From sle-updates at lists.suse.com Mon Jul 2 04:10:37 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Jul 2018 12:10:37 +0200 (CEST) Subject: SUSE-RU-2018:1863-1: moderate: Recommended update for openvswitch Message-ID: <20180702101037.0C0D4FCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1863-1 Rating: moderate References: #1076284 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openvswitch provides the following fixes: - Add support for RedHat distributions. All SUSE macros are now conditional and the spec file has been adapted based on the upstream one. (fate#324537) - Fix documentation installation to make sure the testsuite runs properly. (bsc#1076284) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1255=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): openvswitch-2.7.0-3.16.3 openvswitch-debuginfo-2.7.0-3.16.3 openvswitch-debugsource-2.7.0-3.16.3 References: https://bugzilla.suse.com/1076284 From sle-updates at lists.suse.com Mon Jul 2 07:07:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Jul 2018 15:07:48 +0200 (CEST) Subject: SUSE-RU-2018:1864-1: moderate: Recommended update for crowbar-core, crowbar-openstack Message-ID: <20180702130748.83EDBFCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-core, crowbar-openstack ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1864-1 Rating: moderate References: #1047941 #1087466 #1087472 #1090571 #1091190 #1091250 #1091829 #985882 Affected Products: SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for Crowbar provides several fixes and improvements for following issues: crowbar-core: - Added pre-check for database type - Drop the database step - Make crowbar finish admin upgrade step on start - Remove manipulation with ceph nodes from upgrade worflow - Use correct commands for disabling and enabling nova-compute - ntp: Make listening net configurable (bsc#1047941) - Raise the default timeouts for most time consuming actions - When upgrading to SOC8, delete deprecated nova-cert service - Raise exception if conduit does not exist in mapping - Change rabbitmq settings during the upgrade - Fix misleasing status message - Do not add Newton specific config changes - crowbar: clean restart flags extended - upgrade: revert openvswitch systemd unit fix - Ensure that crowbarctl is installed on nodes - Adjust installation profile for netcat (bsc#1091250) - Drop drbd post upgrade checks - ohai: Treat struct as fixed length instead of zero terminated string - ohai: fix hound style errors - crowbar: add validator for n nodes or cluster - crowbar: test for find_node_by_name_or_alias crowbar-openstack: - ironic: Remove SSH-based drivers (bsc#1087472) - nova: allow to enable nested virt on Intel - nova: Configure a rng device for guest VM entropy (bsc#985882) - nova: Remove the checks that were testing if we're not running Newton - nova: disable progress timeout for live migration (bsc#1091190) - keystone: avoid race condition during admin password change (bsc#1091829) - nova: After upgrading controller to Pike, map the instances to cell1 - Revert "rabbitmq: block client port on startup" - Add Pure Storage FlashArray config to cinder barclamp - nova: default thp defragt to madvise - nova: fix variable naming typo - nova: make disk_cachemodes configurable - rabbitmq: block client port on startup - rabbitmq: create empty users list which is expected by some recipes - nova: move flavor creation to converge phase - Let mariadb running at all nodes during the upgrade - neutron: enable trunk service plugin - keystone: Add retry loop to _get_token (bsc#1087466) - rabbitmq: Do not check if service is running when it is not supposed to run. - trove: Hide trove barclamp (bsc#1090571) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1258=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): crowbar-core-5.0+git.1527227852.36f464fae-3.3.1 crowbar-core-branding-upstream-5.0+git.1527227852.36f464fae-3.3.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): crowbar-openstack-5.0+git.1527177338.e93b04094-4.3.1 References: https://bugzilla.suse.com/1047941 https://bugzilla.suse.com/1087466 https://bugzilla.suse.com/1087472 https://bugzilla.suse.com/1090571 https://bugzilla.suse.com/1091190 https://bugzilla.suse.com/1091250 https://bugzilla.suse.com/1091829 https://bugzilla.suse.com/985882 From sle-updates at lists.suse.com Mon Jul 2 07:09:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Jul 2018 15:09:30 +0200 (CEST) Subject: SUSE-RU-2018:1865-1: moderate: Recommended update for several openstack components Message-ID: <20180702130930.42DC8FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for several openstack components ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1865-1 Rating: moderate References: #1095576 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for Openstack provides fixes and improvements for the following issues: barbican: - Fix Dogtag mode on key generation - Updating time for functional tests ceilometer: - snmp: ignore rfc1905.NoSuchInstance result - snmp: make oid value retrieval more solid cinder: - Fix leftovers