noarch): python-pycparser-2.10-5.3.1 python3-cssselect-0.8-3.2.1 python3-pycparser-2.10-5.3.1 - SUSE OpenStack Cloud 6 (x86_64): python-simplejson-3.8.2-9.1 python-simplejson-debuginfo-3.8.2-9.1 python-simplejson-debugsource-3.8.2-9.1 python3-lxml-3.3.5-3.4.1 python3-pycurl-7.43.0-1.3.2 python3-simplejson-3.8.2-9.1 - SUSE OpenStack Cloud 6 (noarch): python-pycparser-2.10-5.3.1 python3-cssselect-0.8-3.2.1 python3-pycparser-2.10-5.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): python-simplejson-3.8.2-9.1 python-simplejson-debuginfo-3.8.2-9.1 python-simplejson-debugsource-3.8.2-9.1 python3-lxml-3.3.5-3.4.1 python3-pycurl-7.43.0-1.3.2 python3-simplejson-3.8.2-9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): python-pycparser-2.10-5.3.1 python3-cssselect-0.8-3.2.1 python3-pycparser-2.10-5.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): python-simplejson-3.8.2-9.1 python-simplejson-debuginfo-3.8.2-9.1 python-simplejson-debugsource-3.8.2-9.1 python3-lxml-3.3.5-3.4.1 python3-pycurl-7.43.0-1.3.2 python3-simplejson-3.8.2-9.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): python-pycparser-2.10-5.3.1 python3-cssselect-0.8-3.2.1 python3-pycparser-2.10-5.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): python-simplejson-3.8.2-9.1 python-simplejson-debuginfo-3.8.2-9.1 python-simplejson-debugsource-3.8.2-9.1 python3-lxml-3.3.5-3.4.1 python3-pycurl-7.43.0-1.3.2 python3-simplejson-3.8.2-9.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): python-pycparser-2.10-5.3.1 python3-cssselect-0.8-3.2.1 python3-pycparser-2.10-5.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): python-simplejson-3.8.2-9.1 python-simplejson-debuginfo-3.8.2-9.1 python-simplejson-debugsource-3.8.2-9.1 python3-lxml-3.3.5-3.4.1 python3-pycurl-7.43.0-1.3.2 python3-simplejson-3.8.2-9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): python-pycparser-2.10-5.3.1 python3-cssselect-0.8-3.2.1 python3-pycparser-2.10-5.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): python-simplejson-3.8.2-9.1 python-simplejson-debuginfo-3.8.2-9.1 python-simplejson-debugsource-3.8.2-9.1 python3-lxml-3.3.5-3.4.1 python3-pycurl-7.43.0-1.3.2 python3-simplejson-3.8.2-9.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): python-pycparser-2.10-5.3.1 python3-cssselect-0.8-3.2.1 python3-pycparser-2.10-5.3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): python-simplejson-3.8.2-9.1 python-simplejson-debuginfo-3.8.2-9.1 python-simplejson-debugsource-3.8.2-9.1 python3-lxml-3.3.5-3.4.1 python3-pycurl-7.43.0-1.3.2 python3-simplejson-3.8.2-9.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): python-pycparser-2.10-5.3.1 python3-cssselect-0.8-3.2.1 python3-pycparser-2.10-5.3.1 - SUSE Enterprise Storage 4 (noarch): python-pycparser-2.10-5.3.1 python3-cssselect-0.8-3.2.1 python3-pycparser-2.10-5.3.1 - SUSE Enterprise Storage 4 (x86_64): python-simplejson-3.8.2-9.1 python-simplejson-debuginfo-3.8.2-9.1 python-simplejson-debugsource-3.8.2-9.1 python3-lxml-3.3.5-3.4.1 python3-pycurl-7.43.0-1.3.2 python3-simplejson-3.8.2-9.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Wed Apr 18 04:11:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Apr 2018 12:11:50 +0200 (CEST) Subject: SUSE-SU-2018:0973-1: moderate: Security update for python-Django Message-ID: <20180418101150.0643FFD20@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0973-1 Rating: moderate References: #1001374 #1008047 #1008050 #1031450 #1031451 #1056284 #1083304 #1083305 Cross-References: CVE-2016-7401 CVE-2016-9013 CVE-2016-9014 CVE-2017-12794 CVE-2017-7233 CVE-2017-7234 CVE-2018-7536 CVE-2018-7537 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for python-Django fixes the following issues: Security issues fixed: - CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. (bsc#1083305) - CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters. (bsc#1083304) - CVE-2017-12794: Fixed XSS possibility in traceback section of technical 500 debug page (bsc#1056284) - CVE-2017-7234: Open redirect vulnerability in django.views.static.serve() (bsc#1031451) - CVE-2017-7233: Open redirect and possible XSS attack via user-supplied numeric redirect URLs (bsc#1031450) - CVE-2016-9014: DNS rebinding vulnerability when DEBUG=True (bsc#1008047) - CVE-2016-9013: User with hardcoded password created when running tests on Oracle (bsc#1008050) - CVE-2016-7401: CSRF protection bypass on a site with Google Analytics (bsc#1001374) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-655=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-Django-1.8.19-3.4.1 References: https://www.suse.com/security/cve/CVE-2016-7401.html https://www.suse.com/security/cve/CVE-2016-9013.html https://www.suse.com/security/cve/CVE-2016-9014.html https://www.suse.com/security/cve/CVE-2017-12794.html https://www.suse.com/security/cve/CVE-2017-7233.html https://www.suse.com/security/cve/CVE-2017-7234.html https://www.suse.com/security/cve/CVE-2018-7536.html https://www.suse.com/security/cve/CVE-2018-7537.html https://bugzilla.suse.com/1001374 https://bugzilla.suse.com/1008047 https://bugzilla.suse.com/1008050 https://bugzilla.suse.com/1031450 https://bugzilla.suse.com/1031451 https://bugzilla.suse.com/1056284 https://bugzilla.suse.com/1083304 https://bugzilla.suse.com/1083305 From sle-updates at lists.suse.com Wed Apr 18 04:13:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Apr 2018 12:13:41 +0200 (CEST) Subject: SUSE-SU-2018:0974-1: moderate: Security update for erlang Message-ID: <20180418101341.48B99FD20@maintenance.suse.de> SUSE Security Update: Security update for erlang ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0974-1 Rating: moderate References: #1070960 Cross-References: CVE-2017-1000385 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for erlang fixes the following security issue: - CVE-2017-1000385: An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself. (bsc#1070960) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-652=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-652=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): erlang-17.5.6-3.3.1 erlang-debuginfo-17.5.6-3.3.1 erlang-debugsource-17.5.6-3.3.1 erlang-epmd-17.5.6-3.3.1 erlang-epmd-debuginfo-17.5.6-3.3.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): erlang-17.5.6-3.3.1 erlang-debuginfo-17.5.6-3.3.1 erlang-debugsource-17.5.6-3.3.1 erlang-epmd-17.5.6-3.3.1 erlang-epmd-debuginfo-17.5.6-3.3.1 References: https://www.suse.com/security/cve/CVE-2017-1000385.html https://bugzilla.suse.com/1070960 From sle-updates at lists.suse.com Wed Apr 18 04:14:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Apr 2018 12:14:12 +0200 (CEST) Subject: SUSE-SU-2018:0975-1: important: Security update for openssl Message-ID: <20180418101412.57D40FD1F@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0975-1 Rating: important References: #1087102 Cross-References: CVE-2018-0739 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl fixes the following issues: - CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack. This could result in a Denial Of Service attack. (bsc#1087102) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-openssl-13565=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-openssl-13565=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssl-13565=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssl-13565=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): libopenssl-devel-0.9.8j-0.106.9.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libopenssl-devel-0.9.8j-0.106.9.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libopenssl-devel-32bit-0.9.8j-0.106.9.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.106.9.1 libopenssl0_9_8-hmac-0.9.8j-0.106.9.1 openssl-0.9.8j-0.106.9.1 openssl-doc-0.9.8j-0.106.9.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.106.9.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libopenssl0_9_8-x86-0.9.8j-0.106.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.9.1 openssl-debugsource-0.9.8j-0.106.9.1 References: https://www.suse.com/security/cve/CVE-2018-0739.html https://bugzilla.suse.com/1087102 From sle-updates at lists.suse.com Wed Apr 18 04:14:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Apr 2018 12:14:45 +0200 (CEST) Subject: SUSE-SU-2018:0976-1: moderate: Security update for perl Message-ID: <20180418101445.57805FD1F@maintenance.suse.de> SUSE Security Update: Security update for perl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0976-1 Rating: moderate References: #1082216 #1082233 Cross-References: CVE-2018-6798 CVE-2018-6913 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for perl fixes the following issues: Security issue fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-perl-13564=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-perl-13564=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-perl-13564=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): perl-base-32bit-5.10.0-64.81.10.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-5.10.0-64.81.10.1 perl-Module-Build-0.2808.01-0.81.10.1 perl-Test-Simple-0.72-0.81.10.1 perl-base-5.10.0-64.81.10.1 perl-doc-5.10.0-64.81.10.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): perl-32bit-5.10.0-64.81.10.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): perl-x86-5.10.0-64.81.10.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-debuginfo-5.10.0-64.81.10.1 perl-debugsource-5.10.0-64.81.10.1 References: https://www.suse.com/security/cve/CVE-2018-6798.html https://www.suse.com/security/cve/CVE-2018-6913.html https://bugzilla.suse.com/1082216 https://bugzilla.suse.com/1082233 From sle-updates at lists.suse.com Wed Apr 18 10:07:46 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Apr 2018 18:07:46 +0200 (CEST) Subject: SUSE-RU-2018:0977-1: Recommended update for timezone, timezone-java Message-ID: <20180418160746.29D1CFD20@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone, timezone-java ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0977-1 Rating: low References: #1086729 Affected Products: SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest timezone information (2018d) for your system, including following changes: - In 2018, Palestine starts DST on March 24, not March 31. - Casey Station in Antarctica changed from +11 to +08 on 2018-03-11 at 04:00 (bsc#1086729). - corrections for historical transitions. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-656=1 - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-656=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-656=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-656=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-656=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-656=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-656=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-656=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-656=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-656=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-656=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): timezone-2018d-74.9.1 timezone-debuginfo-2018d-74.9.1 timezone-debugsource-2018d-74.9.1 - SUSE OpenStack Cloud 7 (noarch): timezone-java-2018d-0.74.9.1 - SUSE OpenStack Cloud 6 (x86_64): timezone-2018d-74.9.1 timezone-debuginfo-2018d-74.9.1 timezone-debugsource-2018d-74.9.1 - SUSE OpenStack Cloud 6 (noarch): timezone-java-2018d-0.74.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): timezone-2018d-74.9.1 timezone-debuginfo-2018d-74.9.1 timezone-debugsource-2018d-74.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): timezone-java-2018d-0.74.9.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): timezone-2018d-74.9.1 timezone-debuginfo-2018d-74.9.1 timezone-debugsource-2018d-74.9.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): timezone-java-2018d-0.74.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): timezone-2018d-74.9.1 timezone-debuginfo-2018d-74.9.1 timezone-debugsource-2018d-74.9.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): timezone-java-2018d-0.74.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): timezone-2018d-74.9.1 timezone-debuginfo-2018d-74.9.1 timezone-debugsource-2018d-74.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): timezone-java-2018d-0.74.9.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): timezone-2018d-74.9.1 timezone-debuginfo-2018d-74.9.1 timezone-debugsource-2018d-74.9.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): timezone-java-2018d-0.74.9.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): timezone-2018d-74.9.1 timezone-debuginfo-2018d-74.9.1 timezone-debugsource-2018d-74.9.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): timezone-java-2018d-0.74.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): timezone-java-2018d-0.74.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): timezone-2018d-74.9.1 timezone-debuginfo-2018d-74.9.1 timezone-debugsource-2018d-74.9.1 - SUSE Enterprise Storage 4 (x86_64): timezone-2018d-74.9.1 timezone-debuginfo-2018d-74.9.1 timezone-debugsource-2018d-74.9.1 - SUSE Enterprise Storage 4 (noarch): timezone-java-2018d-0.74.9.1 - SUSE CaaS Platform ALL (x86_64): timezone-2018d-74.9.1 timezone-debuginfo-2018d-74.9.1 timezone-debugsource-2018d-74.9.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): timezone-2018d-74.9.1 timezone-debuginfo-2018d-74.9.1 timezone-debugsource-2018d-74.9.1 References: https://bugzilla.suse.com/1086729 From sle-updates at lists.suse.com Thu Apr 19 04:12:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Apr 2018 12:12:27 +0200 (CEST) Subject: SUSE-OU-2018:0978-1: Initial release of python3-idna Message-ID: <20180419101227.8B261FD20@maintenance.suse.de> SUSE Optional Update: Initial release of python3-idna ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:0978-1 Rating: low References: #1073879 Affected Products: SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module for the SUSE Linux Enterprise Server: - python3-idna Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-660=1 - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-660=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-660=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-660=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-660=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-660=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-660=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-660=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-idna-2.0-3.3.1 python3-idna-2.0-3.3.1 - SUSE OpenStack Cloud 6 (noarch): python-idna-2.0-3.3.1 python3-idna-2.0-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): python-idna-2.0-3.3.1 python3-idna-2.0-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): python-idna-2.0-3.3.1 python3-idna-2.0-3.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): python-idna-2.0-3.3.1 python3-idna-2.0-3.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): python-idna-2.0-3.3.1 python3-idna-2.0-3.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): python-idna-2.0-3.3.1 python3-idna-2.0-3.3.1 - SUSE Enterprise Storage 4 (noarch): python-idna-2.0-3.3.1 python3-idna-2.0-3.3.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Thu Apr 19 04:13:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Apr 2018 12:13:07 +0200 (CEST) Subject: SUSE-OU-2018:0979-1: Initial release of python3-six Message-ID: <20180419101307.0486EFD22@maintenance.suse.de> SUSE Optional Update: Initial release of python3-six ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:0979-1 Rating: low References: #1073879 Affected Products: SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module for the SUSE Linux Enterprise Server and the Public Cloud Module: - python3-six Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-661=1 - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-661=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-661=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-661=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-661=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-661=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-661=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-661=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-661=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-661=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-six-1.9.0-9.12.1 python-six-doc-1.9.0-9.12.1 python3-six-1.9.0-9.12.1 - SUSE OpenStack Cloud 6 (noarch): python-six-1.9.0-9.12.1 python-six-doc-1.9.0-9.12.1 python3-six-1.9.0-9.12.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): python-six-1.9.0-9.12.1 python-six-doc-1.9.0-9.12.1 python3-six-1.9.0-9.12.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): python-six-1.9.0-9.12.1 python-six-doc-1.9.0-9.12.1 python3-six-1.9.0-9.12.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): python-six-1.9.0-9.12.1 python-six-doc-1.9.0-9.12.1 python3-six-1.9.0-9.12.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): python-six-1.9.0-9.12.1 python-six-doc-1.9.0-9.12.1 python3-six-1.9.0-9.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): python-six-1.9.0-9.12.1 python-six-doc-1.9.0-9.12.1 python3-six-1.9.0-9.12.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): python-six-1.9.0-9.12.1 python-six-doc-1.9.0-9.12.1 python3-six-1.9.0-9.12.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-six-1.9.0-9.12.1 python3-six-1.9.0-9.12.1 - SUSE Enterprise Storage 4 (noarch): python-six-1.9.0-9.12.1 python-six-doc-1.9.0-9.12.1 python3-six-1.9.0-9.12.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Thu Apr 19 04:13:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Apr 2018 12:13:42 +0200 (CEST) Subject: SUSE-SU-2018:0980-1: moderate: Security update for wireshark Message-ID: <20180419101342.0709DFD22@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0980-1 Rating: moderate References: #1088200 Cross-References: CVE-2018-9256 CVE-2018-9259 CVE-2018-9260 CVE-2018-9261 CVE-2018-9262 CVE-2018-9263 CVE-2018-9264 CVE-2018-9265 CVE-2018-9266 CVE-2018-9267 CVE-2018-9268 CVE-2018-9269 CVE-2018-9270 CVE-2018-9271 CVE-2018-9272 CVE-2018-9273 CVE-2018-9274 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: This update for wireshark fixes the following issues: - Update to wireshark 2.2.14, fix such issues: * bsc#1088200 VUL-0: wireshark: multiple vulnerabilities fixed in 2.2.14, 2.4.6 * CVE-2018-9256: LWAPP dissector crash * CVE-2018-9260: IEEE 802.15.4 dissector crash * CVE-2018-9261: NBAP dissector crash * CVE-2018-9262: VLAN dissector crash * CVE-2018-9263: Kerberos dissector crash * CVE-2018-9264: ADB dissector crash * CVE-2018-9265: tn3270 dissector has a memory leak * CVE-2018-9266: ISUP dissector memory leak * CVE-2018-9267: LAPD dissector memory leak * CVE-2018-9268: SMB2 dissector memory leak * CVE-2018-9269: GIOP dissector memory leak * CVE-2018-9270: OIDS dissector memory leak * CVE-2018-9271: multipart dissector memory leak * CVE-2018-9272: h223 dissector memory leak * CVE-2018-9273: pcp dissector memory leak * CVE-2018-9274: failure message memory leak * CVE-2018-9259: MP4 dissector crash Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-wireshark-13566=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wireshark-13566=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wireshark-13566=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-devel-2.2.14-40.25.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libwireshark8-2.2.14-40.25.1 libwiretap6-2.2.14-40.25.1 libwscodecs1-2.2.14-40.25.1 libwsutil7-2.2.14-40.25.1 wireshark-2.2.14-40.25.1 wireshark-gtk-2.2.14-40.25.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libwireshark8-2.2.14-40.25.1 libwiretap6-2.2.14-40.25.1 libwscodecs1-2.2.14-40.25.1 libwsutil7-2.2.14-40.25.1 wireshark-2.2.14-40.25.1 wireshark-gtk-2.2.14-40.25.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-debuginfo-2.2.14-40.25.1 wireshark-debugsource-2.2.14-40.25.1 References: https://www.suse.com/security/cve/CVE-2018-9256.html https://www.suse.com/security/cve/CVE-2018-9259.html https://www.suse.com/security/cve/CVE-2018-9260.html https://www.suse.com/security/cve/CVE-2018-9261.html https://www.suse.com/security/cve/CVE-2018-9262.html https://www.suse.com/security/cve/CVE-2018-9263.html https://www.suse.com/security/cve/CVE-2018-9264.html https://www.suse.com/security/cve/CVE-2018-9265.html https://www.suse.com/security/cve/CVE-2018-9266.html https://www.suse.com/security/cve/CVE-2018-9267.html https://www.suse.com/security/cve/CVE-2018-9268.html https://www.suse.com/security/cve/CVE-2018-9269.html https://www.suse.com/security/cve/CVE-2018-9270.html https://www.suse.com/security/cve/CVE-2018-9271.html https://www.suse.com/security/cve/CVE-2018-9272.html https://www.suse.com/security/cve/CVE-2018-9273.html https://www.suse.com/security/cve/CVE-2018-9274.html https://bugzilla.suse.com/1088200 From sle-updates at lists.suse.com Thu Apr 19 04:14:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Apr 2018 12:14:19 +0200 (CEST) Subject: SUSE-SU-2018:0981-1: moderate: Security update for wireshark Message-ID: <20180419101419.23AB8FD22@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0981-1 Rating: moderate References: #1088200 Cross-References: CVE-2018-9256 CVE-2018-9259 CVE-2018-9260 CVE-2018-9261 CVE-2018-9262 CVE-2018-9263 CVE-2018-9264 CVE-2018-9265 CVE-2018-9266 CVE-2018-9267 CVE-2018-9268 CVE-2018-9269 CVE-2018-9270 CVE-2018-9271 CVE-2018-9272 CVE-2018-9273 CVE-2018-9274 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: This update for wireshark fixes the following issues: - Update to wireshark 2.2.14, fix such issues: * bsc#1088200 VUL-0: wireshark: multiple vulnerabilities fixed in 2.2.14, 2.4.6 * CVE-2018-9256: LWAPP dissector crash * CVE-2018-9260: IEEE 802.15.4 dissector crash * CVE-2018-9261: NBAP dissector crash * CVE-2018-9262: VLAN dissector crash * CVE-2018-9263: Kerberos dissector crash * CVE-2018-9264: ADB dissector crash * CVE-2018-9265: tn3270 dissector has a memory leak * CVE-2018-9266: ISUP dissector memory leak * CVE-2018-9267: LAPD dissector memory leak * CVE-2018-9268: SMB2 dissector memory leak * CVE-2018-9269: GIOP dissector memory leak * CVE-2018-9270: OIDS dissector memory leak * CVE-2018-9271: multipart dissector memory leak * CVE-2018-9272: h223 dissector memory leak * CVE-2018-9273: pcp dissector memory leak * CVE-2018-9274: failure message memory leak * CVE-2018-9259: MP4 dissector crash Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-658=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-658=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-658=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.2.14-48.24.1 wireshark-debugsource-2.2.14-48.24.1 wireshark-devel-2.2.14-48.24.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libwireshark8-2.2.14-48.24.1 libwireshark8-debuginfo-2.2.14-48.24.1 libwiretap6-2.2.14-48.24.1 libwiretap6-debuginfo-2.2.14-48.24.1 libwscodecs1-2.2.14-48.24.1 libwscodecs1-debuginfo-2.2.14-48.24.1 libwsutil7-2.2.14-48.24.1 libwsutil7-debuginfo-2.2.14-48.24.1 wireshark-2.2.14-48.24.1 wireshark-debuginfo-2.2.14-48.24.1 wireshark-debugsource-2.2.14-48.24.1 wireshark-gtk-2.2.14-48.24.1 wireshark-gtk-debuginfo-2.2.14-48.24.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libwireshark8-2.2.14-48.24.1 libwireshark8-debuginfo-2.2.14-48.24.1 libwiretap6-2.2.14-48.24.1 libwiretap6-debuginfo-2.2.14-48.24.1 libwscodecs1-2.2.14-48.24.1 libwscodecs1-debuginfo-2.2.14-48.24.1 libwsutil7-2.2.14-48.24.1 libwsutil7-debuginfo-2.2.14-48.24.1 wireshark-2.2.14-48.24.1 wireshark-debuginfo-2.2.14-48.24.1 wireshark-debugsource-2.2.14-48.24.1 wireshark-gtk-2.2.14-48.24.1 wireshark-gtk-debuginfo-2.2.14-48.24.1 References: https://www.suse.com/security/cve/CVE-2018-9256.html https://www.suse.com/security/cve/CVE-2018-9259.html https://www.suse.com/security/cve/CVE-2018-9260.html https://www.suse.com/security/cve/CVE-2018-9261.html https://www.suse.com/security/cve/CVE-2018-9262.html https://www.suse.com/security/cve/CVE-2018-9263.html https://www.suse.com/security/cve/CVE-2018-9264.html https://www.suse.com/security/cve/CVE-2018-9265.html https://www.suse.com/security/cve/CVE-2018-9266.html https://www.suse.com/security/cve/CVE-2018-9267.html https://www.suse.com/security/cve/CVE-2018-9268.html https://www.suse.com/security/cve/CVE-2018-9269.html https://www.suse.com/security/cve/CVE-2018-9270.html https://www.suse.com/security/cve/CVE-2018-9271.html https://www.suse.com/security/cve/CVE-2018-9272.html https://www.suse.com/security/cve/CVE-2018-9273.html https://www.suse.com/security/cve/CVE-2018-9274.html https://bugzilla.suse.com/1088200 From sle-updates at lists.suse.com Thu Apr 19 04:14:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Apr 2018 12:14:50 +0200 (CEST) Subject: SUSE-RU-2018:0982-1: moderate: Recommended update for genders, pdsh Message-ID: <20180419101450.CD81DFD22@maintenance.suse.de> SUSE Recommended Update: Recommended update for genders, pdsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0982-1 Rating: moderate References: #1081479 #1081673 #1085090 #1085091 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update brings the genders package to the HPC module (FATE#324149 bsc#1085090), adding support for it in pdsh (FATE#325288 bsc#1085091), and includes the following fixes: Changes in pdsh: - Since different host-list plugins have conflicting options and 'the first one wins' policy is not well defined, package all of them separately and make ones with identical options conflict. (bsc#1081673) - Put the SLURM plugin into separate package. (FATE#325289) Changes in genders: - Added new package genders-base for the configuration file common to the libraries. (bsc#1081479) Genders is a static cluster configuration database used for cluster configuration management. It is used by a variety of tools and scripts for management of large clusters. The genders database is typically replicated on every node of the cluster. It describes the layout and configuration of the cluster so that tools and scripts can sense the variations of cluster nodes. By abstracting this information into a plain text file, it becomes possible to change the configuration of a cluster by modifying only one file. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2018-662=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): genders-1.22-3.3.1 genders-base-1.22-3.3.1 genders-debuginfo-1.22-3.3.1 genders-debugsource-1.22-3.3.1 genders-devel-1.22-3.3.1 genders-perl-compat-1.22-3.3.1 libgenders0-1.22-3.3.1 libgenders0-debuginfo-1.22-3.3.1 libgendersplusplus2-1.22-3.3.1 libgendersplusplus2-debuginfo-1.22-3.3.1 pdsh-2.33-7.8.1 pdsh-debuginfo-2.33-7.8.1 pdsh-debugsource-2.33-7.8.1 pdsh-dshgroup-2.33-7.8.1 pdsh-dshgroup-debuginfo-2.33-7.8.1 pdsh-genders-2.33-7.8.1 pdsh-genders-debuginfo-2.33-7.8.1 pdsh-machines-2.33-7.8.1 pdsh-machines-debuginfo-2.33-7.8.1 pdsh-netgroup-2.33-7.8.1 pdsh-netgroup-debuginfo-2.33-7.8.1 pdsh-slurm-2.33-7.8.1 pdsh-slurm-debuginfo-2.33-7.8.1 perl-genders-1.22-3.3.1 perl-genders-debuginfo-1.22-3.3.1 python-genders-1.22-3.3.1 python-genders-debuginfo-1.22-3.3.1 References: https://bugzilla.suse.com/1081479 https://bugzilla.suse.com/1081673 https://bugzilla.suse.com/1085090 https://bugzilla.suse.com/1085091 From sle-updates at lists.suse.com Thu Apr 19 04:15:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Apr 2018 12:15:58 +0200 (CEST) Subject: SUSE-SU-2018:0983-1: moderate: Security update for ocaml Message-ID: <20180419101558.071C7FD22@maintenance.suse.de> SUSE Security Update: Security update for ocaml ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0983-1 Rating: moderate References: #1088591 Cross-References: CVE-2018-9838 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ocaml fixes the following issues: - CVE-2018-9838: Integer overflows when unmarshaling a bigarray data could result in a bigarray with impossibly large dimensions leading to overflow when computing the in-memory size of the bigarray. [bsc#1088591] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-657=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ocaml-4.03.0-8.3.1 ocaml-compiler-libs-4.03.0-8.3.1 ocaml-debuginfo-4.03.0-8.3.1 ocaml-debugsource-4.03.0-8.3.1 ocaml-rpm-macros-4.03.0-8.3.1 ocaml-runtime-4.03.0-8.3.1 ocaml-runtime-debuginfo-4.03.0-8.3.1 References: https://www.suse.com/security/cve/CVE-2018-9838.html https://bugzilla.suse.com/1088591 From sle-updates at lists.suse.com Thu Apr 19 07:07:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Apr 2018 15:07:53 +0200 (CEST) Subject: SUSE-SU-2018:0986-1: important: Security update for the Linux Kernel Message-ID: <20180419130753.F3C68FD21@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0986-1 Rating: important References: #1006867 #1012382 #1015342 #1015343 #1019784 #1020645 #1022595 #1022607 #1022912 #1024296 #1024376 #1027054 #1031492 #1031717 #1033587 #1034503 #1037838 #1038078 #1038085 #1040182 #1042286 #1043441 #1043652 #1043725 #1043726 #1048325 #1048585 #1053472 #1060279 #1062129 #1065600 #1065615 #1066163 #1066223 #1067118 #1068032 #1068038 #1068569 #1068984 #1069135 #1069138 #1069160 #1070052 #1070404 #1070799 #1071306 #1071892 #1072163 #1072363 #1072484 #1072689 #1072739 #1072865 #1073229 #1073401 #1073407 #1073928 #1074134 #1074198 #1074426 #1074488 #1074621 #1074839 #1074847 #1075066 #1075078 #1075087 #1075091 #1075397 #1075428 #1075617 #1075621 #1075627 #1075811 #1075994 #1076017 #1076110 #1076187 #1076232 #1076282 #1076693 #1076760 #1076805 #1076847 #1076872 #1076899 #1076982 #1077068 #1077241 #1077285 #1077513 #1077560 #1077592 #1077704 #1077779 #1077871 #1078002 #1078583 #1078672 #1078673 #1078681 #1078787 #1079029 #1079038 #1079195 #1079313 #1079384 #1079609 #1079886 #1079989 #1080014 #1080263 #1080321 #1080344 #1080364 #1080384 #1080464 #1080533 #1080656 #1080774 #1080813 #1080851 #1081134 #1081431 #1081436 #1081437 #1081491 #1081498 #1081500 #1081512 #1081514 #1081681 #1081735 #1082089 #1082223 #1082299 #1082373 #1082478 #1082632 #1082795 #1082864 #1082897 #1082979 #1082993 #1083048 #1083056 #1083086 #1083223 #1083387 #1083409 #1083494 #1083548 #1083750 #1083770 #1084041 #1084397 #1084427 #1084610 #1084772 #1084888 #1084926 #1084928 #1084967 #1085011 #1085015 #1085045 #1085047 #1085050 #1085053 #1085054 #1085056 #1085107 #1085224 #1085239 #863764 #963844 #966170 #966172 #966328 #969476 #969477 #973818 #975772 #983145 #985025 Cross-References: CVE-2017-13166 CVE-2017-15129 CVE-2017-15951 CVE-2017-16644 CVE-2017-16912 CVE-2017-16913 CVE-2017-17712 CVE-2017-17862 CVE-2017-17864 CVE-2017-17975 CVE-2017-18017 CVE-2017-18174 CVE-2017-18208 CVE-2017-5715 CVE-2018-1000004 CVE-2018-1000026 CVE-2018-5332 CVE-2018-5333 CVE-2018-8087 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP3 ______________________________________________________________________________ An update that solves 19 vulnerabilities and has 166 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 Realtime kernel was updated to 4.4.120 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka "retpolines". - CVE-2017-13166: An elevation of privilege vulnerability in the v4l2 video driver. (bnc#1072865). - CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel. The function get_net_ns_by_id() in net/core/net_namespace.c did not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely (bnc#1074839). - CVE-2017-15951: The KEYS subsystem in the Linux kernel did not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls (bnc#1065615). - CVE-2017-16912: The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel allowed attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet (bnc#1078673). - CVE-2017-16913: The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel when handling CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet (bnc#1078672). - CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allowed a local user to execute code and gain privileges (bnc#1073229 1073230). - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (bnc#1073928). - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allowed local users to obtain potentially sensitive address information, aka a "pointer leak (bnc#1073928). - CVE-2017-17975: Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c allowed attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure (bnc#1074426). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2017-18174: In the Linux kernel the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free (bnc#1080533). - CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bnc#1076017). - CVE-2018-1000026: Linux kernel version contained a insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via an attacker that must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM. (bnc#1079384). - CVE-2018-5332: In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). - CVE-2018-8087: Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c allowed local users to cause a denial of service (memory consumption) by triggering an out-of-array error case (bnc#1085053). - CVE-2017-16644: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118). The following non-security bugs were fixed: - 509: fix printing uninitialized stack memory when OID is empty (bsc#1075078). - 8021q: fix a memory leak for VLAN 0 device (bnc#1012382). - acpi / bus: Leave modalias empty for devices which are not present (bnc#1012382). - acpi, nfit: fix health event notification (FATE#321135, FATE#321217, FATE#321256, FATE#321391, FATE#321393). - acpi, nfit: fix register dimm error handling (FATE#321135, FATE#321217, FATE#321256, FATE#321391, FATE#321393). - acpi: sbshc: remove raw pointer from printk() message (bnc#1012382). - acpi / scan: Prefer devices without _HID/_CID for _ADR matching (bnc#1012382). - Add delay-init quirk for Corsair K70 RGB keyboards (bnc#1012382). - add ip6_make_flowinfo helper (bsc#1042286). - af_key: fix buffer overread in parse_exthdrs() (bnc#1012382). - af_key: fix buffer overread in verify_address_len() (bnc#1012382). - afs: Adjust mode bits processing (bnc#1012382). - afs: Connect up the CB.ProbeUuid (bnc#1012382). - afs: Fix afs_kill_pages() (bnc#1012382). - afs: Fix missing put_page() (bnc#1012382). - afs: Fix page leak in afs_write_begin() (bnc#1012382). - afs: Fix the maths in afs_fs_store_data() (bnc#1012382). - afs: Flush outstanding writes when an fd is closed (bnc#1012382). - afs: Migrate vlocation fields to 64-bit (bnc#1012382). - afs: Populate and use client modification time (bnc#1012382). - afs: Populate group ID from vnode status (bnc#1012382). - afs: Prevent callback expiry timer overflow (bnc#1012382). - ahci: Add Intel Cannon Lake PCH-H PCI ID (bnc#1012382). - ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI (bnc#1012382). - ahci: Annotate PCI ids for mobile Intel chipsets as such (bnc#1012382). - alpha: fix build failures (bnc#1012382). - alpha: fix crash if pthread_create races with signal delivery (bnc#1012382). - alpha: fix reboot on Avanti platform (bnc#1012382). - alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1031717). - alsa: aloop: Fix racy hw constraints adjustment (bsc#1031717). - alsa: aloop: Release cable upon open error path (bsc#1031717). - alsa: hda - Apply headphone noise quirk for another Dell XPS 13 variant (bsc#1031717). - alsa: hda - Apply the existing quirk to iMac 14,1 (bsc#1031717). - alsa: hda/ca0132 - fix possible NULL pointer use (bnc#1012382). - alsa: hda - Fix headset mic detection problem for two Dell machines (bnc#1012382). - alsa: hda/realtek - Add headset mode support for Dell laptop (bsc#1031717). - alsa: hda/realtek: PCI quirk for Fujitsu U7x7 (bnc#1012382). - alsa: hda - Reduce the suspend time consumption for ALC256 (bsc#1031717). - alsa: hda - Use IS_REACHABLE() for dependency on input (bsc#1031717). - alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1031717). - alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1031717). - alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1031717). - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1031717). - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1031717). - alsa: seq: Fix racy pool initializations (bnc#1012382). - alsa: seq: Fix regression by incorrect ioctl_mutex usages (bnc#1012382). - alsa: usb-audio: add implicit fb quirk for Behringer UFX1204 (bnc#1012382). - alsa: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute (bnc#1012382). - amd-xgbe: Fix unused suspend handlers build warning (bnc#1012382). - arc: uaccess: dont use "l" gcc inline asm constraint modifier (bnc#1012382). - arm64: add PTE_ADDR_MASK (bsc#1068032). - arm64: Add skeleton to harden the branch predictor against aliasing attacks (bsc#1068032). - arm64: Add trace_hardirqs_off annotation in ret_to_user (bsc#1068032). - arm64: barrier: Add CSDB macros to control data-value prediction (bsc#1068032). - arm64: Branch predictor hardening for Cavium ThunderX2 (bsc#1068032). - arm64/cpufeature: do not use mutex in bringup path (bsc#1068032). - arm64: cpufeature: Pass capability structure to ->enable callback (bsc#1068032). - arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs (bsc#1068032). - arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 (bsc#1068032). - arm64: debug: remove unused local_dbg_{enable, disable} macros (bsc#1068032). - arm64: define BUG() instruction without CONFIG_BUG (bnc#1012382). - arm64: Define cputype macros for Falkor CPU (bsc#1068032). - arm64: Disable TTBR0_EL1 during normal kernel execution (bsc#1068032). - arm64: Disable unhandled signal log messages by default (bnc#1012382). - arm64: Do not force KPTI for CPUs that are not vulnerable (bsc#1076187). - arm64: do not pull uaccess.h into *.S (bsc#1068032). - arm64: dts: add #cooling-cells to CPU nodes (bnc#1012382). - arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: entry: Add exception trampoline page for exceptions from EL0 (bsc#1068032). - arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 (bsc#1068032). - arm64: entry: Apply BP hardening for high-priority synchronous exceptions (bsc#1068032). - arm64: entry: Apply BP hardening for suspicious interrupts from EL0 (bsc#1068032). - arm64: entry: Ensure branch through syscall table is bounded under speculation (bsc#1068032). - arm64: entry: Explicitly pass exception level to kernel_ventry macro (bsc#1068032). - arm64: entry: Hook up entry trampoline to exception vectors (bsc#1068032). - arm64: entry: remove pointless SPSR mode check (bsc#1068032). - arm64: entry: Reword comment about post_ttbr_update_workaround (bsc#1068032). - arm64: entry.S convert el0_sync (bsc#1068032). - arm64: entry.S: convert el1_sync (bsc#1068032). - arm64: entry.S: convert elX_irq (bsc#1068032). - arm64: entry.S: move SError handling into a C function for future expansion (bsc#1068032). - arm64: entry.S: Remove disable_dbg (bsc#1068032). - arm64: erratum: Work around Falkor erratum #E1003 in trampoline code (bsc#1068032). - arm64: explicitly mask all exceptions (bsc#1068032). - arm64: factor out entry stack manipulation (bsc#1068032). - arm64: factor out PAGE_* and CONT_* definitions (bsc#1068032). - arm64: Factor out PAN enabling/disabling into separate uaccess_* macros (bsc#1068032). - arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro (bsc#1068032). - arm64: factor work_pending state machine to C (bsc#1068032). - arm64: Force KPTI to be disabled on Cavium ThunderX (bsc#1068032). - arm64: fpsimd: Prevent registers leaking from dead tasks (bnc#1012382). - arm64: futex: Mask __user pointers prior to dereference (bsc#1068032). - arm64: Handle el1 synchronous instruction aborts cleanly (bsc#1068032). - arm64: Handle faults caused by inadvertent user access with PAN enabled (bsc#1068032). - arm64: head.S: get rid of x25 and x26 with 'global' scope (bsc#1068032). - arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives (bsc#1068032). - arm64: Implement array_index_mask_nospec() (bsc#1068032). - arm64: Implement branch predictor hardening for affected Cortex-A CPUs (bsc#1068032). - arm64: Implement branch predictor hardening for Falkor (bsc#1068032). - arm64: Initialise high_memory global variable earlier (bnc#1012382). - arm64: introduce an order for exceptions (bsc#1068032). - arm64: introduce mov_q macro to move a constant into a 64-bit register (bsc#1068032). - arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1 (bsc#1068032). - arm64: kaslr: Put kernel vectors address in separate data page (bsc#1068032). - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 (bsc#1068032). - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry (bsc#1068032). - arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set (bnc#1012382). - arm64: kill ESR_LNX_EXEC (bsc#1068032). - arm64: kpti: Add ->enable callback to remap swapper using nG mappings (bsc#1068032). - arm64: kpti: Fix the interaction between ASID switching and software PAN (bsc#1068032). - arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0() (bsc#1068032). - arm64: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls (bsc#1076232). - arm64: kvm: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382). - arm64: kvm: Make PSCI_VERSION a fast path (bsc#1068032). - arm64: kvm: Use per-CPU vector when BP hardening is enabled (bsc#1068032). - arm64: Make USER_DS an inclusive limit (bsc#1068032). - arm64: Mask all exceptions during kernel_exit (bsc#1068032). - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper (bsc#1068032). - arm64: mm: Allocate ASIDs in pairs (bsc#1068032). - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: mm: hardcode rodata=true (bsc#1068032). - arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR (bsc#1068032). - arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI (bsc#1068032). - arm64: mm: Map entry trampoline into trampoline and kernel page tables (bsc#1068032). - arm64: mm: Move ASID from TTBR0 to TTBR1 (bsc#1068032). - arm64: mm: Permit transitioning from Global to Non-Global without BBM (bsc#1068032). - arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003 (bsc#1068032). - arm64: mm: Rename post_ttbr0_update_workaround (bsc#1068032). - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: mm: Use non-global mappings for kernel space (bsc#1068032). - arm64: Move BP hardening to check_and_switch_context (bsc#1068032). - arm64: Move post_ttbr_update_workaround to C code (bsc#1068032). - arm64: move TASK_* definitions to (bsc#1068032). - arm64: Move the async/fiq helpers to explicitly set process context flags (bsc#1068032). - arm64: Run enable method for errata work arounds on late CPUs (bsc#1085045). - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm (bsc#1068032). - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb (bsc#1068032). - arm64: swp emulation: bound LL/SC retries before rescheduling (bsc#1068032). - arm64: sysreg: Fix unprotected macro argmuent in write_sysreg (bsc#1068032). - arm64: Take into account ID_AA64PFR0_EL1.CSV3 (bsc#1068032). - arm64: thunderx2: remove branch predictor hardening References: bsc#1076232 This causes undefined instruction abort on the smc call from guest kernel. Disable until kvm is fixed. - arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks (bsc#1068032). - arm64: Turn on KPTI only on CPUs that need it (bsc#1076187). - arm64: uaccess: Do not bother eliding access_ok checks in __{get, put}_user (bsc#1068032). - arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user (bsc#1068032). - arm64: uaccess: Prevent speculative use of the current addr_limit (bsc#1068032). - arm64: use alternative auto-nop (bsc#1068032). - arm64: Use pointer masking to limit uaccess speculation (bsc#1068032). - arm64: use RET instruction for exiting the trampoline (bsc#1068032). - arm64: xen: Enable user access before a privcmd hvc call (bsc#1068032). - arm: 8731/1: Fix csum_partial_copy_from_user() stack mismatch (bnc#1012382). - arm: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function (bnc#1012382). - arm/arm64: kvm: Make default HYP mappings non-excutable (bsc#1068032). - arm: avoid faulting on qemu (bnc#1012382). - arm: BUG if jumping to usermode address in kernel mode (bnc#1012382). - arm-ccn: perf: Prevent module unload while PMU is in use (bnc#1012382). - arm: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory (bnc#1012382). - arm: dts: am335x-evmsk: adjust mmc2 param to allow suspend (bnc#1012382). - arm: dts: am4372: Correct the interrupts_properties of McASP (bnc#1012382). - arm: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen (bnc#1012382). - arm: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7 (bnc#1012382). - arm: dts: ls1021a: fix incorrect clock references (bnc#1012382). - arm: dts: s5pv210: add interrupt-parent for ohci (bnc#1012382). - arm: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property (bnc#1012382). - arm: dts: ti: fix PCI bus dtc warnings (bnc#1012382). - arm: kprobes: Align stack to 8-bytes in test code (bnc#1012382). - arm: kprobes: Fix the return address of multiple kretprobes (bnc#1012382). - arm: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls (bnc#1012382). - arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382). - arm: OMAP1: DMA: Correct the number of logical channels (bnc#1012382). - arm: OMAP2+: Fix device node reference counts (bnc#1012382). - arm: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context (bnc#1012382). - arm: OMAP2+: gpmc-onenand: propagate error on initialization failure (bnc#1012382). - arm: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (git-fixes). - arm: OMAP2+: Release device node after it is no longer needed (bnc#1012382). - arm: pxa/tosa-bt: add MODULE_LICENSE tag (bnc#1012382). - arm: spear13xx: Fix dmas cells (bnc#1012382). - arm: spear13xx: Fix spics gpio controller's warning (bnc#1012382). - arm: spear600: Add missing interrupt-parent of rtc (bnc#1012382). - arm: tegra: select USB_ULPI from EHCI rather than platform (bnc#1012382). - asm-prototypes: Clear any CPP defines before declaring the functions (git-fixes). - asn.1: check for error from ASN1_OP_END__ACT actions (bnc#1012382). - asn.1: fix out-of-bounds read when parsing indefinite length item (bnc#1012382). - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() (bsc#1031717). - ASoC: Intel: Kconfig: fix build when ACPI is not enabled (bnc#1012382). - ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()' (bsc#1031717). - ASoC: mediatek: add i2c dependency (bnc#1012382). - ASoC: nuc900: Fix a loop timeout test (bsc#1031717). - asoc: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382). - ASoC: rockchip: disable clock on error (bnc#1012382). - asoc: rsnd: avoid duplicate free_irq() (bnc#1012382). - asoc: rsnd: do not call free_irq() on Parent SSI (bnc#1012382). - asoc: simple-card: Fix misleading error message (bnc#1012382). - ASoC: ux500: add MODULE_LICENSE tag (bnc#1012382). - ata: ahci_xgene: free structure returned by acpi_get_object_info() (bsc#1082979). - ata: pata_artop: remove redundant initialization of pio (bsc#1082979). - ata: sata_dwc_460ex: remove incorrect locking (bsc#1082979). - ath9k: fix tx99 potential info leak (bnc#1012382). - atm: horizon: Fix irq release error (bnc#1012382). - audit: ensure that 'audit=1' actually enables audit for PID 1 (bnc#1012382). - axonram: Fix gendisk handling (bnc#1012382). - b2c2: flexcop: avoid unused function warnings (bnc#1012382). - backlight: pwm_bl: Fix overflow condition (bnc#1012382). - bcache: add a comment in journal bucket reading (bsc#1076110). - bcache: Avoid nested function definition (bsc#1076110). - bcache: bch_allocator_thread() is not freezable (bsc#1076110). - bcache: bch_writeback_thread() is not freezable (bsc#1076110). - bcache: check return value of register_shrinker (bsc#1076110). - bcache: documentation formatting, edited for clarity, stripe alignment notes (bsc#1076110). - bcache: documentation updates and corrections (bsc#1076110). - bcache: Do not reinvent the wheel but use existing llist API (bsc#1076110). - bcache: do not write back data if reading it failed (bsc#1076110). - bcache: explicitly destroy mutex while exiting (bnc#1012382). - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110). - bcache: fix sequential large write IO bypass (bsc#1076110). - bcache: fix wrong cache_misses statistics (bnc#1012382). - bcache: gc does not work when triggering by manual command (bsc#1076110, bsc#1038078). - bcache: implement PI controller for writeback rate (bsc#1076110). - bcache: increase the number of open buckets (bsc#1076110). - bcache: only permit to recovery read error when cache device is clean (bnc#1012382 bsc#1043652). - bcache: partition support: add 16 minors per bcacheN device (bsc#1076110, bsc#1019784). - bcache: rearrange writeback main thread ratelimit (bsc#1076110). - bcache: recover data from backing when data is clean (bnc#1012382 bsc#1043652). - bcache: Remove redundant set_capacity (bsc#1076110). - bcache: remove unused parameter (bsc#1076110). - bcache: rewrite multiple partitions support (bsc#1076110, bsc#1038085). - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110). - bcache: silence static checker warning (bsc#1076110). - bcache: smooth writeback rate control (bsc#1076110). - bcache.txt: standardize document format (bsc#1076110). - bcache: update bio->bi_opf bypass/writeback REQ_ flag hints (bsc#1076110). - bcache: update bucket_in_use in real time (bsc#1076110). - bcache: Update continue_at() documentation (bsc#1076110). - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110). - bcache: use llist_for_each_entry_safe() in __closure_wake_up() (bsc#1076110). - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110). - bcache: writeback rate shouldn't artifically clamp (bsc#1076110). - be2net: restore properly promisc mode after queues reconfiguration (bsc#963844 FATE#320192). - binder: add missing binder_unlock() (bnc#1012382). - binder: check for binder_thread allocation failure in binder_poll() (bnc#1012382). - binfmt_elf: compat: avoid unused function warning (bnc#1012382). - blacklist acb1feab320e powerpc/64: Do not trace irqs-off at interrupt return to soft-disabled context - blacklist.conf: Blacklist 9d25e3cc83d731ae4eeb017fd07562fde3f80bef Exynos IOMMU is not enabled in any config. - blacklist.conf: blacklist d207af2eab3f8668b95ad02b21930481c42806fd - blacklist.conf: blacklist too intrusive patches (bsc#1082979) - blacklist.conf: commit fd5f7cde1b85d4c8e09 ("printk: Never set console_may_schedule in console_trylock()") - blacklist.conf: da391d640c528bc5bb227ea5b39c882b75ac3167 Comment-only fix - blk-mq: add warning to __blk_mq_run_hw_queue() for ints disabled (bsc#1084772). - blk-mq: stop 'delayed_run_work' in blk_mq_stop_hw_queue() (bsc#1084967). - blk-mq: turn WARN_ON in __blk_mq_run_hw_queue into printk (bsc#1084772). - blktrace: fix unlocked registration of tracepoints (bnc#1012382). - block: fix an error code in add_partition() (bsc#1082979). - block: Fix __bio_integrity_endio() documentation (bsc#1082979). - block: wake up all tasks blocked in get_request() (bnc#1012382). - bluetooth: btsdio: Do not bind to non-removable BCM43341 (bnc#1012382). - bluetooth: btusb: driver to enable the usb-wakeup feature (bnc#1012382). - bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version (bnc#1012382). - bnx2x: do not rollback VF MAC/VLAN filters we did not configure (bnc#1012382). - bnx2x: fix possible overrun of VFPF multicast addresses array (bnc#1012382). - bnx2x: Improve reliability in case of nested PCI errors (bnc#1012382). - bnx2x: prevent crash when accessing PTP with interface down (bnc#1012382). - bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine (bnc#1012382). - bpf: arsh is not supported in 32 bit alu thus reject it (bnc#1012382). - bpf: avoid false sharing of map refcount with max_entries (bnc#1012382). - bpf: fix 32-bit divide by zero (bnc#1012382). - bpf: fix bpf_tail_call() x64 JIT (bnc#1012382). - bpf: fix divides by zero (bnc#1012382). - bpf: introduce BPF_JIT_ALWAYS_ON config (bnc#1012382). - bpf: reject stores into ctx via st and xadd (bnc#1012382). - bridge: implement missing ndo_uninit() (bsc#1042286). - bridge: move bridge multicast cleanup to ndo_uninit (bsc#1042286). - btrfs: add missing memset while reading compressed inline extents (bnc#1012382). - btrfs: copy fsid to super_block s_uuid (bsc#1080774). - btrfs: fix crash due to not cleaning up tree log block's dirty bits (bnc#1012382). - btrfs: fix deadlock in run_delalloc_nocow (bnc#1012382). - btrfs: fix deadlock when writing out space cache (bnc#1012382). - btrfs: Fix possible off-by-one in btrfs_search_path_in_tree (bnc#1012382). - btrfs: Fix quota reservation leak on preallocated files (bsc#1079989). - btrfs: fix unexpected -EEXIST when creating new inode (bnc#1012382). - btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker (bnc#1012382). - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382). - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382). - can: ems_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: esd_usb2: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: flex_can: Correct the checking for frame length in flexcan_start_xmit() (bnc#1012382). - can: gs_usb: fix return value of the "set_bittiming" callback (bnc#1012382). - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() (bnc#1012382). - can: kvaser_usb: free buf in error paths (bnc#1012382). - can: kvaser_usb: ratelimit errors if incomplete messages are received (bnc#1012382). - can: peak: fix potential bug in packet fragmentation (bnc#1012382). - can: ti_hecc: Fix napi poll return value for repoll (bnc#1012382). - can: usb_8dev: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - cdc-acm: apply quirk for card reader (bsc#1060279). - cdrom: factor out common open_for_* code (bsc#1048585). - cdrom: turn off autoclose by default (bsc#1080813). - cdrom: wait for tray to close (bsc#1048585). - ceph: fix incorrect snaprealm when adding caps (bsc#1081735). - ceph: fix un-balanced fsc->writeback_count update (bsc#1081735). - ceph: more accurate statfs (bsc#1077068). - cfg80211: check dev_set_name() return value (bnc#1012382). - cfg80211: fix cfg80211_beacon_dup (bnc#1012382). - cifs: dump IPC tcon in debug proc file (bsc#1071306). - cifs: Fix autonegotiate security settings mismatch (bnc#1012382). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bnc#1012382). - cifs: make IPC a regular tcon (bsc#1071306). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306). - cifs: zero sensitive data when freeing (bnc#1012382). - clk: fix a panic error caused by accessing NULL pointer (bnc#1012382). - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU (bnc#1012382). - clk: mediatek: add the option for determining PLL source clock (bnc#1012382). - clk: tegra: Fix cclk_lp divisor register (bnc#1012382). - config: arm64: enable HARDEN_BRANCH_PREDICTOR - config: arm64: enable UNMAP_KERNEL_AT_EL0 - console/dummy: leave .con_font_get set to NULL (bnc#1012382). - cpufreq: Add Loongson machine dependencies (bnc#1012382). - cpuidle: fix broadcast control when broadcast can not be entered (bnc#1012382). - cpuidle: powernv: Pass correct drv->cpumask for registration (bnc#1012382). - cpuidle: Validate cpu_dev in cpuidle_add_sysfs() (bnc#1012382). - crypto: aesni - handle zero length dst buffer (bnc#1012382). - crypto: af_alg - whitelist mask and type (bnc#1012382). - crypto: algapi - fix NULL dereference in crypto_remove_spawns() (bnc#1012382). - crypto: caam - fix endless loop when DECO acquire fails (bnc#1012382). - crypto: chacha20poly1305 - validate the digest size (bnc#1012382). - crypto: chelsio - select CRYPTO_GF128MUL (bsc#1048325). - crypto: cryptd - pass through absence of ->setkey() (bnc#1012382). - crypto: crypto4xx - increase context and scatter ring buffer elements (bnc#1012382). - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex (bnc#1012382). - crypto: hash - introduce crypto_hash_alg_has_setkey() (bnc#1012382). - crypto: mcryptd - protect the per-CPU queue with a lock (bnc#1012382). - crypto: n2 - cure use after free (bnc#1012382). - crypto: pcrypt - fix freeing pcrypt instances (bnc#1012382). - crypto: poly1305 - remove ->setkey() method (bnc#1012382). - crypto: s5p-sss - Fix completing crypto request in IRQ handler (bnc#1012382). - crypto: s5p-sss - Fix kernel Oops in AES-ECB mode (bnc#1012382). - crypto: tcrypt - fix buffer lengths in test_aead_speed() (bnc#1012382). - crypto: tcrypt - fix S/G table for test_aead_speed() (bnc#1012382). - crypto: x86/twofish-3way - Fix %rbp usage (bnc#1012382). - cw1200: fix bogus maybe-uninitialized warning (bnc#1012382). - cxl: Check if vphb exists before iterating over AFU devices (bsc#1066223). - dax: Pass detailed error code from __dax_fault() (bsc#1072484). - dccp: do not restart ccid2_hc_tx_rto_expire() if sk in closed state (bnc#1012382). - dccp: limit sk_filter trim to payload (bsc#1042286). - Deadly BUG_ON() had not been removed after all, merely relocated. (bnc#1083056) - delay: add poll_event_interruptible (bsc#1048585). - dell-wmi, dell-laptop: depends DMI (bnc#1012382). - direct-io: Fix sleep in atomic due to sync AIO (bsc#1084888). - dlm: fix double list_del() (bsc#1082795). - dlm: fix malfunction of dlm_tool caused by debugfs changes (bsc#1077704). - dlm: fix NULL pointer dereference in send_to_sock() (bsc#1082795). - dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved (bnc#1012382). - dmaengine: dmatest: fix container_of member in dmatest_callback (bnc#1012382). - dmaengine: dmatest: move callback wait queue to thread context (bnc#1012382). - dmaengine: Fix array index out of bounds warning in __get_unmap_pool() (bnc#1012382). - dmaengine: ioat: Fix error handling path (bnc#1012382). - dmaengine: jz4740: disable/unprepare clk if probe fails (bnc#1012382). - dmaengine: pl330: fix double lock (bnc#1012382). - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type (bnc#1012382). - dmaengine: zx: fix build warning (bnc#1012382). - dm btree: fix serious bug in btree_split_beneath() (bnc#1012382). - dm bufio: fix shrinker scans when (nr_to_scan < retain_target) (bnc#1012382). - dm: correctly handle chained bios in dec_pending() (bnc#1012382). - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 (bnc#1012382). - dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock (bnc#1012382). - do not put symlink bodies in pagecache into highmem (bnc#1012382). - dpt_i2o: fix build warning (bnc#1012382). - driver-core: use 'dev' argument in dev_dbg_ratelimited stub (bnc#1012382). - drivers/firmware: Expose psci_get_version through psci_ops structure (bsc#1068032). - drivers: hv: balloon: Correctly update onlined page count (fate#315887, bsc#1082632). - drivers: hv: balloon: Initialize last_post_time on startup (fate#315887, bsc#1082632). - drivers: hv: balloon: Show the max dynamic memory assigned (fate#315887, bsc#1082632). - drivers: hv: kvp: Use MAX_ADAPTER_ID_SIZE for translating adapter id (fate#315887, bsc#1082632). - drivers: hv: Turn off write permission on the hypercall page (fate#315887, bsc#1082632). - drivers: hv: vmbus: Fix rescind handling (fate#315887, bsc#1082632). - drivers: hv: vmbus: Fix rescind handling issues (fate#315887, bsc#1082632). - drivers/net: fix eisa_driver probe section mismatch (bnc#1012382). - drm/amd/amdgpu: fix console deadlock if late init failed (bnc#1012382). - drm/amdgpu: Avoid leaking PM domain on driver unbind (v2) (bnc#1012382). - drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode (bnc#1012382). - drm/amdkfd: Fix SDMA oversubsription handling (bnc#1012382). - drm/amdkfd: Fix SDMA ring buffer size calculation (bnc#1012382). - drm/armada: fix leak of crtc structure (bnc#1012382). - drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA (bnc#1012382). - drm: extra printk() wrapper macros (bnc#1012382). - drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement (bnc#1012382). - drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU (bnc#1012382). - drm/gma500: remove helper function (bnc#1012382). - drm/gma500: Sanity-check pipe index (bnc#1012382). - drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized (bnc#1012382). - drm/nouveau/pci: do a msi rearm on init (bnc#1012382). - drm/omap: fix dmabuf mmap for dma_alloc'ed buffers (bnc#1012382). - drm/radeon: adjust tested variable (bnc#1012382). - drm/radeon: reinstate oland workaround for sclk (bnc#1012382). - drm/radeon/si: add dpm quirk for Oland (bnc#1012382). - drm: rcar-du: Fix race condition when disabling planes at CRTC stop (bnc#1012382). - drm: rcar-du: Use the VBK interrupt for vblank events (bnc#1012382). - drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all (bnc#1012382). - drm/ttm: check the return value of kzalloc (bnc#1012382). - drm/vmwgfx: Potential off by one in vmw_view_add() (bnc#1012382). - drm/vmwgfx: use *_32_bits() macros (bnc#1012382). - dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 (bnc#1012382). - e1000: fix disabling already-disabled warning (bnc#1012382). - edac, i5000, i5400: Fix definition of NRECMEMB register (bnc#1012382). - edac, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro (bnc#1012382). - edac, octeon: Fix an uninitialized variable warning (bnc#1012382). - edac, sb_edac: Fix missing break in switch (bnc#1012382). - efi/esrt: Cleanup bad memory map log messages (bnc#1012382). - efi: Move some sysfs files to be read-only by root (bnc#1012382). - em28xx: only use mt9v011 if camera support is enabled (bnc#1012382). - enable DST_CACHE in non-vanilla configs except s390x/zfcpdump - eventpoll.h: add missing epoll event masks (bnc#1012382). - ext4: correct documentation for grpid mount option (bnc#1012382). - ext4: do not unnecessarily allocate buffer in recently_deleted() (bsc#1080344). - ext4: fix crash when a directory's i_size is too small (bnc#1012382). - ext4: Fix data exposure after failed AIO DIO (bsc#1069135 bsc#1082864). - ext4: Fix ENOSPC handling in DAX page fault handle (bsc#1072484). - ext4: fix fdatasync(2) after fallocate(2) operation (bnc#1012382). - ext4: save error to disk in __ext4_grp_locked_error() (bnc#1012382). - f2fs: fix a bug caused by NULL extent tree (bsc#1082478). - fbdev: auo_k190x: avoid unused function warnings (bnc#1012382). - fbdev: controlfb: Add missing modes to fix out of bounds access (bnc#1012382). - fbdev: s6e8ax0: avoid unused function warnings (bnc#1012382). - fbdev: sis: enforce selection of at least one backend (bnc#1012382). - fbdev: sm712fb: avoid unused function warnings (bnc#1012382). - Fix build error in vma.c (bnc#1012382). - Fixup hang when calling 'nvme list' on all paths down (bsc#1070052). - fjes: Fix wrong netdevice feature flags (bnc#1012382). - flow_dissector: properly cap thoff field (bnc#1012382). - fm10k: ensure we process SM mbx when processing VF mbx (bnc#1012382). - fork: clear thread stack upon allocation (bsc#1077560). - fs: Avoid invalidation in interrupt context in dio_complete() (bsc#1073407 bsc#1069135). - fscache: Fix the default for fscache_maybe_release_page() (bnc#1012382). - fs: Fix page cache inconsistency when mixing buffered and AIO DIO (bsc#1073407 bsc#1069135). - fs: invalidate page cache after end_io() in dio completion (bsc#1073407 bsc#1069135). - ftrace: Remove incorrect setting of glob search field (bnc#1012382). - futex: Prevent overflow by strengthen input validation (bnc#1012382). - gcov: disable for COMPILE_TEST (bnc#1012382). - geneve: fix populating tclass in geneve_get_v6_dst (bsc#1042286). - genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg (bnc#1012382). - genirq/msi: Fix populating multiple interrupts (bsc#1085047). - genirq: Restore trigger settings in irq_modify_status() (bsc#1085056). - genksyms: Fix segfault with invalid declarations (bnc#1012382). - gfs2: Take inode off order_write list when setting jdata flag (bnc#1012382). - gianfar: fix a flooded alignment reports because of padding issue (bnc#1012382). - go7007: add MEDIA_CAMERA_SUPPORT dependency (bnc#1012382). - gpio: altera: Use handle_level_irq when configured as a level_high (bnc#1012382). - gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE (bnc#1012382). - gpio: intel-mid: Fix build warning when !CONFIG_PM (bnc#1012382). - gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382). - gpio: xgene: mark PM functions as __maybe_unused (bnc#1012382). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (bnc#1012382). - gre: build header correctly for collect metadata tunnels (bsc#1042286). - gre: do not assign header_ops in collect metadata mode (bsc#1042286). - gre: do not keep the GRE header around in collect medata mode (bsc#1042286). - gre: reject GUE and FOU in collect metadata mode (bsc#1042286). - hdpvr: hide unused variable (bnc#1012382). - hid: chicony: Add support for another ASUS Zen AiO keyboard (bnc#1012382). - hid: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working (bnc#1012382). - hid: xinmo: fix for out of range for THT 2P arcade controller (bnc#1012382). - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close (bnc#1012382). - hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers) (bnc#1012382). - hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1012382). - hv: kvp: Avoid reading past allocated blocks from KVP file (bnc#1012382). - hv_netvsc: Add ethtool handler to set and get TCP hash levels (fate#315887, bsc#1082632). - hv_netvsc: Add ethtool handler to set and get UDP hash levels (fate#315887, bsc#1082632). - hv_netvsc: Add initialization of tx_table in netvsc_device_add() (fate#315887, bsc#1082632). - hv_netvsc: Change the hash level variable to bit flags (fate#315887, bsc#1082632). - hv_netvsc: Clean up an unused parameter in rndis_filter_set_rss_param() (fate#315887, bsc#1082632). - hv_netvsc: Clean up unused parameter from netvsc_get_hash() (fate#315887, bsc#1082632). - hv_netvsc: Clean up unused parameter from netvsc_get_rss_hash_opts() (fate#315887, bsc#1082632). - hv_netvsc: copy_to_send buf can be void (fate#315887, bsc#1082632). - hv_netvsc: do not need local xmit_more (fate#315887, bsc#1082632). - hv_netvsc: drop unused macros (fate#315887, bsc#1082632). - hv_netvsc: empty current transmit aggregation if flow blocked (fate#315887, bsc#1082632). - hv_netvsc: Fix rndis_filter_close error during netvsc_remove (fate#315887, bsc#1082632). - hv_netvsc: fix send buffer failure on MTU change (fate#315887, bsc#1082632). - hv_netvsc: Fix the channel limit in netvsc_set_rxfh() (fate#315887, bsc#1082632). - hv_netvsc: Fix the real number of queues of non-vRSS cases (fate#315887, bsc#1082632). - hv_netvsc: Fix the receive buffer size limit (fate#315887, bsc#1082632). - hv_netvsc: Fix the TX/RX buffer default sizes (fate#315887, bsc#1082632). - hv_netvsc: hide warnings about uninitialized/missing rndis device (fate#315887, bsc#1082632). - hv_netvsc: make const array ver_list static, reduces object code size (fate#315887, bsc#1082632). - hv_netvsc: optimize initialization of RNDIS header (fate#315887, bsc#1082632). - hv_netvsc: pass netvsc_device to receive callback (fate#315887, bsc#1082632). - hv_netvsc: remove open_cnt reference count (fate#315887, bsc#1082632). - hv_netvsc: Rename ind_table to rx_table (fate#315887, bsc#1082632). - hv_netvsc: Rename tx_send_table to tx_table (fate#315887, bsc#1082632). - hv_netvsc: replace divide with mask when computing padding (fate#315887, bsc#1082632). - hv_netvsc: report stop_queue and wake_queue (fate#315887, bsc#1082632). - hv_netvsc: simplify function args in receive status path (fate#315887, bsc#1082632). - hv_netvsc: Simplify the limit check in netvsc_set_channels() (fate#315887, bsc#1082632). - hv_netvsc: track memory allocation failures in ethtool stats (fate#315887, bsc#1082632). - hv: preserve kabi by keeping hv_do_hypercall (bnc#1082632). - hwmon: (asus_atk0110) fix uninitialized data access (bnc#1012382). - hwmon: (pmbus) Use 64bit math for DIRECT format values (bnc#1012382). - hwrng: exynos - use __maybe_unused to hide pm functions (bnc#1012382). - hyper-v: trace vmbus_ongpadl_created() (fate#315887, bsc#1082632). - hyper-v: trace vmbus_ongpadl_torndown() (fate#315887, bsc#1082632). - hyper-v: trace vmbus_on_message() (fate#315887, bsc#1082632). - hyper-v: trace vmbus_on_msg_dpc() (fate#315887, bsc#1082632). - hyper-v: trace vmbus_onoffer() (fate#315887, bsc#1082632). - hyper-v: trace vmbus_onoffer_rescind() (fate#315887, bsc#1082632). - hyper-v: trace vmbus_onopen_result() (fate#315887, bsc#1082632). - hyper-v: trace vmbus_onversion_response() (fate#315887, bsc#1082632). - hyper-v: Use fast hypercall for HVCALL_SIGNAL_EVENT (fate#315887, bsc#1082632). - i2c: remove __init from i2c_register_board_info() (bnc#1012382). - i40iw: Account for IPv6 header when setting MSS (bsc#1024376 FATE#321249). - i40iw: Allocate a sdbuf per CQP WQE (bsc#1024376 FATE#321249). - i40iw: Cleanup AE processing (bsc#1024376 FATE#321249). - i40iw: Clear CQP Head/Tail during initialization (bsc#1024376 FATE#321249). - i40iw: Correct ARP index mask (bsc#1024376 FATE#321249). - i40iw: Correct Q1/XF object count equation (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Do not allow posting WR after QP is flushed (bsc#1024376 FATE#321249). - i40iw: Do not free sqbuf when event is I40IW_TIMER_TYPE_CLOSE (bsc#1024376 FATE#321249). - i40iw: Do not generate CQE for RTR on QP flush (bsc#1024376 FATE#321249). - i40iw: Do not retransmit MPA request after it is ACKed (bsc#1024376 FATE#321249). - i40iw: Fixes for static checker warnings (bsc#1024376 FATE#321249). - i40iw: Fix sequence number for the first partial FPDU (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Fix the connection ORD value for loopback (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Ignore AE source field in AEQE for some AEs (bsc#1024376 FATE#321249). - i40iw: Move cqp_cmd_head init to CQP initialization (bsc#1024376 FATE#321249). - i40iw: Move exception_lan_queue to VSI structure (bsc#1024376 FATE#321249). - i40iw: Move MPA request event for loopback after connect (bsc#1024376 FATE#321249). - i40iw: Notify user of established connection after QP in RTS (bsc#1024376 FATE#321249). - i40iw: Reinitialize IEQ on MTU change (bsc#1024376 FATE#321249). - i40iw: Remove limit on re-posting AEQ entries to HW (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Selectively teardown QPs on IP addr change event (bsc#1024376 FATE#321249). - i40iw: Validate correct IRD/ORD connection parameters (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - ib/hfi1: Fix for potential refcount leak in hfi1_open_file() (FATE#321231 FATE#321473). - ib/hfi1: Fix misspelling in comment (bsc#973818, fate#319242). - ib/hfi1: Prevent kernel QP post send hard lockups (bsc#973818 FATE#319242). - ib/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush (git-fixes). - ib/ipoib: Fix race condition in neigh creation (bsc#1022595 FATE#322350). - ib/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop (bnc#1012382). - ib/iser: Handle lack of memory management extentions correctly (bsc#1082979). - ib/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH ports (bnc#1012382). - ib/mlx4: Fix mlx4_ib_alloc_mr error flow (bnc#1012382). - ib/mlx4: Increase maximal message size under UD QP (bnc#1012382). - ib/mlx5: Assign send CQ and recv CQ of UMR QP (bnc#1012382). - ib/mlx5: Serialize access to the VMA list (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - ibmvnic: Account for VLAN header length in TX buffers (bsc#1085239). - ibmvnic: Account for VLAN tag in L2 Header descriptor (bsc#1085239). - ibmvnic: Allocate and request vpd in init_resources (bsc#1076872). - ibmvnic: Allocate max queues stats buffers (bsc#1081498). - ibmvnic: Allocate statistics buffers during probe (bsc#1082993). - ibmvnic: Check for NULL skb's in NAPI poll routine (bsc#1081134, git-fixes). - ibmvnic: Clean RX pool buffers during device close (bsc#1081134). - ibmvnic: Clean up device close (bsc#1084610). - ibmvnic: Correct goto target for tx irq initialization failure (bsc#1082223). - ibmvnic: Do not attempt to login if RX or TX queues are not allocated (bsc#1082993). - ibmvnic: Do not disable device during failover or partition migration (bsc#1084610). - ibmvnic: Do not handle RX interrupts when not up (bsc#1075066). - ibmvnic: Ensure that buffers are NULL after free (bsc#1080014). - ibmvnic: Fix early release of login buffer (bsc#1081134, git-fixes). - ibmvnic: fix empty firmware version and errors cleanup (bsc#1079038). - ibmvnic: fix firmware version when no firmware level has been provided by the VIOS server (bsc#1079038). - ibmvnic: Fix IP offload control buffer (bsc#1076899). - ibmvnic: Fix IPv6 packet descriptors (bsc#1076899). - ibmvnic: Fix login buffer memory leaks (bsc#1081134). - ibmvnic: Fix NAPI structures memory leak (bsc#1081134). - ibmvnic: Fix pending MAC address changes (bsc#1075627). - ibmvnic: Fix recent errata commit (bsc#1085239). - ibmvnic: Fix rx queue cleanup for non-fatal resets (bsc#1080014). - ibmvnic: Fix TX descriptor tracking again (bsc#1082993). - ibmvnic: Fix TX descriptor tracking (bsc#1081491). - ibmvnic: Free and re-allocate scrqs when tx/rx scrqs change (bsc#1081498). - ibmvnic: Free RX socket buffer in case of adapter error (bsc#1081134). - ibmvnic: Generalize TX pool structure (bsc#1085224). - ibmvnic: Handle TSO backing device errata (bsc#1085239). - ibmvnic: Harden TX/RX pool cleaning (bsc#1082993). - ibmvnic: Improve TX buffer accounting (bsc#1085224). - ibmvnic: Keep track of supplementary TX descriptors (bsc#1081491). - ibmvnic: Make napi usage dynamic (bsc#1081498). - ibmvnic: Modify buffer size and number of queues on failover (bsc#1076872). - ibmvnic: Move active sub-crq count settings (bsc#1081498). - ibmvnic: Pad small packets to minimum MTU size (bsc#1085239). - ibmvnic: queue reset when CRQ gets closed during reset (bsc#1080263). - ibmvnic: Remove skb->protocol checks in ibmvnic_xmit (bsc#1080384). - ibmvnic: Rename active queue count variables (bsc#1081498). - ibmvnic: Reorganize device close (bsc#1084610). - ibmvnic: Report queue stops and restarts as debug output (bsc#1082993). - ibmvnic: Reset long term map ID counter (bsc#1080364). - ibmvnic: Revert to previous mtu when unsupported value requested (bsc#1076872). - ibmvnic: Split counters for scrq/pools/napi (bsc#1082223). - ibmvnic: Update and clean up reset TX pool routine (bsc#1085224). - ibmvnic: Update release RX pool routine (bsc#1085224). - ibmvnic: Update TX and TX completion routines (bsc#1085224). - ibmvnic: Update TX pool initialization routine (bsc#1085224). - ibmvnic: Wait for device response when changing MAC (bsc#1078681). - ibmvnic: Wait until reset is complete to set carrier on (bsc#1081134). - ib/qib: Fix comparison error with qperf compare/swap test (FATE#321231 FATE#321473). - ib/rdmavt: restore IRQs on error path in rvt_create_ah() (bsc#973818, fate#319242). - ib/srpt: Disable RDMA access by the initiator (bnc#1012382). - ib/srpt: Fix ACL lookup during login (bsc#1024296 FATE#321265). - ib/srpt: Remove an unused structure member (bsc#1082979). - idle: i7300: add PCI dependency (bnc#1012382). - igb: check memory allocation failure (bnc#1012382). - igb: Free IRQs when device is hotplugged (bnc#1012382). - iio: adc: axp288: remove redundant duplicate const on axp288_adc_channels (bnc#1012382). - iio: adis_lib: Initialize trigger before requesting interrupt (bnc#1012382). - iio: buffer: check if a buffer has been set up when poll is called (bnc#1012382). - ima: fix hash algorithm initialization (bnc#1012382). - inet: frag: release spinlock before calling icmp_send() (bnc#1012382). - input: 88pm860x-ts - fix child-node lookup (bnc#1012382). - input: elantech - add new icbody type 15 (bnc#1012382). - input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list (bnc#1012382). - input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning (bnc#1012382). - input: tca8418_keypad - remove double read of key event register (git-fixes). - input: trackpoint - force 3 buttons if 0 button is reported (bnc#1012382). - input: twl4030-vibra - fix sibling-node lookup (bnc#1012382). - input: twl6040-vibra - fix child-node lookup (bnc#1012382). - input: twl6040-vibra - fix DT node memory management (bnc#1012382). - intel_th: pci: Add Gemini Lake support (bnc#1012382). - iommu/amd: Add align parameter to alloc_irq_index() (bsc#975772). - iommu/amd: Enforce alignment for MSI IRQs (bsc#975772). - iommu/amd: Fix alloc_irq_index() increment (bsc#975772). - iommu/amd: Limit the IOVA page range to the specified addresses (fate#321026). - iommu/arm-smmu-v3: Cope with duplicated Stream IDs (bsc#1084926). - iommu/arm-smmu-v3: Do not free page table ops twice (bnc#1012382). - iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range (bsc#1084928). - iommu/vt-d: Fix scatterlist offset handling (bnc#1012382). - iommu/vt-d: Use domain instead of cache fetching (bsc#975772). - ip6_gre: remove the incorrect mtu limit for ipgre tap (bsc#1022912 FATE#321246). - ip6mr: fix stale iterator (bnc#1012382). - ip6_tunnel: disable dst caching if tunnel is dual-stack (bnc#1012382). - ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689). - ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689). - ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689). - ipmi: Stop timers before cleaning up the module (bnc#1012382). - ip_tunnel: fix preempt warning in ip tunnel creation/updating (bnc#1012382). - ip_tunnel: replace dst_cache with generic implementation (bnc#1012382). - ipv4: allow local fragmentation in ip_finish_output_gso() (bsc#1042286). - ipv4: fix checksum annotation in udp4_csum_init (bsc#1042286). - ipv4: Fix use-after-free when flushing FIB tables (bnc#1012382). - ipv4: igmp: guard against silly MTU values (bnc#1012382). - ipv4: ipconfig: avoid unused ic_proto_used symbol (bnc#1012382). - ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY (bnc#1012382). - ipv4: update comment to document GSO fragmentation cases (bsc#1042286). - ipv6: datagram: Refactor dst lookup and update codes to a new function (bsc#1042286). - ipv6: datagram: Refactor flowi6 init codes to a new function (bsc#1042286). - ipv6: datagram: Update dst cache of a connected datagram sk during pmtu update (bsc#1042286). - ipv6: fix checksum annotation in udp6_csum_init (bsc#1042286). - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL (bnc#1012382). - ipv6: fix possible mem leaks in ipv6_make_skb() (bnc#1012382). - ipv6: fix udpv6 sendmsg crash caused by too small MTU (bnc#1012382). - ipv6: icmp6: Allow icmp messages to be looped back (bnc#1012382). - ipv6/ila: fix nlsize calculation for lwtunnel (bsc#1042286). - ipv6: ip6_make_skb() needs to clear cork.base.dst (git-fixes). - ipv6: mcast: better catch silly mtu values (bnc#1012382). - ipv6: remove unused in6_addr struct (bsc#1042286). - ipv6: reorder icmpv6_init() and ip6_mr_init() (bnc#1012382). - ipv6: tcp: fix endianness annotation in tcp_v6_send_response (bsc#1042286). - ipv6: udp: Do a route lookup and update during release_cb (bsc#1042286). - ipvlan: Add the skb->mark as flow4's member to lookup route (bnc#1012382). - ipvlan: fix ipv6 outbound device (bnc#1012382). - ipvlan: fix multicast processing (bsc#1042286). - ipvlan: fix various issues in ipvlan_process_multicast() (bsc#1042286). - ipvlan: remove excessive packet scrubbing (bsc#1070799). - irda: vlsi_ir: fix check for DMA mapping errors (bnc#1012382). - irqchip/crossbar: Fix incorrect type of register size (bnc#1012382). - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq() (bnc#1012382). - iscsi_iser: Re-enable 'iser_pi_guard' module parameter (bsc#1062129). - iscsi-target: fix memory leak in lio_target_tiqn_addtpg() (bnc#1012382). - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref (bnc#1012382). - isdn: eicon: reduce stack size of sig_ind function (bnc#1012382). - isdn: icn: remove a #warning (bnc#1012382). - isdn: kcapi: avoid uninitialized data (bnc#1012382). - isdn: sc: work around type mismatch warning (bnc#1012382). - iser-target: Fix possible use-after-free in connection establishment error (FATE#321732). - iw_cxgb4: Only validate the MSN for successful completions (bnc#1012382). - ixgbe: fix use of uninitialized padding (bnc#1012382). - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path (git-fixes). - jump_label: Invoke jump_label_test() via early_initcall() (bnc#1012382). - Kabi: Keep KVM stable after enable s390 wire up bpb feature (bsc#1076805). - kABI: protect struct bpf_map (kabi). - kABI: protect struct cpuinfo_x86 (kabi). - kABI: protect struct ethtool_link_settings (bsc#1085050). - kABI: protect struct ip_tunnel and reintroduce ip_tunnel_dst_reset_all (kabi). - kABI: protect struct ipv6_pinfo (kabi). - kABI: protect struct t10_alua_tg_pt_gp (kabi). - kABI: protect struct usbip_device (kabi). - kABI: reintroduce crypto_poly1305_setkey (kabi). - kabi: restore kabi after "net: replace dst_cache ip6_tunnel implementation with the generic one" (bsc#1082897). - kabi: restore nft_set_elem_destroy() signature (bsc#1042286). - kabi: restore rhashtable_insert_slow() signature (bsc#1042286). - kabi/severities: add sclp to KABI ignore list - kabi/severities: add __x86_indirect_thunk_rsp - kabi/severities: arm64: ignore cpu capability array - kabi/severities: as per bsc#1068569 we can ignore XFS kabi The gods have spoken, let there be light. - kabi/severities: do not care about stuff_RSB - kabi/severities: Ignore kvm for KABI severities - kabi: uninline sk_receive_skb() (bsc#1042286). - kaiser: fix compile error without vsyscall (bnc#1012382). - kaiser: fix intel_bts perf crashes (bnc#1012382). - kaiser: Set _PAGE_NX only if supported (bnc#1012382). - kasan: rework Kconfig settings (bnc#1012382). - kbuild: add '-fno-stack-check' to kernel build options (bnc#1012382). - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032). - kbuild: pkg: use --transform option to prefix paths in tar (bnc#1012382). - kdb: Fix handling of kallsyms_symbol_next() return value (bnc#1012382). - kernel/acct.c: fix the acct->needcheck check in check_free_space() (bnc#1012382). - kernel/async.c: revert "async: simplify lowest_in_progress()" (bnc#1012382). - kernel: fix rwlock implementation (bnc#1079886, LTC#164371). - kernel: make groups_sort calling a responsibility group_info allocators (bnc#1012382). - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals (bnc#1012382). - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL (bnc#1012382). - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal() (bnc#1012382). - kernfs: fix regression in kernfs_fop_write caused by wrong type (bnc#1012382). - keys: add missing permission check for request_key() destination (bnc#1012382). - keys: encrypted: fix buffer overread in valid_master_desc() (bnc#1012382). - kmemleak: add scheduling point to kmemleak_scan() (bnc#1012382). - kprobes/x86: Disable preemption in ftrace-based jprobes (bnc#1012382). - kpti: Rename to PAGE_TABLE_ISOLATION (bnc#1012382). - kpti: Report when enabled (bnc#1012382). - kvm: add X86_LOCAL_APIC dependency (bnc#1012382). - kvm: ARM64: fix phy counter access failure in guest (bsc#1085015). - kvm: arm/arm64: Check pagesize when allocating a hugepage at Stage 2 (bsc#1079029). - kvm: Fix stack-out-of-bounds read in write_mmio (bnc#1012382). - kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types (bnc#1012382). - kvm: nVMX: Fix races when sending nested PI while dest enters/leaves L2 (bnc#1012382). - kvm: nVMX: invvpid handling improvements (bnc#1012382). - kvm: nVMX: kmap() can't fail (bnc#1012382). - kvm: nVMX: reset nested_run_pending if the vCPU is going to be reset (bnc#1012382). - kvm: nVMX: VMCLEAR should not cause the vCPU to shut down (bnc#1012382). - kvm: nVMX: vmx_complete_nested_posted_interrupt() can't fail (bnc#1012382). - kvm: pci-assign: do not map smm memory slot pages in vt-d page tables (bnc#1012382). - kvm: PPC: Book3S PR: Fix svcpu copying with preemption enabled (bsc#1066223). - kvm: s390: Add operation exception interception handler (FATE#324070, LTC#158959). - kvm: s390: Add sthyi emulation (FATE#324070, LTC#158959). - kvm: s390: Enable all facility bits that are known good for passthrough (bsc#1076805). - kvm: s390: Enable all facility bits that are known good for passthrough (FATE#324071, LTC#158956). - kvm: s390: Extend diag 204 fields (FATE#324070, LTC#158959). - kvm: s390: Fix STHYI buffer alignment for diag224 (FATE#324070, LTC#158959). - kvm: s390: instruction-execution-protection support (LTC#162428). - kvm: s390: Introduce BCD Vector Instructions to the guest (FATE#324072, LTC#158953). - kvm: s390: Introduce Vector Enhancements facility 1 to the guest (FATE#324072, LTC#158953). - kvm: s390: Limit sthyi execution (FATE#324070, LTC#158959). - kvm: s390: Populate mask of non-hypervisor managed facility bits (FATE#324071, LTC#158956). - kvm: s390: wire up bpb feature (bsc#1076805). - kvm: VMX: clean up declaration of VPID/EPT invalidation types (bnc#1012382). - kvm: VMX: Fix enable VPID conditions (bnc#1012382). - kvm: VMX: Fix rflags cache during vCPU reset (bnc#1012382). - kvm: VMX: Make indirect call speculation safe (bnc#1012382). - kvm: VMX: remove I/O port 0x80 bypass on Intel hosts (bnc#1012382). - kvm: vmx: Scrub hardware GPRs at VM-exit (bnc#1012382 bsc#1068032). - kvm: x86: Add memory barrier on vmcs field lookup (bnc#1012382). - kvm: x86: correct async page present tracepoint (bnc#1012382). - kvm: x86: Do not re-execute instruction when not passing CR2 value (bnc#1012382). - kvm: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure (bnc#1012382). - kvm: x86: fix escape of guest dr6 to the host (bnc#1012382). - kvm: X86: Fix load RFLAGS w/o the fixed bit (bnc#1012382). - kvm: X86: Fix operand/address-size during instruction decoding (bnc#1012382). - kvm: x86: fix RSM when PCID is non-zero (bnc#1012382). - kvm: x86: ioapic: Clear Remote IRR when entry is switched to edge-triggered (bnc#1012382). - kvm: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race (bnc#1012382). - kvm: x86: ioapic: Preserve read-only values in the redirection table (bnc#1012382). - kvm: x86: Make indirect calls in emulator speculation safe (bnc#1012382). - kvm/x86: Reduce retpoline performance impact in slot_handle_level_range(), by always inlining iterator helper methods (bnc#1012382). - l2tp: cleanup l2tp_tunnel_delete calls (bnc#1012382). - l2tp: fix use-after-free during module unload (bsc#1042286). - lan78xx: Fix failure in USB Full Speed (bnc#1012382). - led: core: Fix brightness setting when setting delay_off=0 (bnc#1012382). - leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464). - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (bnc#1012382). - libata: drop WARN from protocol error in ata_sff_qc_issue() (bnc#1012382). - libceph: check kstrndup() return value (bsc#1081735). - lib/genalloc.c: make the avail variable an atomic_long_t (bnc#1012382). - lib/mpi: Fix umul_ppmm() for MIPS64r6 (bnc#1012382). - lib/uuid.c: introduce a few more generic helpers (fate#315887, bsc#1082632). - lib/uuid.c: use correct offset in uuid parser (fate#315887, bsc#1082632). - livepatch: introduce shadow variable API (bsc#1082299 fate#313296). Shadow variables support. - livepatch: __kgr_shadow_get_or_alloc() is local to shadow.c (bsc#1082299 fate#313296). Shadow variables support. - lockd: fix "list_add double add" caused by legacy signal interface (bnc#1012382). - loop: fix concurrent lo_open/lo_release (bnc#1012382). - mac80211: fix the update of path metric for RANN frame (bnc#1012382). - mac80211: mesh: drop frames appearing to be from us (bnc#1012382). - macvlan: Only deliver one copy of the frame to the macvlan interface (bnc#1012382). - Make DST_CACHE a silent config option (bnc#1012382). - mdio-sun4i: Fix a memory leak (bnc#1012382). - md: more open-coded offset_in_page() (bsc#1076110). - md/raid1: Use a new variable to count flighting sync requests(bsc#1083048) - media: cxusb, dib0700: ignore XC2028_I2C_FLUSH (bnc#1012382). - media: dvb: i2c transfers over usb cannot be done from stack (bnc#1012382). - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start (bnc#1012382). - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner (bnc#1012382). - media: r820t: fix r820t_write_reg for KASAN (bnc#1012382). - media: s5k6aa: describe some function parameters (bnc#1012382). - media: soc_camera: soc_scale_crop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382). - media: ts2020: avoid integer overflows on 32 bit machines (bnc#1012382). - media: usbtv: add a new usbid (bnc#1012382). - media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF (bnc#1012382). - media: v4l2-compat-ioctl32.c: avoid sizeof(type) (bnc#1012382). - media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 (bnc#1012382). - media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 (bnc#1012382). - media: v4l2-compat-ioctl32.c: do not copy back the result for certain errors (bnc#1012382). - media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type (bnc#1012382). - media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer (bnc#1012382). - media: v4l2-compat-ioctl32.c: fix the indentation (bnc#1012382). - media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs (bnc#1012382). - media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32 (bnc#1012382). - media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha (bnc#1012382). - media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic (bnc#1012382). - media: v4l2-ioctl.c: do not copy back the result for -ENOTTY (bnc#1012382). - mfd: cros ec: spi: Do not send first message too soon (bnc#1012382). - mfd: twl4030-audio: Fix sibling-node lookup (bnc#1012382). - mfd: twl6040: Fix child-node lookup (bnc#1012382). - MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET (bnc#1012382). - MIPS: AR7: ensure the port type's FCR value is used (bnc#1012382). - MIPS: Consistently handle buffer counter with PTRACE_SETREGSET (bnc#1012382). - MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses (bnc#1012382). - MIPS: Factor out NT_PRFPREG regset access helpers (bnc#1012382). - MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA (bnc#1012382). - MIPS: Guard against any partial write attempt with PTRACE_SETREGSET (bnc#1012382). - MIPS: math-emu: Fix final emulation phase for certain instructions (bnc#1012382). - MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task (bnc#1012382). - mlxsw: reg: Fix SPVMLR max record count (bnc#1012382). - mlxsw: reg: Fix SPVM max record count (bnc#1012382). - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers (bnc#1012382). - mmc: bcm2835: Do not overwrite max frequency unconditionally (bsc#983145, git-fixes). - mmc: mediatek: Fixed bug where clock frequency could be set wrong (bnc#1012382). - mm: drop unused pmdp_huge_get_and_clear_notify() (bnc#1012382). - mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep (bnc#1012382). - mm: Handle 0 flags in _calc_vm_trans() macro (bnc#1012382). - mm: hide a #warning for COMPILE_TEST (bnc#1012382). - mm/kmemleak.c: make cond_resched() rate-limiting more efficient (git-fixes). - mm/mprotect: add a cond_resched() inside change_pmd_range() (bnc#1077871, bnc#1078002). - mm: pin address_space before dereferencing it while isolating an LRU page (bnc#1081500). - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed (bnc#1012382). - mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP (bnc#1012382). - mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy (bnc#1012382). - modsign: hide openssl output in silent builds (bnc#1012382). - module: Add retpoline tag to VERMAGIC (bnc#1012382). - module/retpoline: Warn about missing retpoline in module (bnc#1012382). - module: set __jump_table alignment to 8 (bnc#1012382). - more bio_map_user_iov() leak fixes (bnc#1012382). - mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM (bsc#1078583). - mptfusion: hide unused seq_mpt_print_ioc_summary function (bnc#1012382). - mtd: cfi: convert inline functions to macros (bnc#1012382). - mtd: cfi: enforce valid geometry configuration (bnc#1012382). - mtd: ichxrom: maybe-uninitialized with gcc-4.9 (bnc#1012382). - mtd: maps: add __init attribute (bnc#1012382). - mtd: nand: brcmnand: Disable prefetch by default (bnc#1012382). - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382). - mtd: nand: Fix nand_do_read_oob() return value (bnc#1012382). - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM (bnc#1012382). - mtd: nand: sunxi: Fix ECC strength choice (bnc#1012382). - mtd: sh_flctl: pass FIFO as physical address (bnc#1012382). - mvpp2: fix multicast address filter (bnc#1012382). - ncpfs: fix unused variable warning (bnc#1012382). - ncr5380: shut up gcc indentation warning (bnc#1012382). - net: add dst_cache support (bnc#1012382). - net: Allow neigh contructor functions ability to modify the primary_key (bnc#1012382). - net/appletalk: Fix kernel memory disclosure (bnc#1012382). - net: arc_emac: fix arc_emac_rx() error paths (bnc#1012382). - net: avoid skb_warn_bad_offload on IS_ERR (bnc#1012382). - net: bcmgenet: correct MIB access of UniMAC RUNT counters (bnc#1012382). - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values (bnc#1012382). - net: bcmgenet: power down internal phy if open or resume fails (bnc#1012382). - net: bcmgenet: Power up the internal PHY before probing the MII (bnc#1012382). - net: bcmgenet: reserved phy revisions must be checked first (bnc#1012382). - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks (bnc#1012382). - net: cdc_ncm: initialize drvflags before usage (bnc#1012382). - net: core: fix module type in sock_diag_bind (bnc#1012382). - net: Do not allow negative values for busy_read and busy_poll sysctl interfaces (bnc#1012382). - net: dst_cache_per_cpu_dst_set() can be static (bnc#1012382). - net: ena: add detection and recovery mechanism for handling missed/misrouted MSI-X (bsc#1083548). - net: ena: add new admin define for future support of IPv6 RSS (bsc#1083548). - net: ena: add power management ops to the ENA driver (bsc#1083548). - net: ena: add statistics for missed tx packets (bsc#1083548). - net: ena: fix error handling in ena_down() sequence (bsc#1083548). - net: ena: fix race condition between device reset and link up setup (bsc#1083548). - net: ena: fix rare kernel crash when bar memory remap fails (bsc#1083548). - net: ena: fix wrong max Tx/Rx queues on ethtool (bsc#1083548). - net: ena: improve ENA driver boot time (bsc#1083548). - net: ena: increase ena driver version to 1.3.0 (bsc#1083548). - net: ena: increase ena driver version to 1.5.0 (bsc#1083548). - net: ena: reduce the severity of some printouts (bsc#1083548). - net: ena: remove legacy suspend suspend/resume support (bsc#1083548). - net: ena: Remove redundant unlikely() (bsc#1083548). - net: ena: unmask MSI-X only after device initialization is completed (bsc#1083548). - net: ethernet: cavium: Correct Cavium Thunderx NIC driver names accordingly to module name (bsc#1085011). - net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit (bnc#1012382). - net: ethtool: Add back transceiver type (bsc#1085050). - net: ethtool: remove error check for legacy setting transceiver type (bsc#1085050). - net: fec: fix multicast filtering hardware setup (bnc#1012382). - netfilter: bridge: honor frag_max_size when refragmenting (bnc#1012382). - netfilter: do not track fragmented packets (bnc#1012382). - netfilter: drop outermost socket lock in getsockopt() (bnc#1012382). - netfilter: ebtables: CONFIG_COMPAT: do not trust userland offsets (bsc#1085107). - netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107). - netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check() (bnc#1012382). - netfilter: ipvs: avoid unused variable warnings (bnc#1012382). - netfilter: ipvs: Fix inappropriate output of procfs (bnc#1012382). - netfilter: nfnetlink_queue: fix secctx memory leak (bnc#1012382). - netfilter: nfnetlink_queue: fix timestamp attribute (bsc#1074134). - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table (bnc#1012382). - netfilter: nfnl_cthelper: Fix memory leak (bnc#1012382). - netfilter: nfnl_cthelper: fix runtime expectation policy updates (bnc#1012382). - netfilter: nf_queue: Make the queue_handler pernet (bnc#1012382). - netfilter: nf_tables: fix a wrong check to skip the inactive rules (bsc#1042286). - netfilter: nf_tables: fix inconsistent element expiration calculation (bsc#1042286). - netfilter: nf_tables: fix *leak* when expr clone fail (bsc#1042286). - netfilter: nf_tables: fix race when create new element in dynset (bsc#1042286). - netfilter: on sockopt() acquire sock lock only in the required scope (bnc#1012382). - netfilter: tee: select NF_DUP_IPV6 unconditionally (bsc#1042286). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (bnc#1012382). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (bnc#1012382). - netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert (bnc#1012382). - netfilter: xt_socket: fix transparent match for IPv6 request sockets (bsc#1042286). - net: Fix double free and memory corruption in get_net_ns_by_id() (bnc#1012382). - net: gianfar_ptp: move set_fipers() to spinlock protecting area (bnc#1012382). - net: hns: add ACPI mode support for ethtool -p (bsc#1084041). - net: hp100: remove unnecessary #ifdefs (bnc#1012382). - net: igmp: add a missing rcu locking section (bnc#1012382). - net: igmp: fix source address check for IGMPv3 reports (bnc#1012382). - net: igmp: Use correct source address on IGMPv3 reports (bnc#1012382). - net: initialize msg.msg_flags in recvfrom (bnc#1012382). - net: ipv4: fix for a race condition in raw_sendmsg (bnc#1012382). - net/ipv4: Introduce IPSKB_FRAG_SEGS bit to inet_skb_parm.flags (bsc#1042286). - netlink: fix nla_put_{u8,u16,u32} for KASAN (bnc#1012382). - net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y (bnc#1012382). - net/mlx5: Avoid NULL pointer dereference on steering cleanup (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Cleanup IRQs in case of unload failure (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Add refcount to VXLAN structure (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Fix features check of IPv6 traffic (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare (bsc#1015342). - net/mlx5e: Fix loopback self test when GRO is off (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Fix possible deadlock of VXLAN lock (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Fix wrong delay calculation for overflow check scheduling (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Prevent possible races in VXLAN control flow (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Verify inline header size do not exceed SKB linear size (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Fix rate limit packet pacing naming and struct (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Stay in polling mode when command EQ destroy fails (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Use 128B cacheline size for 128B or larger cachelines (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case (bnc#1012382). - net: mvneta: clear interface link status on port disable (bnc#1012382). - net: mvneta: eliminate wrong call to handle rx descriptor error (fate#319899). - net: mvneta: use proper rxq_number in loop on rx queues (fate#319899). - net/packet: fix a race in packet_bind() and packet_notifier() (bnc#1012382). - net: phy: at803x: Change error to EINVAL for invalid MAC (bnc#1012382). - net: phy: Keep reporting transceiver type (bsc#1085050). - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround (bnc#1012382). - net: qdisc_pkt_len_init() should be more robust (bnc#1012382). - net: qmi_wwan: add Sierra EM7565 1199:9091 (bnc#1012382). - net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4 (bnc#1012382). - net: reevalulate autoflowlabel setting after sysctl setting (bnc#1012382). - net: replace dst_cache ip6_tunnel implementation with the generic one (bnc#1012382). - net: Resend IGMP memberships upon peer notification (bnc#1012382). - net_sched: red: Avoid devision by zero (bnc#1012382). - net_sched: red: Avoid illegal values (bnc#1012382). - net: sctp: fix array overrun read on sctp_timer_tbl (bnc#1012382). - net/smc: fix NULL pointer dereference on sock_create_kern() error path (bsc#1082979). - net: stmmac: enable EEE in MII, GMII or RGMII only (bnc#1012382). - net: systemport: Pad packet before inserting TSB (bnc#1012382). - net: systemport: Utilize skb_put_padto() (bnc#1012382). - net: tcp: close sock if net namespace is exiting (bnc#1012382). - netvsc: allow controlling send/recv buffer size (fate#315887, bsc#1082632). - netvsc: allow driver to be removed even if VF is present (fate#315887, bsc#1082632). - netvsc: check error return when restoring channels and mtu (fate#315887, bsc#1082632). - netvsc: cleanup datapath switch (fate#315887, bsc#1082632). - netvsc: do not signal host twice if empty (fate#315887, bsc#1082632). - netvsc: fix deadlock betwen link status and removal (fate#315887, bsc#1082632). - netvsc: increase default receive buffer size (fate#315887, bsc#1082632). - netvsc: keep track of some non-fatal overload conditions (fate#315887, bsc#1082632). - netvsc: no need to allocate send/receive on numa node (fate#315887, bsc#1082632). - netvsc: propagate MAC address change to VF slave (fate#315887, bsc#1082632). - netvsc: remove unnecessary cast of void pointer (fate#315887, bsc#1082632). - netvsc: remove unnecessary check for NULL hdr (fate#315887, bsc#1082632). - netvsc: whitespace cleanup (fate#315887, bsc#1082632). - net: vxlan: lwt: Fix vxlan local traffic (bsc#1042286). - net: vxlan: lwt: Use source ip address during route lookup (bsc#1042286). - net: wimax/i2400m: fix NULL-deref at probe (bnc#1012382). - nfs: Add a cond_resched() to nfs_commit_release_pages() (bsc#1077779). - nfs: commit direct writes even if they fail partially (bnc#1012382). - nfsd: auth: Fix gid sorting when rootsquash enabled (bnc#1012382). - nfsd: check for use of the closed special stateid (bnc#1012382). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (bnc#1012382). - nfsd: Ensure we check stateid validity in the seqid operation checks (bnc#1012382). - NFSD: fix nfsd_minorversion(.., NFSD_AVAIL) (bnc#1012382). - NFSD: fix nfsd_reset_versions for NFSv4 (bnc#1012382). - nfs: Do not convert nfs_idmap_cache_timeout to jiffies (git-fixes). - nfs: Do not take a reference on fl->fl_file for LOCK operation (bnc#1012382). - nfs: fix a deadlock in nfs client initialization (bsc#1074198). - NFS: Fix a typo in nfs_rename() (bnc#1012382). - nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds (bnc#1012382). - nfs: reject request for id_legacy key without auxdata (bnc#1012382). - nfs: Trunking detection should handle ERESTARTSYS/EINTR (bsc#1074198). - NFSv4.1 respect server's max size in CREATE_SESSION (bnc#1012382). - NFSv4: Fix client recovery when server reboots multiple times (bnc#1012382). - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick() (bnc#1012382). - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) (bnc#1012382). - nvme_fc: cleanup io completion (bsc#1079609). - nvme_fc: correct abort race condition on resets (bsc#1079609). - nvme_fc: correct hang in nvme_ns_remove() (bsc#1075811). - nvme_fc: fix abort race on teardown with lld reject (bsc#1083750). - nvme_fc: fix ctrl create failures racing with workq items (bsc#1076982). - nvme_fc: fix rogue admin cmds stalling teardown (bsc#1075811). - nvme_fc: io timeout should defer abort to ctrl reset (bsc#1085054). - nvme-fc: kick admin requeue list on disconnect (bsc#1077241). - nvme-fc: merge error on sles12sp3 for reset_work (bsc#1079195). - nvme_fc: minor fixes on sqsize (bsc#1076760). - nvme_fc: on remoteport reuse, set new nport_id and role (bsc#1076760). - nvme_fc: rework sqsize handling (bsc#1076760). - nvme: Fix managing degraded controllers (bnc#1012382). - nvme: Fix setting logical block format when revalidating (bsc#1079313). - nvme: only start KATO if the controller is live (bsc#1083387). - nvme-pci: clean up CMB initialization (bsc#1082979). - nvme-pci: clean up SMBSZ bit definitions (bsc#1082979). - nvme-pci: consistencly use ctrl->device for logging (bsc#1082979). - nvme-pci: fix typos in comments (bsc#1082979). - nvme-pci: Remap CMB SQ entries on every controller reset (bsc#1082979). - nvme-pci: Remove watchdog timer (bsc#1066163). - nvme-pci: Use PCI bus address for data/queues in CMB (bsc#1082979). - nvme: Quirks for PM1725 controllers (bsc#1082979). - nvme_rdma: clear NVME_RDMA_Q_LIVE bit if reconnect fails (bsc#1083770). - nvme-rdma: fix concurrent reset and reconnect (bsc#1082979). - nvme: remove nvme_revalidate_ns (bsc#1079313). - ocfs2: return error when we attempt to access a dirty bh in jbd2 (bsc#1070404). - openrisc: fix issue handling 8 byte get_user calls (bnc#1012382). - openvswitch: fix the incorrect flow action alloc size (bnc#1012382). - ovl: fix failure to fsync lower dir (bnc#1012382). - ovs/geneve: fix rtnl notifications on iface deletion (bsc#1042286). - ovs/gre: fix rtnl notifications on iface deletion (bsc#1042286). - ovs/gre,geneve: fix error path when creating an iface (bsc#1042286). - ovs/vxlan: fix rtnl notifications on iface deletion (bsc#1042286). - packet: fix crash in fanout_demux_rollover() (bnc#1012382). - parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel (bnc#1012382). - parisc: Hide Diva-built-in serial aux and graphics card (bnc#1012382). - partially revert tipc improve link resiliency when rps is activated (bsc#1068038). - PCI/AER: Report non-fatal errors only to the affected endpoint (bnc#1012382). - pci/ASPM: Do not retrain link if ASPM not possible (bnc#1071892). - PCI: Avoid bus reset if bridge itself is broken (bnc#1012382). - PCI: Create SR-IOV virtfn/physfn links before attaching driver (bnc#1012382). - PCI: Detach driver before procfs & sysfs teardown on device remove (bnc#1012382). - pci: hv: Do not sleep in compose_msi_msg() (fate#315887, bsc#1082632). - pci: keystone: Fix interrupt-controller-node lookup (bnc#1012382). - pci/MSI: Fix msi_desc->affinity memory leak when freeing MSI IRQs (bsc#1082979). - PCI/PME: Handle invalid data when reading Root Status (bnc#1012382). - PCI / PM: Force devices to D0 in pci_pm_thaw_noirq() (bnc#1012382). - perf bench numa: Fixup discontiguous/sparse numa nodes (bnc#1012382). - perf symbols: Fix symbols__fixup_end heuristic for corner cases (bnc#1012382). - perf test attr: Fix ignored test case result (bnc#1012382). - perf top: Fix window dimensions change handling (bnc#1012382). - perf/x86: Shut up false-positive -Wmaybe-uninitialized warning (bnc#1012382). - phy: work around 'phys' references to usb-nop-xceiv devices (bnc#1012382). - pinctrl: adi2: Fix Kconfig build problem (bnc#1012382). - pinctrl: st: add irq_request/release_resources callbacks (bnc#1012382). - pinctrl: sunxi: Fix A80 interrupt pin bank (bnc#1012382). - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit (bnc#1012382). - pktcdvd: Fix pkt_setup_dev() error path (bnc#1012382). - platform/x86: intel_mid_thermal: Fix suspend handlers unused warning (bnc#1012382). - pm / devfreq: Propagate error from devfreq_add_device() (bnc#1012382). - pm / wakeirq: Fix unbalanced IRQ enable for wakeirq (bsc#1031717). - posix-timer: Properly check sigevent->sigev_notify (bnc#1012382). - power: bq27xxx_battery: mark some symbols __maybe_unused (bnc#1012382). - powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075087). - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64: Fix flush_(d|i)cache_range() called from modules (FATE#315275 LTC#103998 bnc#1012382 bnc#863764). - powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075087). - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1075087). - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1075087). - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64s: Fix RFI flush dependency on HARDLOCKUP_DETECTOR (bnc#1012382). - powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032, bsc#1075087). - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075087). - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1075087). - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032). - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075087). - powerpc: Do not preempt_disable() in show_cpuinfo() (bsc#1066223). - powerpc/ipic: Fix status get and status clear (bnc#1012382). - powerpc/numa: Ensure nodes initialized for hotplug (FATE#322022, bsc#1081514). - powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove (bsc#1081512). - powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes (FATE#322022, bsc#1081514). - powerpc/perf: Dereference BHRB entries safely (bsc#1066223). - powerpc/perf: Fix oops when grouping different pmu events (bnc#1012382). - powerpc/perf/hv-24x7: Fix incorrect comparison in memord (bnc#1012382). - powerpc/powernv: Check device-tree for RFI flush settings (bsc#1068032, bsc#1075087). - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo (bnc#1012382). - powerpc/powernv: Fix MCE handler to avoid trashing CR0/CR1 registers (bsc#1066223). - powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested (bnc#1012382). - powerpc/powernv: Move IDLE_STATE_ENTER_SEQ macro to cpuidle.h (bsc#1066223). - powerpc/powernv: Support firmware disable of RFI flush (bsc#1068032, bsc#1075087). - powerpc/pseries: Fix cpu hotplug crash with memoryless nodes (FATE#322022, bsc#1081514). - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075087). - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032, bsc#1075087). - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1075087). - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075087). - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075087). - powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: prevent crash when changing flush type to fallback after system boot (bsc#1068032, bsc#1075087). - powerpc: Simplify module TOC handling (bnc#1012382). - power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382). - ppp: Destroy the mutex when cleanup (bnc#1012382). - pppoe: take ->needed_headroom of lower device into account on xmit (bnc#1012382). - profile: hide unused functions when !CONFIG_PROC_FS (bnc#1012382). - Provide a function to create a NUL-terminated string from unterminated data (bnc#1012382). - pwc: hide unused label (bnc#1012382). - qla2xxx: Add changes for devloss timeout in driver (bsc#1084427). - qla2xxx: Add FC-NVMe abort processing (bsc#1084427). - qla2xxx: asynchronous pci probing (bsc#1034503). - qla2xxx: Cleanup code to improve FC-NVMe error handling (bsc#1084427). - qla2xxx: Convert QLA_TGT_ABTS to TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1043726,FATE#324770). - qla2xxx: do not check login_state if no loop id is assigned (bsc#1081681). - qla2xxx: ensure async flags are reset correctly (bsc#1081681). - qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan (bsc#1084427). - qla2xxx: Fix FC-NVMe IO abort during driver reset (bsc#1084427). - qla2xxx: Fix incorrect tcm_qla2xxx_free_cmd use during TMR ABORT (v2) (bsc#1043726,FATE#324770). - qla2xxx: Fix n2n_ae flag to prevent dev_loss on PDB change (bsc#1084427). - qla2xxx: Fix NVMe entry_type for iocb packet on BE system (bsc#1043726,FATE#324770). - qla2xxx: Fix retry for PRLI RJT with reason of BUSY (bsc#1084427). - qla2xxx: Fixup locking for session deletion (bsc#1081681). - qla2xxx: Remove nvme_done_list (bsc#1084427). - qla2xxx: Remove unneeded message and minor cleanup for FC-NVMe (bsc#1084427). - qla2xxx: remove use of FC-specific error codes (bsc#1043726,FATE#324770). - qla2xxx: Restore ZIO threshold setting (bsc#1084427). - qla2xxx: Return busy if rport going away (bsc#1084427). - qla2xxx: Set IIDMA and fcport state before qla_nvme_register_remote() (bsc#1084427). - qla2xxx: Update driver version to 10.00.00.06-k (bsc#1084427). - qlcnic: fix deadlock bug (bnc#1012382). - r8152: fix the list rx_done may be used without initialization (bnc#1012382). - r8152: prevent the driver from transmitting packets with carrier off (bnc#1012382). - r8169: fix memory corruption on retrieval of hardware statistics (bnc#1012382). - r8169: fix RTL8168EP take too long to complete driver initialization (bnc#1012382). - raid5: Set R5_Expanded on parity devices as well as data (bnc#1012382). - ravb: Remove Rx overflow log messages (bnc#1012382). - rbd: set max_segments to USHRT_MAX (bnc#1012382). - RDMA/cma: Avoid triggering undefined behavior (bnc#1012382). - rdma/cma: Make sure that PSN is