after backup abort - Improve ChunkedBackupDriver hashlib calls - NetApp ONTAP: Fix export path used as volume name - RBD: Handle ImageNotFound exception in \_get\_usage\_info correctly - Unity: fail to detach lun when auto zone enabled - ZFSSA implement "Enhance iSCSI multipath support" - ZFSSA accept pool stats when cluster node stripped - NetApp: Add use-exact-size parameter when creating a LUN on ONTAP iSCSI - NetApp E-series: Fix provisioned\_capacity\_gb - Remove inappropriate directory space check dashboard: - Imported Translations from Zanata - Fix pep8 errors heat: - Generate user passwords with special characters - Fix entropy problems with OS::Random::String - Allow iteration over files dict before template stored - Replace random with SystemRandom for RandomString - Avoid race in OSWaitCondition test ironic: - Remove too large configdrive for handling error - Remove pycodestyle version pin. Add E402 and W503 to ignore - Pin pycodestyle to <=2.3.1 keystone: - Fix json schema nullable to add None to ENUM magnum: - Stop using slave\_scripts/install-distro-packages.sh manila: - Add manila.data.helper options to config sample octavia: - Health Monitor url\_path requires leading slash - Pool PUT should validate name/description length - Migrate to stestr - Gatefix: Migrate from testr to stestr - Don't failover amphora with LB in PENDING\_\* - Fix statistics update typo - Overhaul HealthManager update threading - Fix processing pool statuses for LBs with multiple listeners - Fix cookbook 'openstack secret container list' - Minimize the effect overloaded Health Manager processes - Clean up test\_update\_db.py a little bit - Optimize update\_health process - Pin pip < 10 in the amphora image sahara: - Add .stestr.conf to fix tox-py27 stable job - Migration to Storyboard Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1257=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1257=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1257=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openstack-barbican-5.0.1~dev10-3.3.1 openstack-barbican-api-5.0.1~dev10-3.3.1 openstack-barbican-doc-5.0.1~dev10-3.3.1 openstack-barbican-keystone-listener-5.0.1~dev10-3.3.1 openstack-barbican-retry-5.0.1~dev10-3.3.1 openstack-barbican-worker-5.0.1~dev10-3.3.1 openstack-ceilometer-9.0.6~dev5-3.3.1 openstack-ceilometer-agent-central-9.0.6~dev5-3.3.1 openstack-ceilometer-agent-compute-9.0.6~dev5-3.3.1 openstack-ceilometer-agent-ipmi-9.0.6~dev5-3.3.1 openstack-ceilometer-agent-notification-9.0.6~dev5-3.3.1 openstack-ceilometer-api-9.0.6~dev5-3.3.1 openstack-ceilometer-collector-9.0.6~dev5-3.3.1 openstack-ceilometer-doc-9.0.6~dev5-3.3.1 openstack-ceilometer-polling-9.0.6~dev5-3.3.1 openstack-cinder-11.1.1~dev41-3.3.1 openstack-cinder-api-11.1.1~dev41-3.3.1 openstack-cinder-backup-11.1.1~dev41-3.3.1 openstack-cinder-doc-11.1.1~dev41-3.3.1 openstack-cinder-scheduler-11.1.1~dev41-3.3.1 openstack-cinder-volume-11.1.1~dev41-3.3.1 openstack-dashboard-12.0.3~dev47-3.3.1 openstack-heat-9.0.5~dev3-3.3.1 openstack-heat-api-9.0.5~dev3-3.3.1 openstack-heat-api-cfn-9.0.5~dev3-3.3.1 openstack-heat-api-cloudwatch-9.0.5~dev3-3.3.1 openstack-heat-doc-9.0.5~dev3-3.3.1 openstack-heat-engine-9.0.5~dev3-3.3.1 openstack-heat-plugin-heat_docker-9.0.5~dev3-3.3.1 openstack-heat-test-9.0.5~dev3-3.3.1 openstack-ironic-9.1.5~dev5-3.3.1 openstack-ironic-api-9.1.5~dev5-3.3.1 openstack-ironic-conductor-9.1.5~dev5-3.3.1 openstack-ironic-doc-9.1.5~dev5-3.3.1 openstack-keystone-12.0.1~dev18-5.3.1 openstack-keystone-doc-12.0.1~dev18-5.3.1 openstack-magnum-5.0.2~dev27-4.3.1 openstack-magnum-api-5.0.2~dev27-4.3.1 openstack-magnum-conductor-5.0.2~dev27-4.3.1 openstack-magnum-doc-5.0.2~dev27-4.3.1 openstack-manila-5.0.2~dev46-3.3.1 openstack-manila-api-5.0.2~dev46-3.3.1 openstack-manila-data-5.0.2~dev46-3.3.1 openstack-manila-doc-5.0.2~dev46-3.3.1 openstack-manila-scheduler-5.0.2~dev46-3.3.1 openstack-manila-share-5.0.2~dev46-3.3.1 openstack-octavia-1.0.3~dev17-4.3.1 openstack-octavia-amphora-agent-1.0.3~dev17-4.3.1 openstack-octavia-api-1.0.3~dev17-4.3.1 openstack-octavia-health-manager-1.0.3~dev17-4.3.1 openstack-octavia-housekeeping-1.0.3~dev17-4.3.1 openstack-octavia-worker-1.0.3~dev17-4.3.1 openstack-sahara-7.0.3~dev4-3.3.1 openstack-sahara-api-7.0.3~dev4-3.3.1 openstack-sahara-doc-7.0.3~dev4-3.3.1 openstack-sahara-engine-7.0.3~dev4-3.3.1 python-barbican-5.0.1~dev10-3.3.1 python-ceilometer-9.0.6~dev5-3.3.1 python-cinder-11.1.1~dev41-3.3.1 python-heat-9.0.5~dev3-3.3.1 python-horizon-12.0.3~dev47-3.3.1 python-ironic-9.1.5~dev5-3.3.1 python-keystone-12.0.1~dev18-5.3.1 python-magnum-5.0.2~dev27-4.3.1 python-manila-5.0.2~dev46-3.3.1 python-octavia-1.0.3~dev17-4.3.1 python-sahara-7.0.3~dev4-3.3.1 - SUSE OpenStack Cloud 8 (noarch): openstack-barbican-5.0.1~dev10-3.3.1 openstack-barbican-api-5.0.1~dev10-3.3.1 openstack-barbican-doc-5.0.1~dev10-3.3.1 openstack-barbican-keystone-listener-5.0.1~dev10-3.3.1 openstack-barbican-retry-5.0.1~dev10-3.3.1 openstack-barbican-worker-5.0.1~dev10-3.3.1 openstack-ceilometer-9.0.6~dev5-3.3.1 openstack-ceilometer-agent-central-9.0.6~dev5-3.3.1 openstack-ceilometer-agent-compute-9.0.6~dev5-3.3.1 openstack-ceilometer-agent-ipmi-9.0.6~dev5-3.3.1 openstack-ceilometer-agent-notification-9.0.6~dev5-3.3.1 openstack-ceilometer-api-9.0.6~dev5-3.3.1 openstack-ceilometer-collector-9.0.6~dev5-3.3.1 openstack-ceilometer-doc-9.0.6~dev5-3.3.1 openstack-ceilometer-polling-9.0.6~dev5-3.3.1 openstack-cinder-11.1.1~dev41-3.3.1 openstack-cinder-api-11.1.1~dev41-3.3.1 openstack-cinder-backup-11.1.1~dev41-3.3.1 openstack-cinder-doc-11.1.1~dev41-3.3.1 openstack-cinder-scheduler-11.1.1~dev41-3.3.1 openstack-cinder-volume-11.1.1~dev41-3.3.1 openstack-dashboard-12.0.3~dev47-3.3.1 openstack-heat-9.0.5~dev3-3.3.1 openstack-heat-api-9.0.5~dev3-3.3.1 openstack-heat-api-cfn-9.0.5~dev3-3.3.1 openstack-heat-api-cloudwatch-9.0.5~dev3-3.3.1 openstack-heat-doc-9.0.5~dev3-3.3.1 openstack-heat-engine-9.0.5~dev3-3.3.1 openstack-heat-plugin-heat_docker-9.0.5~dev3-3.3.1 openstack-heat-test-9.0.5~dev3-3.3.1 openstack-ironic-9.1.5~dev5-3.3.1 openstack-ironic-api-9.1.5~dev5-3.3.1 openstack-ironic-conductor-9.1.5~dev5-3.3.1 openstack-ironic-doc-9.1.5~dev5-3.3.1 openstack-keystone-12.0.1~dev18-5.3.1 openstack-keystone-doc-12.0.1~dev18-5.3.1 openstack-magnum-5.0.2~dev27-4.3.1 openstack-magnum-api-5.0.2~dev27-4.3.1 openstack-magnum-conductor-5.0.2~dev27-4.3.1 openstack-magnum-doc-5.0.2~dev27-4.3.1 openstack-manila-5.0.2~dev46-3.3.1 openstack-manila-api-5.0.2~dev46-3.3.1 openstack-manila-data-5.0.2~dev46-3.3.1 openstack-manila-doc-5.0.2~dev46-3.3.1 openstack-manila-scheduler-5.0.2~dev46-3.3.1 openstack-manila-share-5.0.2~dev46-3.3.1 openstack-octavia-1.0.3~dev17-4.3.1 openstack-octavia-amphora-agent-1.0.3~dev17-4.3.1 openstack-octavia-api-1.0.3~dev17-4.3.1 openstack-octavia-health-manager-1.0.3~dev17-4.3.1 openstack-octavia-housekeeping-1.0.3~dev17-4.3.1 openstack-octavia-worker-1.0.3~dev17-4.3.1 openstack-sahara-7.0.3~dev4-3.3.1 openstack-sahara-api-7.0.3~dev4-3.3.1 openstack-sahara-doc-7.0.3~dev4-3.3.1 openstack-sahara-engine-7.0.3~dev4-3.3.1 python-barbican-5.0.1~dev10-3.3.1 python-ceilometer-9.0.6~dev5-3.3.1 python-cinder-11.1.1~dev41-3.3.1 python-heat-9.0.5~dev3-3.3.1 python-horizon-12.0.3~dev47-3.3.1 python-ironic-9.1.5~dev5-3.3.1 python-keystone-12.0.1~dev18-5.3.1 python-magnum-5.0.2~dev27-4.3.1 python-manila-5.0.2~dev46-3.3.1 python-octavia-1.0.3~dev17-4.3.1 python-sahara-7.0.3~dev4-3.3.1 venv-openstack-barbican-x86_64-5.0.1-12.2.1 venv-openstack-ceilometer-x86_64-9.0.2-12.2.1 venv-openstack-cinder-x86_64-11.0.2-14.2.1 venv-openstack-heat-x86_64-9.0.1-12.2.1 venv-openstack-horizon-x86_64-11.0.2-14.2.1 venv-openstack-ironic-x86_64-9.1.3-12.2.1 venv-openstack-keystone-x86_64-12.0.1-11.2.1 venv-openstack-magnum-x86_64-5.0.2-11.2.1 venv-openstack-manila-x86_64-5.0.2-12.2.1 venv-openstack-octavia-x86_64-1.0.2-12.2.1 venv-openstack-sahara-x86_64-7.0.1-11.2.1 - HPE Helion Openstack 8 (noarch): openstack-barbican-5.0.1~dev10-3.3.1 openstack-barbican-api-5.0.1~dev10-3.3.1 openstack-barbican-doc-5.0.1~dev10-3.3.1 openstack-barbican-keystone-listener-5.0.1~dev10-3.3.1 openstack-barbican-retry-5.0.1~dev10-3.3.1 openstack-barbican-worker-5.0.1~dev10-3.3.1 openstack-ceilometer-9.0.6~dev5-3.3.1 openstack-ceilometer-agent-central-9.0.6~dev5-3.3.1 openstack-ceilometer-agent-compute-9.0.6~dev5-3.3.1 openstack-ceilometer-agent-ipmi-9.0.6~dev5-3.3.1 openstack-ceilometer-agent-notification-9.0.6~dev5-3.3.1 openstack-ceilometer-api-9.0.6~dev5-3.3.1 openstack-ceilometer-collector-9.0.6~dev5-3.3.1 openstack-ceilometer-doc-9.0.6~dev5-3.3.1 openstack-ceilometer-polling-9.0.6~dev5-3.3.1 openstack-cinder-11.1.1~dev41-3.3.1 openstack-cinder-api-11.1.1~dev41-3.3.1 openstack-cinder-backup-11.1.1~dev41-3.3.1 openstack-cinder-doc-11.1.1~dev41-3.3.1 openstack-cinder-scheduler-11.1.1~dev41-3.3.1 openstack-cinder-volume-11.1.1~dev41-3.3.1 openstack-dashboard-12.0.3~dev47-3.3.1 openstack-heat-9.0.5~dev3-3.3.1 openstack-heat-api-9.0.5~dev3-3.3.1 openstack-heat-api-cfn-9.0.5~dev3-3.3.1 openstack-heat-api-cloudwatch-9.0.5~dev3-3.3.1 openstack-heat-doc-9.0.5~dev3-3.3.1 openstack-heat-engine-9.0.5~dev3-3.3.1 openstack-heat-plugin-heat_docker-9.0.5~dev3-3.3.1 openstack-heat-test-9.0.5~dev3-3.3.1 openstack-ironic-9.1.5~dev5-3.3.1 openstack-ironic-api-9.1.5~dev5-3.3.1 openstack-ironic-conductor-9.1.5~dev5-3.3.1 openstack-ironic-doc-9.1.5~dev5-3.3.1 openstack-keystone-12.0.1~dev18-5.3.1 openstack-keystone-doc-12.0.1~dev18-5.3.1 openstack-magnum-5.0.2~dev27-4.3.1 openstack-magnum-api-5.0.2~dev27-4.3.1 openstack-magnum-conductor-5.0.2~dev27-4.3.1 openstack-magnum-doc-5.0.2~dev27-4.3.1 openstack-manila-5.0.2~dev46-3.3.1 openstack-manila-api-5.0.2~dev46-3.3.1 openstack-manila-data-5.0.2~dev46-3.3.1 openstack-manila-doc-5.0.2~dev46-3.3.1 openstack-manila-scheduler-5.0.2~dev46-3.3.1 openstack-manila-share-5.0.2~dev46-3.3.1 openstack-octavia-1.0.3~dev17-4.3.1 openstack-octavia-amphora-agent-1.0.3~dev17-4.3.1 openstack-octavia-api-1.0.3~dev17-4.3.1 openstack-octavia-health-manager-1.0.3~dev17-4.3.1 openstack-octavia-housekeeping-1.0.3~dev17-4.3.1 openstack-octavia-worker-1.0.3~dev17-4.3.1 openstack-sahara-7.0.3~dev4-3.3.1 