not over max allowed (bnc#1012382). - RDMA/i40iw: Remove MSS change support (bsc#1024376 FATE#321249). - rdma/uverbs: Protect from command mask overflow (bsc#1082979). - rds: Fix NULL pointer dereference in __rds_rdma_map (bnc#1012382). - RDS: Heap OOB write in rds_message_alloc_sgs() (bnc#1012382). - RDS: null pointer dereference in rds_atomic_free_op (bnc#1012382). - regulator: core: Rely on regulator_dev_release to free constraints (bsc#1074847). - regulator: da9063: Return an error code on probe failure (bsc#1074847). - regulator: pwm: Fix regulator ramp delay for continuous mode (bsc#1074847). - regulator: Try to resolve regulators supplies on registration (bsc#1074847). - reiserfs: avoid a -Wmaybe-uninitialized warning (bnc#1012382). - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature" (bnc#1012382). - Revert "Bluetooth: btusb: fix QCA Rome suspend/resume" (bnc#1012382). - Revert "drm/armada: Fix compile fail" (bnc#1012382). - Revert "Enable DEBUG_RFI" - Revert "kaiser: vmstat show NR_KAISERTABLE as nr_overhead" (kabi). - Revert "lib/genalloc.c: make the avail variable an atomic_long_t" (kabi). - Revert "module: Add retpoline tag to VERMAGIC" (bnc#1012382 kabi). - Revert "module: Add retpoline tag to VERMAGIC" (kabi). - Revert "net: replace dst_cache ip6_tunnel implementation with the generic one" (kabi bnc#1082897). - Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()" (bnc#1012382). - Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig" (bnc#1012382). - Revert "s390/kbuild: enable modversions for symbols exported from asm" (bnc#1012382). - Revert "sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks" (kabi). - Revert "scsi: libsas: align sata_device's rps_resp on a cacheline" (kabi). - Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" (bnc#1012382). - Revert "userfaultfd: selftest: vm: allow to build in vm/ directory" (bnc#1012382). - Revert "x86/efi: Build our own page table structures" (bnc#1012382). - Revert "x86/efi: Hoist page table switching code into efi_call_virt()" (bnc#1012382). - Revert "x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0" - Revert "x86/entry/64: Use a per-CPU trampoline stack for IDT entries" - Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers" (bnc#1012382). - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075087). - rfi-flush: Move the logic to avoid a redo into the debugfs code (bsc#1068032, bsc#1075087). - rfi-flush: Switch to new linear fallback flush (bsc#1068032, bsc#1075087). - rhashtable: add rhashtable_lookup_get_insert_key() (bsc#1042286). - ring-buffer: Mask out the info bits when returning buffer page length (bnc#1012382). - route: also update fnhe_genid when updating a route cache (bnc#1012382). - route: update fnhe_expires for redirect when the fnhe exists (bnc#1012382). - rtc: cmos: Initialize hpet timer before irq is registered (bsc#1077592). - rtc-opal: Fix handling of firmware error codes, prevent busy loops (bnc#1012382). - rtc: pcf8563: fix output clock rate (bnc#1012382). - rtc: pl031: make interrupt optional (bnc#1012382). - rtc: set the alarm to the next expiring timer (bnc#1012382). - rtlwifi: fix gcc-6 indentation warning (bnc#1012382). - rtlwifi: rtl8821ae: Fix connection lost problem correctly (bnc#1012382). - s390: add no-execute support (FATE#324087, LTC#158827). - s390: always save and restore all registers on context switch (bnc#1012382). - s390/cpuinfo: show facilities as reported by stfle (bnc#1076847, LTC#163740). - s390/dasd: fix handling of internal requests (bsc#1080321). - s390/dasd: fix wrongly assigned configuration data (bnc#1012382). - s390/dasd: prevent prefix I/O error (bnc#1012382). - s390: fix compat system call table (bnc#1012382). - s390: fix handling of -1 in set{,fs}[gu]id16 syscalls (bnc#1012382). - s390: hypfs: Move diag implementation and data definitions (FATE#324070, LTC#158959). - s390: kvm: Cpu model support for msa6, msa7 and msa8 (FATE#324069, LTC#159031). - s390: Make cpc_name accessible (FATE#324070, LTC#158959). - s390: Make diag224 public (FATE#324070, LTC#158959). - s390/mem_detect: use unsigned longs (FATE#324071, LTC#158956). - s390/mm: align swapper_pg_dir to 16k (FATE#324087, LTC#158827). - s390/mm: always use PAGE_KERNEL when mapping pages (FATE#324087, LTC#158827). - s390/noexec: execute kexec datamover without DAT (FATE#324087, LTC#158827). - s390/oprofile: fix address range for asynchronous stack (bsc#1082979). - s390/pageattr: allow kernel page table splitting (FATE#324087, LTC#158827). - s390/pageattr: avoid unnecessary page table splitting (FATE#324087, LTC#158827). - s390/pageattr: handle numpages parameter correctly (FATE#324087, LTC#158827). - s390/pci_dma: improve lazy flush for unmap (bnc#1079886, LTC#163393). - s390/pci_dma: improve map_sg (bnc#1079886, LTC#163393). - s390/pci_dma: make lazy flush independent from the tlb_refresh bit (bnc#1079886, LTC#163393). - s390/pci_dma: remove dma address range check (bnc#1079886, LTC#163393). - s390/pci_dma: simplify dma address calculation (bnc#1079886, LTC#163393). - s390/pci_dma: split dma_update_trans (bnc#1079886, LTC#163393). - s390/pci: do not require AIS facility (bnc#1012382). - s390/pci: fix dma address calculation in map_sg (bnc#1079886, LTC#163393). - s390/pci: handle insufficient resources during dma tlb flush (bnc#1079886, LTC#163393). - s390/pgtable: introduce and use generic csp inline asm (FATE#324087, LTC#158827). - s390/pgtable: make pmd and pud helper functions available (FATE#324087, LTC#158827). - s390/qeth: fix underestimated count of buffer elements (bnc#1082089, LTC#164529). - s390/qeth: no ETH header for outbound AF_IUCV (LTC#156276 bnc#1012382 bnc#1053472). - s390: report new vector facilities (FATE#324088, LTC#158828). - s390/runtime instrumentation: simplify task exit handling (bnc#1012382). - s390/sclp: Add hmfai field (FATE#324071, LTC#158956). - s390/vmem: align segment and region tables to 16k (FATE#324087, LTC#158827). - s390/vmem: introduce and use SEGMENT_KERNEL and REGION3_KERNEL (FATE#324087, LTC#158827). - s390/vmem: simplify vmem code for read-only mappings (FATE#324087, LTC#158827). - sch_dsmark: fix invalid skb_cow() usage (bnc#1012382). - sched/deadline: Make sure the replenishment timer fires in the next period (bnc#1012382). - sched/deadline: Throttle a constrained deadline task activated after the deadline (bnc#1012382). - sched/deadline: Use deadline instead of period when calculating overflow (bnc#1012382). - sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks (bnc#1012382). - sched/deadline: Zero out positive runtime after throttling constrained tasks (git-fixes). - sched/rt: Up the root domain ref count when passing it around via IPIs (bnc#1012382). - sched/rt: Use container_of() to get root domain in rto_push_irq_work_func() (bnc#1012382). - scripts/kernel-doc: Do not fail with status != 0 if error encountered with -none (bnc#1012382). - scsi: aacraid: Fix hang in kdump (bsc#1022607, FATE#321673). - scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path (bnc#1012382). - scsi: advansys: fix build warning for PCI=n (bnc#1012382). - scsi: advansys: fix uninitialized data access (bnc#1012382). - scsi: bfa: integer overflow in debugfs (bnc#1012382). - scsi: cxgb4i: fix Tx skb leak (bnc#1012382). - scsi: do not look for NULL devices handlers by name (bsc#1082373). - scsi: fas216: fix sense buffer initialization (bsc#1082979). - scsi: fdomain: drop fdomain_pci_tbl when built-in (bnc#1012382). - scsi: handle ABORTED_COMMAND on Fujitsu ETERNUS (bsc#1069138). - scsi: hisi_sas: directly attached disk LED feature for v2 hw (bsc#1083409). - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading (bnc#1012382). - scsi: hpsa: destroy sas transport properties before scsi_host (bnc#1012382). - scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info (bnc#1012382). - scsi: initio: remove duplicate module device table (bnc#1012382 bsc#1082979). - scsi: initio: remove duplicate module device table (bsc#1082979). - scsi: libsas: align sata_device's rps_resp on a cacheline (bnc#1012382). - scsi: libsas: fix error when getting phy events (bsc#1082979). - scsi: libsas: fix memory leak in sas_smp_get_phy_events() (bsc#1082979). - scsi: lpfc: Add WQ Full Logic for NVME Target (bsc#1080656). - scsi: lpfc: Allow set of maximum outstanding SCSI cmd limit for a target (bsc#1080656). - scsi: lpfc: Beef up stat counters for debug (bsc#1076693). - scsi: lpfc: correct debug counters for abort (bsc#1080656). - scsi: lpfc: do not dereference localport before it has been null checked (bsc#1076693). - scsi: lpfc: Do not return internal MBXERR_ERROR code from probe function (bsc#1082979). - scsi: lpfc: fix a couple of minor indentation issues (bsc#1076693). - scsi: lpfc: Fix -EOVERFLOW behavior for NVMET and defer_rcv (bsc#1076693). - scsi: lpfc: Fix header inclusion in lpfc_nvmet (bsc#1080656). - scsi: lpfc: Fix infinite wait when driver unregisters a remote NVME port (bsc#1076693). - scsi: lpfc: Fix IO failure during hba reset testing with nvme io (bsc#1080656). - scsi: lpfc: Fix issue_lip if link is disabled (bsc#1080656). - scsi: lpfc: Fix issues connecting with nvme initiator (bsc#1076693). - scsi: lpfc: Fix nonrecovery of NVME controller after cable swap (bsc#1080656). - scsi: lpfc: Fix PRLI handling when topology type changes (bsc#1080656). - scsi: lpfc: Fix receive PRLI handling (bsc#1076693). - scsi: lpfc: Fix RQ empty firmware trap (bsc#1080656). - scsi: lpfc: Fix SCSI io host reset causing kernel crash (bsc#1080656). - scsi: lpfc: Fix SCSI LUN discovery when SCSI and NVME enabled (bsc#1076693). - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing (bsc#1080656). - scsi: lpfc: Increase CQ and WQ sizes for SCSI (bsc#1080656). - scsi: lpfc: Increase SCSI CQ and WQ sizes (bsc#1076693). - scsi: lpfc: Indicate CONF support in NVMe PRLI (bsc#1080656). - scsi: lpfc: move placement of target destroy on driver detach (bsc#1080656). - scsi: lpfc: Treat SCSI Write operation Underruns as an error (bsc#1080656). - scsi: lpfc: Update 11.4.0.7 modified files for 2018 Copyright (bsc#1080656). - scsi: lpfc: update driver version to 11.4.0.6 (bsc#1076693). - scsi: lpfc: update driver version to 11.4.0.7 (bsc#1080656). - scsi: lpfc: Use after free in lpfc_rq_buf_free() (bsc#1037838). - scsi: lpfc: Validate adapter support for SRIU option (bsc#1080656). - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive (bnc#1012382). - scsi: mvumi: use __maybe_unused to hide pm functions (bnc#1012382). - scsi: qla2xxx: Ability to process multiple SGEs in Command SGL for CT passthrough commands (bsc#1043726,FATE#324770). - scsi: qla2xxx: Accelerate SCSI BUSY status generation in target mode (bsc#1043725,FATE#324770). - scsi: qla2xxx: Add ability to autodetect SFP type (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add ability to send PRLO (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add ability to use GPNFT/GNNFT for RSCN handling (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add ATIO-Q processing for INTx mode (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add boundary checks for exchanges to be offloaded (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add command completion for error path (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add debug knob for user control workload (bsc#1043725,FATE#324770). - scsi: qla2xxx: Add debug logging routine for qpair (bsc#1043725,FATE#324770). - scsi: qla2xxx: Added change to enable ZIO for FC-NVMe devices (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add FC-NVMe command handling (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add FC-NVMe F/W initialization and transport registration (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add FC-NVMe port discovery and PRLI handling (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add function call to qpair for door bell (bsc#1043725,FATE#324770). - scsi: qla2xxx: Add fw_started flags to qpair (bsc#1043725,FATE#324770). - scsi: qla2xxx: Add lock protection around host lookup (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add LR distance support from nvram bit (bsc#1043726,FATE#324770). - scsi: qla2xxx: add missing includes for qla_isr (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add option for use reserve exch for ELS (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add ql2xiniexchg parameter (bsc#1043725,FATE#324770). - scsi: qla2xxx: Add retry limit for fabric scan logic (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add support for minimum link speed (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add switch command to simplify fabric discovery (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add timeout ability to wait_for_sess_deletion() (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add XCB counters to debugfs (bsc#1043726,FATE#324770). - scsi: qla2xxx: Allow ABTS, PURX, RIDA on ATIOQ for ISP83XX/27XX (bsc#1043725,FATE#324770). - scsi: qla2xxx: Allow MBC_GET_PORT_DATABASE to query and save the port states (bsc#1043726,FATE#324770). - scsi: qla2xxx: Allow relogin and session creation after reset (bsc#1043726,FATE#324770). - scsi: qla2xxx: Allow SNS fabric login to be retried (bsc#1043726,FATE#324770). - scsi: qla2xxx: Allow target mode to accept PRLI in dual mode (bsc#1043726,FATE#324770). - scsi: qla2xxx: avoid unused-function warning (bsc#1043726,FATE#324770). - scsi: qla2xxx: Change ha->wq max_active value to default (bsc#1043726,FATE#324770). - scsi: qla2xxx: Changes to support N2N logins (bsc#1043726,FATE#324770). - scsi: qla2xxx: Chip reset uses wrong lock during IO flush (bsc#1043726,FATE#324770). - scsi: qla2xxx: Cleanup FC-NVMe code (bsc#1043726,FATE#324770). - scsi: qla2xxx: Cleanup NPIV host in target mode during config teardown (bsc#1043726,FATE#324770). - scsi: qla2xxx: Clear fc4f_nvme flag (bsc#1043726,FATE#324770). - scsi: qla2xxx: Clear loop id after delete (bsc#1043726,FATE#324770). - scsi: qla2xxx: Combine Active command arrays (bsc#1043725,FATE#324770). - scsi: qla2xxx: Convert 32-bit LUN usage to 64-bit (bsc#1043725,FATE#324770). - scsi: qla2xxx: Defer processing of GS IOCB calls (bsc#1043726,FATE#324770). - scsi: qla2xxx: Delay loop id allocation at login (bsc#1043726,FATE#324770). - scsi: qla2xxx: Do not call abort handler function during chip reset (bsc#1043726,FATE#324770). - scsi: qla2xxx: Do not call dma_free_coherent with IRQ disabled (bsc#1043726,FATE#324770). - scsi: qla2xxx: do not include (bsc#1043725,FATE#324770). - scsi: qla2xxx: Enable Async TMF processing (bsc#1043726,FATE#324770). - scsi: qla2xxx: Enable ATIO interrupt handshake for ISP27XX (bsc#1043726,FATE#324770). - scsi: qla2xxx: Enable Target Multi Queue (bsc#1043725,FATE#324770). - scsi: qla2xxx: Fix abort command deadlock due to spinlock (FATE#320146, bsc#966328). - scsi: qla2xxx: fix a bunch of typos and spelling mistakes (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix a locking imbalance in qlt_24xx_handle_els() (bsc#1082979). - scsi: qla2xxx: Fix compile warning (bsc#1043725,FATE#324770). - scsi: qla2xxx: Fix FC-NVMe LUN discovery (bsc#1083223). - scsi: qla2xxx: Fix Firmware dump size for Extended login and Exchange Offload (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix GPNFT/GNNFT error handling (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix gpnid error processing (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix incorrect handle for abort IOCB (bsc#1082979). - scsi: qla2xxx: Fix login state machine freeze (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix login state machine stuck at GPDB (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix logo flag for qlt_free_session_done() (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix mailbox failure while deleting Queue pairs (bsc#1043725,FATE#324770). - scsi: qla2xxx: Fix memory leak in dual/target mode (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix NPIV host cleanup in target mode (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix NPIV host enable after chip reset (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix NULL pointer access for fcport structure (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS (bsc#1082979). - scsi: qla2xxx: Fix NULL pointer crash due to probe failure (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix oops in qla2x00_probe_one error path (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix PRLI state check (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix queue ID for async abort with Multiqueue (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix recursion while sending terminate exchange (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix Relogin being triggered too fast (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix re-login for Nport Handle in use (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix remoteport disconnect for FC-NVMe (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix scan state field for fcport (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix session cleanup for N2N (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix slow mem alloc behind lock (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix smatch warning in qla25xx_delete_{rsp|req}_que (bsc#1043726,FATE#324770). - scsi: qla2xxx: fix spelling mistake of variable sfp_additonal_info (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix system crash for Notify ack timeout handling (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix system crash in qlt_plogi_ack_unref (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix system crash while triggering FW dump (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix system panic due to pointer access problem (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix target multiqueue configuration (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix task mgmt handling for NPIV (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix warning during port_name debug print (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix warning for code intentation in __qla24xx_handle_gpdb_event() (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout() (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix WWPN/WWNN in debug message (bsc#1043726,FATE#324770). - scsi: qla2xxx: Handle PCIe error for driver (bsc#1043726,FATE#324770). - scsi: qla2xxx: Include Exchange offload/Extended Login into FW dump (bsc#1043725,FATE#324770). - scsi: qla2xxx: Increase ql2xmaxqdepth to 64 (bsc#1043726,FATE#324770). - scsi: qla2xxx: Increase verbosity of debug messages logged (bsc#1043726,FATE#324770). - scsi: qla2xxx: Migrate switch registration commands away from mailbox interface (bsc#1043726,FATE#324770). - scsi: qla2xxx: move fields from qla_hw_data to qla_qpair (bsc#1043725,FATE#324770). - scsi: qla2xxx: Move function prototype to correct header (bsc#1043726,FATE#324770). - scsi: qla2xxx: Move logging default mask to execute once only (bsc#1043726,FATE#324770). - scsi: qla2xxx: Move session delete to driver work queue (bsc#1043726,FATE#324770). - scsi: qla2xxx: Move target stat counters from vha to qpair (bsc#1043725,FATE#324770). - scsi: qla2xxx: Move work element processing out of DPC thread (bsc#1043726,FATE#324770). - scsi: qla2xxx: Off by one in qlt_ctio_to_cmd() (bsc#1043726,FATE#324770). - scsi: qla2xxx: Preparation for Target MQ (bsc#1043725,FATE#324770). - scsi: qla2xxx: Prevent multiple active discovery commands per session (bsc#1043726,FATE#324770). - scsi: qla2xxx: Prevent relogin trigger from sending too many commands (bsc#1043726,FATE#324770). - scsi: qla2xxx: Prevent sp->free null/uninitialized pointer dereference (bsc#1043726,FATE#324770). - scsi: qla2xxx: Print correct mailbox registers in failed summary (bsc#1043726,FATE#324770). - scsi: qla2xxx: Properly extract ADISC error codes (bsc#1043726,FATE#324770). - scsi: qla2xxx: Protect access to qpair members with qpair->qp_lock (bsc#1043726,FATE#324770). - scsi: qla2xxx: Query FC4 type during RSCN processing (bsc#1043726,FATE#324770). - scsi: qla2xxx: Recheck session state after RSCN (bsc#1043726,FATE#324770) - scsi: qla2xxx: Reduce the use of terminate exchange (bsc#1043726,FATE#324770). - scsi: qla2xxx: Reduce trace noise for Async Events (bsc#1043726,FATE#324770). - scsi: qla2xxx: Reinstate module parameter ql2xenablemsix (bsc#1043726,FATE#324770). - scsi: qla2xxx: Relogin to target port on a cable swap (bsc#1043726,FATE#324770). - scsi: qla2xxx: Remove aborting ELS IOCB call issued as part of timeout (FATE#320146, bsc#966328). - scsi: qla2xxx: Remove an unused structure member (bsc#1043725,FATE#324770). - scsi: qla2xxx: Remove datasegs_per_cmd and datasegs_per_cont field (bsc#1043725,FATE#324770). - scsi: qla2xxx: Remove extra register read (bsc#1043725,FATE#324770). - scsi: qla2xxx: Remove extra register read (bsc#1043726,FATE#324770). - scsi: qla2xxx: Remove FC_NO_LOOP_ID for FCP and FC-NVMe Discovery (bsc#1084397). - scsi: qla2xxx: Remove potential macro parameter side-effect in ql_dump_regs() (bsc#1043726,FATE#324770). - scsi: qla2xxx: remove redundant assignment of d (bsc#1043726,FATE#324770). - scsi: qla2xxx: remove redundant null check on tgt (bsc#1043725,FATE#324770). - scsi: qla2xxx: Remove redundant wait when target is stopped (bsc#1043725,FATE#324770). - scsi: qla2xxx: Remove session creation redundant code (bsc#1043726,FATE#324770). - scsi: qla2xxx: Remove unused argument from qlt_schedule_sess_for_deletion() (bsc#1043726,FATE#324770). - scsi: qla2xxx: Remove unused irq_cmd_count field (bsc#1043725,FATE#324770). - scsi: qla2xxx: Remove unused tgt_enable_64bit_addr flag (bsc#1043725,FATE#324770). - scsi: qla2xxx: remove writeq/readq function definitions (bsc#1043725,FATE#324770). - scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport (bsc#1043726,FATE#324770). - scsi: qla2xxx: Replace GPDB with async ADISC command (bsc#1043726,FATE#324770). - scsi: qla2xxx: Reset the logo flag, after target re-login (bsc#1043726,FATE#324770). - scsi: qla2xxx: Retry switch command on time out (bsc#1043726,FATE#324770). - scsi: qla2xxx: Send FC4 type NVMe to the management server (bsc#1043726,FATE#324770). - scsi: qla2xxx: Serialize GPNID for multiple RSCN (bsc#1043726,FATE#324770). - scsi: qla2xxx: Serialize session deletion by using work_lock (bsc#1043726,FATE#324770). - scsi: qla2xxx: Serialize session free in qlt_free_session_done (bsc#1043726,FATE#324770). - scsi: qla2xxx: Simpify unregistration of FC-NVMe local/remote ports (bsc#1043726,FATE#324770). - scsi: qla2xxx: Skip IRQ affinity for Target QPairs (bsc#1043726,FATE#324770). - scsi: qla2xxx: Skip zero queue count entry during FW dump capture (bsc#1043726,FATE#324770). - scsi: qla2xxx: Suppress a kernel complaint in qla_init_base_qpair() (bsc#1043726,FATE#324770). - scsi: qla2xxx: Tweak resource count dump (bsc#1043726,FATE#324770). - scsi: qla2xxx: Update Driver version to 10.00.00.00-k (bsc#1043726,FATE#324770). - scsi: qla2xxx: Update driver version to 10.00.00.01-k (bsc#1043726,FATE#324770). - scsi: qla2xxx: Update driver version to 10.00.00.02-k (bsc#1043726,FATE#324770). - scsi: qla2xxx: Update driver version to 10.00.00.03-k (bsc#1043726,FATE#324770). - scsi: qla2xxx: Update driver version to 10.00.00.04-k (bsc#1043726,FATE#324770). - scsi: qla2xxx: Update driver version to 10.00.00.05-k (bsc#1081681). - scsi: qla2xxx: Update driver version to 9.01.00.00-k (bsc#1043725,FATE#324770). - scsi: qla2xxx: Update fw_started flags at qpair creation (bsc#1043726,FATE#324770). - scsi: qla2xxx: Use BIT_6 to acquire FAWWPN from switch (bsc#1043726,FATE#324770) - scsi: qla2xxx: Use chip reset to bring down laser on unload (bsc#1043726,FATE#324770). - scsi: qla2xxx: use dma_mapping_error to check map errors (bsc#1043726,FATE#324770). - scsi: qla2xxx: Use FC-NVMe FC4 type for FDMI registration (bsc#1043726,FATE#324770). - scsi: qla2xxx: Use IOCB path to submit Control VP MBX command (bsc#1043726,FATE#324770). - scsi: qla2xxx: Use known NPort ID for Management Server login (bsc#1043726,FATE#324770). - scsi: qla2xxx: Use ql2xnvmeenable to enable Q-Pair for FC-NVMe (bsc#1043726,FATE#324770). - scsi: qla2xxx: use shadow register for ISP27XX (bsc#1043725,FATE#324770). - scsi: qla2xxx: Use shadow register for ISP27XX (bsc#1043726,FATE#324770). - scsi: qla2xxx: Use sp->free instead of hard coded call (bsc#1043726,FATE#324770). - scsi: sd: change allow_restart to bool in sysfs interface (bnc#1012382). - scsi: sd: change manage_start_stop to bool in sysfs interface (bnc#1012382). - scsi: ses: do not get power status of SES device slot on probe (bsc#1082979). - scsi: sg: disable SET_FORCE_LOW_DMA (bnc#1012382). - scsi: sim710: fix build warning (bnc#1012382). - scsi: sr: wait for the medium to become ready (bsc#1048585). - scsi: sr: workaround VMware ESXi cdrom emulation bug (bsc#1080813). - scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error (bnc#1012382). - scsi: storvsc: remove unnecessary channel inbound lock (fate#315887, bsc#1082632). - scsi: sun_esp: fix device reference leaks (bsc#1082979). - scsi: tcm_qla2xxx: Do not allow aborted cmd to advance (bsc#1043725,FATE#324770). - scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg (bnc#1012382). - sctp: do not allow the v4 socket to bind a v4mapped v6 address (bnc#1012382). - sctp: do not free asoc when it is already dead in sctp_sendmsg (bnc#1012382). - sctp: make use of pre-calculated len (bnc#1012382). - sctp: Replace use of sockets_allocated with specified macro (bnc#1012382). - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf (bnc#1012382). - sctp: use the right sk after waking up from wait_buf sleep (bnc#1012382). - selftest/powerpc: Fix false failures for skipped tests (bnc#1012382). - selftests/x86: Add test_vsyscall (bnc#1012382). - selftests/x86/ldt_get: Add a few additional tests for limits (bnc#1012382). - selinux: ensure the context is NUL terminated in security_context_to_sid_core() (bnc#1012382). - selinux: general protection fault in sock_has_perm (bnc#1012382). - selinux: skip bounded transition processing if the policy isn't loaded (bnc#1012382). - serial: 8250_mid: fix broken DMA dependency (bnc#1012382). - serial: 8250_pci: Add Amazon PCI serial device ID (bnc#1012382). - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X (bnc#1012382). - serial: 8250_uniphier: fix error return code in uniphier_uart_probe() (bsc#1031717). - serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS (bnc#1012382). - series.conf: disable qla2xxx patches (bsc#1043725) - series.conf: move core networking (including netfilter) into sorted section - series.conf: refresh Ran series_sort.py (no effect on expanded tree). - series.conf: whitespace cleanup - Set supported_modules_check 1 (bsc#1072163). - sfc: do not warn on successful change of MAC (bnc#1012382). - sget(): handle failures of register_shrinker() (bnc#1012382). - sh_eth: fix SH7757 GEther initialization (bnc#1012382). - sh_eth: fix TSU resource handling (bnc#1012382). - signal/openrisc: Fix do_unaligned_access to send the proper signal (bnc#1012382). - signal/sh: Ensure si_signo is initialized in do_divide_error (bnc#1012382). - sit: update frag_off info (bnc#1012382). - sock: free skb in skb_complete_tx_timestamp on error (bnc#1012382). - SolutionEngine771x: fix Ether platform data (bnc#1012382). - sparc64/mm: set fields in deferred pages (bnc#1012382). - spi: atmel: fixed spin_lock usage inside atmel_spi_remove (bnc#1012382). - spi: imx: do not access registers while clocks disabled (bnc#1012382). - spi_ks8995: fix "BUG: key accdaa28 not in .data!" (bnc#1012382). - spi: sh-msiof: Fix DMA transfer size check (bnc#1012382). - spi: sun4i: disable clocks in the remove function (bnc#1012382). - spi: xilinx: Detect stall with Unknown commands (bnc#1012382). - ssb: mark ssb_bus_register as __maybe_unused (bnc#1012382). - staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl (bnc#1012382). - staging: android: ashmem: Fix a race condition in pin ioctls (bnc#1012382). - staging: iio: adc: ad7192: fix external frequency setting (bnc#1012382). - staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID (bnc#1012382). - staging: ste_rmi4: avoid unused function warnings (bnc#1012382). - staging: unisys: visorinput depends on INPUT (bnc#1012382). - staging: wilc1000: fix kbuild test robot error (bnc#1012382). - sunrpc: Allow connect to return EHOSTUNREACH (bnc#1012382). - sunrpc: Fix rpc_task_begin trace point (bnc#1012382). - sunxi-rsb: Include OF based modalias in device uevent (bnc#1012382). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - sysrq : fix Show Regs call trace on ARM (bnc#1012382). - target: Add support for TMR percpu reference counting (bsc#1043726,FATE#324770). - target: Add TARGET_SCF_LOOKUP_LUN_FROM_TAG support for ABORT_TASK (bsc#1043726,FATE#324770). - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK (bnc#1012382). - target/file: Do not return error for UNMAP if length is zero (bnc#1012382). - target: fix ALUA transition timeout handling (bnc#1012382). - target:fix condition return in core_pr_dump_initiator_port() (bnc#1012382). - target: fix race during implicit transition work flushes (bnc#1012382). - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd() (bnc#1012382). - target: Use system workqueue for ALUA transitions (bnc#1012382). - tc1100-wmi: fix build warning when CONFIG_PM not enabled (bnc#1012382). - tc358743: fix register i2c_rd/wr function fix (git-fixes). - tc358743: fix register i2c_rd/wr functions (bnc#1012382). - tcp: correct memory barrier usage in tcp_check_space() (bnc#1012382). - tcp: do not set rtt_min to 1 (bsc#1042286). - tcp: fix under-evaluated ssthresh in TCP Vegas (bnc#1012382). - tcp md5sig: Use skb's saddr when replying to an incoming segment (bnc#1012382). - tcp: release sk_frag.page in tcp_disconnect (bnc#1012382). - tcp: __tcp_hdrlen() helper (bnc#1012382). - test_bpf: fix the dummy skb after dissector changes (bsc#1042286). - tg3: Add workaround to restrict 5762 MRRS to 2048 (bnc#1012382). - tg3: Enable PHY reset in MTU change path for 5720 (bnc#1012382). - tg3: Fix rx hang on MTU change with 5717/5719 (bnc#1012382). - thermal/drivers/step_wise: Fix temperature regulation misbehavior (bnc#1012382). - thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies (bnc#1012382). - thermal: hisilicon: Handle return value of clk_prepare_enable (bnc#1012382). - thermal: spear: use __maybe_unused for PM functions (bnc#1012382). - tipc: fix cleanup at module unload (bnc#1012382). - tipc: fix memory leak in tipc_accept_from_sock() (bnc#1012382). - tipc: improve link resiliency when rps is activated (bsc#1068038). - tlan: avoid unused label with PCI=n (bnc#1012382). - tools build: Add tools tree support for 'make -s' (bnc#1012382). - tpm-dev-common: Reject too short writes (bsc#1020645, git-fixes). - tpm: fix potential buffer overruns caused by bit glitches on the bus (bsc#1020645, git-fixes). - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus (bsc#1020645, git-fixes). - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus (bsc#1020645, git-fixes). - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus (bsc#1020645, git-fixes). - tpm_tis: fix potential buffer overruns caused by bit glitches on the bus (bsc#1020645, git-fixes). - tracing: Allocate mask_str buffer dynamically (bnc#1012382). - tracing: Fix converting enum's from the map in trace_event_eval_update() (bnc#1012382). - tracing: Fix crash when it fails to alloc ring buffer (bnc#1012382). - tracing: Fix possible double free on failure of allocating trace buffer (bnc#1012382). - tracing: Remove extra zeroing out of the ring buffer page (bnc#1012382). - tty: cyclades: cyz_interrupt is only used for PCI (bnc#1012382). - tty fix oops when rmmod 8250 (bnc#1012382). - tty: hvc_xen: hide xen_console_remove when unused (bnc#1012382). - tty: mxser: Remove ASYNC_CLOSING (bnc#1072363). - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices (bnc#1012382). - uas: ignore UAS for Norelsys NS1068(X) chips (bnc#1012382). - ubi: block: Fix locking for idr_alloc/idr_remove (bnc#1012382). - udf: Avoid overflow when session starts at large offset (bnc#1012382). - udp: restore UDPlite many-cast delivery (bsc#1042286). - um: link vmlinux with -no-pie (bnc#1012382). - usb: Add device quirk for Logitech HD Pro Webcam C925e (bnc#1012382). - usb: add RESET_RESUME for ELSA MicroLink 56K (bnc#1012382). - usb: build drivers/usb/common/ when USB_SUPPORT is set (bnc#1012382). - usb: cdc-acm: Do not log urb submission errors on disconnect (bnc#1012382). - usb: cdc_subset: only build when one driver is enabled (bnc#1012382). - USB: core: Add type-specific length check of BOS descriptors (bnc#1012382). - USB: core: prevent malicious bNumInterfaces overflow (bnc#1012382). - USB: devio: Prevent integer overflow in proc_do_submiturb() (bnc#1012382). - usb: dwc3: gadget: Set maxpacket size for ep0 IN (bnc#1012382). - usb: f_fs: Prevent gadget unbind if it is already unbound (bnc#1012382). - USB: Fix off by one in type-specific length check of BOS SSP capability (git-fixes). - USB: fix usbmon BUG trigger (bnc#1012382). - usb: gadget: configs: plug memory leak (bnc#1012382). - usb: gadget: do not dereference g until after it has been null checked (bnc#1012382). - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping (bnc#1012382). - usb: gadget: f_fs: Process all descriptors during bind (bnc#1012382). - USB: gadgetfs: Fix a potential memory leak in 'dev_config()' (bnc#1012382). - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed (bnc#1012382). - usb: gadget: udc: remove pointer dereference after free (bnc#1012382). - usb: gadget: uvc: Missing files for configfs interface (bnc#1012382). - usb: hub: Cycle HUB power when initialization fails (bnc#1012382). - USB: Increase usbfs transfer limit (bnc#1012382). - usbip: fix 3eee23c3ec14 tcp_socket address still in the status file (bnc#1012382). - usbip: Fix implicit fallthrough warning (bnc#1012382). - usbip: Fix potential format overflow in userspace tools (bnc#1012382). - usbip: fix stub_rx: get_pipe() to validate endpoint number (bnc#1012382). - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input (bnc#1012382). - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer (bnc#1012382). - usbip: fix usbip bind writing random string after command in match_busid (bnc#1012382). - usbip: keep usbip_device sockfd state in sync with tcp_socket (bnc#1012382). - usbip: list: do not list devices attached to vhci_hcd (bnc#1012382). - usbip: prevent bind loops on devices attached to vhci_hcd (bnc#1012382). - usbip: prevent leaking socket pointer address in messages (bnc#1012382). - usbip: prevent vhci_hcd driver from leaking a socket pointer address (bnc#1012382). - usbip: remove kernel addresses from usb device and urb debug msgs (bnc#1012382). - usbip: stub: stop printing kernel pointer addresses in messages (bnc#1012382). - usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit (bnc#1012382). - usbip: vhci: stop printing kernel pointer addresses in messages (bnc#1012382). - usb: ldusb: add PIDs for new CASSY devices supported by this driver (bnc#1012382). - usb: misc: usb3503: make sure reset is low for at least 100us (bnc#1012382). - usb: musb: da8xx: fix babble condition handling (bnc#1012382). - usb: musb/ux500: remove duplicate check for dma_is_compatible (bnc#1012382). - usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks() (bnc#1012382). - usb: option: Add support for FS040U modem (bnc#1012382). - usb: phy: isp1301: Add OF device ID table (bnc#1012382). - usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled (git-fixes). - usb: phy: msm add regulator dependency (bnc#1012382). - usb: phy: tahvo: fix error handling in tahvo_usb_probe() (bnc#1012382). - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub (bnc#1012382). - usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path (bnc#1012382). - USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ (bnc#1012382). - USB: serial: cp210x: add new device ID ELV ALC 8xxx (bnc#1012382). - USB: serial: ftdi_sio: add id for Airbus DS P8GR (bnc#1012382). - usb: serial: io_edgeport: fix possible sleep-in-atomic (bnc#1012382). - USB: serial: option: adding support for YUGA CLM920-NC5 (bnc#1012382). - USB: serial: option: add Quectel BG96 id (bnc#1012382). - USB: serial: option: add support for Telit ME910 PID 0x1101 (bnc#1012382). - usb: serial: pl2303: new device id for Chilitag (bnc#1012382). - USB: serial: qcserial: add Sierra Wireless EM7565 (bnc#1012382). - usb: serial: simple: add Motorola Tetra driver (bnc#1012382). - USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID (bnc#1012382). - usb: uas: unconditionally bring back host after reset (bnc#1012382). - USB: usbfs: Filter flags passed in from user space (bnc#1012382). - usb: usbip: Fix possible deadlocks reported by lockdep (bnc#1012382). - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201 (bnc#1012382). - usb: xhci: fix panic in xhci_free_virt_devices_depth_first (bnc#1012382). - userfaultfd: selftest: vm: allow to build in vm/ directory (bnc#1012382). - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE (bnc#1012382). - v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER (bnc#1012382). - vb2: V4L2_BUF_FLAG_DONE is set after DQBUF (bnc#1012382). - vfs: do not do RCU lookup of empty pathnames (bnc#1012382). - vhost_net: stop device during reset owner (bnc#1012382). - video: fbdev: atmel_lcdfb: fix display-timings lookup (bnc#1012382). - video: fbdev: au1200fb: Release some resources if a memory allocation fails (bnc#1012382). - video: fbdev: au1200fb: Return an error code if a memory allocation fails (bnc#1012382). - video: fbdev/mmp: add MODULE_LICENSE (bnc#1012382). - video: fbdev: sis: remove unused variable (bnc#1012382). - video: fbdev: via: remove possibly unused variables (bnc#1012382). - video: Use bool instead int pointer for get_opt_bool() argument (bnc#1012382). - virtio_balloon: prevent uninitialized variable use (bnc#1012382). - virtio: release virtio index when fail to device_register (bnc#1012382). - vmbus: add per-channel sysfs info (fate#315887, bsc#1082632). - vmbus: add prefetch to ring buffer iterator (fate#315887, bsc#1082632). - vmbus: do not acquire the mutex in vmbus_hvsock_device_unregister() (fate#315887, bsc#1082632). - vmbus: drop unused ring_buffer_info elements (fate#315887, bsc#1082632). - vmbus: eliminate duplicate cached index (fate#315887, bsc#1082632). - vmbus: hvsock: add proper sync for vmbus_hvsock_device_unregister() (fate#315887, bsc#1082632). - vmbus: initialize reserved fields in messages (fate#315887, bsc#1082632). - vmbus: make channel_message table constant (fate#315887, bsc#1082632). - vmbus: more host signalling avoidance (fate#315887, bsc#1082632). - vmbus: refactor hv_signal_on_read (fate#315887, bsc#1082632). - vmbus: remove unused vmbus_sendpacket_ctl (fate#315887, bsc#1082632). - vmbus: remove unused vmbus_sendpacket_multipagebuffer (fate#315887, bsc#1082632). - vmbus: remove unused vmubs_sendpacket_pagebuffer_ctl (fate#315887, bsc#1082632). - vmbus: Reuse uuid_le_to_bin() helper (fate#315887, bsc#1082632). - vmbus: simplify hv_ringbuffer_read (fate#315887, bsc#1082632). - vmbus: unregister device_obj->channels_kset (fate#315887, bsc#1082632). - vmxnet3: prevent building with 64K pages (bnc#1012382). - vmxnet3: repair memory leak (bnc#1012382). - vsyscall: Fix permissions for emulate mode with KAISER/PTI (bnc#1012382). - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend (bnc#1012382). - vti6: Do not report path MTU below IPV6_MIN_MTU (bnc#1012382). - vti6: fix device register to report IFLA_INFO_KIND (bnc#1012382). - vxlan: consolidate csum flag handling (bsc#1042286). - vxlan: consolidate output route calculation (bsc#1042286). - vxlan: consolidate vxlan_xmit_skb and vxlan6_xmit_skb (bsc#1042286). - vxlan: do not allow overwrite of config src addr (bsc#1042286). - watchdog: imx2_wdt: restore previous timeout after suspend+resume (bnc#1012382). - wireless: cw1200: use __maybe_unused to hide pm functions_ (bnc#1012382). - workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq (bnc#1012382). - writeback: fix memory leak in wb_queue_work() (bnc#1012382). - X.509: fix buffer overflow detection in sprint_oid() (bsc#1075078). - X.509: reject invalid BIT STRING for subjectPublicKey (bnc#1012382). - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86: add MULTIUSER dependency for KVM (bnc#1012382). - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm (bnc#1012382). - x86/alternatives: Fix optimize_nops() checking (bnc#1012382). - x86/apic/vector: Fix off by one in error path (bnc#1012382). - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels (bnc#1012382). - x86/asm: Fix inline asm call constraints for GCC 4.4 (bnc#1012382). - x86/boot: Avoid warning for zero-filling .bss (bnc#1012382). - x86/boot: Fix early command-line parsing when matching at end (bsc#1068032). - x86: bpf_jit: small optimization in emit_bpf_tail_call() (bnc#1012382). - x86/bugs: Drop one "mitigation" from dmesg (bnc#1012382). - x86/build: Silence the build with "make -s" (bnc#1012382). - x86/cpu/bugs: Make retpoline module warning conditional (bnc#1012382). - x86/cpu: Change type of x86_cache_size variable to unsigned int (bnc#1012382). - x86/cpu: Factor out application of forced CPU caps (bnc#1012382). - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382). - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382). - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/cpu: Merge bugs.c and bugs_64.c (bnc#1012382). - x86/cpu: Rename Merrifield2 to Moorefield (bsc#985025). - x86/cpu: Rename "WESTMERE2" family to "NEHALEM_G" (bsc#985025). - x86/cpu, x86/pti: Do not enable PTI on AMD processors (bnc#1012382). - x86/Documentation: Add PTI description (bnc#1012382). - x86/efi: Build our own page table structures (fate#320512). - x86/efi: Hoist page table switching code into efi_call_virt() (fate#320512). - x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0 (bsc#1077560). - x86/entry/64: Use a per-CPU trampoline stack for IDT entries (bsc#1077560). - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() (bnc#1012382). - x86: fix build warnign with 32-bit PAE (bnc#1012382). - x86/fpu/math-emu: Fix possible uninitialized variable use (bnc#1012382). - x86/hpet: Prevent might sleep splat on resume (bnc#1012382). - x86/hyperv: Implement hv_get_tsc_page() (fate#315887, bsc#1082632). - x86/hyper-v: include hyperv/ only when CONFIG_HYPERV is set (fate#315887, bsc#1082632). - x86/hyper-v: Introduce fast hypercall implementation (fate#315887, bsc#1082632). - x86/hyper-v: Make hv_do_hypercall() inline (fate#315887, bsc#1082632). - x86/hyperv: Move TSC reading method to asm/mshyperv.h (fate#315887, bsc#1082632). - x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER (bnc#1012382). - x86/kasan: Clear kasan_zero_page after TLB flush (bnc#1012382). - x86/kasan: Write protect kasan zero shadow (bnc#1012382). - x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested (bsc#1081431). - x86/mce: Pin the timer when modifying (bsc#1080851,1076282). - x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix preemptibility bug (bnc#1012382). - x86/microcode/AMD: Do not load when running on a hypervisor (bnc#1012382). - x86/microcode/AMD: Do not load when running on a hypervisor (bsc#1081436 bsc#1081437). - x86/microcode: Do the family check first (bnc#1012382). - x86/microcode: Do the family check first (bsc#1081436 bsc#1081437). - x86/microcode/intel: Extend BDW late-loading further with LLC size check (bnc#1012382). - x86/microcode/intel: Extend BDW late-loading with a revision check (bnc#1012382). - x86/microcode/intel: Fix BDW late-loading revision check (bnc#1012382). - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier (git-fixes). - x86/mm: Disable PCID on 32-bit kernels (bnc#1012382). - x86/mm/kmmio: Fix mmiotrace for page unaligned addresses (bnc#1012382). - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (fate#320588). - x86/mm/pkeys: Fix fill_sig_info_pkey (fate#321300). - x86/nospec: Fix header guards names (bnc#1012382). - x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() (bnc#1012382). - x86/paravirt: Remove 'noreplace-paravirt' cmdline option (bnc#1012382). - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bnc#1012382). - x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG (bnc#1012382). - x86/platform/olpc: Fix resume handler build warning (bnc#1012382). - x86/pti: Document fix wrong index (bnc#1012382). - x86/pti/efi: broken conversion from efi to kernel page table (bnc#1012382). - x86/pti: Make unpoison of pgd for trusted boot work for real (bnc#1012382). - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382). - x86/ras/inject: Make it depend on X86_LOCAL_APIC=y (bnc#1012382). - x86/retpoline: Avoid retpolines for built-in __init functions (bnc#1012382). - x86/retpoline/hyperv: Convert assembler indirect jumps (fate#315887, bsc#1082632). - x86/retpoline: Remove the esp/rsp thunk (bnc#1012382). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/smpboot: Remove stale TLB flush invocations (bnc#1012382). - x86/spectre: Check CONFIG_RETPOLINE in command line parser (bnc#1012382). - x86/spectre: Fix an error message (git-fixes). - x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable" (bnc#1012382). - x86/spectre: Remove the out-of-tree RSB stuffing - x86/spectre: Simplify spectre_v2 command line parsing (bnc#1012382). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL (bnc#1012382). - x86/tlb: Drop the _GPL from the cpu_tlbstate export (bnc#1012382). - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (bnc#1012382). - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend (bnc#1065600). - xen: Fix trampoline stack loading issue on XEN PV. - xen/gntdev: Fix off-by-one error when unmapping with holes (bnc#1012382). - xen/gntdev: Fix partial gntdev_mmap() cleanup (bnc#1012382). - xen-netfront: avoid crashing on resume after a failure in talk_to_netback() (bnc#1012382). - xen-netfront: enable device after manual module load (bnc#1012382). - xen-netfront: Improve error handling during initialization (bnc#1012382). - xen-netfront: remove warning when unloading module (bnc#1012382). - xen: XEN_ACPI_PROCESSOR is Dom0-only (bnc#1012382). - xfrm: check id proto in validate_tmpl() (bnc#1012382). - xfrm: Copy policy family in clone_policy (bnc#1012382). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (bnc#1012382). - xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies (bnc#1012382). - xfrm_user: propagate sec ctx allocation errors (bsc#1042286). - xfs: add configurable error support to metadata buffers (bsc#1068569). - xfs: add configuration handlers for specific errors (bsc#1068569). - xfs: add configuration of error failure speed (bsc#1068569). - xfs: add "fail at unmount" error handling configuration (bsc#1068569). - xfs: Add infrastructure needed for error propagation during buffer IO failure (bsc#1068569). - xfs: address kabi for xfs buffer retry infrastructure (kabi). - xfs: configurable error behavior via sysfs (bsc#1068569). - xfs: do not chain ioends during writepage submission (bsc#1077285 bsc#1043441). - xfs: factor mapping out of xfs_do_writepage (bsc#1077285 bsc#1043441). - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real (bnc#1012382). - xfs: fix log block underflow during recovery cycle verification (bnc#1012382). - xfs: fix up inode32/64 (re)mount handling (bsc#1069160). - xfs: introduce metadata IO error class (bsc#1068569). - xfs: introduce table-based init for error behaviors (bsc#1068569). - xfs: Introduce writeback context for writepages (bsc#1077285 bsc#1043441). - xfs: ioends require logically contiguous file offsets (bsc#1077285 bsc#1043441). - xfs: Properly retry failed inode items in case of error during buffer writeback (bsc#1068569). - xfs: quota: check result of register_shrinker() (bnc#1012382). - xfs: quota: fix missed destroy of qi_tree_lock (bnc#1012382). - xfs: reinit btree pointer on attr tree inactivation walk (bsc#1078787). - xfs: remove nonblocking mode from xfs_vm_writepage (bsc#1077285 bsc#1043441). - xfs: remove xfs_cancel_ioend (bsc#1077285 bsc#1043441). - xfs: remove xfs_trans_ail_delete_bulk (bsc#1068569). - xfs: stop searching for free slots in an inode chunk when there are none (bsc#1072739). - xfs: toggle readonly state around xfs_log_mount_finish (bsc#1073401). - xfs: ubsan fixes (bnc#1012382). - xfs: validate sb_logsunit is a multiple of the fs blocksize (bsc#1077513). - xfs: write unmount record for ro mounts (bsc#1073401). - xfs: xfs_cluster_write is redundant (bsc#1077285 bsc#1043441). - xhci: Do not add a virt_dev to the devs array before it's fully allocated (bnc#1012382). - xhci: Fix ring leak in failure path of xhci_alloc_virt_device() (bnc#1012382). - xhci: plat: Register shutdown for xhci_plat (bnc#1012382). - xtensa: fix futex_atomic_cmpxchg_inatomic (bnc#1012382). - zram: fix operator precedence to get offset (bsc#1082979). - zram: set physical queue limits to avoid array out of bounds accesses (bnc#1012382). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP3: zypper in -t patch SUSE-SLE-RT-12-SP3-2018-663=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP3 (x86_64): cluster-md-kmp-rt-4.4.120-3.8.1 cluster-md-kmp-rt-debuginfo-4.4.120-3.8.1 dlm-kmp-rt-4.4.120-3.8.1 dlm-kmp-rt-debuginfo-4.4.120-3.8.1 gfs2-kmp-rt-4.4.120-3.8.1 gfs2-kmp-rt-debuginfo-4.4.120-3.8.1 kernel-rt-4.4.120-3.8.1 kernel-rt-base-4.4.120-3.8.1 kernel-rt-base-debuginfo-4.4.120-3.8.1 kernel-rt-debuginfo-4.4.120-3.8.1 kernel-rt-debugsource-4.4.120-3.8.1 kernel-rt-devel-4.4.120-3.8.1 kernel-rt_debug-debuginfo-4.4.120-3.8.1 kernel-rt_debug-debugsource-4.4.120-3.8.1 kernel-rt_debug-devel-4.4.120-3.8.1 kernel-rt_debug-devel-debuginfo-4.4.120-3.8.1 kernel-syms-rt-4.4.120-3.8.1 ocfs2-kmp-rt-4.4.120-3.8.1 ocfs2-kmp-rt-debuginfo-4.4.120-3.8.1 - SUSE Linux Enterprise Real Time Extension 12-SP3 (noarch): kernel-devel-rt-4.4.120-3.8.1 kernel-source-rt-4.4.120-3.8.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2017-15129.html https://www.suse.com/security/cve/CVE-2017-15951.html https://www.suse.com/security/cve/CVE-2017-16644.html https://www.suse.com/security/cve/CVE-2017-16912.html https://www.suse.com/security/cve/CVE-2017-16913.html https://www.suse.com/security/cve/CVE-2017-17712.html https://www.suse.com/security/cve/CVE-2017-17862.html https://www.suse.com/security/cve/CVE-2017-17864.html https://www.suse.com/security/cve/CVE-2017-17975.html https://www.suse.com/security/cve/CVE-2017-18017.html https://www.suse.com/security/cve/CVE-2017-18174.html https://www.suse.com/security/cve/CVE-2017-18208.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1000026.html https://www.suse.com/security/cve/CVE-2018-5332.html https://www.suse.com/security/cve/CVE-2018-5333.html https://www.suse.com/security/cve/CVE-2018-8087.html https://bugzilla.suse.com/1006867 https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1015342 https://bugzilla.suse.com/1015343 https://bugzilla.suse.com/1019784 https://bugzilla.suse.com/1020645 https://bugzilla.suse.com/1022595 https://bugzilla.suse.com/1022607 https://bugzilla.suse.com/1022912 https://bugzilla.suse.com/1024296 https://bugzilla.suse.com/1024376 https://bugzilla.suse.com/1027054 https://bugzilla.suse.com/1031492 https://bugzilla.suse.com/1031717 https://bugzilla.suse.com/1033587 https://bugzilla.suse.com/1034503 https://bugzilla.suse.com/1037838 https://bugzilla.suse.com/1038078 https://bugzilla.suse.com/1038085 https://bugzilla.suse.com/1040182 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1043441 https://bugzilla.suse.com/1043652 https://bugzilla.suse.com/1043725 https://bugzilla.suse.com/1043726 https://bugzilla.suse.com/1048325 https://bugzilla.suse.com/1048585 https://bugzilla.suse.com/1053472 https://bugzilla.suse.com/1060279 https://bugzilla.suse.com/1062129 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065615 https://bugzilla.suse.com/1066163 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1067118 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068038 https://bugzilla.suse.com/1068569 https://bugzilla.suse.com/1068984 https://bugzilla.suse.com/1069135 https://bugzilla.suse.com/1069138 https://bugzilla.suse.com/1069160 https://bugzilla.suse.com/1070052 https://bugzilla.suse.com/1070404 https://bugzilla.suse.com/1070799 https://bugzilla.suse.com/1071306 https://bugzilla.suse.com/1071892 https://bugzilla.suse.com/1072163 https://bugzilla.suse.com/1072363 https://bugzilla.suse.com/1072484 https://bugzilla.suse.com/1072689 https://bugzilla.suse.com/1072739 https://bugzilla.suse.com/1072865 https://bugzilla.suse.com/1073229 https://bugzilla.suse.com/1073401 https://bugzilla.suse.com/1073407 https://bugzilla.suse.com/1073928 https://bugzilla.suse.com/1074134 https://bugzilla.suse.com/1074198 https://bugzilla.suse.com/1074426 https://bugzilla.suse.com/1074488 https://bugzilla.suse.com/1074621 https://bugzilla.suse.com/1074839 https://bugzilla.suse.com/1074847 https://bugzilla.suse.com/1075066 https://bugzilla.suse.com/1075078 https://bugzilla.suse.com/1075087 https://bugzilla.suse.com/1075091 https://bugzilla.suse.com/1075397 https://bugzilla.suse.com/1075428 https://bugzilla.suse.com/1075617 https://bugzilla.suse.com/1075621 https://bugzilla.suse.com/1075627 https://bugzilla.suse.com/1075811 https://bugzilla.suse.com/1075994 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1076110 https://bugzilla.suse.com/1076187 https://bugzilla.suse.com/1076232 https://bugzilla.suse.com/1076282 https://bugzilla.suse.com/1076693 https://bugzilla.suse.com/1076760 https://bugzilla.suse.com/1076805 https://bugzilla.suse.com/1076847 https://bugzilla.suse.com/1076872 https://bugzilla.suse.com/1076899 https://bugzilla.suse.com/1076982 https://bugzilla.suse.com/1077068 https://bugzilla.suse.com/1077241 https://bugzilla.suse.com/1077285 https://bugzilla.suse.com/1077513 https://bugzilla.suse.com/1077560 https://bugzilla.suse.com/1077592 https://bugzilla.suse.com/1077704 https://bugzilla.suse.com/1077779 https://bugzilla.suse.com/1077871 https://bugzilla.suse.com/1078002 https://bugzilla.suse.com/1078583 https://bugzilla.suse.com/1078672 https://bugzilla.suse.com/1078673 https://bugzilla.suse.com/1078681 https://bugzilla.suse.com/1078787 https://bugzilla.suse.com/1079029 https://bugzilla.suse.com/1079038 https://bugzilla.suse.com/1079195 https://bugzilla.suse.com/1079313 https://bugzilla.suse.com/1079384 https://bugzilla.suse.com/1079609 https://bugzilla.suse.com/1079886 https://bugzilla.suse.com/1079989 https://bugzilla.suse.com/1080014 https://bugzilla.suse.com/1080263 https://bugzilla.suse.com/1080321 https://bugzilla.suse.com/1080344 https://bugzilla.suse.com/1080364 https://bugzilla.suse.com/1080384 https://bugzilla.suse.com/1080464 https://bugzilla.suse.com/1080533 https://bugzilla.suse.com/1080656 https://bugzilla.suse.com/1080774 https://bugzilla.suse.com/1080813 https://bugzilla.suse.com/1080851 https://bugzilla.suse.com/1081134 https://bugzilla.suse.com/1081431 https://bugzilla.suse.com/1081436 https://bugzilla.suse.com/1081437 https://bugzilla.suse.com/1081491 https://bugzilla.suse.com/1081498 https://bugzilla.suse.com/1081500 https://bugzilla.suse.com/1081512 https://bugzilla.suse.com/1081514 https://bugzilla.suse.com/1081681 https://bugzilla.suse.com/1081735 https://bugzilla.suse.com/1082089 https://bugzilla.suse.com/1082223 https://bugzilla.suse.com/1082299 https://bugzilla.suse.com/1082373 https://bugzilla.suse.com/1082478 https://bugzilla.suse.com/1082632 https://bugzilla.suse.com/1082795 https://bugzilla.suse.com/1082864 https://bugzilla.suse.com/1082897 https://bugzilla.suse.com/1082979 https://bugzilla.suse.com/1082993 https://bugzilla.suse.com/1083048 https://bugzilla.suse.com/1083056 https://bugzilla.suse.com/1083086 https://bugzilla.suse.com/1083223 https://bugzilla.suse.com/1083387 https://bugzilla.suse.com/1083409 https://bugzilla.suse.com/1083494 https://bugzilla.suse.com/1083548 https://bugzilla.suse.com/1083750 https://bugzilla.suse.com/1083770 https://bugzilla.suse.com/1084041 https://bugzilla.suse.com/1084397 https://bugzilla.suse.com/1084427 https://bugzilla.suse.com/1084610 https://bugzilla.suse.com/1084772 https://bugzilla.suse.com/1084888 https://bugzilla.suse.com/1084926 https://bugzilla.suse.com/1084928 https://bugzilla.suse.com/1084967 https://bugzilla.suse.com/1085011 https://bugzilla.suse.com/1085015 https://bugzilla.suse.com/1085045 https://bugzilla.suse.com/1085047 https://bugzilla.suse.com/1085050 https://bugzilla.suse.com/1085053 https://bugzilla.suse.com/1085054 https://bugzilla.suse.com/1085056 https://bugzilla.suse.com/1085107 https://bugzilla.suse.com/1085224 https://bugzilla.suse.com/1085239 https://bugzilla.suse.com/863764 https://bugzilla.suse.com/963844 https://bugzilla.suse.com/966170 https://bugzilla.suse.com/966172 https://bugzilla.suse.com/966328 https://bugzilla.suse.com/969476 https://bugzilla.suse.com/969477 https://bugzilla.suse.com/973818 https://bugzilla.suse.com/975772 https://bugzilla.suse.com/983145 https://bugzilla.suse.com/985025 From sle-updates at lists.suse.com Thu Apr 19 16:07:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 00:07:11 +0200 (CEST) Subject: SUSE-SU-2018:0987-1: moderate: Security update for slurm Message-ID: <20180419220711.4EAE3FD2E@maintenance.suse.de> SUSE Security Update: Security update for slurm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0987-1 Rating: moderate References: #1084125 #1085240 #1088693 Cross-References: CVE-2018-7033 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for slurm fixes the following issues: - Fix interaction with systemd: systemd expects that a daemonizing process doesn't go away until the PID file with it PID of the daemon has bee written (bsc#1084125). - Make sure systemd services get restarted only when all packages are in a consistent state, not in the middle of an 'update' transaction (bsc#1088693). Since the %postun scripts that run on update are from the old package they cannot be changed - thus we work around the restart breakage. - CVE-2018-7033: Fixed security issue in accounting_storage/mysql plugin by always escaping strings within the slurmdbd (bsc#1085240). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2018-664=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libpmi0-17.02.10-6.16.1 libpmi0-debuginfo-17.02.10-6.16.1 libslurm31-17.02.10-6.16.1 libslurm31-debuginfo-17.02.10-6.16.1 perl-slurm-17.02.10-6.16.1 perl-slurm-debuginfo-17.02.10-6.16.1 slurm-17.02.10-6.16.1 slurm-auth-none-17.02.10-6.16.1 slurm-auth-none-debuginfo-17.02.10-6.16.1 slurm-debuginfo-17.02.10-6.16.1 slurm-debugsource-17.02.10-6.16.1 slurm-devel-17.02.10-6.16.1 slurm-doc-17.02.10-6.16.1 slurm-lua-17.02.10-6.16.1 slurm-lua-debuginfo-17.02.10-6.16.1 slurm-munge-17.02.10-6.16.1 slurm-munge-debuginfo-17.02.10-6.16.1 slurm-pam_slurm-17.02.10-6.16.1 slurm-pam_slurm-debuginfo-17.02.10-6.16.1 slurm-plugins-17.02.10-6.16.1 slurm-plugins-debuginfo-17.02.10-6.16.1 slurm-sched-wiki-17.02.10-6.16.1 slurm-slurmdb-direct-17.02.10-6.16.1 slurm-slurmdbd-17.02.10-6.16.1 slurm-slurmdbd-debuginfo-17.02.10-6.16.1 slurm-sql-17.02.10-6.16.1 slurm-sql-debuginfo-17.02.10-6.16.1 slurm-torque-17.02.10-6.16.1 slurm-torque-debuginfo-17.02.10-6.16.1 References: https://www.suse.com/security/cve/CVE-2018-7033.html https://bugzilla.suse.com/1084125 https://bugzilla.suse.com/1085240 https://bugzilla.suse.com/1088693 From sle-updates at lists.suse.com Fri Apr 20 07:07:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:07:20 +0200 (CEST) Subject: SUSE-SU-2018:0988-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP1) Message-ID: <20180420130720.BF8F1FD2E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0988-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_69 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-694=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-694=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_69-default-2-2.1 kgraft-patch-3_12_74-60_64_69-xen-2-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_69-default-2-2.1 kgraft-patch-3_12_74-60_64_69-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:08:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:08:20 +0200 (CEST) Subject: SUSE-SU-2018:0989-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP2) Message-ID: <20180420130820.652E9FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0989-1 Rating: important References: #1073230 #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.90-92_45 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-674=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-674=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_90-92_45-default-5-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_90-92_45-default-5-2.2 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1073230 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:09:32 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:09:32 +0200 (CEST) Subject: SUSE-SU-2018:0990-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) Message-ID: <20180420130932.07055FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0990-1 Rating: important References: #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.114-92_64 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-667=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-667=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_114-92_64-default-2-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_114-92_64-default-2-2.2 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:10:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:10:19 +0200 (CEST) Subject: SUSE-SU-2018:0991-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP1) Message-ID: <20180420131019.238C4FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0991-1 Rating: important References: #1083488 Cross-References: CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.74-60_64_85 fixes one issue. The following security issue was fixed: - CVE-2018-7566: The Linux kernel had a buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-696=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-696=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_85-default-2-2.1 kgraft-patch-3_12_74-60_64_85-xen-2-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_85-default-2-2.1 kgraft-patch-3_12_74-60_64_85-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1083488 From sle-updates at lists.suse.com Fri Apr 20 07:10:46 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:10:46 +0200 (CEST) Subject: SUSE-SU-2018:0992-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP1) Message-ID: <20180420131046.4ADFDFD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0992-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_51 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-686=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-686=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_51-default-7-2.1 kgraft-patch-3_12_74-60_64_51-xen-7-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_51-default-7-2.1 kgraft-patch-3_12_74-60_64_51-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:11:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:11:43 +0200 (CEST) Subject: SUSE-SU-2018:0993-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP2) Message-ID: <20180420131143.07390FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0993-1 Rating: important References: #1073230 #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.74-92_35 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-668=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-668=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_74-92_35-default-8-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_74-92_35-default-8-2.2 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1073230 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:12:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:12:41 +0200 (CEST) Subject: SUSE-SU-2018:0994-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 12) Message-ID: <20180420131241.DDF35FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0994-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_111 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-709=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_111-default-3-2.1 kgraft-patch-3_12_61-52_111-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:13:36 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:13:36 +0200 (CEST) Subject: SUSE-SU-2018:0995-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12) Message-ID: <20180420131336.A858EFD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0995-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_101 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-698=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_101-default-4-2.1 kgraft-patch-3_12_61-52_101-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:14:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:14:30 +0200 (CEST) Subject: SUSE-SU-2018:0996-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 12) Message-ID: <20180420131430.4D59BFD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0996-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_83 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-704=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_83-default-7-2.1 kgraft-patch-3_12_61-52_83-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:15:25 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:15:25 +0200 (CEST) Subject: SUSE-SU-2018:0997-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3) Message-ID: <20180420131525.2021AFD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0997-1 Rating: important References: #1073230 #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.82-6_6 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-682=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_6-default-6-2.1 kgraft-patch-4_4_82-6_6-default-debuginfo-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1073230 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:16:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:16:43 +0200 (CEST) Subject: SUSE-SU-2018:0998-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP3) Message-ID: <20180420131643.8CE4DFD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0998-1 Rating: important References: #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.114-94_14 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-677=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_114-94_14-default-2-2.1 kgraft-patch-4_4_114-94_14-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:17:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:17:22 +0200 (CEST) Subject: SUSE-SU-2018:0999-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 12) Message-ID: <20180420131722.1100FFD2E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0999-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_77 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-702=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_77-default-9-2.1 kgraft-patch-3_12_61-52_77-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:18:18 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:18:18 +0200 (CEST) Subject: SUSE-SU-2018:1000-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12) Message-ID: <20180420131818.1C914FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1000-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_89 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-706=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_89-default-7-2.1 kgraft-patch-3_12_61-52_89-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:19:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:19:14 +0200 (CEST) Subject: SUSE-SU-2018:1001-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 12) Message-ID: <20180420131914.B31F2FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1001-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_92 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-705=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_92-default-6-2.1 kgraft-patch-3_12_61-52_92-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:20:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:20:14 +0200 (CEST) Subject: SUSE-SU-2018:1002-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP3) Message-ID: <20180420132014.267C9FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1002-1 Rating: important References: #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.114-94_11 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-676=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_114-94_11-default-2-2.1 kgraft-patch-4_4_114-94_11-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:21:00 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:21:00 +0200 (CEST) Subject: SUSE-SU-2018:1003-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) Message-ID: <20180420132100.80C34FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1003-1 Rating: important References: #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.114-92_67 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-673=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-673=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_114-92_67-default-2-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_114-92_67-default-2-2.2 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:21:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:21:42 +0200 (CEST) Subject: SUSE-SU-2018:1004-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) Message-ID: <20180420132142.BD949FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1004-1 Rating: important References: #1073230 #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.103-92_53 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-672=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-672=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_103-92_53-default-4-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_103-92_53-default-4-2.2 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1073230 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:22:46 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:22:46 +0200 (CEST) Subject: SUSE-SU-2018:1005-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1) Message-ID: <20180420132246.B74ECFD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1005-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_57 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-690=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-690=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_57-default-7-2.1 kgraft-patch-3_12_74-60_64_57-xen-7-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_57-default-7-2.1 kgraft-patch-3_12_74-60_64_57-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:23:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:23:42 +0200 (CEST) Subject: SUSE-SU-2018:1006-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 12) Message-ID: <20180420132342.1EDFDFD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1006-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_80 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-701=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_80-default-8-2.1 kgraft-patch-3_12_61-52_80-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:24:40 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:24:40 +0200 (CEST) Subject: SUSE-SU-2018:1007-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2) Message-ID: <20180420132440.9BCA2FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1007-1 Rating: important References: #1073230 #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.74-92_38 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-712=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-712=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_74-92_38-default-7-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_74-92_38-default-7-2.2 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1073230 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:25:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:25:50 +0200 (CEST) Subject: SUSE-SU-2018:1008-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP1) Message-ID: <20180420132550.A1C93FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1008-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_45 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-689=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-689=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_45-default-9-2.1 kgraft-patch-3_12_74-60_64_45-xen-9-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_45-default-9-2.1 kgraft-patch-3_12_74-60_64_45-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:26:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:26:35 +0200 (CEST) Subject: SUSE-SU-2018:1009-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12) Message-ID: <20180420132635.A9C69FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1009-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_86 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-703=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_86-default-7-2.1 kgraft-patch-3_12_61-52_86-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:27:23 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:27:23 +0200 (CEST) Subject: SUSE-SU-2018:1010-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 12) Message-ID: <20180420132723.25B16FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1010-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_72 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-700=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_72-default-9-2.1 kgraft-patch-3_12_61-52_72-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:28:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:28:19 +0200 (CEST) Subject: SUSE-SU-2018:1011-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2) Message-ID: <20180420132819.42620FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1011-1 Rating: important References: #1073230 #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.90-92_50 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-675=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-675=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_90-92_50-default-5-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_90-92_50-default-5-2.2 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1073230 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:29:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:29:22 +0200 (CEST) Subject: SUSE-SU-2018:1012-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP2) Message-ID: <20180420132922.9D839FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1012-1 Rating: important References: #1073230 #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.59-92_17 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-666=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-666=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_59-92_17-default-10-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_59-92_17-default-10-2.2 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1073230 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:30:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:30:31 +0200 (CEST) Subject: SUSE-SU-2018:1013-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP3) Message-ID: <20180420133031.80697FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1013-1 Rating: important References: #1073230 #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.90-6_12 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-681=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_92-6_18-default-5-2.1 kgraft-patch-4_4_92-6_18-default-debuginfo-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1073230 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:31:25 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:31:25 +0200 (CEST) Subject: SUSE-SU-2018:1014-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP1) Message-ID: <20180420133125.95885FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1014-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_60 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-691=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-691=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_60-default-6-2.1 kgraft-patch-3_12_74-60_64_60-xen-6-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_60-default-6-2.1 kgraft-patch-3_12_74-60_64_60-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:32:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:32:17 +0200 (CEST) Subject: SUSE-SU-2018:1015-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP1) Message-ID: <20180420133217.606B5FD2E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1015-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_48 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-688=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-688=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_48-default-8-2.1 kgraft-patch-3_12_74-60_64_48-xen-8-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_48-default-8-2.1 kgraft-patch-3_12_74-60_64_48-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:33:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:33:12 +0200 (CEST) Subject: SUSE-SU-2018:1016-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12) Message-ID: <20180420133312.B2F73FD2E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1016-1 Rating: important References: #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_119 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: The Linux kernel had a buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-710=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_119-default-3-2.1 kgraft-patch-3_12_61-52_119-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:34:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:34:07 +0200 (CEST) Subject: SUSE-OU-2018:1017-1: Initial release of python3-MarkupSafe and -msgpack-python Message-ID: <20180420133407.F3280FD2B@maintenance.suse.de> SUSE Optional Update: Initial release of python3-MarkupSafe and -msgpack-python ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1017-1 Rating: low References: #1073879 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module for the SUSE Linux Enterprise Storage: - python3-MarkupSafe - python3-msgpack-python Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-699=1 Package List: - SUSE Enterprise Storage 4 (aarch64 x86_64): python-MarkupSafe-0.23-3.3.1 python-MarkupSafe-debuginfo-0.23-3.3.1 python-MarkupSafe-debugsource-0.23-3.3.1 python-msgpack-python-0.4.8-3.3.1 python-msgpack-python-debuginfo-0.4.8-3.3.1 python-msgpack-python-debugsource-0.4.8-3.3.1 python3-MarkupSafe-0.23-3.3.1 python3-msgpack-python-0.4.8-3.3.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Fri Apr 20 07:34:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:34:35 +0200 (CEST) Subject: SUSE-SU-2018:1018-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP1) Message-ID: <20180420133435.4C776FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1018-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_66 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-693=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-693=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_66-default-3-2.1 kgraft-patch-3_12_74-60_64_66-xen-3-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_66-default-3-2.1 kgraft-patch-3_12_74-60_64_66-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:35:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:35:35 +0200 (CEST) Subject: SUSE-SU-2018:1019-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP2) Message-ID: <20180420133535.41235FD2E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1019-1 Rating: important References: #1073230 #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.59-92_20 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-711=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-711=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_59-92_20-default-10-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_59-92_20-default-10-2.2 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1073230 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:36:37 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:36:37 +0200 (CEST) Subject: SUSE-SU-2018:1020-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3) Message-ID: <20180420133637.B0034FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1020-1 Rating: important References: #1073230 #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.82-6_9 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-683=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_9-default-6-2.1 kgraft-patch-4_4_82-6_9-default-debuginfo-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1073230 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:37:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:37:50 +0200 (CEST) Subject: SUSE-SU-2018:1021-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP2) Message-ID: <20180420133750.D9C40FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1021-1 Rating: important References: #1073230 #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.59-92_24 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-665=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-665=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_59-92_24-default-9-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_59-92_24-default-9-2.2 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1073230 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:39:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:39:05 +0200 (CEST) Subject: SUSE-SU-2018:1022-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP3) Message-ID: <20180420133905.708D0FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1022-1 Rating: important References: #1073230 #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.103-6_38 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-679=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_103-6_38-default-4-2.1 kgraft-patch-4_4_103-6_38-default-debuginfo-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1073230 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:40:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:40:17 +0200 (CEST) Subject: SUSE-SU-2018:1023-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP2) Message-ID: <20180420134017.D16B9FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1023-1 Rating: important References: #1073230 #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.74-92_32 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-670=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-670=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_74-92_32-default-8-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_74-92_32-default-8-2.2 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1073230 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:41:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:41:20 +0200 (CEST) Subject: SUSE-SU-2018:1024-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 12 SP3) Message-ID: <20180420134120.242BCFD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1024-1 Rating: important References: #1073230 #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.82-6_3 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-684=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_3-default-7-2.1 kgraft-patch-4_4_82-6_3-default-debuginfo-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1073230 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:42:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:42:24 +0200 (CEST) Subject: SUSE-SU-2018:1025-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP1) Message-ID: <20180420134224.A3F9BFD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1025-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_40 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-687=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-687=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_40-default-9-2.1 kgraft-patch-3_12_74-60_64_40-xen-9-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_40-default-9-2.1 kgraft-patch-3_12_74-60_64_40-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:43:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:43:22 +0200 (CEST) Subject: SUSE-SU-2018:1026-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP1) Message-ID: <20180420134322.A63D8FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1026-1 Rating: important References: #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_82 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: The Linux kernel had a buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-695=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-695=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_82-default-2-2.1 kgraft-patch-3_12_74-60_64_82-xen-2-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_82-default-2-2.1 kgraft-patch-3_12_74-60_64_82-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:44:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:44:13 +0200 (CEST) Subject: SUSE-SU-2018:1027-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP3) Message-ID: <20180420134413.ABCC6FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1027-1 Rating: important References: #1073230 #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.103-6_33 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-678=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_103-6_33-default-4-2.1 kgraft-patch-4_4_103-6_33-default-debuginfo-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1073230 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:45:23 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:45:23 +0200 (CEST) Subject: SUSE-SU-2018:1028-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP3) Message-ID: <20180420134523.49730FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1028-1 Rating: important References: #1073230 #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.92-6_30 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-680=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_92-6_30-default-4-2.1 kgraft-patch-4_4_92-6_30-default-debuginfo-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1073230 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:46:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:46:28 +0200 (CEST) Subject: SUSE-SU-2018:1029-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 12) Message-ID: <20180420134628.61900FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1029-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_106 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-697=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_106-default-4-2.1 kgraft-patch-3_12_61-52_106-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:47:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:47:24 +0200 (CEST) Subject: SUSE-SU-2018:1030-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12) Message-ID: <20180420134724.8CE94FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1030-1 Rating: important References: #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_122 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: The Linux kernel had a buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-707=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_122-default-3-2.1 kgraft-patch-3_12_61-52_122-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:48:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:48:15 +0200 (CEST) Subject: SUSE-SU-2018:1031-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) Message-ID: <20180420134815.BD6EFFD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1031-1 Rating: important References: #1073230 #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-671=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-671=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_103-92_56-default-4-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_103-92_56-default-4-2.2 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1073230 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:49:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:49:34 +0200 (CEST) Subject: SUSE-SU-2018:1032-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1) Message-ID: <20180420134934.B72A4FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1032-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_54 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-685=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-685=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_54-default-7-2.1 kgraft-patch-3_12_74-60_64_54-xen-7-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_54-default-7-2.1 kgraft-patch-3_12_74-60_64_54-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:50:40 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:50:40 +0200 (CEST) Subject: SUSE-SU-2018:1033-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2) Message-ID: <20180420135040.A43B8FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1033-1 Rating: important References: #1073230 #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.74-92_29 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-669=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-669=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_74-92_29-default-9-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_74-92_29-default-9-2.2 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1073230 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:51:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:51:41 +0200 (CEST) Subject: SUSE-SU-2018:1034-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP1) Message-ID: <20180420135141.44B1FFD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1034-1 Rating: important References: #1076017 #1083488 #1085114 #1085447 Cross-References: CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_63 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-692=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-692=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_63-default-4-2.1 kgraft-patch-3_12_74-60_64_63-xen-4-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_63-default-4-2.1 kgraft-patch-3_12_74-60_64_63-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1083488 https://bugzilla.suse.com/1085114 https://bugzilla.suse.com/1085447 From sle-updates at lists.suse.com Fri Apr 20 07:52:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 15:52:48 +0200 (CEST) Subject: SUSE-SU-2018:1035-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 12) Message-ID: <20180420135248.7E1BDFD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 33 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1035-1 Rating: important References: #1083488 Cross-References: CVE-2018-7566 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.61-52_125 fixes one issue. The following security issue was fixed: - CVE-2018-7566: The Linux kernel had a buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-708=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_125-default-2-2.1 kgraft-patch-3_12_61-52_125-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-7566.html https://bugzilla.suse.com/1083488 From sle-updates at lists.suse.com Fri Apr 20 13:07:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 21:07:19 +0200 (CEST) Subject: SUSE-SU-2018:1036-1: moderate: Security update for GraphicsMagick Message-ID: <20180420190719.30672FD1F@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1036-1 Rating: moderate References: #1086773 #1087027 #1087037 Cross-References: CVE-2017-18251 CVE-2017-18254 CVE-2018-9018 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: - security update (png.c) * CVE-2018-9018: divide-by-zero in the ReadMNGImage function of coders/png.c. Attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. [bsc#1086773] - security update (gif.c) * CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file. [bsc#1087027] - security update (pcd.c) * CVE-2017-18251: A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which could lead to a denial of service via a crafted file. [bsc#1087037] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-13568=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-13568=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-13568=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-78.47.1 libGraphicsMagick2-1.2.5-78.47.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-78.47.1 libGraphicsMagick2-1.2.5-78.47.1 perl-GraphicsMagick-1.2.5-78.47.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-78.47.1 GraphicsMagick-debugsource-1.2.5-78.47.1 References: https://www.suse.com/security/cve/CVE-2017-18251.html https://www.suse.com/security/cve/CVE-2017-18254.html https://www.suse.com/security/cve/CVE-2018-9018.html https://bugzilla.suse.com/1086773 https://bugzilla.suse.com/1087027 https://bugzilla.suse.com/1087037 From sle-updates at lists.suse.com Fri Apr 20 13:08:00 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2018 21:08:00 +0200 (CEST) Subject: SUSE-SU-2018:1037-1: moderate: Security update for zsh Message-ID: <20180420190800.CBE02FD1E@maintenance.suse.de> SUSE Security Update: Security update for zsh ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1037-1 Rating: moderate References: #1089030 Cross-References: CVE-2018-1100 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for zsh fixes the following issues: - CVE-2018-1100: Fixed a buffer overflow in utils.c:checkmailpath() that could lead to local arbitrary code execution ( bsc#1089030) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-zsh-13567=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-zsh-13567=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): zsh-4.3.6-67.9.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): zsh-debuginfo-4.3.6-67.9.3.1 zsh-debugsource-4.3.6-67.9.3.1 References: https://www.suse.com/security/cve/CVE-2018-1100.html https://bugzilla.suse.com/1089030 From sle-updates at lists.suse.com Mon Apr 23 07:06:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Apr 2018 15:06:59 +0200 (CEST) Subject: SUSE-OU-2018:1044-1: Initial release of python3-cryptography Message-ID: <20180423130659.435FEFD1F@maintenance.suse.de> SUSE Optional Update: Initial release of python3-cryptography ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1044-1 Rating: low References: #1073879 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module for the SUSE Linux Enterprise Server: - python3-cryptography Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-716=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): python-cryptography-0.4-3.3.3 python-cryptography-debuginfo-0.4-3.3.3 python-cryptography-debugsource-0.4-3.3.3 python3-cryptography-0.4-3.3.3 python3-cryptography-debuginfo-0.4-3.3.3 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Mon Apr 23 10:07:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Apr 2018 18:07:06 +0200 (CEST) Subject: SUSE-RU-2018:1046-1: moderate: Recommended update for xorg-x11-libxcb, xorg-x11-libX11 Message-ID: <20180423160706.1DC5EFD1D@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-libxcb, xorg-x11-libX11 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1046-1 Rating: moderate References: #1070498 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xorg-x11-libxcb, xorg-x11-libX11 provides the following fix: - Backport a new XCB hand off mechanism to fix crashes in some clients. (bsc#1070498) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-libxcb-13569=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-libxcb-13569=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-libxcb-13569=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-devel-7.4-5.11.72.3.1 xorg-x11-libxcb-devel-7.4-1.31.3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): xorg-x11-libX11-devel-32bit-7.4-5.11.72.3.1 xorg-x11-libxcb-devel-32bit-7.4-1.31.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-7.4-5.11.72.3.1 xorg-x11-libxcb-7.4-1.31.3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): xorg-x11-libX11-32bit-7.4-5.11.72.3.1 xorg-x11-libxcb-32bit-7.4-1.31.3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): xorg-x11-libX11-x86-7.4-5.11.72.3.1 xorg-x11-libxcb-x86-7.4-1.31.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-debuginfo-7.4-5.11.72.3.1 xorg-x11-libX11-debugsource-7.4-5.11.72.3.1 xorg-x11-libxcb-debuginfo-7.4-1.31.3.1 xorg-x11-libxcb-debugsource-7.4-1.31.3.1 References: https://bugzilla.suse.com/1070498 From sle-updates at lists.suse.com Mon Apr 23 13:07:21 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Apr 2018 21:07:21 +0200 (CEST) Subject: SUSE-SU-2018:1047-1: important: Security update for PackageKit Message-ID: <20180423190721.0DA25FD2E@maintenance.suse.de> SUSE Security Update: Security update for PackageKit ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1047-1 Rating: important References: #1086936 Cross-References: CVE-2018-1106 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - CVE-2018-1106: Drop the polkit rule which could allow users in wheel group to install packages without root password (bsc#1086936). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-719=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-719=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-719=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-719=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): PackageKit-debuginfo-1.1.3-24.6.1 PackageKit-debugsource-1.1.3-24.6.1 PackageKit-gstreamer-plugin-1.1.3-24.6.1 PackageKit-gstreamer-plugin-debuginfo-1.1.3-24.6.1 PackageKit-gtk3-module-1.1.3-24.6.1 PackageKit-gtk3-module-debuginfo-1.1.3-24.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): PackageKit-debuginfo-1.1.3-24.6.1 PackageKit-debugsource-1.1.3-24.6.1 PackageKit-devel-1.1.3-24.6.1 PackageKit-devel-debuginfo-1.1.3-24.6.1 libpackagekit-glib2-devel-1.1.3-24.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): PackageKit-1.1.3-24.6.1 PackageKit-backend-zypp-1.1.3-24.6.1 PackageKit-backend-zypp-debuginfo-1.1.3-24.6.1 PackageKit-debuginfo-1.1.3-24.6.1 PackageKit-debugsource-1.1.3-24.6.1 libpackagekit-glib2-18-1.1.3-24.6.1 libpackagekit-glib2-18-debuginfo-1.1.3-24.6.1 typelib-1_0-PackageKitGlib-1_0-1.1.3-24.6.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): PackageKit-lang-1.1.3-24.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): PackageKit-lang-1.1.3-24.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): PackageKit-1.1.3-24.6.1 PackageKit-backend-zypp-1.1.3-24.6.1 PackageKit-backend-zypp-debuginfo-1.1.3-24.6.1 PackageKit-debuginfo-1.1.3-24.6.1 PackageKit-debugsource-1.1.3-24.6.1 PackageKit-gstreamer-plugin-1.1.3-24.6.1 PackageKit-gstreamer-plugin-debuginfo-1.1.3-24.6.1 PackageKit-gtk3-module-1.1.3-24.6.1 PackageKit-gtk3-module-debuginfo-1.1.3-24.6.1 libpackagekit-glib2-18-1.1.3-24.6.1 libpackagekit-glib2-18-debuginfo-1.1.3-24.6.1 typelib-1_0-PackageKitGlib-1_0-1.1.3-24.6.1 References: https://www.suse.com/security/cve/CVE-2018-1106.html https://bugzilla.suse.com/1086936 From sle-updates at lists.suse.com Mon Apr 23 13:07:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Apr 2018 21:07:58 +0200 (CEST) Subject: SUSE-SU-2018:1048-1: important: Security update for the Linux Kernel Message-ID: <20180423190758.B93F4FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1048-1 Rating: important References: #1012382 #1019695 #1019699 #1022604 #1031717 #1046610 #1060799 #1064206 #1068032 #1073059 #1073069 #1075428 #1076033 #1077560 #1083574 #1083745 #1083836 #1084223 #1084310 #1084328 #1084353 #1084452 #1084610 #1084699 #1084829 #1084889 #1084898 #1084914 #1084918 #1084967 #1085042 #1085058 #1085224 #1085383 #1085402 #1085404 #1085487 #1085507 #1085511 #1085679 #1085981 #1086015 #1086162 #1086194 #1086357 #1086499 #1086518 #1086607 #1087088 #1087211 #1087231 #1087260 #1087274 #1087659 #1087845 #1087906 #1087999 #1088050 #1088087 #1088241 #1088267 #1088313 #1088324 #1088600 #1088684 #1088871 #802154 Cross-References: CVE-2017-18257 CVE-2018-1091 CVE-2018-7740 CVE-2018-8043 CVE-2018-8822 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 62 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.126 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-1091: In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service (bnc#1087231). - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353). - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829). - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241) - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). The following non-security bugs were fixed: - acpica: Add header support for TPM2 table changes (bsc#1084452). - acpica: Add support for new SRAT subtable (bsc#1085981). - acpica: iasl: Update to IORT SMMUv3 disassembling (bsc#1085981). - acpi/iort: numa: Add numa node mapping for smmuv3 devices (bsc#1085981). - acpi, numa: fix pxm to online numa node associations (bnc#1012382). - acpi / pmic: xpower: Fix power_table addresses (bnc#1012382). - acpi/processor: Fix error handling in __acpi_processor_start() (bnc#1012382). - acpi/processor: Replace racy task affinity logic (bnc#1012382). - add mainline tag to various patches to be able to get further work done - af_iucv: enable control sends in case of SEND_SHUTDOWN (bnc#1085507, LTC#165135). - agp/intel: Flush all chipset writes after updating the GGTT (bnc#1012382). - ahci: Add PCI-id for the Highpoint Rocketraid 644L card (bnc#1012382). - alsa: aloop: Fix access to not-yet-ready substream via cable (bnc#1012382). - alsa: aloop: Sync stale timer before release (bnc#1012382). - alsa: firewire-digi00x: handle all MIDI messages on streaming packets (bnc#1012382). - alsa: hda: Add a power_save blacklist (bnc#1012382). - alsa: hda: add dock and led support for HP EliteBook 820 G3 (bnc#1012382). - alsa: hda: add dock and led support for HP ProBook 640 G2 (bnc#1012382). - alsa: hda/realtek - Always immediately update mute LED with pin VREF (bnc#1012382). - alsa: hda/realtek - Fix dock line-out volume on Dell Precision 7520 (bnc#1012382). - alsa: hda/realtek - Fix speaker no sound after system resume (bsc#1031717). - alsa: hda - Revert power_save option default value (git-fixes). - alsa: pcm: Fix UAF in snd_pcm_oss_get_formats() (bnc#1012382). - alsa: usb-audio: Add a quirck for B&W PX headphones (bnc#1012382). - alsa: usb-audio: Fix parsing descriptor of UAC2 processing unit (bnc#1012382). - apparmor: Make path_max parameter readonly (bnc#1012382). - arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support (bsc#1068032). - arm64: Add missing Falkor part number for branch predictor hardening (bsc#1068032). - arm64: capabilities: Handle duplicate entries for a capability (bsc#1068032). - arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early (bsc#1068032). - arm64 / cpuidle: Use new cpuidle macro for entering retention state (bsc#1084328). - arm64: Enforce BBM for huge IO/VMAP mappings (bsc#1088313). - arm64: fix smccc compilation (bsc#1068032). - arm64: Kill PSCI_GET_VERSION as a variant-2 workaround (bsc#1068032). - arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1068032). - arm64: KVM: Increment PC after handling an SMC trap (bsc#1068032). - arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support (bsc#1068032). - arm64: mm: do not write garbage into TTBR1_EL1 register (bsc#1085487). - arm64: mm: fix thinko in non-global page table attribute check (bsc#1088050). - arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery (bsc#1068032). - arm: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER (bnc#1012382). - arm/arm64: KVM: Add PSCI_VERSION helper (bsc#1068032). - arm/arm64: KVM: Add smccc accessors to PSCI code (bsc#1068032). - arm/arm64: KVM: Advertise SMCCC v1.1 (bsc#1068032). - arm/arm64: KVM: Consolidate the PSCI include files (bsc#1068032). - arm/arm64: KVM: Implement PSCI 1.0 support (bsc#1068032). - arm/arm64: KVM: Turn kvm_psci_version into a static inline (bsc#1068032). - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive (bsc#1068032). - arm/arm64: smccc: Make function identifiers an unsigned quantity (bsc#1068032). - arm: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP (bnc#1012382). - arm: dts: Adjust moxart IRQ controller and flags (bnc#1012382). - arm: dts: am335x-pepper: Fix the audio CODEC's reset pin (bnc#1012382). - arm: dts: exynos: Correct Trats2 panel reset line (bnc#1012382). - arm: dts: koelsch: Correct clock frequency of X2 DU clock input (bnc#1012382). - arm: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382). - arm: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382). - arm: dts: omap3-n900: Fix the audio CODEC's reset pin (bnc#1012382). - arm: dts: r8a7790: Correct parent of SSI[0-9] clocks (bnc#1012382). - arm: dts: r8a7791: Correct parent of SSI[0-9] clocks (bnc#1012382). - arm: mvebu: Fix broken PL310_ERRATA_753970 selects (bnc#1012382). - asoc: rcar: ssi: do not set SSICR.CKDV = 000 with SSIWSR.CONT (bnc#1012382). - ath10k: disallow DFS simulation if DFS channel is not enabled (bnc#1012382). - ath10k: fix invalid STS_CAP_OFFSET_MASK (bnc#1012382). - ath10k: update tdls teardown state to target (bnc#1012382). - ath: Fix updating radar flags for coutry code India (bnc#1012382). - batman-adv: handle race condition for claims between gateways (bnc#1012382). - bcache: do not attach backing with duplicate UUID (bnc#1012382). - blkcg: fix double free of new_blkg in blkcg_init_queue (bnc#1012382). - blk-throttle: make sure expire time isn't too big (bnc#1012382). - block: do not assign cmd_flags in __blk_rq_prep_clone (bsc#1088087). - block-mq: stop workqueue items in blk_mq_stop_hw_queue() (bsc#1084967). - bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174 (bnc#1012382). - bluetooth: hci_qca: Avoid setup failure on missing rampatch (bnc#1012382). - bnx2x: Align RX buffers (bnc#1012382). - bonding: refine bond_fold_stats() wrap detection (bnc#1012382). - bpf: fix incorrect sign extension in check_alu_op() (bnc#1012382). - bpf: skip unnecessary capability check (bnc#1012382). - bpf, x64: implement retpoline for tail call (bnc#1012382). - bpf, x64: increase number of passes (bnc#1012382). - braille-console: Fix value returned by _braille_console_setup (bnc#1012382). - brcmfmac: fix P2P_DEVICE ethernet address generation (bnc#1012382). - bridge: check brport attr show in brport_show (bnc#1012382). - btrfs: alloc_chunk: fix DUP stripe size handling (bnc#1012382). - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device (bnc#1012382). - btrfs: improve delayed refs iterations (bsc#1076033). - btrfs: incremental send, fix invalid memory access (git-fixes). - btrfs: preserve i_mode if __btrfs_set_acl() fails (bnc#1012382). - btrfs: send, fix file hole not being preserved due to inline extent (bnc#1012382). - can: cc770: Fix queue stall & dropped RTR reply (bnc#1012382). - can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack (bnc#1012382). - can: cc770: Fix use after free in cc770_tx_interrupt() (bnc#1012382). - ceph: only dirty ITER_IOVEC pages for direct read (bsc#1084898). - ch9200: use skb_cow_head() to deal with cloned skbs (bsc#1088684). - clk: bcm2835: Protect sections updating shared registers (bnc#1012382). - clk: ns2: Correct SDIO bits (bnc#1012382). - clk: qcom: msm8916: fix mnd_width for codec_digcodec (bnc#1012382). - clk: si5351: Rename internal plls to avoid name collisions (bnc#1012382). - coresight: Fix disabling of CoreSight TPIU (bnc#1012382). - coresight: Fixes coresight DT parse to get correct output port ID (bnc#1012382). - cpufreq: Fix governor module removal race (bnc#1012382). - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init() (bnc#1012382). - cpufreq/sh: Replace racy task affinity logic (bnc#1012382). - cpuidle: Add new macro to enter a retention idle state (bsc#1084328). - cros_ec: fix nul-termination for firmware build info (bnc#1012382). - crypto: cavium - fix memory leak on info (bsc#1086518). - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194). - dccp: check sk for closed state in dccp_sendmsg() (bnc#1012382). - dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped (bnc#1012382). - dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 (bnc#1012382). - dm: Always copy cmd_flags when cloning a request (bsc#1088087). - driver: (adm1275) set the m,b and R coefficients correctly for power (bnc#1012382). - drm: Allow determining if current task is output poll worker (bnc#1012382). - drm/amdgpu/dce: Do not turn off DP sink when disconnected (bnc#1012382). - drm/amdgpu: Fail fb creation from imported dma-bufs. (v2) (bnc#1012382). - drm/amdgpu: Fix deadlock on runtime suspend (bnc#1012382). - drm/amdgpu: fix KV harvesting (bnc#1012382). - drm/amdgpu: Notify sbios device ready before send request (bnc#1012382). - drm/amdkfd: Fix memory leaks in kfd topology (bnc#1012382). - drm: Defer disabling the vblank IRQ until the next interrupt (for instant-off) (bnc#1012382). - drm/edid: set ELD connector type in drm_edid_to_eld() (bnc#1012382). - drm/i915/cmdparser: Do not check past the cmd length (bsc#1031717). - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit (bsc#1031717). - drm/msm: fix leak in failed get_pages (bnc#1012382). - drm/nouveau: Fix deadlock on runtime suspend (bnc#1012382). - drm/nouveau/kms: Increase max retries in scanout position queries (bnc#1012382). - drm/omap: DMM: Check for DMM readiness after successful transaction commit (bnc#1012382). - drm: qxl: Do not alloc fbdev if emulation is not supported (bnc#1012382). - drm/radeon: Do not turn off DP sink when disconnected (bnc#1012382). - drm/radeon: Fail fb creation from imported dma-bufs (bnc#1012382). - drm/radeon: Fix deadlock on runtime suspend (bnc#1012382). - drm/radeon: fix KV harvesting (bnc#1012382). - drm: udl: Properly check framebuffer mmap offsets (bnc#1012382). - drm/vmwgfx: Fix a destoy-while-held mutex problem (bnc#1012382). - drm/vmwgfx: Fixes to vmwgfx_fb (bnc#1012382). - e1000e: Avoid missed interrupts following ICR read (bsc#1075428). - e1000e: Avoid receiver overrun interrupt bursts (bsc#1075428). - e1000e: Fix check_for_link return value with autoneg off (bsc#1075428). - e1000e: Fix link check race condition (bsc#1075428). - e1000e: Fix queue interrupt re-raising in Other interrupt (bsc#1075428). - e1000e: fix timing for 82579 Gigabit Ethernet controller (bnc#1012382). - e1000e: Remove Other from EIAC (bsc#1075428). - edac, sb_edac: Fix out of bound writes during DIMM configuration on KNL (git-fixes 3286d3eb906c). - ext4: inplace xattr block update fails to deduplicate blocks (bnc#1012382). - f2fs: relax node version check for victim data in gc (bnc#1012382). - fib_semantics: Do not match route with mismatching tclassid (bnc#1012382). - firmware/psci: Expose PSCI conduit (bsc#1068032). - firmware/psci: Expose SMCCC version through psci_ops (bsc#1068032). - fixup: sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382). - fs/aio: Add explicit RCU grace period when freeing kioctx (bnc#1012382). - fs/aio: Use RCU accessors for kioctx_table->table[] (bnc#1012382). - fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (git-fixes, bsc#1083745). - fs: Teach path_connected to handle nfs filesystems with multiple roots (bnc#1012382). - genirq: Track whether the trigger type has been set (git-fixes). - genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs (bnc#1012382). - hdlc_ppp: carrier detect ok, do not turn off negotiation (bnc#1012382). - hid: clamp input to logical range if no null state (bnc#1012382). - hid: reject input outside logical range only if null state is set (bnc#1012382). - hugetlbfs: fix offset overflow in hugetlbfs mmap (bnc#1084353). - hv_balloon: fix bugs in num_pages_onlined accounting (fate#323887). - hv_balloon: fix printk loglevel (fate#323887). - hv_balloon: simplify hv_online_page()/hv_page_online_one() (fate#323887). - i2c: i2c-scmi: add a MS HID (bnc#1012382). - i2c: xlp9xx: Check for Bus state before every transfer (bsc#1084310). - i2c: xlp9xx: Handle NACK on DATA properly (bsc#1084310). - i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN properly (bsc#1060799). - i2c: xlp9xx: return ENXIO on slave address NACK (bsc#1060799). - i40e: Acquire NVM lock before reads on all devices (bnc#1012382). - i40e: avoid NVM acquire deadlock during NVM update (git-fixes). - ia64: fix module loading for gcc-5.4 (bnc#1012382). - ib/ipoib: Avoid memory leak if the SA returns a different DGID (bnc#1012382). - ib/ipoib: Update broadcast object if PKey value was changed in index 0 (bnc#1012382). - ib/mlx4: Change vma from shared to private (bnc#1012382). - ib/mlx4: Take write semaphore when changing the vma struct (bnc#1012382). - ibmvfc: Avoid unnecessary port relogin (bsc#1085404). - ibmvnic: Disable irqs before exiting reset from closed state (bsc#1084610). - ibmvnic: Do not reset CRQ for Mobility driver resets (bsc#1088600). - ibmvnic: Fix DMA mapping mistakes (bsc#1088600). - ibmvnic: Fix failover case for non-redundant configuration (bsc#1088600). - ibmvnic: Fix reset return from closed state (bsc#1084610). - ibmvnic: Fix reset scheduler error handling (bsc#1088600). - ibmvnic: Potential NULL dereference in clean_one_tx_pool() (bsc#1085224, git-fixes). - ibmvnic: Remove unused TSO resources in TX pool structure (bsc#1085224). - ibmvnic: Update TX pool cleaning routine (bsc#1085224). - ibmvnic: Zero used TX descriptor counter on reset (bsc#1088600). - ib/umem: Fix use of npages/nmap fields (bnc#1012382). - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() (bnc#1012382). - iio: st_pressure: st_accel: Initialise sensor platform data properly (bnc#1012382). - iio: st_pressure: st_accel: pass correct platform data to init (git-fixes). - ima: relax requiring a file signature for new files with zero length (bnc#1012382). - infiniband/uverbs: Fix integer overflows (bnc#1012382). - input: matrix_keypad - fix race when disabling interrupts (bnc#1012382). - input: qt1070 - add OF device ID table (bnc#1012382). - input: tsc2007 - check for presence and power down tsc2007 during probe (bnc#1012382). - iommu/omap: Register driver before setting IOMMU ops (bnc#1012382). - iommu/vt-d: clean up pr_irq if request_threaded_irq fails (bnc#1012382). - ip6_vti: adjust vti mtu according to mtu of lower device (bnc#1012382). - ipmi: do not probe ACPI devices if si_tryacpi is unset (bsc#1060799). - ipmi: Fix the I2C address extraction from SPMI tables (bsc#1060799). - ipmi_ssif: Fix kernel panic at msg_done_handler (bsc#1088871). - ipmi_ssif: Fix logic around alert handling (bsc#1060799). - ipmi_ssif: remove redundant null check on array client->adapter->name (bsc#1060799). - ipmi_ssif: unlock on allocation failure (bsc#1060799). - ipmi:ssif: Use i2c_adapter_id instead of adapter->nr (bsc#1060799). - ipmi: Use the proper default value for register size in ACPI (bsc#1060799). - ipmi/watchdog: fix wdog hang on panic waiting for ipmi response (bnc#1012382). - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() (bnc#1012382). - ipv6 sit: work around bogus gcc-8 -Wrestrict warning (bnc#1012382). - ipvlan: add L2 check for packets arriving via virtual devices (bnc#1012382). - irqchip/gic-v3-its: Add ACPI NUMA node mapping (bsc#1085981). - irqchip/gic-v3-its: Allow GIC ITS number more than MAX_NUMNODES (bsc#1085981). - irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis (bnc#1012382). - irqchip/gic-v3-its: Remove ACPICA version check for ACPI NUMA (bsc#1085981). - kbuild: disable clang's default use of -fmerge-all-constants (bnc#1012382). - kbuild: Handle builtin dtb file names containing hyphens (bnc#1012382). - kprobes/x86: Fix kprobe-booster not to boost far call instructions (bnc#1012382). - kprobes/x86: Fix to set RWX bits correctly before releasing trampoline (git-fixes). - kprobes/x86: Set kprobes pages read-only (bnc#1012382). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1086499). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1086499). - kvm: arm/arm64: vgic: Do not populate multiple LRs with the same vintid (bsc#1086499). - kvm: arm/arm64: vgic-its: Check result of allocation before use (bsc#). - kvm: arm/arm64: vgic-its: Preserve the revious read from the pending table (bsc#1086499). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1086499). - kvm: mmu: Fix overlap between public and private memslots (bnc#1012382). - kvm: nVMX: fix nested tsc scaling (bsc1087999). - kvm: PPC: Book3S PR: Exit KVM on failed mapping (bnc#1012382). - kvm/x86: fix icebp instruction handling (bnc#1012382). - l2tp: do not accept arbitrary sockets (bnc#1012382). - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs (bnc#1012382). - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs (bnc#1012382). - libata: disable LPM for Crucial BX100 SSD 500GB drive (bnc#1012382). - libata: Enable queued TRIM for Samsung SSD 860 (bnc#1012382). - libata: fix length validation of ATAPI-relayed SCSI commands (bnc#1012382). - libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions (bnc#1012382). - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version (bnc#1012382). - libata: remove WARN() for DMA or PIO command without data (bnc#1012382). - lock_parent() needs to recheck if dentry got __dentry_kill'ed under it (bnc#1012382). - loop: Fix lost writes caused by missing flag (bnc#1012382). - lpfc: update version to 11.4.0.7-1 (bsc#1085383). - mac80211: do not parse encrypted management frames in ieee80211_frame_acked (bnc#1012382). - mac80211: do not WARN on bad WMM parameters from buggy APs (bsc#1031717). - mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED (bnc#1012382). - mac80211: remove BUG() when interface type is invalid (bnc#1012382). - md-cluster: fix wrong condition check in raid1_write_request (bsc#1085402). - md/raid10: skip spare disk as 'first' disk (bnc#1012382). - md/raid10: wait up frozen array in handle_write_completed (bnc#1012382). - md/raid6: Fix anomily when recovering a single device in RAID6 (bnc#1012382). - media: au0828: fix VIDEO_V4L2 dependency (bsc#1031717). - media: bt8xx: Fix err 'bt878_probe()' (bnc#1012382). - media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt (bnc#1012382). - media: cpia2: Fix a couple off by one bugs (bnc#1012382). - media: cx25821: prevent out-of-bounds read on array card (bsc#1031717). - media/dvb-core: Race condition when writing to CAM (bnc#1012382). - media: i2c/soc_camera: fix ov6650 sensor getting wrong clock (bnc#1012382). - media: m88ds3103: do not call a non-initalized function (bnc#1012382). - media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart (bnc#1012382). - media: s3c-camif: fix out-of-bounds array access (bsc#1031717). - mfd: palmas: Reset the POWERHOLD mux during power off (bnc#1012382). - mmc: avoid removing non-removable hosts during suspend (bnc#1012382). - mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs (bnc#1012382). - mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit systems (bsc#1088267). - mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a (bnc#1012382). - mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative() (bnc#1012382). - mm/hugetlb.c: do not call region_abort if region_chg fails (bnc#1084353). - mm/vmalloc: add interfaces to free unmapped page table (bnc#1012382). - mpls, nospec: Sanitize array index in mpls_label_ok() (bnc#1012382). - mt7601u: check return value of alloc_skb (bnc#1012382). - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bnc#1012382). - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bnc#1012382). - mtip32xx: use runtime tag to initialize command header (bnc#1012382). - net/8021q: create device with all possible features in wanted_features (bnc#1012382). - net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred (bnc#1012382). - net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface (bnc#1012382). - net/faraday: Add missing include of of.h (bnc#1012382). - net: fec: Fix unbalanced PM runtime calls (bnc#1012382). - netfilter: add back stackpointer size checks (bnc#1012382). - netfilter: bridge: ebt_among: add missing match size checks (bnc#1012382). - netfilter: IDLETIMER: be syzkaller friendly (bnc#1012382). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (bnc#1012382). - netfilter: nat: cope with negative port range (bnc#1012382). - netfilter: use skb_to_full_sk in ip_route_me_harder (bnc#1012382). - netfilter: x_tables: fix missing timer initialization in xt_LED (bnc#1012382). - netfilter: xt_CT: fix refcnt leak on error path (bnc#1012382). - net: Fix hlist corruptions in inet_evict_bucket() (bnc#1012382). - net: fix race on decreasing number of TX queues (bnc#1012382). - net: hns: Fix ethtool private flags (bsc#1085511). - net: ipv4: avoid unused variable warning for sysctl (git-fixes). - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 (bnc#1012382). - net: ipv6: send unsolicited NA after DAD (git-fixes). - net: ipv6: send unsolicited NA on admin up (bnc#1012382). - net/iucv: Free memory obtained by kzalloc (bnc#1012382). - netlink: avoid a double skb free in genlmsg_mcast() (bnc#1012382). - netlink: ensure to loop over all netns in genlmsg_multicast_allns() (bnc#1012382). - net: mpls: Pull common label check into helper (bnc#1012382). - net: Only honor ifindex in IP_PKTINFO if non-0 (bnc#1012382). - net: systemport: Rewrite __bcm_sysport_tx_reclaim() (bnc#1012382). - net: xfrm: allow clearing socket xfrm policies (bnc#1012382). - nfc: nfcmrvl: double free on error path (bnc#1012382). - nfc: nfcmrvl: Include unaligned.h instead of access_ok.h (bnc#1012382). - nfsd4: permit layoutget of executable-only files (bnc#1012382). - nfs: Fix an incorrect type in struct nfs_direct_req (bnc#1012382). - nospec: Allow index argument to have const-qualified type (bnc#1012382). - nospec: Include dependency (bnc#1012382). - nvme: do not send keep-alive frames during reset (bsc#1084223). - nvme: do not send keep-alives to the discovery controller (bsc#1086607). - nvme: expand nvmf_check_if_ready checks (bsc#1085058). - nvme/rdma: do no start error recovery twice (bsc#1084967). - nvmet_fc: prevent new io rqsts in possible isr completions (bsc#1083574). - of: fix of_device_get_modalias returned length when truncating buffers (bnc#1012382). - openvswitch: Delete conntrack entry clashing with an expectation (bnc#1012382). - Partial revert "e1000e: Avoid receiver overrun interrupt bursts" (bsc#1075428). - pci/ACPI: Fix bus range comparison in pci_mcfg_lookup() (bsc#1084699). - pci: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L (bnc#1012382). - pci: Add pci_reset_function_locked() (bsc#1084889). - pci: Apply Cavium ACS quirk only to CN81xx/CN83xx/CN88xx devices (bsc#1084914). - pci: Avoid FLR for Intel 82579 NICs (bsc#1084889). - pci: Avoid slot reset if bridge itself is broken (bsc#1084918). - pci: Export pcie_flr() (bsc#1084889). - pci: hv: Fix 2 hang issues in hv_compose_msi_msg() (fate#323887, bsc#1087659, bsc#1087906). - pci: hv: Fix a comment typo in _hv_pcifront_read_config() (fate#323887, bsc#1087659). - pci: hv: Only queue new work items in hv_pci_devices_present() if necessary (fate#323887, bsc#1087659). - pci: hv: Remove the bogus test in hv_eject_device_work() (fate#323887, bsc#1087659). - pci: hv: Serialize the present and eject work items (fate#323887, bsc#1087659). - pci: Mark Haswell Power Control Unit as having non-compliant BARs (bsc#1086015). - pci/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown() (bnc#1012382). - pci: Probe for device reset support during enumeration (bsc#1084889). - pci: Protect pci_error_handlers->reset_notify() usage with device_lock() (bsc#1084889). - pci: Protect restore with device lock to be consistent (bsc#1084889). - pci: Remove __pci_dev_reset() and pci_dev_reset() (bsc#1084889). - pci: Remove redundant probes for device reset support (bsc#1084889). - pci: Wait for up to 1000ms after FLR reset (bsc#1084889). - perf inject: Copy events when reordering events in pipe mode (bnc#1012382). - perf probe: Return errno when not hitting any event (bnc#1012382). - perf session: Do not rely on evlist in pipe mode (bnc#1012382). - perf sort: Fix segfault with basic block 'cycles' sort dimension (bnc#1012382). - perf tests kmod-path: Do not fail if compressed modules are not supported (bnc#1012382). - perf tools: Make perf_event__synthesize_mmap_events() scale (bnc#1012382). - perf/x86/intel: Do not accidentally clear high bits in bdw_limit_period() (bnc#1012382). - perf/x86/intel/uncore: Fix multi-domain PCI CHA enumeration bug on Skylake servers (bsc#1086357). - pinctrl: Really force states during suspend/resume (bnc#1012382). - platform/chrome: Use proper protocol transfer function (bnc#1012382). - platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA (bnc#1012382). - power: supply: pda_power: move from timer to delayed_work (bnc#1012382). - ppp: prevent unregistered channels from connecting to PPP units (bnc#1012382). - pty: cancel pty slave port buf's work in tty_release (bnc#1012382). - pwm: tegra: Increase precision in PWM rate calculation (bnc#1012382). - qed: Free RoCE ILT Memory on rmmod qedr (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - qed: Use after free in qed_rdma_free() (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - qeth: repair SBAL elements calculation (bnc#1085507, LTC#165484). - qlcnic: fix unchecked return value (bnc#1012382). - rcutorture/configinit: Fix build directory error message (bnc#1012382). - rdma/cma: Use correct size when writing netlink stats (bnc#1012382). - rdma/core: Do not use invalid destination in determining port reuse (FATE#321231 FATE#321473 FATE#322153 FATE#322149). - rdma/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() (bnc#1012382). - rdma/mlx5: Fix integer overflow while resizing CQ (bnc#1012382). - rdma/ocrdma: Fix permissions for OCRDMA_RESET_STATS (bnc#1012382). - rdma/ucma: Check that user does not overflow QP state (bnc#1012382). - rdma/ucma: Fix access to non-initialized CM_ID object (bnc#1012382). - rdma/ucma: Limit possible option size (bnc#1012382). - regmap: Do not use format_val in regmap_bulk_read (bsc#1031717). - regmap: Fix reversed bounds check in regmap_raw_write() (bsc#1031717). - regmap: Format data for raw write in regmap_bulk_write (bsc#1031717). - regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write() (bsc#1031717). - regulator: anatop: set default voltage selector for pcie (bnc#1012382). - reiserfs: Make cancel_old_flush() reliable (bnc#1012382). - Revert "ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux" (bnc#1012382). - Revert "e1000e: Separate signaling for link check/link up" (bsc#1075428). - Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs" (bnc#1012382). - Revert "ipvlan: add L2 check for packets arriving via virtual devices" (reverted in upstream). - Revert "led: core: Fix brightness setting when setting delay_off=0" (bnc#1012382). - rndis_wlan: add return value validation (bnc#1012382). - rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs (bnc#1012382). - rtlwifi: rtl8723be: Fix loss of signal (bnc#1012382). - rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled (bnc#1012382). - s390/mm: fix local TLB flushing vs. detach of an mm address space (bnc#1088324, LTC#166470). - s390/mm: fix race on mm->context.flush_mm (bnc#1088324, LTC#166470). - s390/mm: no local TLB flush for clearing-by-ASCE IDTE (bnc#1088324, LTC#166470). - s390/qeth: apply takeover changes when mode is toggled (bnc#1085507, LTC#165490). - s390/qeth: do not apply takeover changes to RXIP (bnc#1085507, LTC#165490). - s390/qeth: fix double-free on IP add/remove race (bnc#1085507, LTC#165491). - s390/qeth: fix IPA command submission race (bnc#1012382). - s390/qeth: fix IP address lookup for L3 devices (bnc#1085507, LTC#165491). - s390/qeth: fix IP removal on offline cards (bnc#1085507, LTC#165491). - s390/qeth: fix SETIP command handling (bnc#1012382). - s390/qeth: free netdevice when removing a card (bnc#1012382). - s390/qeth: improve error reporting on IP add/removal (bnc#1085507, LTC#165491). - s390/qeth: lock IP table while applying takeover changes (bnc#1085507, LTC#165490). - s390/qeth: lock read device while queueing next buffer (bnc#1012382). - s390/qeth: on channel error, reject further cmd requests (bnc#1012382). - s390/qeth: update takeover IPs after configuration change (bnc#1085507, LTC#165490). - s390/qeth: when thread completes, wake up all waiters (bnc#1012382). - sched: act_csum: do not mangle TCP and UDP GSO packets (bnc#1012382). - sched: Stop resched_cpu() from sending IPIs to offline CPUs (bnc#1012382). - sched: Stop switched_to_rt() from sending IPIs to offline CPUs (bnc#1012382). - scsi: core: scsi_get_device_flags_keyed(): Always return device flags (bnc#1012382). - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP (bnc#1012382). - scsi: dh: add new rdac devices (bnc#1012382). - scsi: lpfc: Add missing unlock in WQ full logic (bsc#1085383). - scsi: lpfc: Code cleanup for 128byte wqe data type (bsc#1085383). - scsi: lpfc: Fix mailbox wait for POST_SGL mbox command (bsc#1085383). - scsi: lpfc: Fix NVME Initiator FirstBurst (bsc#1085383). - scsi: lpfc: Fix SCSI lun discovery when port configured for both SCSI and NVME (bsc#1085383). - scsi: lpfc: Memory allocation error during driver start-up on power8 (bsc#1085383). - scsi: mac_esp: Replace bogus memory barrier with spinlock (bnc#1012382). - scsi: sg: check for valid direction before starting the request (bnc#1012382). - scsi: sg: fix SG_DXFER_FROM_DEV transfers (bnc#1012382). - scsi: sg: fix static checker warning in sg_is_valid_dxfer (bnc#1012382). - scsi: sg: only check for dxfer_len greater than 256M (bnc#1012382 bsc#1064206). - scsi: virtio_scsi: always read VPD pages for multiqueue too (git-fixes). - scsi: virtio_scsi: Always try to read VPD pages (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v4_get_dst (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v6_get_dst() (bnc#1012382). - sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382). - selftests/x86: Add tests for the STR and SLDT instructions (bnc#1012382). - selftests/x86: Add tests for User-Mode Instruction Prevention (bnc#1012382). - selftests/x86/entry_from_vm86: Add test cases for POPF (bnc#1012382). - selftests/x86/entry_from_vm86: Exit with 1 if we fail (bnc#1012382). - selinux: check for address length in selinux_socket_bind() (bnc#1012382). - serial: 8250_pci: Add Brainboxes UC-260 4 port serial device (bnc#1012382). - serial: sh-sci: prevent lockup on full TTY buffers (bnc#1012382). - skbuff: Fix not waking applications when errors are enqueued (bnc#1012382). - sm501fb: do not return zero on failure path in sm501fb_start() (bnc#1012382). - solo6x10: release vb2 buffers in solo_stop_streaming() (bnc#1012382). - spi: dw: Disable clock after unregistering the host (bnc#1012382). - spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer (bnc#1012382). - spi: sun6i: disable/unprepare clocks on remove (bnc#1012382). - staging: android: ashmem: Fix lockdep issue during llseek (bnc#1012382). - staging: android: ashmem: Fix possible deadlock in ashmem_ioctl (bnc#1012382). - staging: comedi: fix comedi_nsamples_left (bnc#1012382). - staging: lustre: ptlrpc: kfree used instead of kvfree (bnc#1012382). - staging: ncpfs: memory corruption in ncp_read_kernel() (bnc#1012382). - staging: speakup: Replace BUG_ON() with WARN_ON() (bnc#1012382). - staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK set to y (bnc#1012382). - staging: wilc1000: add check for kmalloc allocation failure (bnc#1012382). - staging: wilc1000: fix unchecked return value (bnc#1012382). - sysrq: Reset the watchdog timers while displaying high-resolution timers (bnc#1012382). - target: prefer dbroot of /etc/target over /var/target (bsc#1087274). - tcm_fileio: Prevent information leak for short reads (bnc#1012382). - tcp: remove poll() flakes with FastOpen (bnc#1012382). - tcp: sysctl: Fix a race to avoid unexpected 0 window from space (bnc#1012382). - team: Fix double free in error path (bnc#1012382). - test_firmware: fix setting old custom fw path back on exit (bnc#1012382). - time: Change posix clocks ops interfaces to use timespec64 (bnc#1012382). - timers, sched_clock: Update timeout for clock wrap (bnc#1012382). - tools/usbip: fixes build with musl libc toolchain (bnc#1012382). - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm/tpm_crb: Use start method value from ACPI table directly (bsc#1084452). - tracing: probeevent: Fix to support minus offset from symbol (bnc#1012382). - tty/serial: atmel: add new version check for usart (bnc#1012382). - tty: vt: fix up tabstops properly (bnc#1012382). - uas: fix comparison for error code (bnc#1012382). - ubi: Fix race condition between ubi volume creation and udev (bnc#1012382). - udplite: fix partial checksum initialization (bnc#1012382). - usb: Do not print a warning if interface driver rebind is deferred at resume (bsc#1087211). - usb: dwc2: Make sure we disconnect the gadget state (bnc#1012382). - usb: gadget: bdc: 64-bit pointer capability check (bnc#1012382). - usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control() (bnc#1012382). - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() (bnc#1012382). - usb: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe() (bnc#1012382). - usb: quirks: add control message delay for 1b1c:1b20 (bnc#1012382). - usb: storage: Add JMicron bridge 152d:2567 to unusual_devs.h (bnc#1012382). - usb: usbmon: Read text within supplied buffer size (bnc#1012382). - usb: usbmon: remove assignment from IS_ERR argument (bnc#1012382). - veth: set peer GSO values (bnc#1012382). - vgacon: Set VGA struct resource types (bnc#1012382). - video: ARM CLCD: fix dma allocation size (bnc#1012382). - video: fbdev: udlfb: Fix buffer on stack (bnc#1012382). - video/hdmi: Allow "empty" HDMI infoframes (bnc#1012382). - vxlan: vxlan dev should inherit lowerdev's gso_max_size (bnc#1012382). - wan: pc300too: abort path on failure (bnc#1012382). - watchdog: hpwdt: Check source of NMI (bnc#1012382). - watchdog: hpwdt: fix unused variable warning (bnc#1012382). - watchdog: hpwdt: SMBIOS check (bnc#1012382). - watchdog: sbsa: use 32-bit read for WCV (bsc#1085679). - wil6210: fix memory access violation in wil_memcpy_from/toio_32 (bnc#1012382). - workqueue: Allow retrieval of current task's work struct (bnc#1012382). - x86/apic/vector: Handle legacy irq data correctly (bnc#1012382). - x86/boot/64: Verify alignment of the LOAD segment (bnc#1012382). - x86/build/64: Force the linker to use 2MB page size (bnc#1012382). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86: i8259: export legacy_pic symbol (bnc#1012382). - x86/kaiser: Duplicate cpu_tss for an entry trampoline usage (bsc#1077560 bsc#1083836). - x86/kaiser: enforce trampoline stack alignment (bsc#1087260). - x86/kaiser: Remove a user mapping of cpu_tss structure (bsc#1077560 bsc#1083836). - x86/kaiser: Use a per-CPU trampoline stack for kernel entry (bsc#1077560). - x86/MCE: Serialize sysfs changes (bnc#1012382). - x86/mm: Fix vmalloc_fault to use pXd_large (bnc#1012382). - x86/mm: implement free pmd/pte page interfaces (bnc#1012382). - x86/module: Detect and skip invalid relocations (bnc#1012382). - x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845). - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 (bnc#1012382). - x86/vm86/32: Fix POPF emulation (bnc#1012382). - xen-blkfront: fix mq start/stop race (bsc#1085042). - xen-netback: use skb to determine number of required guest Rx requests (bsc#1046610). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-718=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-718=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-718=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-718=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-718=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-718=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): kernel-default-debuginfo-4.4.126-94.22.1 kernel-default-debugsource-4.4.126-94.22.1 kernel-default-extra-4.4.126-94.22.1 kernel-default-extra-debuginfo-4.4.126-94.22.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.126-94.22.1 kernel-obs-build-debugsource-4.4.126-94.22.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.126-94.22.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.126-94.22.1 kernel-default-base-4.4.126-94.22.1 kernel-default-base-debuginfo-4.4.126-94.22.1 kernel-default-debuginfo-4.4.126-94.22.1 kernel-default-debugsource-4.4.126-94.22.1 kernel-default-devel-4.4.126-94.22.1 kernel-syms-4.4.126-94.22.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.126-94.22.2 kernel-macros-4.4.126-94.22.2 kernel-source-4.4.126-94.22.2 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-man-4.4.126-94.22.1 - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_126-94_22-default-1-4.5.1 kgraft-patch-4_4_126-94_22-default-debuginfo-1-4.5.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.126-94.22.1 cluster-md-kmp-default-debuginfo-4.4.126-94.22.1 dlm-kmp-default-4.4.126-94.22.1 dlm-kmp-default-debuginfo-4.4.126-94.22.1 gfs2-kmp-default-4.4.126-94.22.1 gfs2-kmp-default-debuginfo-4.4.126-94.22.1 kernel-default-debuginfo-4.4.126-94.22.1 kernel-default-debugsource-4.4.126-94.22.1 ocfs2-kmp-default-4.4.126-94.22.1 ocfs2-kmp-default-debuginfo-4.4.126-94.22.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kernel-default-4.4.126-94.22.1 kernel-default-debuginfo-4.4.126-94.22.1 kernel-default-debugsource-4.4.126-94.22.1 kernel-default-devel-4.4.126-94.22.1 kernel-default-extra-4.4.126-94.22.1 kernel-default-extra-debuginfo-4.4.126-94.22.1 kernel-syms-4.4.126-94.22.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-devel-4.4.126-94.22.2 kernel-macros-4.4.126-94.22.2 kernel-source-4.4.126-94.22.2 - SUSE CaaS Platform ALL (x86_64): kernel-default-4.4.126-94.22.1 kernel-default-debuginfo-4.4.126-94.22.1 kernel-default-debugsource-4.4.126-94.22.1 References: https://www.suse.com/security/cve/CVE-2017-18257.html https://www.suse.com/security/cve/CVE-2018-1091.html https://www.suse.com/security/cve/CVE-2018-7740.html https://www.suse.com/security/cve/CVE-2018-8043.html https://www.suse.com/security/cve/CVE-2018-8822.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1019699 https://bugzilla.suse.com/1022604 https://bugzilla.suse.com/1031717 https://bugzilla.suse.com/1046610 https://bugzilla.suse.com/1060799 https://bugzilla.suse.com/1064206 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1073059 https://bugzilla.suse.com/1073069 https://bugzilla.suse.com/1075428 https://bugzilla.suse.com/1076033 https://bugzilla.suse.com/1077560 https://bugzilla.suse.com/1083574 https://bugzilla.suse.com/1083745 https://bugzilla.suse.com/1083836 https://bugzilla.suse.com/1084223 https://bugzilla.suse.com/1084310 https://bugzilla.suse.com/1084328 https://bugzilla.suse.com/1084353 https://bugzilla.suse.com/1084452 https://bugzilla.suse.com/1084610 https://bugzilla.suse.com/1084699 https://bugzilla.suse.com/1084829 https://bugzilla.suse.com/1084889 https://bugzilla.suse.com/1084898 https://bugzilla.suse.com/1084914 https://bugzilla.suse.com/1084918 https://bugzilla.suse.com/1084967 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1085058 https://bugzilla.suse.com/1085224 https://bugzilla.suse.com/1085383 https://bugzilla.suse.com/1085402 https://bugzilla.suse.com/1085404 https://bugzilla.suse.com/1085487 https://bugzilla.suse.com/1085507 https://bugzilla.suse.com/1085511 https://bugzilla.suse.com/1085679 https://bugzilla.suse.com/1085981 https://bugzilla.suse.com/1086015 https://bugzilla.suse.com/1086162 https://bugzilla.suse.com/1086194 https://bugzilla.suse.com/1086357 https://bugzilla.suse.com/1086499 https://bugzilla.suse.com/1086518 https://bugzilla.suse.com/1086607 https://bugzilla.suse.com/1087088 https://bugzilla.suse.com/1087211 https://bugzilla.suse.com/1087231 https://bugzilla.suse.com/1087260 https://bugzilla.suse.com/1087274 https://bugzilla.suse.com/1087659 https://bugzilla.suse.com/1087845 https://bugzilla.suse.com/1087906 https://bugzilla.suse.com/1087999 https://bugzilla.suse.com/1088050 https://bugzilla.suse.com/1088087 https://bugzilla.suse.com/1088241 https://bugzilla.suse.com/1088267 https://bugzilla.suse.com/1088313 https://bugzilla.suse.com/1088324 https://bugzilla.suse.com/1088600 https://bugzilla.suse.com/1088684 https://bugzilla.suse.com/1088871 https://bugzilla.suse.com/802154 From sle-updates at lists.suse.com Tue Apr 24 07:07:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Apr 2018 15:07:12 +0200 (CEST) Subject: SUSE-RU-2018:1063-1: Recommended update for java-1_8_0-ibm Message-ID: <20180424130712.33C9BFD2E@maintenance.suse.de> SUSE Recommended Update: Recommended update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1063-1 Rating: low References: #1089841 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: java-1_8_0-ibm was updated to IBM Java 8 FP 11 and provides the latest stability updates and bug fixes. (bsc#1089841) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-720=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-720=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr5.11-30.30.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.11-30.30.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.11-30.30.1 java-1_8_0-ibm-plugin-1.8.0_sr5.11-30.30.1 References: https://bugzilla.suse.com/1089841 From sle-updates at lists.suse.com Tue Apr 24 10:07:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Apr 2018 18:07:08 +0200 (CEST) Subject: SUSE-RU-2018:1064-1: important: Recommended update for Crowbar and several barclamps Message-ID: <20180424160708.4F2D1FD2E@maintenance.suse.de> SUSE Recommended Update: Recommended update for Crowbar and several barclamps ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1064-1 Rating: important References: #1054268 #1073237 #1073998 #1074665 #1075368 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for crowbar and several barclamps fixes the following issues: crowbar: - Use crowbarctl to activate repositories. - install-chef-suse: Only configure epmd.socket when needed. - install-chef-suse: Configure epmd.socket correctly. crowbar-core: - network: Only set bond attributes when they change. (bsc#1054268) - ohai: show which interface an error happened on. - ohai: Do not fail when tcpdump output is missing. - provisioner: Install microcode packages. (bsc#1074665) - Added --no-verify-ssl option to crowbarctl calls. - Added forgotten credentials to crowbarctl call. - provisioner: Execute the autoYaST post scripts in chrooted env. - provisioner: Replace curl calls to crowbar API with crowbarctl. - crowbar: Fix call to gensslcert. - network: Restore default route after 'wicked ifup all'. (bsc#1075368) - crowbar_batch: Fix host_by_alias. - Add log info for crowbar SSL. (bsc#1073998) crowbar-ceph: - Do not write fstab entries. (bsc#1073237) sleshammer: - Provide crowbarctl. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-723=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-723=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): crowbar-core-4.0+git.1522738420.291a6a7c8-9.24.1 crowbar-core-branding-upstream-4.0+git.1522738420.291a6a7c8-9.24.1 - SUSE OpenStack Cloud 7 (noarch): crowbar-4.0+git.1517230382.7daa385a-7.14.1 crowbar-ceph-4.0+git.1521726574.a5df732-7.12.1 crowbar-devel-4.0+git.1517230382.7daa385a-7.14.1 sleshammer-aarch64-0.7.0-0.18.9.1 sleshammer-debugsource-0.7.0-0.18.9.1 sleshammer-ppc64le-0.7.0-0.18.9.1 sleshammer-s390x-0.7.0-0.18.9.1 sleshammer-x86_64-0.7.0-0.18.9.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): crowbar-core-4.0+git.1522738420.291a6a7c8-9.24.1 - SUSE Enterprise Storage 4 (noarch): crowbar-4.0+git.1517230382.7daa385a-7.14.1 crowbar-ceph-4.0+git.1521726574.a5df732-7.12.1 sleshammer-aarch64-0.7.0-0.18.9.1 sleshammer-debugsource-0.7.0-0.18.9.1 sleshammer-x86_64-0.7.0-0.18.9.1 References: https://bugzilla.suse.com/1054268 https://bugzilla.suse.com/1073237 https://bugzilla.suse.com/1073998 https://bugzilla.suse.com/1074665 https://bugzilla.suse.com/1075368 From sle-updates at lists.suse.com Tue Apr 24 10:08:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Apr 2018 18:08:15 +0200 (CEST) Subject: SUSE-OU-2018:1065-1: Initial release of python3-pyzmq Message-ID: <20180424160815.BEAD2FD2E@maintenance.suse.de> SUSE Optional Update: Initial release of python3-pyzmq ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1065-1 Rating: low References: #1073879 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.1 SUSE Manager Server 3.0 SUSE Manager Proxy 3.1 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module: - python3-pyzmq Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-727=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-727=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-727=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-727=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-727=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2018-727=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-727=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-727=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python-pyzmq-14.0.0-9.3.1 python-pyzmq-debuginfo-14.0.0-9.3.1 python-pyzmq-debugsource-14.0.0-9.3.1 python3-pyzmq-14.0.0-9.3.1 - SUSE Manager Server 3.1 (ppc64le s390x x86_64): python-pyzmq-14.0.0-9.3.1 python-pyzmq-debuginfo-14.0.0-9.3.1 python-pyzmq-debugsource-14.0.0-9.3.1 python3-pyzmq-14.0.0-9.3.1 - SUSE Manager Server 3.0 (s390x x86_64): python-pyzmq-14.0.0-9.3.1 python-pyzmq-debuginfo-14.0.0-9.3.1 python-pyzmq-debugsource-14.0.0-9.3.1 python3-pyzmq-14.0.0-9.3.1 - SUSE Manager Proxy 3.1 (ppc64le x86_64): python-pyzmq-14.0.0-9.3.1 python-pyzmq-debuginfo-14.0.0-9.3.1 python-pyzmq-debugsource-14.0.0-9.3.1 python3-pyzmq-14.0.0-9.3.1 - SUSE Manager Proxy 3.0 (x86_64): python-pyzmq-14.0.0-9.3.1 python-pyzmq-debuginfo-14.0.0-9.3.1 python-pyzmq-debugsource-14.0.0-9.3.1 python3-pyzmq-14.0.0-9.3.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python-pyzmq-14.0.0-9.3.1 python-pyzmq-debuginfo-14.0.0-9.3.1 python-pyzmq-debugsource-14.0.0-9.3.1 python3-pyzmq-14.0.0-9.3.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): python-pyzmq-14.0.0-9.3.1 python-pyzmq-debuginfo-14.0.0-9.3.1 python-pyzmq-debugsource-14.0.0-9.3.1 python3-pyzmq-14.0.0-9.3.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): python-pyzmq-14.0.0-9.3.1 python-pyzmq-debuginfo-14.0.0-9.3.1 python-pyzmq-debugsource-14.0.0-9.3.1 python3-pyzmq-14.0.0-9.3.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Tue Apr 24 10:08:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Apr 2018 18:08:47 +0200 (CEST) Subject: SUSE-SU-2018:1066-1: moderate: Security update for rzsz Message-ID: <20180424160847.9E183FD2B@maintenance.suse.de> SUSE Security Update: Security update for rzsz ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1066-1 Rating: moderate References: #1076576 #1086416 #1090051 Cross-References: CVE-2018-10195 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for rzsz fixes the following issues: - Update to 0.12.21~rc to fix bsc#1086416 and bsc#1090051 - CVE-2018-10195: segmentation fault in zsdata function could lead to denial of service (bsc#1090051) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-728=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-728=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): rzsz-0.12.21~rc-1001.3.1 rzsz-debuginfo-0.12.21~rc-1001.3.1 rzsz-debugsource-0.12.21~rc-1001.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): rzsz-0.12.21~rc-1001.3.1 rzsz-debuginfo-0.12.21~rc-1001.3.1 rzsz-debugsource-0.12.21~rc-1001.3.1 References: https://www.suse.com/security/cve/CVE-2018-10195.html https://bugzilla.suse.com/1076576 https://bugzilla.suse.com/1086416 https://bugzilla.suse.com/1090051 From sle-updates at lists.suse.com Tue Apr 24 10:09:32 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Apr 2018 18:09:32 +0200 (CEST) Subject: SUSE-OU-2018:1067-1: Initial release of python3-msgpack-python Message-ID: <20180424160932.40B3FFD2B@maintenance.suse.de> SUSE Optional Update: Initial release of python3-msgpack-python ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1067-1 Rating: low References: #1073879 Affected Products: SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module for the SUSE Manager Server and Proxy: - python3-msgpack-python Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-726=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-726=1 Package List: - SUSE Manager Server 3.0 (s390x x86_64): python-msgpack-python-0.4.6-4.3.1 python-msgpack-python-debuginfo-0.4.6-4.3.1 python-msgpack-python-debugsource-0.4.6-4.3.1 python3-msgpack-python-0.4.6-4.3.1 - SUSE Manager Proxy 3.0 (x86_64): python-msgpack-python-0.4.6-4.3.1 python-msgpack-python-debuginfo-0.4.6-4.3.1 python-msgpack-python-debugsource-0.4.6-4.3.1 python3-msgpack-python-0.4.6-4.3.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Tue Apr 24 10:09:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Apr 2018 18:09:57 +0200 (CEST) Subject: SUSE-RU-2018:1068-1: moderate: Recommended update for openstack-monasca-api Message-ID: <20180424160957.B8887FD2B@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-monasca-api ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1068-1 Rating: moderate References: #1067466 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-monasca-api fixes the following issues: - Determine influxdb version on each request if required. (bsc#1067466) - Fix InfluxDB repository list_dimension_values to support "name". Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-722=1 Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-monasca-api-1.7.1~dev14-9.1 python-monasca-api-1.7.1~dev14-9.1 References: https://bugzilla.suse.com/1067466 From sle-updates at lists.suse.com Tue Apr 24 10:10:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Apr 2018 18:10:29 +0200 (CEST) Subject: SUSE-RU-2018:1069-1: Recommended update for sle-manager-tools-release Message-ID: <20180424161029.789D0FD2B@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-manager-tools-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1069-1 Rating: low References: #1086488 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: SUSE Manager Tools have been erroneously reported End of Life. This update extends the lifetime to 2024-10-31. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-725=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): sle-manager-tools-release-12-10.3.1 References: https://bugzilla.suse.com/1086488 From sle-updates at lists.suse.com Tue Apr 24 10:10:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Apr 2018 18:10:58 +0200 (CEST) Subject: SUSE-SU-2018:1070-1: moderate: Security update for rzsz Message-ID: <20180424161058.E2286FD2B@maintenance.suse.de> SUSE Security Update: Security update for rzsz ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1070-1 Rating: moderate References: #1076576 #1086416 #1090051 #529899 Cross-References: CVE-2018-10195 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for rzsz fixes the following issues: - L3: sz of rzsz segfaults in zsdata() (bsc#1086416) - VUL-0: CVE-2018-10195: rzsz: sz can leak data to receiving side (bsc#1090051) - rzsz-0.12.20-976.7: illegal use of freed variable (bsc#529899) - /usr/bin/lsb segfaults [rzsz] (bsc#1076576) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-rzsz-13570=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-rzsz-13570=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390 s390x x86_64): rzsz-0.12.21~rc-936.3.1 rzsz-debuginfo-0.12.21~rc-936.3.1 rzsz-debugsource-0.12.21~rc-936.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): rzsz-0.12.21~rc-936.3.1 rzsz-debuginfo-0.12.21~rc-936.3.1 rzsz-debugsource-0.12.21~rc-936.3.1 References: https://www.suse.com/security/cve/CVE-2018-10195.html https://bugzilla.suse.com/1076576 https://bugzilla.suse.com/1086416 https://bugzilla.suse.com/1090051 https://bugzilla.suse.com/529899 From sle-updates at lists.suse.com Tue Apr 24 10:11:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Apr 2018 18:11:52 +0200 (CEST) Subject: SUSE-RU-2018:1071-1: important: Recommended update for several crowbar barclamps Message-ID: <20180424161152.538D1FD2B@maintenance.suse.de> SUSE Recommended Update: Recommended update for several crowbar barclamps ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1071-1 Rating: important References: #1055188 #1075394 #1077234 #1079763 #1080335 #1081573 #1083903 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for Crowbar provides several fixes and improvements for the following barclamps: crowbar-openstack: - nova: Use internal placement url (bsc#1055188) - nova: Subscribe to placement config (bsc#1055188) - barbican: Add missing roles used in policy.json (bsc#1081573) - barbican: Add creator role (bsc#1081573) - memcached: Disable UDP by default (bsc#1083903) - cinder: Set os_privileged_* values (bsc#1079763) - apache: don't collect Listen ports from wsgi vhosts (bsc#1077234) - magnum: Add domain name to keystone_auth (bsc#1080335) - neutron-ha-tool: Add insecure flag (bsc#1075394) crowbar-ha: - pacemaker: Fix migration number. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-724=1 Package List: - SUSE OpenStack Cloud 7 (noarch): crowbar-ha-4.0+git.1521473535.67d2302-4.28.1 crowbar-openstack-4.0+git.1522325467.43e431f91-9.30.1 References: https://www.suse.com/security/cve/CVE-2018-1000115.html https://bugzilla.suse.com/1055188 https://bugzilla.suse.com/1075394 https://bugzilla.suse.com/1077234 https://bugzilla.suse.com/1079763 https://bugzilla.suse.com/1080335 https://bugzilla.suse.com/1081573 https://bugzilla.suse.com/1083903 From sle-updates at lists.suse.com Wed Apr 25 10:07:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Apr 2018 18:07:14 +0200 (CEST) Subject: SUSE-SU-2018:1072-1: important: Security update for zsh Message-ID: <20180425160714.6965AFD2B@maintenance.suse.de> SUSE Security Update: Security update for zsh ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1072-1 Rating: important References: #1082885 #1082975 #1082977 #1082991 #1082998 #1083002 #1083250 #1084656 #1087026 #896914 Cross-References: CVE-2014-10070 CVE-2014-10071 CVE-2014-10072 CVE-2016-10714 CVE-2017-18205 CVE-2017-18206 CVE-2018-1071 CVE-2018-1083 CVE-2018-7549 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has one errata is now available. Description: This update for zsh fixes the following issues: - CVE-2014-10070: environment variable injection could lead to local privilege escalation (bnc#1082885) - CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. (bnc#1082977) - CVE-2014-10072: buffer overflow In utils.c when scanning very long directory paths for symbolic links. (bnc#1082975) - CVE-2016-10714: In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. (bnc#1083250) - CVE-2017-18205: In builtin.c when sh compatibility mode is used, a NULL pointer dereference could lead to denial of service (bnc#1082998) - CVE-2018-1071: exec.c:hashcmd() function vulnerability could lead to denial of service. (bnc#1084656) - CVE-2018-1083: Autocomplete vulnerability could lead to privilege escalation. (bnc#1087026) - CVE-2018-7549: In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. (bnc#1082991) - CVE-2017-18206: buffer overrun in xsymlinks could lead to denial of service (bnc#1083002) - Autocomplete and REPORTTIME broken (bsc#896914) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-733=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-733=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): zsh-5.0.5-6.7.2 zsh-debuginfo-5.0.5-6.7.2 zsh-debugsource-5.0.5-6.7.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): zsh-5.0.5-6.7.2 zsh-debuginfo-5.0.5-6.7.2 zsh-debugsource-5.0.5-6.7.2 References: https://www.suse.com/security/cve/CVE-2014-10070.html https://www.suse.com/security/cve/CVE-2014-10071.html https://www.suse.com/security/cve/CVE-2014-10072.html https://www.suse.com/security/cve/CVE-2016-10714.html https://www.suse.com/security/cve/CVE-2017-18205.html https://www.suse.com/security/cve/CVE-2017-18206.html https://www.suse.com/security/cve/CVE-2018-1071.html https://www.suse.com/security/cve/CVE-2018-1083.html https://www.suse.com/security/cve/CVE-2018-7549.html https://bugzilla.suse.com/1082885 https://bugzilla.suse.com/1082975 https://bugzilla.suse.com/1082977 https://bugzilla.suse.com/1082991 https://bugzilla.suse.com/1082998 https://bugzilla.suse.com/1083002 https://bugzilla.suse.com/1083250 https://bugzilla.suse.com/1084656 https://bugzilla.suse.com/1087026 https://bugzilla.suse.com/896914 From sle-updates at lists.suse.com Wed Apr 25 10:09:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Apr 2018 18:09:29 +0200 (CEST) Subject: SUSE-RU-2018:1073-1: moderate: Recommended update for libsolv, libzypp Message-ID: <20180425160929.133A2FD2B@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsolv, libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1073-1 Rating: moderate References: #1075978 #1077635 #1079991 #1082318 #1086602 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for libsolv, libzypp provides the following fixes: Changes in libsolv: - Make sure the product file comes from /etc/products.d for the fallback product search. (bsc#1086602) - Also make use of suggests for ordering packages. (bsc#1077635) - Fix bad assignment in solution refinement that led to a memory leak. (bsc#1075978) - Use license tag instead of doc in the spec file. (bsc#1082318) Changes in libzypp: - Make sure the product file comes from /etc/products.d for the fallback product search. (bsc#1086602) - Fix a memory leak in Digest.cc. (bsc#1075978) - Add /var/lib/gdm to CheckAccessDeleted blacklist to prevent showing superfluous `zypper ps -s` messages. (bsc#1079991) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-736=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-736=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-736=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.34-2.11.2 libsolv-devel-0.6.34-2.11.2 libsolv-devel-debuginfo-0.6.34-2.11.2 libzypp-debuginfo-16.17.12-2.28.2 libzypp-debugsource-16.17.12-2.28.2 libzypp-devel-16.17.12-2.28.2 libzypp-devel-doc-16.17.12-2.28.2 perl-solv-0.6.34-2.11.2 perl-solv-debuginfo-0.6.34-2.11.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.34-2.11.2 libsolv-tools-0.6.34-2.11.2 libsolv-tools-debuginfo-0.6.34-2.11.2 libzypp-16.17.12-2.28.2 libzypp-debuginfo-16.17.12-2.28.2 libzypp-debugsource-16.17.12-2.28.2 perl-solv-0.6.34-2.11.2 perl-solv-debuginfo-0.6.34-2.11.2 python-solv-0.6.34-2.11.2 python-solv-debuginfo-0.6.34-2.11.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsolv-debugsource-0.6.34-2.11.2 libsolv-tools-0.6.34-2.11.2 libsolv-tools-debuginfo-0.6.34-2.11.2 libzypp-16.17.12-2.28.2 libzypp-debuginfo-16.17.12-2.28.2 libzypp-debugsource-16.17.12-2.28.2 python-solv-0.6.34-2.11.2 python-solv-debuginfo-0.6.34-2.11.2 - SUSE CaaS Platform ALL (x86_64): libsolv-debugsource-0.6.34-2.11.2 libsolv-tools-0.6.34-2.11.2 libsolv-tools-debuginfo-0.6.34-2.11.2 libzypp-16.17.12-2.28.2 libzypp-debuginfo-16.17.12-2.28.2 libzypp-debugsource-16.17.12-2.28.2 References: https://bugzilla.suse.com/1075978 https://bugzilla.suse.com/1077635 https://bugzilla.suse.com/1079991 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1086602 From sle-updates at lists.suse.com Wed Apr 25 10:10:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Apr 2018 18:10:56 +0200 (CEST) Subject: SUSE-SU-2018:1074-1: moderate: Security update for perl Message-ID: <20180425161056.D2F5AFD1E@maintenance.suse.de> SUSE Security Update: Security update for perl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1074-1 Rating: moderate References: #1082216 #1082233 #1082234 Cross-References: CVE-2018-6797 CVE-2018-6798 CVE-2018-6913 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). - CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-730=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-730=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-730=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): perl-5.18.2-12.11.1 perl-base-5.18.2-12.11.1 perl-base-debuginfo-5.18.2-12.11.1 perl-debuginfo-5.18.2-12.11.1 perl-debugsource-5.18.2-12.11.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): perl-32bit-5.18.2-12.11.1 perl-debuginfo-32bit-5.18.2-12.11.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): perl-doc-5.18.2-12.11.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): perl-32bit-5.18.2-12.11.1 perl-5.18.2-12.11.1 perl-base-5.18.2-12.11.1 perl-base-debuginfo-5.18.2-12.11.1 perl-debuginfo-32bit-5.18.2-12.11.1 perl-debuginfo-5.18.2-12.11.1 perl-debugsource-5.18.2-12.11.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): perl-doc-5.18.2-12.11.1 - SUSE CaaS Platform ALL (x86_64): perl-5.18.2-12.11.1 perl-base-5.18.2-12.11.1 perl-base-debuginfo-5.18.2-12.11.1 perl-debuginfo-5.18.2-12.11.1 perl-debugsource-5.18.2-12.11.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): perl-5.18.2-12.11.1 perl-base-5.18.2-12.11.1 perl-base-debuginfo-5.18.2-12.11.1 perl-debuginfo-5.18.2-12.11.1 perl-debugsource-5.18.2-12.11.1 References: https://www.suse.com/security/cve/CVE-2018-6797.html https://www.suse.com/security/cve/CVE-2018-6798.html https://www.suse.com/security/cve/CVE-2018-6913.html https://bugzilla.suse.com/1082216 https://bugzilla.suse.com/1082233 https://bugzilla.suse.com/1082234 From sle-updates at lists.suse.com Wed Apr 25 10:12:00 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Apr 2018 18:12:00 +0200 (CEST) Subject: SUSE-SU-2018:1075-1: moderate: Security update for ocaml Message-ID: <20180425161200.47C0BFD1E@maintenance.suse.de> SUSE Security Update: Security update for ocaml ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1075-1 Rating: moderate References: #1088591 Cross-References: CVE-2018-9838 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ocaml fixes the following issues: - CVE-2018-9838: Integer overflows when unmarshaling a bigarray data could result in a bigarray with impossibly large dimensions leading to overflow when computing the in-memory size of the bigarray. [bsc#1088591] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ocaml-13572=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ocaml-13572=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ocaml-4.02.1-4.3.2 ocaml-compiler-libs-4.02.1-4.3.2 ocaml-runtime-4.02.1-4.3.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ocaml-debuginfo-4.02.1-4.3.2 ocaml-debugsource-4.02.1-4.3.2 References: https://www.suse.com/security/cve/CVE-2018-9838.html https://bugzilla.suse.com/1088591 From sle-updates at lists.suse.com Wed Apr 25 10:12:33 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Apr 2018 18:12:33 +0200 (CEST) Subject: SUSE-SU-2018:1076-1: Recommended update for LibreOffice Message-ID: <20180425161233.66BFCFD2B@maintenance.suse.de> SUSE Security Update: Recommended update for LibreOffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1076-1 Rating: low References: #1042829 #1077375 #1080249 #1083213 #1083993 #1088662 #1089124 Cross-References: CVE-2017-9432 CVE-2017-9433 CVE-2018-1055 CVE-2018-6871 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: LibreOffice was updated to version 6.0.3. Following new features were added: - The Notebookbar, although still an experimental feature, has been enriched with two new variants: Grouped Bar Full for Writer, Calc and Impress, and Tabbed Compact for Writer. The Special Characters dialog has been reworked, with the addition of lists for Recent and Favorite characters, along with a Search field. The Customize dialog has also been redesigned, and is now more modern and intuitive. - In Writer, a Form menu has been added, making it easier to access one of the most powerful ??? and often unknown ??? LibreOffice features: the ability to design forms, and create standards-compliant PDF forms. The Find toolbar has been enhanced with a drop-down list of search types, to speed up navigation. A new default table style has been added, together with a new collection of table styles to reflect evolving visual trends. - The Mail Merge function has been improved, and it is now possible to use either a Writer document or an XLSX file as data source. - In Calc, ODF 1.2-compliant functions SEARCHB, FINDB and REPLACEB have been added, to improve support for the ISO standard format. Also, a cell range selection or a selected group of shapes (images) can be now exported in PNG or JPG format. - In Impress, the default slide size has been switched to 16:9, to support the most recent form factors of screens and projectors. As a consequence, 10 new Impress templates have been added, and a couple of old templates have been updated. Changes in components: - The old WikiHelp has been replaced by the new Help Online system, with attractive web pages that can also be displayed on mobile devices. In general, LibreOffice Help has been updated both in terms of contents and code, with other improvements due all along the life of the LibreOffice 6 family. - User dictionaries now allow automatic affixation or compounding. This is a general spell checking improvement in LibreOffice which can speed up work for Writer users. Instead of manually handling several forms of a new word in a language with rich morphology or compounding, the Hunspell spell checker can automatically recognize a new word with affixes or compounds, based on a ???Grammar By??? model. Security features and changes: - OpenPGP keys can be used to sign ODF documents on all desktop operating systems, with experimental support for OpenPGP-based encryption. To enable this feature, users will have to install the specific GPG software for their operating systems. - Document classification has also been improved, and allows multiple policies (which are now exported to OOXML files). In Writer, marking and signing are now supported at paragraph level. Interoperability changes: - OOXML interoperability has been improved in several areas: import of SmartArt and import/export of ActiveX controls, support of embedded text documents and spreadsheets, export of embedded videos to PPTX, export of cross-references to DOCX, export of MailMerge fields to DOCX, and improvements to the PPTX filter to prevent the creation of broken files. - New filters for exporting Writer documents to ePub and importing QuarkXPress files have also been added, together with an improved filter for importing EMF+ (Enhanced Metafile Format Plus) files as used by Microsoft Office documents. Some improvements have also been added to the ODF export filter, making it easier for other ODF readers to display visuals. The full blog entry for the 6.0 release can be found here: https://blog.documentfoundation.org/blog/2018/01/31/libreoffice-6/ The full release notes can be found here: https://wiki.documentfoundation.org/ReleaseNotes/6.0 The libraries that LibreOffice depends on also have been udpated to their current versions. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-735=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-735=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-735=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-735=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): gnome-documents-lang-3.20.1-10.6.3 libreoffice-branding-upstream-6.0.3.2-43.30.2 libreoffice-icon-themes-6.0.3.2-43.30.2 libreoffice-l10n-af-6.0.3.2-43.30.2 libreoffice-l10n-ar-6.0.3.2-43.30.2 libreoffice-l10n-bg-6.0.3.2-43.30.2 libreoffice-l10n-ca-6.0.3.2-43.30.2 libreoffice-l10n-cs-6.0.3.2-43.30.2 libreoffice-l10n-da-6.0.3.2-43.30.2 libreoffice-l10n-de-6.0.3.2-43.30.2 libreoffice-l10n-en-6.0.3.2-43.30.2 libreoffice-l10n-es-6.0.3.2-43.30.2 libreoffice-l10n-fi-6.0.3.2-43.30.2 libreoffice-l10n-fr-6.0.3.2-43.30.2 libreoffice-l10n-gu-6.0.3.2-43.30.2 libreoffice-l10n-hi-6.0.3.2-43.30.2 libreoffice-l10n-hr-6.0.3.2-43.30.2 libreoffice-l10n-hu-6.0.3.2-43.30.2 libreoffice-l10n-it-6.0.3.2-43.30.2 libreoffice-l10n-ja-6.0.3.2-43.30.2 libreoffice-l10n-ko-6.0.3.2-43.30.2 libreoffice-l10n-lt-6.0.3.2-43.30.2 libreoffice-l10n-nb-6.0.3.2-43.30.2 libreoffice-l10n-nl-6.0.3.2-43.30.2 libreoffice-l10n-nn-6.0.3.2-43.30.2 libreoffice-l10n-pl-6.0.3.2-43.30.2 libreoffice-l10n-pt_BR-6.0.3.2-43.30.2 libreoffice-l10n-pt_PT-6.0.3.2-43.30.2 libreoffice-l10n-ro-6.0.3.2-43.30.2 libreoffice-l10n-ru-6.0.3.2-43.30.2 libreoffice-l10n-sk-6.0.3.2-43.30.2 libreoffice-l10n-sv-6.0.3.2-43.30.2 libreoffice-l10n-uk-6.0.3.2-43.30.2 libreoffice-l10n-xh-6.0.3.2-43.30.2 libreoffice-l10n-zh_CN-6.0.3.2-43.30.2 libreoffice-l10n-zh_TW-6.0.3.2-43.30.2 libreoffice-l10n-zu-6.0.3.2-43.30.2 myspell-af_NA-20180403-16.9.1 myspell-af_ZA-20180403-16.9.1 myspell-ar-20180403-16.9.1 myspell-ar_AE-20180403-16.9.1 myspell-ar_BH-20180403-16.9.1 myspell-ar_DZ-20180403-16.9.1 myspell-ar_EG-20180403-16.9.1 myspell-ar_IQ-20180403-16.9.1 myspell-ar_JO-20180403-16.9.1 myspell-ar_KW-20180403-16.9.1 myspell-ar_LB-20180403-16.9.1 myspell-ar_LY-20180403-16.9.1 myspell-ar_MA-20180403-16.9.1 myspell-ar_OM-20180403-16.9.1 myspell-ar_QA-20180403-16.9.1 myspell-ar_SA-20180403-16.9.1 myspell-ar_SD-20180403-16.9.1 myspell-ar_SY-20180403-16.9.1 myspell-ar_TN-20180403-16.9.1 myspell-ar_YE-20180403-16.9.1 myspell-be_BY-20180403-16.9.1 myspell-bg_BG-20180403-16.9.1 myspell-bn_BD-20180403-16.9.1 myspell-bn_IN-20180403-16.9.1 myspell-bs-20180403-16.9.1 myspell-bs_BA-20180403-16.9.1 myspell-ca-20180403-16.9.1 myspell-ca_AD-20180403-16.9.1 myspell-ca_ES-20180403-16.9.1 myspell-ca_ES_valencia-20180403-16.9.1 myspell-ca_FR-20180403-16.9.1 myspell-ca_IT-20180403-16.9.1 myspell-cs_CZ-20180403-16.9.1 myspell-da_DK-20180403-16.9.1 myspell-de-20180403-16.9.1 myspell-de_AT-20180403-16.9.1 myspell-de_CH-20180403-16.9.1 myspell-de_DE-20180403-16.9.1 myspell-el_GR-20180403-16.9.1 myspell-en-20180403-16.9.1 myspell-en_AU-20180403-16.9.1 myspell-en_BS-20180403-16.9.1 myspell-en_BZ-20180403-16.9.1 myspell-en_CA-20180403-16.9.1 myspell-en_GB-20180403-16.9.1 myspell-en_GH-20180403-16.9.1 myspell-en_IE-20180403-16.9.1 myspell-en_IN-20180403-16.9.1 myspell-en_JM-20180403-16.9.1 myspell-en_MW-20180403-16.9.1 myspell-en_NA-20180403-16.9.1 myspell-en_NZ-20180403-16.9.1 myspell-en_PH-20180403-16.9.1 myspell-en_TT-20180403-16.9.1 myspell-en_US-20180403-16.9.1 myspell-en_ZA-20180403-16.9.1 myspell-en_ZW-20180403-16.9.1 myspell-es-20180403-16.9.1 myspell-es_AR-20180403-16.9.1 myspell-es_BO-20180403-16.9.1 myspell-es_CL-20180403-16.9.1 myspell-es_CO-20180403-16.9.1 myspell-es_CR-20180403-16.9.1 myspell-es_CU-20180403-16.9.1 myspell-es_DO-20180403-16.9.1 myspell-es_EC-20180403-16.9.1 myspell-es_ES-20180403-16.9.1 myspell-es_GT-20180403-16.9.1 myspell-es_HN-20180403-16.9.1 myspell-es_MX-20180403-16.9.1 myspell-es_NI-20180403-16.9.1 myspell-es_PA-20180403-16.9.1 myspell-es_PE-20180403-16.9.1 myspell-es_PR-20180403-16.9.1 myspell-es_PY-20180403-16.9.1 myspell-es_SV-20180403-16.9.1 myspell-es_UY-20180403-16.9.1 myspell-es_VE-20180403-16.9.1 myspell-et_EE-20180403-16.9.1 myspell-fr_BE-20180403-16.9.1 myspell-fr_CA-20180403-16.9.1 myspell-fr_CH-20180403-16.9.1 myspell-fr_FR-20180403-16.9.1 myspell-fr_LU-20180403-16.9.1 myspell-fr_MC-20180403-16.9.1 myspell-gu_IN-20180403-16.9.1 myspell-he_IL-20180403-16.9.1 myspell-hi_IN-20180403-16.9.1 myspell-hr_HR-20180403-16.9.1 myspell-hu_HU-20180403-16.9.1 myspell-id-20180403-16.9.1 myspell-id_ID-20180403-16.9.1 myspell-it_IT-20180403-16.9.1 myspell-lo_LA-20180403-16.9.1 myspell-lt_LT-20180403-16.9.1 myspell-lv_LV-20180403-16.9.1 myspell-nb_NO-20180403-16.9.1 myspell-nl_BE-20180403-16.9.1 myspell-nl_NL-20180403-16.9.1 myspell-nn_NO-20180403-16.9.1 myspell-no-20180403-16.9.1 myspell-pl_PL-20180403-16.9.1 myspell-pt_AO-20180403-16.9.1 myspell-pt_BR-20180403-16.9.1 myspell-pt_PT-20180403-16.9.1 myspell-ro-20180403-16.9.1 myspell-ro_RO-20180403-16.9.1 myspell-ru_RU-20180403-16.9.1 myspell-sk_SK-20180403-16.9.1 myspell-sl_SI-20180403-16.9.1 myspell-sr-20180403-16.9.1 myspell-sr_CS-20180403-16.9.1 myspell-sr_Latn_CS-20180403-16.9.1 myspell-sr_Latn_RS-20180403-16.9.1 myspell-sr_RS-20180403-16.9.1 myspell-sv_FI-20180403-16.9.1 myspell-sv_SE-20180403-16.9.1 myspell-te-20180403-16.9.1 myspell-te_IN-20180403-16.9.1 myspell-th_TH-20180403-16.9.1 myspell-uk_UA-20180403-16.9.1 myspell-vi-20180403-16.9.1 myspell-vi_VN-20180403-16.9.1 myspell-zu_ZA-20180403-16.9.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): gnome-documents-3.20.1-10.6.3 gnome-documents-debugsource-3.20.1-10.6.3 gnome-documents_books-common-3.20.1-10.6.3 gnome-documents_books-common-debuginfo-3.20.1-10.6.3 gnome-shell-search-provider-documents-3.20.1-10.6.3 libboost_filesystem1_54_0-1.54.0-26.3.1 libboost_filesystem1_54_0-debuginfo-1.54.0-26.3.1 libboost_locale1_54_0-1.54.0-26.3.1 libboost_locale1_54_0-debuginfo-1.54.0-26.3.1 libepubgen-0_1-1-0.1.0-6.6.1 libepubgen-0_1-1-debuginfo-0.1.0-6.6.1 libepubgen-debugsource-0.1.0-6.6.1 libixion-0_13-0-0.13.0-13.6.1 libixion-0_13-0-debuginfo-0.13.0-13.6.1 libixion-debugsource-0.13.0-13.6.1 libmwaw-0_3-3-0.3.13-7.9.1 libmwaw-0_3-3-debuginfo-0.3.13-7.9.1 libmwaw-debugsource-0.3.13-7.9.1 liborcus-0_13-0-0.13.4-10.9.1 liborcus-0_13-0-debuginfo-0.13.4-10.9.1 liborcus-debugsource-0.13.4-10.9.1 libqxp-0_0-0-0.0.1-1.3.1 libqxp-0_0-0-debuginfo-0.0.1-1.3.1 libqxp-debugsource-0.0.1-1.3.1 libreoffice-6.0.3.2-43.30.2 libreoffice-base-6.0.3.2-43.30.2 libreoffice-base-debuginfo-6.0.3.2-43.30.2 libreoffice-base-drivers-mysql-6.0.3.2-43.30.2 libreoffice-base-drivers-mysql-debuginfo-6.0.3.2-43.30.2 libreoffice-base-drivers-postgresql-6.0.3.2-43.30.2 libreoffice-base-drivers-postgresql-debuginfo-6.0.3.2-43.30.2 libreoffice-calc-6.0.3.2-43.30.2 libreoffice-calc-debuginfo-6.0.3.2-43.30.2 libreoffice-calc-extensions-6.0.3.2-43.30.2 libreoffice-debuginfo-6.0.3.2-43.30.2 libreoffice-debugsource-6.0.3.2-43.30.2 libreoffice-draw-6.0.3.2-43.30.2 libreoffice-draw-debuginfo-6.0.3.2-43.30.2 libreoffice-filters-optional-6.0.3.2-43.30.2 libreoffice-gnome-6.0.3.2-43.30.2 libreoffice-gnome-debuginfo-6.0.3.2-43.30.2 libreoffice-gtk2-6.0.3.2-43.30.2 libreoffice-gtk2-debuginfo-6.0.3.2-43.30.2 libreoffice-impress-6.0.3.2-43.30.2 libreoffice-impress-debuginfo-6.0.3.2-43.30.2 libreoffice-mailmerge-6.0.3.2-43.30.2 libreoffice-math-6.0.3.2-43.30.2 libreoffice-math-debuginfo-6.0.3.2-43.30.2 libreoffice-officebean-6.0.3.2-43.30.2 libreoffice-officebean-debuginfo-6.0.3.2-43.30.2 libreoffice-pyuno-6.0.3.2-43.30.2 libreoffice-pyuno-debuginfo-6.0.3.2-43.30.2 libreoffice-writer-6.0.3.2-43.30.2 libreoffice-writer-debuginfo-6.0.3.2-43.30.2 libreoffice-writer-extensions-6.0.3.2-43.30.2 libstaroffice-0_0-0-0.0.5-7.1 libstaroffice-0_0-0-debuginfo-0.0.5-7.1 libstaroffice-debugsource-0.0.5-7.1 libwps-0_4-4-0.4.7-10.7.1 libwps-0_4-4-debuginfo-0.4.7-10.7.1 libwps-debugsource-0.4.7-10.7.1 myspell-dictionaries-20180403-16.9.1 myspell-lightproof-en-20180403-16.9.1 myspell-lightproof-hu_HU-20180403-16.9.1 myspell-lightproof-pt_BR-20180403-16.9.1 myspell-lightproof-ru_RU-20180403-16.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): boost-devel-1.54.0-26.3.1 libboost_chrono1_54_0-1.54.0-26.3.1 libboost_filesystem1_54_0-1.54.0-26.3.1 libboost_graph1_54_0-1.54.0-26.3.1 libboost_graph_parallel1_54_0-1.54.0-26.3.1 libboost_locale1_54_0-1.54.0-26.3.1 libboost_log1_54_0-1.54.0-26.3.1 libboost_math1_54_0-1.54.0-26.3.1 libboost_mpi1_54_0-1.54.0-26.3.1 libboost_python1_54_0-1.54.0-26.3.1 libboost_serialization1_54_0-1.54.0-26.3.1 libboost_test1_54_0-1.54.0-26.3.1 libboost_timer1_54_0-1.54.0-26.3.1 libboost_wave1_54_0-1.54.0-26.3.1 libixion-debugsource-0.13.0-13.6.1 libixion-devel-0.13.0-13.6.1 libmwaw-debugsource-0.3.13-7.9.1 libmwaw-devel-0.3.13-7.9.1 liborcus-debugsource-0.13.4-10.9.1 liborcus-devel-0.13.4-10.9.1 libwps-debugsource-0.4.7-10.7.1 libwps-devel-0.4.7-10.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): libboost_chrono1_54_0-debuginfo-1.54.0-26.3.1 libboost_filesystem1_54_0-debuginfo-1.54.0-26.3.1 libboost_graph1_54_0-debuginfo-1.54.0-26.3.1 libboost_graph_parallel1_54_0-debuginfo-1.54.0-26.3.1 libboost_locale1_54_0-debuginfo-1.54.0-26.3.1 libboost_log1_54_0-debuginfo-1.54.0-26.3.1 libboost_math1_54_0-debuginfo-1.54.0-26.3.1 libboost_mpi1_54_0-debuginfo-1.54.0-26.3.1 libboost_python1_54_0-debuginfo-1.54.0-26.3.1 libboost_serialization1_54_0-debuginfo-1.54.0-26.3.1 libboost_test1_54_0-debuginfo-1.54.0-26.3.1 libboost_timer1_54_0-debuginfo-1.54.0-26.3.1 libboost_wave1_54_0-debuginfo-1.54.0-26.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 x86_64): libreoffice-debuginfo-6.0.3.2-43.30.2 libreoffice-debugsource-6.0.3.2-43.30.2 libreoffice-sdk-6.0.3.2-43.30.2 libreoffice-sdk-debuginfo-6.0.3.2-43.30.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le x86_64): libboost_context1_54_0-1.54.0-26.3.1 libboost_context1_54_0-debuginfo-1.54.0-26.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (x86_64): libepubgen-devel-0.1.0-6.6.1 libqxp-devel-0.0.1-1.3.1 libqxp-tools-0.0.1-1.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): libmwaw-devel-doc-0.3.13-7.9.1 libqxp-doc-0.0.1-1.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libboost_atomic1_54_0-1.54.0-26.3.1 libboost_date_time1_54_0-1.54.0-26.3.1 libboost_iostreams1_54_0-1.54.0-26.3.1 libboost_program_options1_54_0-1.54.0-26.3.1 libboost_random1_54_0-1.54.0-26.3.1 libboost_regex1_54_0-1.54.0-26.3.1 libboost_signals1_54_0-1.54.0-26.3.1 libboost_system1_54_0-1.54.0-26.3.1 libboost_thread1_54_0-1.54.0-26.3.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): libboost_atomic1_54_0-debuginfo-1.54.0-26.3.1 libboost_date_time1_54_0-debuginfo-1.54.0-26.3.1 libboost_iostreams1_54_0-debuginfo-1.54.0-26.3.1 libboost_program_options1_54_0-debuginfo-1.54.0-26.3.1 libboost_random1_54_0-debuginfo-1.54.0-26.3.1 libboost_regex1_54_0-debuginfo-1.54.0-26.3.1 libboost_signals1_54_0-debuginfo-1.54.0-26.3.1 libboost_system1_54_0-debuginfo-1.54.0-26.3.1 libboost_thread1_54_0-debuginfo-1.54.0-26.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): boost-license1_54_0-1.54.0-26.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gnome-documents-3.20.1-10.6.3 gnome-documents-debugsource-3.20.1-10.6.3 gnome-documents_books-common-3.20.1-10.6.3 gnome-documents_books-common-debuginfo-3.20.1-10.6.3 gnome-shell-search-provider-documents-3.20.1-10.6.3 libboost_atomic1_54_0-1.54.0-26.3.1 libboost_atomic1_54_0-debuginfo-1.54.0-26.3.1 libboost_date_time1_54_0-1.54.0-26.3.1 libboost_date_time1_54_0-debuginfo-1.54.0-26.3.1 libboost_filesystem1_54_0-1.54.0-26.3.1 libboost_filesystem1_54_0-debuginfo-1.54.0-26.3.1 libboost_iostreams1_54_0-1.54.0-26.3.1 libboost_iostreams1_54_0-debuginfo-1.54.0-26.3.1 libboost_locale1_54_0-1.54.0-26.3.1 libboost_locale1_54_0-debuginfo-1.54.0-26.3.1 libboost_program_options1_54_0-1.54.0-26.3.1 libboost_program_options1_54_0-debuginfo-1.54.0-26.3.1 libboost_random1_54_0-1.54.0-26.3.1 libboost_random1_54_0-debuginfo-1.54.0-26.3.1 libboost_regex1_54_0-1.54.0-26.3.1 libboost_regex1_54_0-debuginfo-1.54.0-26.3.1 libboost_signals1_54_0-1.54.0-26.3.1 libboost_signals1_54_0-debuginfo-1.54.0-26.3.1 libboost_system1_54_0-1.54.0-26.3.1 libboost_system1_54_0-debuginfo-1.54.0-26.3.1 libboost_thread1_54_0-1.54.0-26.3.1 libboost_thread1_54_0-debuginfo-1.54.0-26.3.1 libepubgen-0_1-1-0.1.0-6.6.1 libepubgen-0_1-1-debuginfo-0.1.0-6.6.1 libepubgen-debugsource-0.1.0-6.6.1 libixion-0_13-0-0.13.0-13.6.1 libixion-0_13-0-debuginfo-0.13.0-13.6.1 libixion-debugsource-0.13.0-13.6.1 libmwaw-0_3-3-0.3.13-7.9.1 libmwaw-0_3-3-debuginfo-0.3.13-7.9.1 libmwaw-debugsource-0.3.13-7.9.1 liborcus-0_13-0-0.13.4-10.9.1 liborcus-0_13-0-debuginfo-0.13.4-10.9.1 liborcus-debugsource-0.13.4-10.9.1 libqxp-0_0-0-0.0.1-1.3.1 libqxp-0_0-0-debuginfo-0.0.1-1.3.1 libqxp-debugsource-0.0.1-1.3.1 libreoffice-6.0.3.2-43.30.2 libreoffice-base-6.0.3.2-43.30.2 libreoffice-base-debuginfo-6.0.3.2-43.30.2 libreoffice-base-drivers-mysql-6.0.3.2-43.30.2 libreoffice-base-drivers-mysql-debuginfo-6.0.3.2-43.30.2 libreoffice-base-drivers-postgresql-6.0.3.2-43.30.2 libreoffice-base-drivers-postgresql-debuginfo-6.0.3.2-43.30.2 libreoffice-calc-6.0.3.2-43.30.2 libreoffice-calc-debuginfo-6.0.3.2-43.30.2 libreoffice-calc-extensions-6.0.3.2-43.30.2 libreoffice-debuginfo-6.0.3.2-43.30.2 libreoffice-debugsource-6.0.3.2-43.30.2 libreoffice-draw-6.0.3.2-43.30.2 libreoffice-draw-debuginfo-6.0.3.2-43.30.2 libreoffice-filters-optional-6.0.3.2-43.30.2 libreoffice-gnome-6.0.3.2-43.30.2 libreoffice-gnome-debuginfo-6.0.3.2-43.30.2 libreoffice-gtk2-6.0.3.2-43.30.2 libreoffice-gtk2-debuginfo-6.0.3.2-43.30.2 libreoffice-impress-6.0.3.2-43.30.2 libreoffice-impress-debuginfo-6.0.3.2-43.30.2 libreoffice-mailmerge-6.0.3.2-43.30.2 libreoffice-math-6.0.3.2-43.30.2 libreoffice-math-debuginfo-6.0.3.2-43.30.2 libreoffice-officebean-6.0.3.2-43.30.2 libreoffice-officebean-debuginfo-6.0.3.2-43.30.2 libreoffice-pyuno-6.0.3.2-43.30.2 libreoffice-pyuno-debuginfo-6.0.3.2-43.30.2 libreoffice-writer-6.0.3.2-43.30.2 libreoffice-writer-debuginfo-6.0.3.2-43.30.2 libreoffice-writer-extensions-6.0.3.2-43.30.2 libstaroffice-0_0-0-0.0.5-7.1 libstaroffice-0_0-0-debuginfo-0.0.5-7.1 libstaroffice-debugsource-0.0.5-7.1 libwps-0_4-4-0.4.7-10.7.1 libwps-0_4-4-debuginfo-0.4.7-10.7.1 libwps-debugsource-0.4.7-10.7.1 myspell-dictionaries-20180403-16.9.1 myspell-lightproof-en-20180403-16.9.1 myspell-lightproof-hu_HU-20180403-16.9.1 myspell-lightproof-pt_BR-20180403-16.9.1 myspell-lightproof-ru_RU-20180403-16.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): boost-license1_54_0-1.54.0-26.3.1 gnome-documents-lang-3.20.1-10.6.3 libreoffice-branding-upstream-6.0.3.2-43.30.2 libreoffice-icon-themes-6.0.3.2-43.30.2 libreoffice-l10n-af-6.0.3.2-43.30.2 libreoffice-l10n-ar-6.0.3.2-43.30.2 libreoffice-l10n-ca-6.0.3.2-43.30.2 libreoffice-l10n-cs-6.0.3.2-43.30.2 libreoffice-l10n-da-6.0.3.2-43.30.2 libreoffice-l10n-de-6.0.3.2-43.30.2 libreoffice-l10n-en-6.0.3.2-43.30.2 libreoffice-l10n-es-6.0.3.2-43.30.2 libreoffice-l10n-fi-6.0.3.2-43.30.2 libreoffice-l10n-fr-6.0.3.2-43.30.2 libreoffice-l10n-gu-6.0.3.2-43.30.2 libreoffice-l10n-hi-6.0.3.2-43.30.2 libreoffice-l10n-hu-6.0.3.2-43.30.2 libreoffice-l10n-it-6.0.3.2-43.30.2 libreoffice-l10n-ja-6.0.3.2-43.30.2 libreoffice-l10n-ko-6.0.3.2-43.30.2 libreoffice-l10n-nb-6.0.3.2-43.30.2 libreoffice-l10n-nl-6.0.3.2-43.30.2 libreoffice-l10n-nn-6.0.3.2-43.30.2 libreoffice-l10n-pl-6.0.3.2-43.30.2 libreoffice-l10n-pt_BR-6.0.3.2-43.30.2 libreoffice-l10n-pt_PT-6.0.3.2-43.30.2 libreoffice-l10n-ro-6.0.3.2-43.30.2 libreoffice-l10n-ru-6.0.3.2-43.30.2 libreoffice-l10n-sk-6.0.3.2-43.30.2 libreoffice-l10n-sv-6.0.3.2-43.30.2 libreoffice-l10n-xh-6.0.3.2-43.30.2 libreoffice-l10n-zh_CN-6.0.3.2-43.30.2 libreoffice-l10n-zh_TW-6.0.3.2-43.30.2 libreoffice-l10n-zu-6.0.3.2-43.30.2 myspell-af_NA-20180403-16.9.1 myspell-af_ZA-20180403-16.9.1 myspell-ar-20180403-16.9.1 myspell-ar_AE-20180403-16.9.1 myspell-ar_BH-20180403-16.9.1 myspell-ar_DZ-20180403-16.9.1 myspell-ar_EG-20180403-16.9.1 myspell-ar_IQ-20180403-16.9.1 myspell-ar_JO-20180403-16.9.1 myspell-ar_KW-20180403-16.9.1 myspell-ar_LB-20180403-16.9.1 myspell-ar_LY-20180403-16.9.1 myspell-ar_MA-20180403-16.9.1 myspell-ar_OM-20180403-16.9.1 myspell-ar_QA-20180403-16.9.1 myspell-ar_SA-20180403-16.9.1 myspell-ar_SD-20180403-16.9.1 myspell-ar_SY-20180403-16.9.1 myspell-ar_TN-20180403-16.9.1 myspell-ar_YE-20180403-16.9.1 myspell-be_BY-20180403-16.9.1 myspell-bg_BG-20180403-16.9.1 myspell-bn_BD-20180403-16.9.1 myspell-bn_IN-20180403-16.9.1 myspell-bs-20180403-16.9.1 myspell-bs_BA-20180403-16.9.1 myspell-ca-20180403-16.9.1 myspell-ca_AD-20180403-16.9.1 myspell-ca_ES-20180403-16.9.1 myspell-ca_ES_valencia-20180403-16.9.1 myspell-ca_FR-20180403-16.9.1 myspell-ca_IT-20180403-16.9.1 myspell-cs_CZ-20180403-16.9.1 myspell-da_DK-20180403-16.9.1 myspell-de-20180403-16.9.1 myspell-de_AT-20180403-16.9.1 myspell-de_CH-20180403-16.9.1 myspell-de_DE-20180403-16.9.1 myspell-el_GR-20180403-16.9.1 myspell-en-20180403-16.9.1 myspell-en_AU-20180403-16.9.1 myspell-en_BS-20180403-16.9.1 myspell-en_BZ-20180403-16.9.1 myspell-en_CA-20180403-16.9.1 myspell-en_GB-20180403-16.9.1 myspell-en_GH-20180403-16.9.1 myspell-en_IE-20180403-16.9.1 myspell-en_IN-20180403-16.9.1 myspell-en_JM-20180403-16.9.1 myspell-en_MW-20180403-16.9.1 myspell-en_NA-20180403-16.9.1 myspell-en_NZ-20180403-16.9.1 myspell-en_PH-20180403-16.9.1 myspell-en_TT-20180403-16.9.1 myspell-en_US-20180403-16.9.1 myspell-en_ZA-20180403-16.9.1 myspell-en_ZW-20180403-16.9.1 myspell-es-20180403-16.9.1 myspell-es_AR-20180403-16.9.1 myspell-es_BO-20180403-16.9.1 myspell-es_CL-20180403-16.9.1 myspell-es_CO-20180403-16.9.1 myspell-es_CR-20180403-16.9.1 myspell-es_CU-20180403-16.9.1 myspell-es_DO-20180403-16.9.1 myspell-es_EC-20180403-16.9.1 myspell-es_ES-20180403-16.9.1 myspell-es_GT-20180403-16.9.1 myspell-es_HN-20180403-16.9.1 myspell-es_MX-20180403-16.9.1 myspell-es_NI-20180403-16.9.1 myspell-es_PA-20180403-16.9.1 myspell-es_PE-20180403-16.9.1 myspell-es_PR-20180403-16.9.1 myspell-es_PY-20180403-16.9.1 myspell-es_SV-20180403-16.9.1 myspell-es_UY-20180403-16.9.1 myspell-es_VE-20180403-16.9.1 myspell-et_EE-20180403-16.9.1 myspell-fr_BE-20180403-16.9.1 myspell-fr_CA-20180403-16.9.1 myspell-fr_CH-20180403-16.9.1 myspell-fr_FR-20180403-16.9.1 myspell-fr_LU-20180403-16.9.1 myspell-fr_MC-20180403-16.9.1 myspell-gu_IN-20180403-16.9.1 myspell-he_IL-20180403-16.9.1 myspell-hi_IN-20180403-16.9.1 myspell-hr_HR-20180403-16.9.1 myspell-hu_HU-20180403-16.9.1 myspell-id-20180403-16.9.1 myspell-id_ID-20180403-16.9.1 myspell-it_IT-20180403-16.9.1 myspell-lo_LA-20180403-16.9.1 myspell-lt_LT-20180403-16.9.1 myspell-lv_LV-20180403-16.9.1 myspell-nb_NO-20180403-16.9.1 myspell-nl_BE-20180403-16.9.1 myspell-nl_NL-20180403-16.9.1 myspell-nn_NO-20180403-16.9.1 myspell-no-20180403-16.9.1 myspell-pl_PL-20180403-16.9.1 myspell-pt_AO-20180403-16.9.1 myspell-pt_BR-20180403-16.9.1 myspell-pt_PT-20180403-16.9.1 myspell-ro-20180403-16.9.1 myspell-ro_RO-20180403-16.9.1 myspell-ru_RU-20180403-16.9.1 myspell-sk_SK-20180403-16.9.1 myspell-sl_SI-20180403-16.9.1 myspell-sr-20180403-16.9.1 myspell-sr_CS-20180403-16.9.1 myspell-sr_Latn_CS-20180403-16.9.1 myspell-sr_Latn_RS-20180403-16.9.1 myspell-sr_RS-20180403-16.9.1 myspell-sv_FI-20180403-16.9.1 myspell-sv_SE-20180403-16.9.1 myspell-te-20180403-16.9.1 myspell-te_IN-20180403-16.9.1 myspell-th_TH-20180403-16.9.1 myspell-uk_UA-20180403-16.9.1 myspell-vi-20180403-16.9.1 myspell-vi_VN-20180403-16.9.1 myspell-zu_ZA-20180403-16.9.1 - SUSE CaaS Platform ALL (noarch): boost-license1_54_0-1.54.0-26.3.1 - SUSE CaaS Platform ALL (x86_64): libboost_system1_54_0-1.54.0-26.3.1 libboost_system1_54_0-debuginfo-1.54.0-26.3.1 libboost_thread1_54_0-1.54.0-26.3.1 libboost_thread1_54_0-debuginfo-1.54.0-26.3.1 References: https://www.suse.com/security/cve/CVE-2017-9432.html https://www.suse.com/security/cve/CVE-2017-9433.html https://www.suse.com/security/cve/CVE-2018-1055.html https://www.suse.com/security/cve/CVE-2018-6871.html https://bugzilla.suse.com/1042829 https://bugzilla.suse.com/1077375 https://bugzilla.suse.com/1080249 https://bugzilla.suse.com/1083213 https://bugzilla.suse.com/1083993 https://bugzilla.suse.com/1088662 https://bugzilla.suse.com/1089124 From sle-updates at lists.suse.com Wed Apr 25 10:14:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Apr 2018 18:14:14 +0200 (CEST) Subject: SUSE-SU-2018:1077-1: important: Security update for kvm Message-ID: <20180425161414.2459DFD2B@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1077-1 Rating: important References: #1068032 #1076114 #1076179 #1082276 #1083291 Cross-References: CVE-2017-18030 CVE-2017-5715 CVE-2018-5683 CVE-2018-7550 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for kvm fixes the following issues: - This update has the next round of Spectre v2 related patches, which now integrates with corresponding changes in libvirt. A January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by exposing the spec-ctrl feature for all x86 vcpu types, which was the quick and dirty approach, but not the proper solution. We remove that initial patch and now rely on patches from upstream. This update defines spec_ctrl and ibpb cpu feature flags as well as new cpu models which are clones of existing models with either -IBRS or -IBPB added to the end of the model name. These new vcpu models explicitly include the new feature(s), whereas the feature flags can be added to the cpu parameter as with other features. In short, for continued Spectre v2 protection, ensure that either the appropriate cpu feature flag is added to the QEMU command-line, or one of the new cpu models is used. Although migration from older versions is supported, the new cpu features won't be properly exposed to the guest until it is restarted with the cpu features explicitly added. A reboot is insufficient. - A warning patch is added which attempts to detect a migration from a qemu version which had the quick and dirty fix (it only detects certain cases, but hopefully is helpful.) For additional information on Spectre v2 as it relates to QEMU, see: https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/ (CVE-2017-5715 bsc#1068032) - A patch is added to continue to detect Spectre v2 mitigation features (as shown by cpuid), and if found provide that feature to guests, even if running on older KVM (kernel) versions which do not yet expose that feature to QEMU. (bsc#1082276) These two patches will be removed when we can reasonably assume everyone is running with the appropriate updates. - Security fixes for the following CVE issues: (bsc#1076114 CVE-2018-5683) (bsc#1083291 CVE-2018-7550) - This patch is already included, add here for CVE track (bsc#1076179 CVE-2017-18030) - Toolchain changes have cause the built size of pxe-virtio.rom to exceed 64K. Tweak rarely used strings in code to reduce size of the binary so it fits again. - Eliminate bogus use of CPUID_7_0_EDX_PRED_CMD which we've carried since the initial Spectre v2 patch was added. EDX bit 27 of CPUID Leaf 07H, Sub-leaf 0 provides status on STIBP, and not the PRED_CMD MSR. Exposing the STIBP CPUID feature bit to the guest is wrong in general, since the VM doesn't directly control the scheduling of physical hyperthreads. This is left strictly to the L0 hypervisor. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kvm-13571=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): kvm-1.4.2-60.9.1 References: https://www.suse.com/security/cve/CVE-2017-18030.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2018-5683.html https://www.suse.com/security/cve/CVE-2018-7550.html https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1076114 https://bugzilla.suse.com/1076179 https://bugzilla.suse.com/1082276 https://bugzilla.suse.com/1083291 From sle-updates at lists.suse.com Wed Apr 25 10:15:54 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Apr 2018 18:15:54 +0200 (CEST) Subject: SUSE-RU-2018:1078-1: moderate: Recommended update for pidgin Message-ID: <20180425161554.843D0FD2B@maintenance.suse.de> SUSE Recommended Update: Recommended update for pidgin ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1078-1 Rating: moderate References: #1086439 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pidgin fixes the following issues: - Enable SNI for gnutls to avoid SSL handshake failure (bsc#1086439) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-737=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-737=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-737=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): finch-2.12.0-3.3.1 finch-debuginfo-2.12.0-3.3.1 libpurple-2.12.0-3.3.1 libpurple-debuginfo-2.12.0-3.3.1 libpurple-plugin-sametime-2.12.0-3.3.1 libpurple-plugin-sametime-debuginfo-2.12.0-3.3.1 libpurple-tcl-2.12.0-3.3.1 libpurple-tcl-debuginfo-2.12.0-3.3.1 pidgin-2.12.0-3.3.1 pidgin-debuginfo-2.12.0-3.3.1 pidgin-debugsource-2.12.0-3.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): libpurple-branding-upstream-2.12.0-3.3.1 libpurple-lang-2.12.0-3.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): finch-devel-2.12.0-3.3.1 libpurple-2.12.0-3.3.1 libpurple-debuginfo-2.12.0-3.3.1 libpurple-devel-2.12.0-3.3.1 pidgin-debuginfo-2.12.0-3.3.1 pidgin-debugsource-2.12.0-3.3.1 pidgin-devel-2.12.0-3.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): libpurple-lang-2.12.0-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libpurple-branding-upstream-2.12.0-3.3.1 libpurple-lang-2.12.0-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): finch-2.12.0-3.3.1 finch-debuginfo-2.12.0-3.3.1 libpurple-2.12.0-3.3.1 libpurple-debuginfo-2.12.0-3.3.1 libpurple-plugin-sametime-2.12.0-3.3.1 libpurple-plugin-sametime-debuginfo-2.12.0-3.3.1 libpurple-tcl-2.12.0-3.3.1 libpurple-tcl-debuginfo-2.12.0-3.3.1 pidgin-2.12.0-3.3.1 pidgin-debuginfo-2.12.0-3.3.1 pidgin-debugsource-2.12.0-3.3.1 References: https://bugzilla.suse.com/1086439 From sle-updates at lists.suse.com Wed Apr 25 10:16:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Apr 2018 18:16:28 +0200 (CEST) Subject: SUSE-SU-2018:1079-1: moderate: Security update for apache2 Message-ID: <20180425161628.968E5FD1E@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1079-1 Rating: moderate References: #1086775 #1086776 #1086817 Cross-References: CVE-2017-15710 CVE-2018-1301 CVE-2018-1312 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - security update: * CVE-2018-1301: Specially crafted requests, in debug mode, could lead to denial of service. [bsc#1086817] * CVE-2017-15710: failure in the language fallback handling could lead to denial of service. [bsc#1086776] * CVE-2018-1312: Seed wrongly generated could lead to replay attack in cluster environments. [bsc#1086775] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-apache2-13573=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-apache2-13573=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-apache2-13573=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-apache2-13573=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): apache2-devel-2.2.34-70.15.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-devel-2.2.34-70.15.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): apache2-2.2.34-70.15.1 apache2-doc-2.2.34-70.15.1 apache2-example-pages-2.2.34-70.15.1 apache2-prefork-2.2.34-70.15.1 apache2-utils-2.2.34-70.15.1 apache2-worker-2.2.34-70.15.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-2.2.34-70.15.1 apache2-doc-2.2.34-70.15.1 apache2-example-pages-2.2.34-70.15.1 apache2-prefork-2.2.34-70.15.1 apache2-utils-2.2.34-70.15.1 apache2-worker-2.2.34-70.15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-debuginfo-2.2.34-70.15.1 apache2-debugsource-2.2.34-70.15.1 References: https://www.suse.com/security/cve/CVE-2017-15710.html https://www.suse.com/security/cve/CVE-2018-1301.html https://www.suse.com/security/cve/CVE-2018-1312.html https://bugzilla.suse.com/1086775 https://bugzilla.suse.com/1086776 https://bugzilla.suse.com/1086817 From sle-updates at lists.suse.com Wed Apr 25 13:07:10 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Apr 2018 21:07:10 +0200 (CEST) Subject: SUSE-SU-2018:1080-1: important: Security update for the Linux Kernel Message-ID: <20180425190710.6F134FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1080-1 Rating: important References: #1010470 #1013018 #1039348 #1052943 #1062568 #1062840 #1063416 #1063516 #1065600 #1065999 #1067118 #1067912 #1068032 #1072689 #1072865 #1075088 #1075091 #1075994 #1078669 #1078672 #1078673 #1078674 #1080464 #1080757 #1080813 #1081358 #1082091 #1082424 #1083242 #1083275 #1083483 #1083494 #1084536 #1085113 #1085279 #1085331 #1085513 #1086162 #1087092 #1087260 #1087762 #1088147 #1088260 #1089608 #909077 #940776 #943786 Cross-References: CVE-2015-5156 CVE-2016-7915 CVE-2017-0861 CVE-2017-12190 CVE-2017-13166 CVE-2017-16644 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18203 CVE-2017-18208 CVE-2017-5715 CVE-2018-10087 CVE-2018-6927 CVE-2018-7566 CVE-2018-7757 CVE-2018-8822 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 18 vulnerabilities and has 29 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). Enhancements and bugfixes over the previous fixes have been added to this kernel. - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536). - CVE-2018-7566: There was a buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bnc#1083483). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver. (bnc#1072865). - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allowed local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242). - CVE-2017-16911: The vhci_hcd driver allowed allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP (bnc#1078674). - CVE-2017-18208: The madvise_willneed function in mm/madvise.c local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2017-16644: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118). - CVE-2018-6927: The futex_requeue function in kernel/futex.c in the Linux kernel might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value (bnc#1080757). - CVE-2017-16914: The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) allowed attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet (bnc#1078669). - CVE-2016-7915: The hid_input_field function in drivers/hid/hid-core.c allowed physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver (bnc#1010470). - CVE-2015-5156: The virtnet_probe function in drivers/net/virtio_net.c attempted to support a FRAGLIST feature without proper memory allocation, which allowed guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets (bnc#940776). - CVE-2017-12190: The bio_map_user_iov and bio_unmap_user functions in block/bio.c did unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition (bnc#1062568). - CVE-2017-16912: The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) allowed attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet (bnc#1078673). - CVE-2017-16913: The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet (bnc#1078672). The following non-security bugs were fixed: - af_iucv: enable control sends in case of SEND_SHUTDOWN (bnc#1085513, LTC#165135). - cifs: fix buffer overflow in cifs_build_path_to_root() (bsc#1085113). - drm/mgag200: fix a test in mga_vga_mode_valid() (bsc#1087092). - hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers) (bnc#1013018). - hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1013018). - ide-cd: workaround VMware ESXi cdrom emulation bug (bsc#1080813). - ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689). - ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689). - ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689). - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path (git-fixes). - kabi: x86/kaiser: properly align trampoline stack. - keys: do not let add_key() update an uninstantiated key (bnc#1063416). - keys: prevent creating a different user's keyrings (bnc#1065999). - leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464). - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (bnc#1039348). - nfsv4: fix getacl head length estimation (git-fixes). - pci: Use function 0 VPD for identical functions, regular VPD for others (bnc#943786 git-fixes). - pipe: actually allow root to exceed the pipe buffer limits (git-fixes). - posix-timers: Protect posix clock array access against speculation (bnc#1081358). - powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032, bsc#1075088). - qeth: repair SBAL elements calculation (bnc#1085513, LTC#165484). - Revert "USB: cdc-acm: fix broken runtime suspend" (bsc#1067912) - s390/qeth: fix underestimated count of buffer elements (bnc#1082091, LTC#164529). - scsi: sr: workaround VMware ESXi cdrom emulation bug (bsc#1080813). - usbnet: Fix a race between usbnet_stop() and the BH (bsc#1083275). - x86-64: Move the "user" vsyscall segment out of the data segment (bsc#1082424). - x86/espfix: Fix return stack in do_double_fault() (bsc#1085279). - x86/kaiser: properly align trampoline stack (bsc#1087260). - x86/retpoline: do not perform thunk calls in ring3 vsyscall code (bsc#1085331). - xen/x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and sync_regs (bsc#909077). - xen/x86/cpu: Check speculation control CPUID bit (bsc#1068032). - xen/x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091). - xen/x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option (bsc#1065600). - xen/x86/cpu: Sync CPU feature flags late (bsc#1075994 bsc#1075091). - xen/x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - xen/x86/idle: Toggle IBRS when going idle (bsc#1068032). - xen/x86/kaiser: Move feature detection up (bsc#1068032). - xfs: check for buffer errors before waiting (bsc#1052943). - xfs: fix allocbt cursor leak in xfs_alloc_ag_vextent_near (bsc#1087762). - xfs: really fix the cursor leak in xfs_alloc_ag_vextent_near (bsc#1087762). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-source-20180417-13574=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-source-20180417-13574=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-20180417-13574=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-20180417-13574=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-108.38.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-108.38.1 kernel-default-base-3.0.101-108.38.1 kernel-default-devel-3.0.101-108.38.1 kernel-source-3.0.101-108.38.1 kernel-syms-3.0.101-108.38.1 kernel-trace-3.0.101-108.38.1 kernel-trace-base-3.0.101-108.38.1 kernel-trace-devel-3.0.101-108.38.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-108.38.1 kernel-ec2-base-3.0.101-108.38.1 kernel-ec2-devel-3.0.101-108.38.1 kernel-xen-3.0.101-108.38.1 kernel-xen-base-3.0.101-108.38.1 kernel-xen-devel-3.0.101-108.38.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-108.38.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-108.38.1 kernel-bigmem-base-3.0.101-108.38.1 kernel-bigmem-devel-3.0.101-108.38.1 kernel-ppc64-3.0.101-108.38.1 kernel-ppc64-base-3.0.101-108.38.1 kernel-ppc64-devel-3.0.101-108.38.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-108.38.1 kernel-pae-base-3.0.101-108.38.1 kernel-pae-devel-3.0.101-108.38.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.38.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.38.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.38.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.38.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.38.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.38.1 kernel-default-debugsource-3.0.101-108.38.1 kernel-trace-debuginfo-3.0.101-108.38.1 kernel-trace-debugsource-3.0.101-108.38.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.38.1 kernel-trace-devel-debuginfo-3.0.101-108.38.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.38.1 kernel-ec2-debugsource-3.0.101-108.38.1 kernel-xen-debuginfo-3.0.101-108.38.1 kernel-xen-debugsource-3.0.101-108.38.1 kernel-xen-devel-debuginfo-3.0.101-108.38.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.38.1 kernel-bigmem-debugsource-3.0.101-108.38.1 kernel-ppc64-debuginfo-3.0.101-108.38.1 kernel-ppc64-debugsource-3.0.101-108.38.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.38.1 kernel-pae-debugsource-3.0.101-108.38.1 kernel-pae-devel-debuginfo-3.0.101-108.38.1 References: https://www.suse.com/security/cve/CVE-2015-5156.html https://www.suse.com/security/cve/CVE-2016-7915.html https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2017-12190.html https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2017-16644.html https://www.suse.com/security/cve/CVE-2017-16911.html https://www.suse.com/security/cve/CVE-2017-16912.html https://www.suse.com/security/cve/CVE-2017-16913.html https://www.suse.com/security/cve/CVE-2017-16914.html https://www.suse.com/security/cve/CVE-2017-18203.html https://www.suse.com/security/cve/CVE-2017-18208.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2018-10087.html https://www.suse.com/security/cve/CVE-2018-6927.html https://www.suse.com/security/cve/CVE-2018-7566.html https://www.suse.com/security/cve/CVE-2018-7757.html https://www.suse.com/security/cve/CVE-2018-8822.html https://bugzilla.suse.com/1010470 https://bugzilla.suse.com/1013018 https://bugzilla.suse.com/1039348 https://bugzilla.suse.com/1052943 https://bugzilla.suse.com/1062568 https://bugzilla.suse.com/1062840 https://bugzilla.suse.com/1063416 https://bugzilla.suse.com/1063516 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065999 https://bugzilla.suse.com/1067118 https://bugzilla.suse.com/1067912 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1072689 https://bugzilla.suse.com/1072865 https://bugzilla.suse.com/1075088 https://bugzilla.suse.com/1075091 https://bugzilla.suse.com/1075994 https://bugzilla.suse.com/1078669 https://bugzilla.suse.com/1078672 https://bugzilla.suse.com/1078673 https://bugzilla.suse.com/1078674 https://bugzilla.suse.com/1080464 https://bugzilla.suse.com/1080757 https://bugzilla.suse.com/1080813 https://bugzilla.suse.com/1081358 https://bugzilla.suse.com/1082091 https://bugzilla.suse.com/1082424 https://bugzilla.suse.com/1083242 https://bugzilla.suse.com/1083275 https://bugzilla.suse.com/1083483 https://bugzilla.suse.com/1083494 https://bugzilla.suse.com/1084536 https://bugzilla.suse.com/1085113 https://bugzilla.suse.com/1085279 https://bugzilla.suse.com/1085331 https://bugzilla.suse.com/1085513 https://bugzilla.suse.com/1086162 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1087260 https://bugzilla.suse.com/1087762 https://bugzilla.suse.com/1088147 https://bugzilla.suse.com/1088260 https://bugzilla.suse.com/1089608 https://bugzilla.suse.com/909077 https://bugzilla.suse.com/940776 https://bugzilla.suse.com/943786 From sle-updates at lists.suse.com Wed Apr 25 13:16:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Apr 2018 21:16:20 +0200 (CEST) Subject: SUSE-RU-2018:1081-1: important: Recommended update for supportutils Message-ID: <20180425191620.2A5FCFD2B@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1081-1 Rating: important References: #1069457 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils fixes the following issues: - correctly detect CaaS Platforms docker installation (bsc#1069457) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-739=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-739=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): supportutils-3.0-95.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): supportutils-3.0-95.12.1 - SUSE CaaS Platform ALL (noarch): supportutils-3.0-95.12.1 References: https://bugzilla.suse.com/1069457 From sle-updates at lists.suse.com Thu Apr 26 07:07:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Apr 2018 15:07:13 +0200 (CEST) Subject: SUSE-SU-2018:1082-1: moderate: Security update for velum Message-ID: <20180426130714.00D21FD38@maintenance.suse.de> SUSE Security Update: Security update for velum ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1082-1 Rating: moderate References: #1085967 #1086598 Cross-References: CVE-2018-3741 CVE-2018-8048 Affected Products: SUSE CaaS Platform ALL ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for velum fixes the following issues in its embedded ruby on rails packages: - CVE-2018-3741: Insufficient filtering in scrub_attribute could lead to XSS. (bsc#1086598) - CVE-2018-8048: Non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment leading to XSS. (bsc#1085967) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform ALL (x86_64): sles12-velum-image-2.0.1-2.7.3 References: https://www.suse.com/security/cve/CVE-2018-3741.html https://www.suse.com/security/cve/CVE-2018-8048.html https://bugzilla.suse.com/1085967 https://bugzilla.suse.com/1086598 From sle-updates at lists.suse.com Thu Apr 26 10:07:25 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Apr 2018 18:07:25 +0200 (CEST) Subject: SUSE-RU-2018:1083-1: moderate: Recommended update for bind Message-ID: <20180426160725.D3FE5FD33@maintenance.suse.de> SUSE Recommended Update: Recommended update for bind ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1083-1 Rating: moderate References: #908850 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bind provides the following fix: - Change /var/lib/named owner to named:named so that it is writable by bind.(bsc#908850) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bind-13575=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bind-13575=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-13575=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.51.10.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): bind-devel-32bit-9.9.6P1-0.51.10.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.51.10.1 bind-chrootenv-9.9.6P1-0.51.10.1 bind-doc-9.9.6P1-0.51.10.1 bind-libs-9.9.6P1-0.51.10.1 bind-utils-9.9.6P1-0.51.10.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.51.10.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): bind-libs-x86-9.9.6P1-0.51.10.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.51.10.1 bind-debugsource-9.9.6P1-0.51.10.1 References: https://bugzilla.suse.com/908850 From sle-updates at lists.suse.com Thu Apr 26 13:07:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Apr 2018 21:07:31 +0200 (CEST) Subject: SUSE-OU-2018:1084-1: Initial release of python3-psutil and -pycrypto Message-ID: <20180426190731.658CEFD38@maintenance.suse.de> SUSE Optional Update: Initial release of python3-psutil and -pycrypto ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1084-1 Rating: low References: #1073879 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.1 SUSE Manager Server 3.0 SUSE Manager Proxy 3.1 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 modules: - python3-psutil - python3-pycrypto Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-743=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-743=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-743=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-743=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-743=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-743=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2018-743=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-743=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-743=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python-psutil-1.2.1-15.3.3 python-psutil-debuginfo-1.2.1-15.3.3 python-psutil-debugsource-1.2.1-15.3.3 python-pycrypto-2.6.1-10.6.3 python3-psutil-1.2.1-15.3.3 python3-pycrypto-2.6.1-10.6.3 - SUSE Manager Tools 12 (ppc64le s390x x86_64): python-pycrypto-debuginfo-2.6.1-10.6.3 - SUSE Manager Server 3.1 (ppc64le s390x x86_64): python-psutil-1.2.1-15.3.3 python-psutil-debuginfo-1.2.1-15.3.3 python-psutil-debugsource-1.2.1-15.3.3 python-pycrypto-2.6.1-10.6.3 python-pycrypto-debuginfo-2.6.1-10.6.3 python3-psutil-1.2.1-15.3.3 python3-pycrypto-2.6.1-10.6.3 - SUSE Manager Server 3.0 (s390x x86_64): python-psutil-1.2.1-15.3.3 python-psutil-debuginfo-1.2.1-15.3.3 python-psutil-debugsource-1.2.1-15.3.3 python-pycrypto-2.6.1-10.6.3 python-pycrypto-debuginfo-2.6.1-10.6.3 python3-psutil-1.2.1-15.3.3 python3-pycrypto-2.6.1-10.6.3 - SUSE Manager Proxy 3.1 (ppc64le x86_64): python-psutil-1.2.1-15.3.3 python-psutil-debuginfo-1.2.1-15.3.3 python-psutil-debugsource-1.2.1-15.3.3 python-pycrypto-2.6.1-10.6.3 python-pycrypto-debuginfo-2.6.1-10.6.3 python3-psutil-1.2.1-15.3.3 python3-pycrypto-2.6.1-10.6.3 - SUSE Manager Proxy 3.0 (x86_64): python-psutil-1.2.1-15.3.3 python-psutil-debuginfo-1.2.1-15.3.3 python-psutil-debugsource-1.2.1-15.3.3 python-pycrypto-2.6.1-10.6.3 python-pycrypto-debuginfo-2.6.1-10.6.3 python3-psutil-1.2.1-15.3.3 python3-pycrypto-2.6.1-10.6.3 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): python-psutil-1.2.1-15.3.3 python-psutil-debuginfo-1.2.1-15.3.3 python-psutil-debugsource-1.2.1-15.3.3 python-pycrypto-2.6.1-10.6.3 python3-psutil-1.2.1-15.3.3 python3-pycrypto-2.6.1-10.6.3 - SUSE Linux Enterprise Module for Public Cloud 12 (ppc64le s390x x86_64): python-pycrypto-debuginfo-2.6.1-10.6.3 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python-psutil-1.2.1-15.3.3 python-psutil-debuginfo-1.2.1-15.3.3 python-psutil-debugsource-1.2.1-15.3.3 python-pycrypto-2.6.1-10.6.3 python-pycrypto-debuginfo-2.6.1-10.6.3 python3-psutil-1.2.1-15.3.3 python3-pycrypto-2.6.1-10.6.3 - SUSE Enterprise Storage 5 (aarch64 x86_64): python-psutil-1.2.1-15.3.3 python-psutil-debuginfo-1.2.1-15.3.3 python-psutil-debugsource-1.2.1-15.3.3 python-pycrypto-2.6.1-10.6.3 python3-psutil-1.2.1-15.3.3 python3-pycrypto-2.6.1-10.6.3 - SUSE Enterprise Storage 5 (x86_64): python-pycrypto-debuginfo-2.6.1-10.6.3 - SUSE Enterprise Storage 4 (aarch64 x86_64): python-psutil-1.2.1-15.3.3 python-psutil-debuginfo-1.2.1-15.3.3 python-psutil-debugsource-1.2.1-15.3.3 python-pycrypto-2.6.1-10.6.3 python3-psutil-1.2.1-15.3.3 python3-pycrypto-2.6.1-10.6.3 - SUSE Enterprise Storage 4 (x86_64): python-pycrypto-debuginfo-2.6.1-10.6.3 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Thu Apr 26 13:08:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Apr 2018 21:08:02 +0200 (CEST) Subject: SUSE-OU-2018:1085-1: Initial release of python3-cffi and -cryptography Message-ID: <20180426190802.247E7FD38@maintenance.suse.de> SUSE Optional Update: Initial release of python3-cffi and -cryptography ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1085-1 Rating: low References: #1073879 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 modules for the SUSE Linux Enterprise Server: - python3-cffi - python3-cryptography Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-744=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-744=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): python-cffi-1.1.0-2.5.4 python-cffi-debuginfo-1.1.0-2.5.4 python-cffi-debugsource-1.1.0-2.5.4 python-cryptography-1.1.2-3.8.4 python-cryptography-debuginfo-1.1.2-3.8.4 python-cryptography-debugsource-1.1.2-3.8.4 python3-cffi-1.1.0-2.5.4 python3-cryptography-1.1.2-3.8.4 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): python-cffi-1.1.0-2.5.4 python-cffi-debuginfo-1.1.0-2.5.4 python-cffi-debugsource-1.1.0-2.5.4 python-cryptography-1.1.2-3.8.4 python-cryptography-debuginfo-1.1.2-3.8.4 python-cryptography-debugsource-1.1.2-3.8.4 python3-cffi-1.1.0-2.5.4 python3-cryptography-1.1.2-3.8.4 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Thu Apr 26 13:08:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Apr 2018 21:08:29 +0200 (CEST) Subject: SUSE-RU-2018:1086-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20180426190829.80BEEFD38@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1086-1 Rating: moderate References: #1073879 #1083001 #1083294 #1090205 #1090504 Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: cobbler: - Add sles15 distro profile (bsc#1090205) - Add: * add-sles15-distro.patch rhn-virtualization: - Remove SUSE Studio based image deployments (bsc#1090504) rhnpush: - Sync with upstream (bsc#1083294) - Rhnpush is needed on python2 due to spacewalk-proxy spacewalk-backend: - Fix encoding for RPM package group in reposync (bsc#1083001) - Sync with upstream (bsc#1083294) - 1567157 - remove 'www' part from cve.mitre.org domain name - 1198723 - rhnRepository.py: add support for Debian / Ubuntu Release files - 1549546 - Allow spacewalk-channel to add parent channel - Temporary revert bsc#1083001 spacewalk-client-tools: - Sync with upstream (bsc#1083294) - Build both python 2/3 because of rhnpush zypp-plugin-spacewalk: - Python3 compatibility (bsc#1073879) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2018-747=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): python2-salt-2018.3.0-4.10.1 salt-2018.3.0-4.10.1 salt-doc-2018.3.0-4.10.1 salt-minion-2018.3.0-4.10.1 - SUSE Manager Tools 12-BETA (noarch): koan-2.6.6-4.9.1 python2-rhn-virtualization-common-5.4.72.2-4.9.1 python2-rhn-virtualization-host-5.4.72.2-4.9.1 python2-rhnpush-5.5.113.2-4.9.1 python2-spacewalk-check-2.8.22.2-4.12.1 python2-spacewalk-client-setup-2.8.22.2-4.12.1 python2-spacewalk-client-tools-2.8.22.2-4.12.1 rhn-virtualization-host-5.4.72.2-4.9.1 rhnpush-5.5.113.2-4.9.1 spacewalk-backend-libs-2.8.57.2-4.12.1 spacewalk-check-2.8.22.2-4.12.1 spacewalk-client-setup-2.8.22.2-4.12.1 spacewalk-client-tools-2.8.22.2-4.12.1 zypp-plugin-spacewalk-1.0.0-4.6.1 References: https://bugzilla.suse.com/1073879 https://bugzilla.suse.com/1083001 https://bugzilla.suse.com/1083294 https://bugzilla.suse.com/1090205 https://bugzilla.suse.com/1090504 From sle-updates at lists.suse.com Thu Apr 26 13:09:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Apr 2018 21:09:34 +0200 (CEST) Subject: SUSE-RU-2018:1087-1: Recommended update for autoyast2 Message-ID: <20180426190934.12985FD38@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1087-1 Rating: low References: #1054400 #1057597 #1059617 #1077292 Affected Products: SUSE Linux Enterprise Server Installer 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for autoyast2 provides the following fixes: - When using Btrfs but without subvolumes, export an empty list instead of removing them from the profile. (bsc#1059617) - Shrink needed disks size automatically in order to handle rounding inaccuracies in LVM installations. (bsc#1057597) - Add default subvolumes to the root partition only if the user has not defined any root partition in the autoyast configuration file. (bsc#1059617) - Add the network_before_proposal flag that will be enable if the network is configured during the first stage. (bsc#1054400) - Report packages which cannot be selected for installation, except those packages not included in the AutoYaST profile. (bnc#1077292) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server Installer 12-SP3: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP3-2018-748=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-748=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-748=1 Package List: - SUSE Linux Enterprise Server Installer 12-SP3 (noarch): autoyast2-3.2.29-2.24.1 autoyast2-installation-3.2.29-2.24.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): autoyast2-3.2.29-2.24.1 autoyast2-installation-3.2.29-2.24.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): autoyast2-3.2.29-2.24.1 autoyast2-installation-3.2.29-2.24.1 References: https://bugzilla.suse.com/1054400 https://bugzilla.suse.com/1057597 https://bugzilla.suse.com/1059617 https://bugzilla.suse.com/1077292 From sle-updates at lists.suse.com Thu Apr 26 13:10:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Apr 2018 21:10:59 +0200 (CEST) Subject: SUSE-RU-2018:1089-1: Recommended update for yast2-installation, yast2-storage Message-ID: <20180426191059.ACB05FD38@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-installation, yast2-storage ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1089-1 Rating: low References: #1036838 #1042554 #1051200 #1051762 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for yast2-installation and yast2-storage provides the following fixes: Fixes for yast2-installation: - Update YaST2-Firstboot.service: Deprecate `plymouth --wait` and add conflict to plymouth start service. - Update YaST2-Second-Stage.service: Deprecate the plymouth deactivate command and add conflict to plymouth start service. (bsc#1042554) - Make filesystem type for home and root configurable in control.xml. (bsc#1051762) - Allow different mount point for home partition. (fate#323532, bsc#1051200) - Move remaining CaaSP specific code to yast2-caasp package. (bsc#1036838, bsc#1051200) Fixes for yast2-storage: - Make filesystem type for home and root configurable in control.xml. (bsc#1051762) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-746=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-746=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-746=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): yast2-storage-debuginfo-3.2.16.2-2.8.1 yast2-storage-debugsource-3.2.16.2-2.8.1 yast2-storage-devel-3.2.16.2-2.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): yast2-storage-3.2.16.2-2.8.1 yast2-storage-debuginfo-3.2.16.2-2.8.1 yast2-storage-debugsource-3.2.16.2-2.8.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-installation-3.2.50-3.3.4 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): yast2-storage-3.2.16.2-2.8.1 yast2-storage-debuginfo-3.2.16.2-2.8.1 yast2-storage-debugsource-3.2.16.2-2.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): yast2-installation-3.2.50-3.3.4 References: https://bugzilla.suse.com/1036838 https://bugzilla.suse.com/1042554 https://bugzilla.suse.com/1051200 https://bugzilla.suse.com/1051762 From sle-updates at lists.suse.com Thu Apr 26 13:12:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Apr 2018 21:12:58 +0200 (CEST) Subject: SUSE-RU-2018:1091-1: Recommended update for python-chardet, python-debian Message-ID: <20180426191258.71E89FD43@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-chardet, python-debian ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1091-1 Rating: low References: #1050433 Affected Products: SUSE Manager Server 3.1 SUSE Manager Server 3.0 SUSE Manager Proxy 3.1 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-chardet and python-debian fixes the following issues: - (bsc#1050433) needs updated py-debian to fix deb repo syncing - Allow iter_paragraphs to accept bytes under Python 3 (Closes: #833375). - Add sha512 sums to Release and Sources (Closes: #732599). - FTBFS, caused by referring to apt_pkg in a test with no python-apt Build-Depends. (Closes: #623011) - deb822: Use the apt_pkg.TagFile class instead of apt_pkg.ParseTagFile() (Closes: #552190) - deb822: parse also Binary as PkgRelation, thus add .binary attribute Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-745=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-745=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-745=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-745=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-745=1 Package List: - SUSE Manager Server 3.1 (noarch): python-chardet-2.3.0-3.3.2 python2-debian-0.1.31-10.3.2 - SUSE Manager Server 3.0 (noarch): python-chardet-2.3.0-3.3.2 python2-debian-0.1.31-10.3.2 - SUSE Manager Proxy 3.1 (noarch): python-chardet-2.3.0-3.3.2 python2-debian-0.1.31-10.3.2 - SUSE Manager Proxy 3.0 (noarch): python-chardet-2.3.0-3.3.2 python2-debian-0.1.31-10.3.2 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-chardet-2.3.0-3.3.2 References: https://bugzilla.suse.com/1050433 From sle-updates at lists.suse.com Thu Apr 26 16:08:55 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Apr 2018 00:08:55 +0200 (CEST) Subject: SUSE-RU-2018:1094-1: Recommended update for nfs-utils Message-ID: <20180426220855.74A75FD38@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1094-1 Rating: low References: #1017909 #1040968 #1053691 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for nfs-utils provides the following fixes: - Fix nfs-client's service dependency so that when YaST restarts "nfs" the action is propagated to "nfs-client" as well. (bsc#1053691) - Allow umount to work when NFS server is down. (bsc#1040968) - Fix exit code of nfsstat(8). (bsc#1017909) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-749=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-749=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): nfs-client-1.3.0-34.8.3 nfs-client-debuginfo-1.3.0-34.8.3 nfs-doc-1.3.0-34.8.3 nfs-kernel-server-1.3.0-34.8.3 nfs-kernel-server-debuginfo-1.3.0-34.8.3 nfs-utils-debugsource-1.3.0-34.8.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): nfs-client-1.3.0-34.8.3 nfs-client-debuginfo-1.3.0-34.8.3 nfs-kernel-server-1.3.0-34.8.3 nfs-kernel-server-debuginfo-1.3.0-34.8.3 nfs-utils-debugsource-1.3.0-34.8.3 - SUSE CaaS Platform ALL (x86_64): nfs-client-1.3.0-34.8.3 nfs-client-debuginfo-1.3.0-34.8.3 nfs-utils-debugsource-1.3.0-34.8.3 References: https://bugzilla.suse.com/1017909 https://bugzilla.suse.com/1040968 https://bugzilla.suse.com/1053691 From sle-updates at lists.suse.com Fri Apr 27 13:07:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Apr 2018 21:07:49 +0200 (CEST) Subject: SUSE-RU-2018:1099-1: Recommended update for crowbar-core Message-ID: <20180427190749.54D3AFD43@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1099-1 Rating: low References: #1088093 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-core fixes the following issues: - crowbar_batch: Fix host_by_alias. - Refactor calculation of Chef log lines to output. - Rename variables for clarity. - Wrap lines from Chef logs in
 element.
   - Refactor #get_log_lines to avoid duplication.
   - Fix name of argument to #get_log_lines to reflect reality.