openstack-sahara-api-7.0.3~dev4-3.3.1 openstack-sahara-doc-7.0.3~dev4-3.3.1 openstack-sahara-engine-7.0.3~dev4-3.3.1 python-barbican-5.0.1~dev10-3.3.1 python-ceilometer-9.0.6~dev5-3.3.1 python-cinder-11.1.1~dev41-3.3.1 python-heat-9.0.5~dev3-3.3.1 python-horizon-12.0.3~dev47-3.3.1 python-ironic-9.1.5~dev5-3.3.1 python-keystone-12.0.1~dev18-5.3.1 python-magnum-5.0.2~dev27-4.3.1 python-manila-5.0.2~dev46-3.3.1 python-octavia-1.0.3~dev17-4.3.1 python-sahara-7.0.3~dev4-3.3.1 venv-openstack-barbican-x86_64-5.0.1-12.2.1 venv-openstack-ceilometer-x86_64-9.0.2-12.2.1 venv-openstack-cinder-x86_64-11.0.2-14.2.1 venv-openstack-heat-x86_64-9.0.1-12.2.1 venv-openstack-horizon-hpe-x86_64-11.0.2-14.2.1 venv-openstack-ironic-x86_64-9.1.3-12.2.1 venv-openstack-keystone-x86_64-12.0.1-11.2.1 venv-openstack-magnum-x86_64-5.0.2-11.2.1 venv-openstack-manila-x86_64-5.0.2-12.2.1 venv-openstack-octavia-x86_64-1.0.2-12.2.1 venv-openstack-sahara-x86_64-7.0.1-11.2.1 References: https://bugzilla.suse.com/1095576 From sle-updates at lists.suse.com Tue Jul 3 07:07:54 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Jul 2018 15:07:54 +0200 (CEST) Subject: SUSE-RU-2018:1866-1: moderate: Recommended update for curl Message-ID: <20180703130754.ED24CFCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for curl ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1866-1 Rating: moderate References: #1086367 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for curl provides the following fix: - Use OPENSSL_config() instead of CONF_modules_load_file() to avoid crashes due to conflicting openssl engines. (bsc#1086367) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1264=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): curl-7.60.0-3.3.1 curl-debuginfo-7.60.0-3.3.1 curl-debugsource-7.60.0-3.3.1 libcurl-devel-7.60.0-3.3.1 libcurl4-7.60.0-3.3.1 libcurl4-debuginfo-7.60.0-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libcurl4-32bit-7.60.0-3.3.1 libcurl4-32bit-debuginfo-7.60.0-3.3.1 References: https://bugzilla.suse.com/1086367 From sle-updates at lists.suse.com Tue Jul 3 07:08:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Jul 2018 15:08:30 +0200 (CEST) Subject: SUSE-RU-2018:1867-1: Recommended update for python-keyring Message-ID: <20180703130830.8DCA5FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-keyring ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1867-1 Rating: low References: #1014478 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides python-keyring 5.7, which brings fixes and enhancements: - Resolve default keyring name on Gnome using the API. - Add workaround for password exposure through process status for most passwords containing simple characters. - Allow keyring to be invoked from CLI with "python -m keyring". - Use recommended mechanism for checking GnomeKeyring version. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1259=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): python-keyring-5.7-8.2.1 References: https://bugzilla.suse.com/1014478 From sle-updates at lists.suse.com Tue Jul 3 07:09:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Jul 2018 15:09:07 +0200 (CEST) Subject: SUSE-RU-2018:1868-1: moderate: Recommended update for SUSEConnect Message-ID: <20180703130907.B5845FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1868-1 Rating: moderate References: #1093658 #1094348 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSEConnect provides the following fixes: - Add dependencies needed by the rmt-client-setup script as Recommends. (bsc#1093658, bsc#1094348) - Enhance error message generation. - Add not supported operation exception to PackageSearch API. - Prevent the automatic registration of recommended products that are not mirrored by the registration proxy. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1261=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1261=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1261=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1261=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1261=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): SUSEConnect-0.3.11-19.10.11.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): SUSEConnect-0.3.11-19.10.11.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): SUSEConnect-0.3.11-19.10.11.1 - SUSE Enterprise Storage 4 (x86_64): SUSEConnect-0.3.11-19.10.11.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): SUSEConnect-0.3.11-19.10.11.1 References: https://bugzilla.suse.com/1093658 https://bugzilla.suse.com/1094348 From sle-updates at lists.suse.com Tue Jul 3 07:09:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Jul 2018 15:09:48 +0200 (CEST) Subject: SUSE-RU-2018:1869-1: moderate: Recommended update for SUSEConnect Message-ID: <20180703130948.BEBCCFCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1869-1 Rating: moderate References: #1093658 #1094348 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSEConnect provides the following fixes: - Add dependencies needed by the rmt-client-setup script as Recommends. (bsc#1093658, bsc#1094348) - Enhance error message generation. - Add not supported operation exception to PackageSearch API. - Prevent the automatic registration of recommended products that are not mirrored by the registration proxy. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1263=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1263=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.11-3.15.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): SUSEConnect-0.3.11-3.15.1 - SUSE CaaS Platform ALL (x86_64): SUSEConnect-0.3.11-3.15.1 References: https://bugzilla.suse.com/1093658 https://bugzilla.suse.com/1094348 From sle-updates at lists.suse.com Tue Jul 3 07:10:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Jul 2018 15:10:29 +0200 (CEST) Subject: SUSE-RU-2018:1870-1: moderate: Recommended update for sysstat Message-ID: <20180703131029.8BAC1FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1870-1 Rating: moderate References: #1089883 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sysstat provides the following fix: - Apply backported upstream patches to fix bogus CPU measurements. (bsc#1089883) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1260=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1260=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): sysstat-10.2.1-10.9.1 sysstat-debuginfo-10.2.1-10.9.1 sysstat-debugsource-10.2.1-10.9.1 sysstat-isag-10.2.1-10.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): sysstat-10.2.1-10.9.1 sysstat-debuginfo-10.2.1-10.9.1 sysstat-debugsource-10.2.1-10.9.1 References: https://bugzilla.suse.com/1089883 From sle-updates at lists.suse.com Tue Jul 3 07:11:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Jul 2018 15:11:07 +0200 (CEST) Subject: SUSE-RU-2018:1871-1: moderate: Recommended update for vhostmd Message-ID: <20180703131107.3AD53FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for vhostmd ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1871-1 Rating: moderate References: #1090769 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for vhostmd provides the following fixes: - Add a proper systemd service file so that the service is started correctly. (bsc#1090769) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1262=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1262=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1262=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1262=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1262=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1262=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1262=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): vhostmd-0.4-22.3.1 vhostmd-debuginfo-0.4-22.3.1 vhostmd-debugsource-0.4-22.3.1 vm-dump-metrics-0.4-22.3.1 vm-dump-metrics-debuginfo-0.4-22.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): vhostmd-0.4-22.3.1 vhostmd-debuginfo-0.4-22.3.1 vhostmd-debugsource-0.4-22.3.1 vm-dump-metrics-0.4-22.3.1 vm-dump-metrics-debuginfo-0.4-22.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): vhostmd-0.4-22.3.1 vhostmd-debuginfo-0.4-22.3.1 vhostmd-debugsource-0.4-22.3.1 vm-dump-metrics-0.4-22.3.1 vm-dump-metrics-debuginfo-0.4-22.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): vhostmd-0.4-22.3.1 vhostmd-debuginfo-0.4-22.3.1 vhostmd-debugsource-0.4-22.3.1 vm-dump-metrics-0.4-22.3.1 vm-dump-metrics-debuginfo-0.4-22.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): vhostmd-0.4-22.3.1 vhostmd-debuginfo-0.4-22.3.1 vhostmd-debugsource-0.4-22.3.1 vm-dump-metrics-0.4-22.3.1 vm-dump-metrics-debuginfo-0.4-22.3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le x86_64): vhostmd-0.4-22.3.1 vhostmd-debuginfo-0.4-22.3.1 vhostmd-debugsource-0.4-22.3.1 vm-dump-metrics-0.4-22.3.1 vm-dump-metrics-debuginfo-0.4-22.3.1 - SUSE Enterprise Storage 4 (x86_64): vhostmd-0.4-22.3.1 vhostmd-debuginfo-0.4-22.3.1 vhostmd-debugsource-0.4-22.3.1 vm-dump-metrics-0.4-22.3.1 vm-dump-metrics-debuginfo-0.4-22.3.1 References: https://bugzilla.suse.com/1090769 From sle-updates at lists.suse.com Tue Jul 3 16:07:54 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Jul 2018 00:07:54 +0200 (CEST) Subject: SUSE-SU-2018:1872-1: important: Security update for git Message-ID: <20180703220754.6954FFCA4@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1872-1 Rating: important References: #1095218 #1095219 Cross-References: CVE-2018-11233 CVE-2018-11235 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for git to version 2.16.4 fixes several issues. These security issues were fixed: - CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory (bsc#1095218) - CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository (bsc#1095219) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1267=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1267=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): git-2.16.4-3.3.2 git-arch-2.16.4-3.3.2 git-cvs-2.16.4-3.3.2 git-daemon-2.16.4-3.3.2 git-daemon-debuginfo-2.16.4-3.3.2 git-debuginfo-2.16.4-3.3.2 git-debugsource-2.16.4-3.3.2 git-email-2.16.4-3.3.2 git-gui-2.16.4-3.3.2 git-svn-2.16.4-3.3.2 git-svn-debuginfo-2.16.4-3.3.2 git-web-2.16.4-3.3.2 gitk-2.16.4-3.3.2 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): git-doc-2.16.4-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): git-core-2.16.4-3.3.2 git-core-debuginfo-2.16.4-3.3.2 git-debuginfo-2.16.4-3.3.2 git-debugsource-2.16.4-3.3.2 References: https://www.suse.com/security/cve/CVE-2018-11233.html https://www.suse.com/security/cve/CVE-2018-11235.html https://bugzilla.suse.com/1095218 https://bugzilla.suse.com/1095219 From sle-updates at lists.suse.com Tue Jul 3 16:09:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Jul 2018 00:09:34 +0200 (CEST) Subject: SUSE-SU-2018:1873-1: moderate: Security update for cairo Message-ID: <20180703220934.95C34FCA4@maintenance.suse.de> SUSE Security Update: Security update for cairo ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1873-1 Rating: moderate References: #1049092 Cross-References: CVE-2017-9814 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cairo fixes the following issues: The following security vulnerability was addressed: - CVE-2017-9814: Fixed and out-of-bounds read in cairo-truetype-subset.c by replacing the malloc implementation with _cairo_malloc and checking the size before memory allocation (bsc#1049092) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1266=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1266=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): cairo-debugsource-1.15.10-4.5.1 libcairo2-32bit-1.15.10-4.5.1 libcairo2-32bit-debuginfo-1.15.10-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): cairo-debugsource-1.15.10-4.5.1 cairo-devel-1.15.10-4.5.1 libcairo-gobject2-1.15.10-4.5.1 libcairo-gobject2-debuginfo-1.15.10-4.5.1 libcairo-script-interpreter2-1.15.10-4.5.1 libcairo-script-interpreter2-debuginfo-1.15.10-4.5.1 libcairo2-1.15.10-4.5.1 libcairo2-debuginfo-1.15.10-4.5.1 References: https://www.suse.com/security/cve/CVE-2017-9814.html https://bugzilla.suse.com/1049092 From sle-updates at lists.suse.com Tue Jul 3 16:10:33 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Jul 2018 00:10:33 +0200 (CEST) Subject: SUSE-SU-2018:1874-1: moderate: Security update for zsh Message-ID: <20180703221033.87A2CFCA4@maintenance.suse.de> SUSE Security Update: Security update for zsh ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1874-1 Rating: moderate References: #1084656 #1087026 #1089030 Cross-References: CVE-2018-1071 CVE-2018-1083 CVE-2018-1100 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for zsh to version 5.5 fixes the following issues: Security issues fixed: - CVE-2018-1100: Fixes a buffer overflow in utils.c:checkmailpath() that can lead to local arbitrary code execution (bsc#1089030) - CVE-2018-1071: Fixed a stack-based buffer overflow in exec.c:hashcmd() (bsc#1084656) - CVE-2018-1083: Fixed a stack-based buffer overflow in gen_matches_files() at compctl.c (bsc#1087026) Non-security issues fixed: - The effect of the NO_INTERACTIVE_COMMENTS option extends into $(...) and `...` command substitutions when used on the command line. - The 'exec' and 'command' precommand modifiers, and options to them, are now parsed after parameter expansion. - Functions executed by ZLE widgets no longer have their standard input closed, but redirected from /dev/null instead. - There is an option WARN_NESTED_VAR, a companion to the existing WARN_CREATE_GLOBAL that causes a warning if a function updates a variable from an enclosing scope without using typeset -g. - zmodload now has an option -s to be silent on a failure to find a module but still print other errors. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1268=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): zsh-5.5-3.3.15 zsh-debuginfo-5.5-3.3.15 zsh-debugsource-5.5-3.3.15 References: https://www.suse.com/security/cve/CVE-2018-1071.html https://www.suse.com/security/cve/CVE-2018-1083.html https://www.suse.com/security/cve/CVE-2018-1100.html https://bugzilla.suse.com/1084656 https://bugzilla.suse.com/1087026 https://bugzilla.suse.com/1089030 From sle-updates at lists.suse.com Wed Jul 4 07:07:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Jul 2018 15:07:52 +0200 (CEST) Subject: SUSE-RU-2018:1875-1: moderate: Recommended update for Ardana Message-ID: <20180704130752.90C1FFCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for Ardana ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1875-1 Rating: moderate References: #1084386 #1090635 #1090728 #1091462 #1091492 #1091740 #1092579 #1093234 #1093679 #1094076 #1094087 #1094184 #1094275 #1094443 #1094862 #1095166 #1095254 #1095649 #1095885 #1096988 Affected Products: SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has 20 recommended fixes can now be installed. Description: This update for Ardana fixes the following issues: ansible: - Update ardana-installer-server route to ardana-service with deployer IP. (bsc#1090728) cinder: - Add SES hooks manually. (bsc#1095166) - Force cinder backup logging to WARNING. (bsc#1084386) cluster: - haproxy: Configure nbproc on virtual setup. (bsc#1094275) cobbler: - Fix for RHEL kickstart network initialization error. - Make dhcpd start