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 6:

      zypper in -t patch SUSE-OpenStack-Cloud-6-2018-751=1



Package List:

   - SUSE OpenStack Cloud 6 (noarch):

      crowbar-core-3.0+git.1519205256.9f10bd5de-21.9.1
      crowbar-core-branding-upstream-3.0+git.1519205256.9f10bd5de-21.9.1


References:

   https://bugzilla.suse.com/1088093


From sle-updates at lists.suse.com  Fri Apr 27 13:09:17 2018
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 27 Apr 2018 21:09:17 +0200 (CEST)
Subject: SUSE-SU-2018:1102-1: moderate: Security update for python-Django
Message-ID: <20180427190917.BC1D2FD38@maintenance.suse.de>

   SUSE Security Update: Security update for python-Django
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:1102-1
Rating:             moderate
References:         #1001374 #1008047 #1008050 #1031450 #1031451 
                    #1056284 #1083304 #1083305 #967999 
Cross-References:   CVE-2016-2512 CVE-2016-7401 CVE-2016-9013
                    CVE-2016-9014 CVE-2017-12794 CVE-2017-7233
                    CVE-2017-7234 CVE-2018-7536 CVE-2018-7537
                   
Affected Products:
                    SUSE OpenStack Cloud 6
______________________________________________________________________________

   An update that fixes 9 vulnerabilities is now available.