rate limiting configurable. (bsc#1090635) - Simplify method to create grub2 files for UEFI boot. (bsc#1093679) db: - Improve galera restart/recovery. (bsc#1091492) designate: - PowerDNS deploy fails on mid scale. (bsc#1094087) glance: - Add SES hooks manually. (bsc#1095166) - Use local mirror for image download. (bsc#1094862) horizon: - Include detach_volume in added policy rules. (bsc#1094184) - Patch in corrected version of attach volumes rule. (bsc#1094184) input-model: - Add SES service file. (bsc#1095166) keystone: - Fernet token distribution and rotation. nova: - Add SES hooks manually. (bsc#1095166) - SES: Fix compute secret creation. (bsc#1092579) - SES: Start libvirtd before creating ceph secret. (bsc#1092579) - Create virsh secret for SES/ceph. (bsc#1092579) osconfig: - OpenVswitch environment variables for dpdk. (bsc#1095254) - Workaround for RHEL network issue at node reboot. (bsc#1091462) - Wicked timesout when bringing up network on boot. (bsc#1093234) - Use correct SMT path for helion repositories. (bsc#1094076) service: - Add authorization API. - Permit posting playbook events without a token. (bsc#1091740) - Set encryption options when encryption key is passed in (bsc#1095885) - Fix delete server endpoint failing when payload is empty. (bsc#1095649) ses: - Renamed package from ardana-extensions-ses to ardana-ses. - Fix the cinder-backup settings. (bsc#1096988) - Re-organize ardana-ses layout. (bsc#1095166) - Remove create virsh secret. (bsc#1092579) swift: - Add SES hooks manually. (bsc#1095166) tempest: - Define tempest_roles conditionally. (bsc#1094443) - Set empty default value for proxy. (bsc#1094862) - Use local mirror for image download. (bsc#1094862) - Configures tempest for magnum. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1270=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1270=1 Package List: - SUSE OpenStack Cloud 8 (noarch): ardana-ansible-8.0+git.1527028123.1384bfa-3.9.1 ardana-cinder-8.0+git.1528464832.8c68931-3.6.1 ardana-cluster-8.0+git.1527098236.4221731-3.6.1 ardana-cobbler-8.0+git.1528887812.dd99b11-3.6.1 ardana-db-8.0+git.1526914137.61eb536-3.6.1 ardana-designate-8.0+git.1526969268.502799c-3.8.2 ardana-glance-8.0+git.1528999080.fbbe93d-3.3.1 ardana-horizon-8.0+git.1527094112.6241b9e-3.6.1 ardana-input-model-8.0+git.1529334115.5201f68-3.9.1 ardana-keystone-8.0+git.1528763342.0522c2c-3.3.1 ardana-nova-8.0+git.1528891405.336a954-3.6.1 ardana-osconfig-8.0+git.1528895996.685d20c-3.13.1 ardana-service-8.0+git.1528487978.b806e62-3.6.1 ardana-ses-8.0+git.1528918872.2810197-1.3.1 ardana-swift-8.0+git.1528462661.22ebf2e-3.6.1 ardana-tempest-8.0+git.1528121733.726786e-3.6.1 - HPE Helion Openstack 8 (noarch): ardana-ansible-8.0+git.1527028123.1384bfa-3.9.1 ardana-cinder-8.0+git.1528464832.8c68931-3.6.1 ardana-cluster-8.0+git.1527098236.4221731-3.6.1 ardana-cobbler-8.0+git.1528887812.dd99b11-3.6.1 ardana-db-8.0+git.1526914137.61eb536-3.6.1 ardana-designate-8.0+git.1526969268.502799c-3.8.2 ardana-glance-8.0+git.1528999080.fbbe93d-3.3.1 ardana-horizon-8.0+git.1527094112.6241b9e-3.6.1 ardana-input-model-8.0+git.1529334115.5201f68-3.9.1 ardana-keystone-8.0+git.1528763342.0522c2c-3.3.1 ardana-nova-8.0+git.1528891405.336a954-3.6.1 ardana-osconfig-8.0+git.1528895996.685d20c-3.13.1 ardana-service-8.0+git.1528487978.b806e62-3.6.1 ardana-ses-8.0+git.1528918872.2810197-1.3.1 ardana-swift-8.0+git.1528462661.22ebf2e-3.6.1 ardana-tempest-8.0+git.1528121733.726786e-3.6.1 References: https://bugzilla.suse.com/1084386 https://bugzilla.suse.com/1090635 https://bugzilla.suse.com/1090728 https://bugzilla.suse.com/1091462 https://bugzilla.suse.com/1091492 https://bugzilla.suse.com/1091740 https://bugzilla.suse.com/1092579 https://bugzilla.suse.com/1093234 https://bugzilla.suse.com/1093679 https://bugzilla.suse.com/1094076 https://bugzilla.suse.com/1094087 https://bugzilla.suse.com/1094184 https://bugzilla.suse.com/1094275 https://bugzilla.suse.com/1094443 https://bugzilla.suse.com/1094862 https://bugzilla.suse.com/1095166 https://bugzilla.suse.com/1095254 https://bugzilla.suse.com/1095649 https://bugzilla.suse.com/1095885 https://bugzilla.suse.com/1096988 From sle-updates at lists.suse.com Wed Jul 4 07:12:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Jul 2018 15:12:12 +0200 (CEST) Subject: SUSE-RU-2018:1876-1: moderate: Recommended update for virt-manager Message-ID: <20180704131212.EBB02FCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for virt-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1876-1 Rating: moderate References: #1091113 #1098054 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for virt-manager provides the following fixes: - Make osinfo-query and virt-install detect CaaS Platform 3 correctly. (bsc#1098054) - Add a fix for the error "No option 'version' in section: 'general'" when using virt-install. (bsc#1091113) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1269=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1269=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): virt-install-1.4.1-5.11.1 virt-manager-1.4.1-5.11.1 virt-manager-common-1.4.1-5.11.