Description:

   This update for python-Django fixes the following issues:

   Security issues fixed:

   - CVE-2018-7537: Fixed catastrophic backtracking in
     django.utils.text.Truncator. (bsc#1083305)
   - CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc
     template filters. (bsc#1083304)
   - CVE-2017-12794: Fixed XSS possibility in traceback section of technical
     500 debug page (bsc#1056284)
   - CVE-2017-7234: Open redirect vulnerability in
     django.views.static.serve() (bsc#1031451)
   - CVE-2017-7233: Open redirect and possible XSS attack via user-supplied
     numeric redirect URLs (bsc#1031450)
   - CVE-2016-9014: DNS rebinding vulnerability when DEBUG=True (bsc#1008047)
   - CVE-2016-9013: User with hardcoded password created when running tests
     on Oracle (bsc#1008050)
   - CVE-2016-7401: CSRF protection bypass on a site with Google Analytics
     (bsc#1001374)
   - CVE-2016-2512: Vulnerability in the function tils.http.is_safe_url could
     allow remote users to arbitrary web site and conduct phishing attacks.
     (bsc#bnc#967999)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 6:

      zypper in -t patch SUSE-OpenStack-Cloud-6-2018-750=1



Package List:

   - SUSE OpenStack Cloud 6 (noarch):

      python-Django-1.8.19-3.6.1


References:

   https://www.suse.com/security/cve/CVE-2016-2512.html
   https://www.suse.com/security/cve/CVE-2016-7401.html
   https://www.suse.com/security/cve/CVE-2016-9013.html
   https://www.suse.com/security/cve/CVE-2016-9014.html
   https://www.suse.com/security/cve/CVE-2017-12794.html
   https://www.suse.com/security/cve/CVE-2017-7233.html
   https://www.suse.com/security/cve/CVE-2017-7234.html
   https://www.suse.com/security/cve/CVE-2018-7536.html
   https://www.suse.com/security/cve/CVE-2018-7537.html
   https://bugzilla.suse.com/1001374
   https://bugzilla.suse.com/1008047
   https://bugzilla.suse.com/1008050
   https://bugzilla.suse.com/1031450
   https://bugzilla.suse.com/1031451
   https://bugzilla.suse.com/1056284
   https://bugzilla.suse.com/1083304
   https://bugzilla.suse.com/1083305
   https://bugzilla.suse.com/967999


From sle-updates at lists.suse.com  Fri Apr 27 13:10:52 2018
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 27 Apr 2018 21:10:52 +0200 (CEST)
Subject: SUSE-SU-2018:1103-1: Security update for crowbar-openstack
Message-ID: <20180427191052.B3DFCFD38@maintenance.suse.de>

   SUSE Security Update: Security update for crowbar-openstack
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:1103-1
Rating:             low
References:         #1057086 #1083903 
Cross-References:   CVE-2018-1000115
Affected Products:
                    SUSE OpenStack Cloud 6
______________________________________________________________________________

   An update that solves one vulnerability and has one errata
   is now available.

Description:


   This update for crowbar-openstack provides the following fixes:

   - memcached: Disable UDP by default to prevent spoofed traffic
     amplification DoS (bsc#1083903, CVE-2018-1000115)
   - nova: Add resource limits for api and compute (bsc#1057086)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 6:

      zypper in -t patch SUSE-OpenStack-Cloud-6-2018-752=1



Package List:

   - SUSE OpenStack Cloud 6 (noarch):

      crowbar-openstack-3.0+git.1521471181.2b39130da-39.10.1


References:

   https://www.suse.com/security/cve/CVE-2018-1000115.html
   https://bugzilla.suse.com/1057086
   https://bugzilla.suse.com/1083903


From sle-updates at lists.suse.com  Mon Apr 30 07:07:17 2018
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 30 Apr 2018 15:07:17 +0200 (CEST)
Subject: SUSE-RU-2018:1105-1: moderate: Recommended update for SUSE Manager
	Client Tools
Message-ID: <20180430130717.6E991FD43@maintenance.suse.de>

   SUSE Recommended Update: Recommended update for SUSE Manager Client Tools
______________________________________________________________________________

Announcement ID:    SUSE-RU-2018:1105-1
Rating:             moderate
References:         #1073879 #1077244 #1078056 #1080290 #1081607 
                    #1082019 #1083001 #1085667 
Affected Products:
                    SUSE Manager Tools 12
                    SUSE Manager Proxy 3.0
______________________________________________________________________________

   An update that has 8 recommended fixes can now be installed.

Description:


   This update fixes the following issues:

   spacecmd:

   - Connect to API using FQDN instead of hostname to avoid SSL validation
     problems (bsc#1085667)
   - Add function to update software channel through spacecmd
   - Configure gpg_flag via spacecmd creating a channel (bsc#1080290)
   - Allow scheduling the change of software channels as an action. The
     previous channels remain accessible to the registered system until the
     action is executed.

   spacewalk-backend:

   - Fix encoding for RPM package group in reposync (bsc#1083001)
   - Add --no-packages option to spacewalk-repo-sync
   - Use --force-all-errata only to re-sync patches
     --deep-verify still used for package checksum check and single errata
      import (bsc#1077244)
   - Use GTM for rpm build_time (bsc#1078056)

   spacewalk-client-tools:

   - Fix up2date logging on FQDN collection exception (bsc#1081607,
     bsc#1082019)

   zypp-plugin-spacewalk:

   - Python3 compatibility
   - Build python2/python3 subpackages (bsc#1073879)
   - Build as noarch for SLES12 and higher


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Tools 12:

      zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-758=1

   - SUSE Manager Proxy 3.0:

      zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-758=1



Package List:

   - SUSE Manager Tools 12 (noarch):

      spacecmd-2.7.8.10-38.15.3
      spacewalk-backend-libs-2.7.73.12-55.15.3
      spacewalk-check-2.7.6.4-52.6.3
      spacewalk-client-setup-2.7.6.4-52.6.3
      spacewalk-client-tools-2.7.6.4-52.6.3
      zypp-plugin-spacewalk-1.0.0-30.6.3

   - SUSE Manager Proxy 3.0 (noarch):

      zypp-plugin-spacewalk-1.0.0-30.6.3


References:

   https://bugzilla.suse.com/1073879
   https://bugzilla.suse.com/1077244
   https://bugzilla.suse.com/1078056
   https://bugzilla.suse.com/1080290
   https://bugzilla.suse.com/1081607
   https://bugzilla.suse.com/1082019
   https://bugzilla.suse.com/1083001
   https://bugzilla.suse.com/1085667


From sle-updates at lists.suse.com  Mon Apr 30 07:09:01 2018
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 30 Apr 2018 15:09:01 +0200 (CEST)
Subject: SUSE-RU-2018:1106-1: moderate: Recommended update for Salt
Message-ID: <20180430130901.B6CF5FD38@maintenance.suse.de>

   SUSE Recommended Update: Recommended update for Salt
______________________________________________________________________________

Announcement ID:    SUSE-RU-2018:1106-1
Rating:             moderate
References:         #1072973 #1079398 #1085635 
Affected Products:
                    SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS
                    SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS
______________________________________________________________________________

   An update that has three recommended fixes can now be
   installed.

Description:


   This update for salt fixes the following issues:

   - Make module result usable in states module.run. (bsc#1085635)
   - Fix Augeas module "stripped quotes" issue. (bsc#1079398)
   - Fix logging with FQDNs.
   - Explore 'module.run' state module output in depth to catch the "result"
     properly.
   - Fix x509 unit test to run on 2016.11.4 version.
   - Fix TypeError, thrown by M2Crypto on missing fields. (bsc#1072973)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS:

      zypper in -t patch slesctsp4-salt-13578=1

   - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS:

      zypper in -t patch slesctsp3-salt-13578=1



Package List:

   - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64):

      salt-2016.11.4-43.21.2
      salt-doc-2016.11.4-43.21.2
      salt-minion-2016.11.4-43.21.2

   - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64):

      salt-2016.11.4-43.21.2
      salt-doc-2016.11.4-43.21.2
      salt-minion-2016.11.4-43.21.2


References:

   https://bugzilla.suse.com/1072973
   https://bugzilla.suse.com/1079398
   https://bugzilla.suse.com/1085635


From sle-updates at lists.suse.com  Mon Apr 30 07:10:01 2018
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 30 Apr 2018 15:10:01 +0200 (CEST)
Subject: SUSE-RU-2018:1107-1: Recommended update for release-notes-susemanager,
	release-notes-susemanager-proxy
Message-ID: <20180430131001.1555DFD38@maintenance.suse.de>

   SUSE Recommended Update: Recommended update for release-notes-susemanager, release-notes-susemanager-proxy
______________________________________________________________________________

Announcement ID:    SUSE-RU-2018:1107-1
Rating:             low
References:         #1031081 #1031716 #1034037 #1065708 #1067010 
                    #1072973 #1075345 #1076931 #1077244 #1077265 
                    #1077760 #1077997 #1078056 #1078427 #1079398 
                    #1079535 #1079652 #1079847 #1079865 #1080290 
                    #1080298 #1080349 #1080353 #1080807 #1081714 
                    #1081757 #1081977 #1082119 #1082328 #1082548 
                    #1083001 #1083329 #1083700 #1083753 #1084134 
                    #1085436 #1085500 #1085635 #1085660 #1085667 
                    #1086996 #1087131 #1088246 #979073 
Affected Products:
                    SUSE Manager Server 3.1
                    SUSE Manager Proxy 3.1
______________________________________________________________________________

   An update that has 44 recommended fixes can now be
   installed.

Description:


   This update for release-notes-susemanager, release-notes-susemanager-proxy
   fixes the following issues:

   - Update to 3.1.5
   - New features
     - API: changing a channel is a scheduled action now
   - New products supported
     - Packagehub for SLED 12
     - SUSE OpenStack Cloud 8
     - SUSE OpenStack Cloud Crowbar 8
     - SUSE Enterprise Storage 5 aarch64
     - SLES12 SP2 LTSS
   - Bugs mentioned (salt) bsc#1072973, bsc#1079398, bsc#1085635
   - Bugs mentioned (server) bsc#979073,  bsc#1031081, bsc#1031716,
     bsc#1034037, bsc#1065708 bsc#1067010, bsc#1075345, bsc#1076931,
     bsc#1077244, bsc#1077265 bsc#1077760, bsc#1077997, bsc#1078056,
     bsc#1078427, bsc#1079535 bsc#1079652, bsc#1079847, bsc#1079865,
     bsc#1080290, bsc#1080298 bsc#1080349, bsc#1080353, bsc#1080807,
     bsc#1081714, bsc#1081757 bsc#1081977, bsc#1082119, bsc#1082328,
     bsc#1082548, bsc#1083001 bsc#1083329, bsc#1083700, bsc#1083753,
     bsc#1084134, bsc#1085436 bsc#1085500, bsc#1085635, bsc#1085660,
     bsc#1085667, bsc#1086996 bsc#1087131, bsc#1088246
   - Bugs mentioned (client tools) bsc#1077244, bsc#1078056, bsc#1080290,
     bsc#1083001, bsc#1085635 bsc#1085667

   - Update to 3.1.4
   - Bugs mentioned bsc#1034037, bsc#1077244, bsc#1077997, bsc#1078056,
     bsc#1079535 bsc#1083001, bsc#1083329


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Server 3.1:

      zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-765=1

   - SUSE Manager Proxy 3.1:

      zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-765=1



Package List:

   - SUSE Manager Server 3.1 (ppc64le s390x x86_64):

      release-notes-susemanager-3.1.5-5.24.1

   - SUSE Manager Proxy 3.1 (ppc64le x86_64):

      release-notes-susemanager-proxy-3.1.5-0.15.18.1


References:

   https://bugzilla.suse.com/1031081
   https://bugzilla.suse.com/1031716
   https://bugzilla.suse.com/1034037
   https://bugzilla.suse.com/1065708
   https://bugzilla.suse.com/1067010
   https://bugzilla.suse.com/1072973
   https://bugzilla.suse.com/1075345
   https://bugzilla.suse.com/1076931
   https://bugzilla.suse.com/1077244
   https://bugzilla.suse.com/1077265
   https://bugzilla.suse.com/1077760
   https://bugzilla.suse.com/1077997
   https://bugzilla.suse.com/1078056
   https://bugzilla.suse.com/1078427
   https://bugzilla.suse.com/1079398
   https://bugzilla.suse.com/1079535
   https://bugzilla.suse.com/1079652
   https://bugzilla.suse.com/1079847
   https://bugzilla.suse.com/1079865
   https://bugzilla.suse.com/1080290
   https://bugzilla.suse.com/1080298
   https://bugzilla.suse.com/1080349
   https://bugzilla.suse.com/1080353
   https://bugzilla.suse.com/1080807
   https://bugzilla.suse.com/1081714
   https://bugzilla.suse.com/1081757
   https://bugzilla.suse.com/1081977
   https://bugzilla.suse.com/1082119
   https://bugzilla.suse.com/1082328
   https://bugzilla.suse.com/1082548
   https://bugzilla.suse.com/1083001
   https://bugzilla.suse.com/1083329
   https://bugzilla.suse.com/1083700
   https://bugzilla.suse.com/1083753
   https://bugzilla.suse.com/1084134
   https://bugzilla.suse.com/1085436
   https://bugzilla.suse.com/1085500
   https://bugzilla.suse.com/1085635
   https://bugzilla.suse.com/1085660
   https://bugzilla.suse.com/1085667
   https://bugzilla.suse.com/1086996
   https://bugzilla.suse.com/1087131
   https://bugzilla.suse.com/1088246
   https://bugzilla.suse.com/979073


From sle-updates at lists.suse.com  Mon Apr 30 07:19:06 2018
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 30 Apr 2018 15:19:06 +0200 (CEST)
Subject: SUSE-RU-2018:1108-1: moderate: Recommended update for SUSE Manager
	Client Tools
Message-ID: <20180430131906.ED54FFD38@maintenance.suse.de>

   SUSE Recommended Update: Recommended update for SUSE Manager Client Tools
______________________________________________________________________________

Announcement ID:    SUSE-RU-2018:1108-1
Rating:             moderate
References:         #1077244 #1078056 #1080290 #1081607 #1082019 
                    #1083001 #1085667 
Affected Products:
                    SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS
                    SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS
______________________________________________________________________________

   An update that has 7 recommended fixes can now be installed.

Description:


   This update fixes the following issues:

   spacecmd:

   - Connect to API using FQDN instead of hostname to avoid SSL validation
     problems (bsc#1085667)
   - Add function to update software channel through spacecmd
   - Configure gpg_flag via spacecmd creating a channel (bsc#1080290)
   - Allow scheduling the change of software channels as an action. The
     previous channels remain accessible to the registered system until the
     action is executed.

   spacewalk-backend:

   - Fix encoding for RPM package group in reposync (bsc#1083001)
   - Add --no-packages option to spacewalk-repo-sync
   - Use --force-all-errata only to re-sync patches
     --deep-verify still used for package checksum check and single errata
      import (bsc#1077244)
   - Use GTM for rpm build_time (bsc#1078056)

   spacewalk-client-tools:

   - Fix up2date logging on FQDN collection exception (bsc#1081607,
     bsc#1082019)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS:

      zypper in -t patch slesctsp4-client-tools-201804-13577=1

   - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS:

      zypper in -t patch slesctsp3-client-tools-201804-13577=1



Package List:

   - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64):

      spacecmd-2.7.8.10-18.17.3
      spacewalk-backend-libs-2.7.73.12-28.16.3

   - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch):

      spacewalk-check-2.7.6.4-27.6.3
      spacewalk-client-setup-2.7.6.4-27.6.3
      spacewalk-client-tools-2.7.6.4-27.6.3

   - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64):

      spacecmd-2.7.8.10-18.17.3
      spacewalk-backend-libs-2.7.73.12-28.16.3

   - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch):

      spacewalk-check-2.7.6.4-27.6.3
      spacewalk-client-setup-2.7.6.4-27.6.3
      spacewalk-client-tools-2.7.6.4-27.6.3


References:

   https://bugzilla.suse.com/1077244
   https://bugzilla.suse.com/1078056
   https://bugzilla.suse.com/1080290
   https://bugzilla.suse.com/1081607
   https://bugzilla.suse.com/1082019
   https://bugzilla.suse.com/1083001
   https://bugzilla.suse.com/1085667


From sle-updates at lists.suse.com  Mon Apr 30 07:20:35 2018
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 30 Apr 2018 15:20:35 +0200 (CEST)
Subject: SUSE-RU-2018:1109-1: Recommended update for apache2-mod_security2
Message-ID: <20180430132035.0D080FD38@maintenance.suse.de>

   SUSE Recommended Update: Recommended update for apache2-mod_security2
______________________________________________________________________________

Announcement ID:    SUSE-RU-2018:1109-1
Rating:             low
References:         #1089692 
Affected Products:
                    SUSE Linux Enterprise Server 12-SP3
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update solves the 'ModSecurity: Loaded PCRE do not match with
   compiled!' warning for apache2-mod_security2. (bsc#1089692)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP3:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-753=1



Package List:

   - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

      apache2-mod_security2-2.8.0-7.3.1
      apache2-mod_security2-debuginfo-2.8.0-7.3.1
      apache2-mod_security2-debugsource-2.8.0-7.3.1


References:

   https://bugzilla.suse.com/1089692


From sle-updates at lists.suse.com  Mon Apr 30 07:21:03 2018
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 30 Apr 2018 15:21:03 +0200 (CEST)
Subject: SUSE-RU-2018:1110-1: moderate: Recommended update for SUSE Manager
	Server 3.1
Message-ID: <20180430132103.C3742FD43@maintenance.suse.de>

   SUSE Recommended Update: Recommended update for SUSE Manager Server 3.1
______________________________________________________________________________

Announcement ID:    SUSE-RU-2018:1110-1
Rating:             moderate
References:         #1031081 #1031716 #1034037 #1065708 #1067010 
                    #1075345 #1076931 #1077244 #1077265 #1077760 
                    #1077997 #1078056 #1078427 #1079535 #1079652 
                    #1079847 #1079865 #1080290 #1080298 #1080349 
                    #1080353 #1080807 #1081607 #1081714 #1081757 
                    #1081977 #1082019 #1082119 #1082328 #1082548 
                    #1083001 #1083329 #1083700 #1083706 #1083753 
                    #1083937 #1084134 #1085436 #1085500 #1085635 
                    #1085660 #1085667 #1086996 #1087131 #1088246 
                    #1088878 #979073 
Affected Products:
                    SUSE Manager Server 3.1
______________________________________________________________________________

   An update that has 47 recommended fixes can now be
   installed.

Description:


   This update fixes the following issues:

   spacecmd:

   - Connect to API using FQDN instead of hostname to avoid SSL validation
     problems (bsc#1085667)
   - Add function to update software channel through spacecmd
   - Configure gpg_flag via spacecmd creating a channel (bsc#1080290)
   - Allow scheduling the change of software channels as an action. The
     previous channels remain accessible to the registered system until the
     action is executed.

   spacewalk-backend:

   - Fix encoding for RPM package group in reposync (bsc#1083001)
   - Add --no-packages option to spacewalk-repo-sync
   - Use --force-all-errata only to re-sync patches
     --deep-verify still used for package checksum check and single errata
      import (bsc#1077244)
   - Use GTM for rpm build_time (bsc#1078056)

   spacewalk-branding:

   - Add option to schedule the software channels change in software ->
     channels -> channel -> target systems (bsc#1088246)
   - Remove SUSE Manager repositories when deleting salt minions (bsc#1079847)
   - Add missing left margin at Software Channels WebUI icon links to
     channels (bsc#1083329)
   - Allow scheduling the change of software channels as an action. The
     previous channels remain accessible to the registered system until the
     action is executed.
   - Add a tip about config file macro delimiters and Salt
   - Show full Salt paths in config file details page

   spacewalk-certs-tools:

   - Clean up SUSE manager repos in bootstrap script for trad clients
     (bsc#1077997)

   spacewalk-client-tools:

   - Fix up2date logging on FQDN collection exception (bsc#1081607,
     bsc#1082019)

   spacewalk-java:

   - Add SUSE OpenStack Cloud 8 and SUSE OpenStack Cloud Crowbar 8 products
     (bsc#1080298)
   - Add option to schedule the software channels change in software ->
     channels -> channel -> target systems (bsc#1088246)
   - Fix config channel assignment when registering with an activation key
     (bsc#1084134)
   - Fix in SSM channls UI, if all systems in SSM do not have a base channel
     the corresponding child channels are not displayed on the subsequent page
   - Prevent stripping curly braces when creating config states (bsc#1085500)
   - Fix index out of bound exception when os-release query returns multiple
     package names for RHEL/CentOS (bsc#1076931)
   - More specific message for empty custom system info
   - Properly invalidate channel access tokens when changing to the same
     channels (bsc#1085660)
   - Uniform channel assignment for Salt (bsc#1077265)
   - Fix race condition during enabling channel tokens (bsc#1085436)
   - Fix presence ping (bsc#1080353)
   - Harmonize display of custom system information (bsc#979073)
   - Add ref help links (bsc#1079535)
   - Ensure transaction execution order when updating FQDNs for minions
     (bsc#1078427)
   - Adjusted the code to override software channel's gpg_check during
     clone(#bsc1080290)
   - Fix "Most critical systems" list on "Home Overview" view (bsc#1081757)
   - Fix NPE when retrieving OES repo (bsc#1082328)
   - Subscribe to config channels when registering Salt systems with
     activation keys (bsc#1080807)
   - Add rhn.conf salt_check_download_tokens parameter to disable token
     checking (bsc#1082119)
   - Refresh pillar data when executing the subscribe channels action for
     ssh-push minions (bsc#1080349)
   - Users who can view system should be able to delete it (bsc#1079652)
   - Set hostname before hardware refresh as well (bsc#1077760)
   - Fix home page link for "Register systems" (bsc#1065708)
   - Remove previous activation keys on every (re-)activation (bsc#1031081)
   - Fix broken 'Add' links in system's config channel overview page
     (bsc#1079865)
   - Remove SUSE Manager repositories when deleting salt minions (bsc#1079847)
   - Allow scheduling the change of software channels as an action. The
     previous channels remain accessible to the registered system until the
     action is executed.
   - Handle stderr from "virtual-host-gatherer" to avoid hanging (bsc#1067010)
   - Fix issues in text for config management.
   - Hide macro delimiters for config files in state channels
   - Show full Salt paths in config file details page

   spacewalk-reports:

   - Fix error in inventory report (bsc#1083753)

   spacewalk-web:

   - Add missing left margin at Software Channels WebUI icon links to
     channels (bsc#1083329)
   - Fix for the system channels UI, hide the corresponding title and
     horizontal line if list of SUSE or custom channels is empty
   - Fixed behavior on child channels unselecting when multiple channels were
     unselected
   - Add ref help links (bsc#1079535)
   - Make minion label unselectable on Visualization's 'Systems Grouping'
     view (bsc#1034037)
   - Allow scheduling the change of software channels as an action. The
     previous channels remain accessible to the registered system until the
     action is executed.

   subscription-matcher:

   - Add 2 new partnumbers to rules file (bsc#1081977)
   - Improve subscription-matcher reporting accuracy via SCC (bsc#1031716)
   - Small bugfixes

   susemanager:

   - Add SLES4SAP-12-SP3-ppc64le as bootstrap repository (bsc#1082548)
   - Add align-rpm-buildtime script (bsc#1078056)

   susemanager-docs_en:

   - Update text and image files.
   - New channel assignments (wizard style).
   - Preparation for 3.1 Maintenance Update.
   - New Salt Formula features such as edit-group.
   - Remove SUSE Studio references.
   - New notification system (Reference Guide).

   susemanager-schema:

   - Fix: migration from 3.0 to 3.1 related to rhnServerNetwork (bsc#1086996)
   - Remove update of not existing table (bsc#1087131)
   - Handle duplicate rhnserverpackage (bsc#1075345)
   - Prevent migration failure when multiple empty file contents are present
     (bsc#1083706, bsc#1083937)
   - Allow scheduling the change of software channels as an action. The
     previous channels remain accessible to the registered system until the
     action is executed.

   susemanager-sls:

   - Remove SUSE Manager repositories when deleting salt minions (bsc#1079847)
   - Perform docker login before building and inspecting images (bsc#1085635)
   - Allow scheduling the change of software channels as an action. The
     previous channels remain accessible to the registered system until the
     action is executed.

   susemanager-sync-data:

   - Enable Packagehub for SLED 12 (bsc#1083700)
   - Add SUSE OpenStack Cloud 8 and SUSE OpenStack Cloud Crowbar 8 products
     (bsc#1080298)
   - Add SUSE Enterprise Storage 5 aarch64
   - Add support for SLES12 SP2 LTSS (bsc#1088878)

   susemanager-tftpsync:

   - Work around possible race in tftpsync (bsc#1081714)

   virtual-host-gatherer:

   - Support kubernetes access configuration only via kubeconfig. Remove
     other configuration options like url, username, password and
     certificates.


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Server 3.1:

      zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-764=1



Package List:

   - SUSE Manager Server 3.1 (s390x x86_64):

      spacewalk-branding-2.7.2.12-2.16.1
      susemanager-3.1.13-2.16.3
      susemanager-tftpsync-3.1.2-3.3.1
      susemanager-tools-3.1.13-2.16.3

   - SUSE Manager Server 3.1 (noarch):

      spacecmd-2.7.8.10-2.16.2
      spacewalk-backend-2.7.73.12-2.16.2
      spacewalk-backend-app-2.7.73.12-2.16.2
      spacewalk-backend-applet-2.7.73.12-2.16.2
      spacewalk-backend-config-files-2.7.73.12-2.16.2
      spacewalk-backend-config-files-common-2.7.73.12-2.16.2
      spacewalk-backend-config-files-tool-2.7.73.12-2.16.2
      spacewalk-backend-iss-2.7.73.12-2.16.2
      spacewalk-backend-iss-export-2.7.73.12-2.16.2
      spacewalk-backend-libs-2.7.73.12-2.16.2
      spacewalk-backend-package-push-server-2.7.73.12-2.16.2
      spacewalk-backend-server-2.7.73.12-2.16.2
      spacewalk-backend-sql-2.7.73.12-2.16.2
      spacewalk-backend-sql-oracle-2.7.73.12-2.16.2
      spacewalk-backend-sql-postgresql-2.7.73.12-2.16.2
      spacewalk-backend-tools-2.7.73.12-2.16.2
      spacewalk-backend-xml-export-libs-2.7.73.12-2.16.2
      spacewalk-backend-xmlrpc-2.7.73.12-2.16.2
      spacewalk-base-2.7.1.15-2.16.1
      spacewalk-base-minimal-2.7.1.15-2.16.1
      spacewalk-base-minimal-config-2.7.1.15-2.16.1
      spacewalk-certs-tools-2.7.0.9-2.9.1
      spacewalk-client-tools-2.7.6.4-2.7.1
      spacewalk-html-2.7.1.15-2.16.1
      spacewalk-java-2.7.46.11-2.18.1
      spacewalk-java-config-2.7.46.11-2.18.1
      spacewalk-java-lib-2.7.46.11-2.18.1
      spacewalk-java-oracle-2.7.46.11-2.18.1
      spacewalk-java-postgresql-2.7.46.11-2.18.1
      spacewalk-reports-2.7.5.5-2.10.1
      spacewalk-taskomatic-2.7.46.11-2.18.1
      subscription-matcher-0.19-4.3.1
      susemanager-advanced-topics_en-pdf-3.1-10.17.1
      susemanager-best-practices_en-pdf-3.1-10.17.1
      susemanager-docs_en-3.1-10.17.1
      susemanager-getting-started_en-pdf-3.1-10.17.1
      susemanager-jsp_en-3.1-10.17.1
      susemanager-reference_en-pdf-3.1-10.17.1
      susemanager-schema-3.1.16-2.20.1
      susemanager-sls-3.1.16-2.20.1
      susemanager-sync-data-3.1.12-2.20.1
      virtual-host-gatherer-1.0.17-2.13.1
      virtual-host-gatherer-Kubernetes-1.0.17-2.13.1
      virtual-host-gatherer-VMware-1.0.17-2.13.1


References:

   https://bugzilla.suse.com/1031081
   https://bugzilla.suse.com/1031716
   https://bugzilla.suse.com/1034037
   https://bugzilla.suse.com/1065708
   https://bugzilla.suse.com/1067010
   https://bugzilla.suse.com/1075345
   https://bugzilla.suse.com/1076931
   https://bugzilla.suse.com/1077244
   https://bugzilla.suse.com/1077265
   https://bugzilla.suse.com/1077760
   https://bugzilla.suse.com/1077997
   https://bugzilla.suse.com/1078056
   https://bugzilla.suse.com/1078427
   https://bugzilla.suse.com/1079535
   https://bugzilla.suse.com/1079652
   https://bugzilla.suse.com/1079847
   https://bugzilla.suse.com/1079865
   https://bugzilla.suse.com/1080290
   https://bugzilla.suse.com/1080298
   https://bugzilla.suse.com/1080349
   https://bugzilla.suse.com/1080353
   https://bugzilla.suse.com/1080807
   https://bugzilla.suse.com/1081607
   https://bugzilla.suse.com/1081714
   https://bugzilla.suse.com/1081757
   https://bugzilla.suse.com/1081977
   https://bugzilla.suse.com/1082019
   https://bugzilla.suse.com/1082119
   https://bugzilla.suse.com/1082328
   https://bugzilla.suse.com/1082548
   https://bugzilla.suse.com/1083001
   https://bugzilla.suse.com/1083329
   https://bugzilla.suse.com/1083700
   https://bugzilla.suse.com/1083706
   https://bugzilla.suse.com/1083753
   https://bugzilla.suse.com/1083937
   https://bugzilla.suse.com/1084134
   https://bugzilla.suse.com/1085436
   https://bugzilla.suse.com/1085500
   https://bugzilla.suse.com/1085635
   https://bugzilla.suse.com/1085660
   https://bugzilla.suse.com/1085667
   https://bugzilla.suse.com/1086996
   https://bugzilla.suse.com/1087131
   https://bugzilla.suse.com/1088246
   https://bugzilla.suse.com/1088878
   https://bugzilla.suse.com/979073


From sle-updates at lists.suse.com  Mon Apr 30 07:29:32 2018
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 30 Apr 2018 15:29:32 +0200 (CEST)
Subject: SUSE-RU-2018:1111-1: Recommended update for zypp-plugin-spacewalk
Message-ID: <20180430132932.2CF65FD38@maintenance.suse.de>

   SUSE Recommended Update: Recommended update for zypp-plugin-spacewalk
______________________________________________________________________________

Announcement ID:    SUSE-RU-2018:1111-1
Rating:             low
References:         #1073879 
Affected Products:
                    SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:


   This update for zypp-plugin-spacewalk fixes the following issues:

   - python3 compatibility
   - build python2/python3 subpackages (bsc#1073879)
   - build as noarch for SLES12 and higher


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS:

      zypper in -t patch slesctsp4-zypp-plugin-spacewalk-13579=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-zypp-plugin-spacewalk-13579=1

   - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS:

      zypper in -t patch slesctsp3-zypp-plugin-spacewalk-13579=1



Package List:

   - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64):

      zypp-plugin-spacewalk-1.0.0-25.6.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      zypp-plugin-spacewalk-1.0.0-25.6.1

   - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64):

      zypp-plugin-spacewalk-1.0.0-25.6.1


References:

   https://bugzilla.suse.com/1073879


From sle-updates at lists.suse.com  Mon Apr 30 07:30:04 2018
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 30 Apr 2018 15:30:04 +0200 (CEST)
Subject: SUSE-RU-2018:1112-1: Recommended update for yast2-packager
Message-ID: <20180430133004.75185FD43@maintenance.suse.de>

   SUSE Recommended Update: Recommended update for yast2-packager
______________________________________________________________________________

Announcement ID:    SUSE-RU-2018:1112-1
Rating:             low
References:         #1078323 
Affected Products:
                    SUSE Linux Enterprise Server 12-SP3
                    SUSE Linux Enterprise Desktop 12-SP3
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for yast2-packager adds a warning to inform the user that
   changes in a repository managed by a service will be lost in the next
   refresh of the service (bsc#1078323).


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP3:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-754=1

   - SUSE Linux Enterprise Desktop 12-SP3:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-754=1



Package List:

   - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

      yast2-packager-3.2.26-2.6.1

   - SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

      yast2-packager-3.2.26-2.6.1


References:

   https://bugzilla.suse.com/1078323


From sle-updates at lists.suse.com  Mon Apr 30 07:30:38 2018
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 30 Apr 2018 15:30:38 +0200 (CEST)
Subject: SUSE-RU-2018:1113-1: moderate: Recommended update for Salt
Message-ID: <20180430133038.890DCFD38@maintenance.suse.de>

   SUSE Recommended Update: Recommended update for Salt
______________________________________________________________________________

Announcement ID:    SUSE-RU-2018:1113-1
Rating:             moderate
References:         #1072973 #1079398 #1085635 
Affected Products:
                    SUSE Manager Tools 12
                    SUSE Manager Server 3.1
                    SUSE Manager Server 3.0
                    SUSE Manager Proxy 3.1
                    SUSE Manager Proxy 3.0
                    SUSE Linux Enterprise Module for Advanced Systems Management 12
                    SUSE Enterprise Storage 5
                    SUSE Enterprise Storage 4
                    SUSE CaaS Platform ALL
                    OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________

   An update that has three recommended fixes can now be
   installed.

Description:


   This update for salt fixes the following issues:

   - Make module result usable in states module.run. (bsc#1085635)
   - Fix Augeas module "stripped quotes" issue. (bsc#1079398)
   - Fix logging with FQDNs.
   - Explore 'module.run' state module output in depth to catch the "result"
     properly.
   - Fix x509 unit test to run on 2016.11.4 version.
   - Fix TypeError, thrown by M2Crypto on missing fields. (bsc#1072973)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Tools 12:

      zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-759=1

   - SUSE Manager Server 3.1:

      zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-759=1

   - SUSE Manager Server 3.0:

      zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-759=1

   - SUSE Manager Proxy 3.1:

      zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-759=1

   - SUSE Manager Proxy 3.0:

      zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-759=1

   - SUSE Linux Enterprise Module for Advanced Systems Management 12:

      zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2018-759=1

   - SUSE Enterprise Storage 5:

      zypper in -t patch SUSE-Storage-5-2018-759=1

   - SUSE Enterprise Storage 4:

      zypper in -t patch SUSE-Storage-4-2018-759=1

   - SUSE CaaS Platform ALL:

      To install this update, use the SUSE CaaS Platform Velum dashboard.
      It will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.

   - OpenStack Cloud Magnum Orchestration 7:

      zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-759=1



Package List:

   - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64):

      salt-2016.11.4-46.20.2
      salt-doc-2016.11.4-46.20.2
      salt-minion-2016.11.4-46.20.2

   - SUSE Manager Server 3.1 (ppc64le s390x x86_64):

      salt-2016.11.4-46.20.2
      salt-api-2016.11.4-46.20.2
      salt-cloud-2016.11.4-46.20.2
      salt-doc-2016.11.4-46.20.2
      salt-master-2016.11.4-46.20.2
      salt-minion-2016.11.4-46.20.2
      salt-proxy-2016.11.4-46.20.2
      salt-ssh-2016.11.4-46.20.2
      salt-syndic-2016.11.4-46.20.2

   - SUSE Manager Server 3.1 (noarch):

      salt-bash-completion-2016.11.4-46.20.2
      salt-zsh-completion-2016.11.4-46.20.2

   - SUSE Manager Server 3.0 (s390x x86_64):

      salt-2016.11.4-46.20.2
      salt-api-2016.11.4-46.20.2
      salt-doc-2016.11.4-46.20.2
      salt-master-2016.11.4-46.20.2
      salt-minion-2016.11.4-46.20.2
      salt-proxy-2016.11.4-46.20.2
      salt-ssh-2016.11.4-46.20.2
      salt-syndic-2016.11.4-46.20.2

   - SUSE Manager Server 3.0 (noarch):

      salt-bash-completion-2016.11.4-46.20.2
      salt-zsh-completion-2016.11.4-46.20.2

   - SUSE Manager Proxy 3.1 (ppc64le x86_64):

      salt-2016.11.4-46.20.2
      salt-minion-2016.11.4-46.20.2

   - SUSE Manager Proxy 3.0 (noarch):

      salt-bash-completion-2016.11.4-46.20.2
      salt-zsh-completion-2016.11.4-46.20.2

   - SUSE Manager Proxy 3.0 (x86_64):

      salt-2016.11.4-46.20.2
      salt-api-2016.11.4-46.20.2
      salt-doc-2016.11.4-46.20.2
      salt-master-2016.11.4-46.20.2
      salt-minion-2016.11.4-46.20.2
      salt-proxy-2016.11.4-46.20.2
      salt-ssh-2016.11.4-46.20.2
      salt-syndic-2016.11.4-46.20.2

   - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64):

      salt-2016.11.4-46.20.2
      salt-api-2016.11.4-46.20.2
      salt-cloud-2016.11.4-46.20.2
      salt-doc-2016.11.4-46.20.2
      salt-master-2016.11.4-46.20.2
      salt-minion-2016.11.4-46.20.2
      salt-proxy-2016.11.4-46.20.2
      salt-ssh-2016.11.4-46.20.2
      salt-syndic-2016.11.4-46.20.2

   - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch):

      salt-bash-completion-2016.11.4-46.20.2
      salt-zsh-completion-2016.11.4-46.20.2

   - SUSE Enterprise Storage 5 (aarch64 x86_64):

      salt-2016.11.4-46.20.2
      salt-api-2016.11.4-46.20.2
      salt-master-2016.11.4-46.20.2
      salt-minion-2016.11.4-46.20.2

   - SUSE Enterprise Storage 4 (aarch64 x86_64):

      salt-2016.11.4-46.20.2
      salt-master-2016.11.4-46.20.2
      salt-minion-2016.11.4-46.20.2

   - SUSE CaaS Platform ALL (x86_64):

      salt-2016.11.4-46.20.2
      salt-minion-2016.11.4-46.20.2

   - OpenStack Cloud Magnum Orchestration 7 (x86_64):

      salt-2016.11.4-46.20.2
      salt-minion-2016.11.4-46.20.2


References:

   https://bugzilla.suse.com/1072973
   https://bugzilla.suse.com/1079398
   https://bugzilla.suse.com/1085635


From sle-updates at lists.suse.com  Mon Apr 30 07:31:27 2018
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 30 Apr 2018 15:31:27 +0200 (CEST)
Subject: SUSE-RU-2018:1114-1: moderate: Recommended update for SUSE Manager
	Proxy 3.1
Message-ID: <20180430133127.42D52FD38@maintenance.suse.de>

   SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.1
______________________________________________________________________________

Announcement ID:    SUSE-RU-2018:1114-1
Rating:             moderate
References:         #1034037 #1077244 #1077997 #1078056 #1079535 
                    #1081607 #1082019 #1083001 #1083329 
Affected Products:
                    SUSE Manager Proxy 3.1
______________________________________________________________________________

   An update that has 9 recommended fixes can now be installed.

Description:


   This update fixes the following issues:

   spacewalk-backend:

   - Fix encoding for RPM package group in reposync (bsc#1083001)
   - Add --no-packages option to spacewalk-repo-sync
   - Use --force-all-errata only to re-sync patches
     --deep-verify still used for package checksum check and single errata
      import (bsc#1077244)
   - Use GTM for rpm build_time (bsc#1078056)

   spacewalk-certs-tools:

   - Clean up SUSE manager repos in bootstrap script for trad clients
     (bsc#1077997)

   spacewalk-client-tools:

   - Fix up2date logging on FQDN collection exception (bsc#1081607,
     bsc#1082019)

   spacewalk-web:

   - Add missing left margin at Software Channels WebUI icon links to
     channels (bsc#1083329)
   - Fix for the system channels UI, hide the corresponding title and
     horizontal line if list of SUSE or custom channels is empty
   - Fixed behavior on child channels unselecting when multiple channels were
     unselected
   - Add ref help links (bsc#1079535)
   - Make minion label unselectable on Visualization's 'Systems Grouping'
     view (bsc#1034037)
   - Allow scheduling the change of software channels as an action. The
     previous channels remain accessible to the registered system until the
     action is executed.


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Proxy 3.1:

      zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-764=1



Package List:

   - SUSE Manager Proxy 3.1 (noarch):

      spacewalk-backend-2.7.73.12-2.16.2
      spacewalk-backend-libs-2.7.73.12-2.16.2
      spacewalk-base-minimal-2.7.1.15-2.16.1
      spacewalk-base-minimal-config-2.7.1.15-2.16.1
      spacewalk-certs-tools-2.7.0.9-2.9.1
      spacewalk-check-2.7.6.4-2.7.1
      spacewalk-client-setup-2.7.6.4-2.7.1
      spacewalk-client-tools-2.7.6.4-2.7.1


References:

   https://bugzilla.suse.com/1034037
   https://bugzilla.suse.com/1077244
   https://bugzilla.suse.com/1077997
   https://bugzilla.suse.com/1078056
   https://bugzilla.suse.com/1079535
   https://bugzilla.suse.com/1081607
   https://bugzilla.suse.com/1082019
   https://bugzilla.suse.com/1083001
   https://bugzilla.suse.com/1083329


From sle-updates at lists.suse.com  Mon Apr 30 10:07:08 2018
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 30 Apr 2018 18:07:08 +0200 (CEST)
Subject: SUSE-RU-2018:1115-1: Recommended update for smt
Message-ID: <20180430160708.39D6EFD43@maintenance.suse.de>

   SUSE Recommended Update: Recommended update for smt
______________________________________________________________________________

Announcement ID:    SUSE-RU-2018:1115-1
Rating:             low
References:         #1030677 #1058992 #1059798 #1059943 
Affected Products:
                    Subscription Management Tool for SUSE Linux Enterprise 11-SP3
______________________________________________________________________________

   An update that has four recommended fixes can now be
   installed.

Description:

   This update for smt provides the following fixes:

   - Backport single product deactivation endpoint (bsc#1059798)
   - Add caching of SCCcredentials on startup (bsc#1030677)
   - Specify TLSv1 explicitly for older versions of wget to prevent "Download
     failed. Abort." problems while trying to register a system. (bsc#1059943)
   - Use the repository CATALOGID instead of the auto-incremental ID in
     smt-staging. (bsc#1058992)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - Subscription Management Tool for SUSE Linux Enterprise 11-SP3:

      zypper in -t patch slesmtsp3-smt-13584=1



Package List:

   - Subscription Management Tool for SUSE Linux Enterprise 11-SP3 (i586 s390x x86_64):

      res-signingkeys-2.0.32-50.5.11
      smt-2.0.32-50.5.11
      smt-support-2.0.32-50.5.11


References:

   https://bugzilla.suse.com/1030677
   https://bugzilla.suse.com/1058992
   https://bugzilla.suse.com/1059798
   https://bugzilla.suse.com/1059943