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): virt-install-1.4.1-5.11.1 virt-manager-1.4.1-5.11.1 virt-manager-common-1.4.1-5.11.1 References: https://bugzilla.suse.com/1091113 https://bugzilla.suse.com/1098054 From sle-updates at lists.suse.com Wed Jul 4 07:12:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Jul 2018 15:12:56 +0200 (CEST) Subject: SUSE-RU-2018:1877-1: moderate: Recommended update for patterns-cloud Message-ID: <20180704131256.B2F39FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1877-1 Rating: moderate References: #1095166 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-cloud fixes the following issues: - Add manila-venv to the pattern. - Renamed ardana-extensions-ses to ardana-ses. (bsc#1095166) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1271=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1271=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1271=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): patterns-cloud-admin-20180607-3.3.1 patterns-cloud-compute-20180607-3.3.1 patterns-cloud-controller-20180607-3.3.1 patterns-cloud-network-20180607-3.3.1 patterns-cloud-user-20180607-3.3.1 - SUSE OpenStack Cloud 8 (x86_64): patterns-cloud-ardana-20180607-3.3.1 - HPE Helion Openstack 8 (x86_64): patterns-cloud-ardana-20180607-3.3.1 References: https://bugzilla.suse.com/1095166 From sle-updates at lists.suse.com Wed Jul 4 13:08:09 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Jul 2018 21:08:09 +0200 (CEST) Subject: SUSE-RU-2018:1878-1: important: Recommended update for SAPHanaSR-ScaleOut Message-ID: <20180704190809.A8D7BFCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR-ScaleOut ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1878-1 Rating: important References: #1045536 #1045603 #1086545 #1091988 #1092331 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for SAPHanaSR-ScaleOut provides the following fixes: - Make sure SAPHanaSR-ScaleOut is compatible with the python available in SLES. (bsc#1045536) - Update man pages. (bsc#1045603) - Fix some typos in package description and man pages. (bsc#1086545) - Fix a problem that was causing SAPHanaSR-showAttr to fail opening an archived cib file. (bsc#1092331) - Make sure SAPHanaSR-monitor depends only on packages available in SLES. (bsc#1091988) - Move SAPHanaSR-showAttr, SAPHanaSR-monitor to /usr/sbin to match the file layout in SAPHanaSR-ScaleUp. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1273=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): SAPHanaSR-ScaleOut-0.163.1-3.5.1 References: https://bugzilla.suse.com/1045536 https://bugzilla.suse.com/1045603 https://bugzilla.suse.com/1086545 https://bugzilla.suse.com/1091988 https://bugzilla.suse.com/1092331 From sle-updates at lists.suse.com Wed Jul 4 13:09:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Jul 2018 21:09:56 +0200 (CEST) Subject: SUSE-RU-2018:1879-1: important: Recommended update for SAPHanaSR-ScaleOut Message-ID: <20180704190956.C1772FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR-ScaleOut ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1879-1 Rating: important References: #1045536 #1045603 #1086545 #1091988 #1092331 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for SAPHanaSR-ScaleOut provides the following fixes: - Make sure SAPHanaSR-ScaleOut is compatible with the python available in SLES. (bsc#1045536) - Update man pages. (bsc#1045603) - Fix some typos in package description and man pages. (bsc#1086545) - Fix a problem that was causing SAPHanaSR-showAttr to fail opening an archived cib file. (bsc#1092331) - Make sure SAPHanaSR-monitor depends only on packages available in SLES. (bsc#1091988) - Move SAPHanaSR-showAttr, SAPHanaSR-monitor to /usr/sbin to match the file layout in SAPHanaSR-ScaleUp. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2018-1272=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1272=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): SAPHanaSR-ScaleOut-0.163.1-3.6.1 SAPHanaSR-ScaleOut-doc-0.163.1-3.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): SAPHanaSR-ScaleOut-0.163.1-3.6.1 References: https://bugzilla.suse.com/1045536 https://bugzilla.suse.com/1045603 https://bugzilla.suse.com/1086545 https://bugzilla.suse.com/1091988 https://bugzilla.suse.com/1092331 From sle-updates at lists.suse.com Wed Jul 4 13:11:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Jul 2018 21:11:29 +0200 (CEST) Subject: SUSE-RU-2018:1880-1: moderate: Recommended update for biosdevname Message-ID: <20180704191129.4A80AFCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for biosdevname ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1880-1 Rating: moderate References: #1093625 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for biosdevname provides the following fix: - Prevent infinite recursion in dmidecode.c::smbios_setslot by checking that the subordinate bus has a number greater than the current bus. (bsc#1093625) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-biosdevname-13688=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-biosdevname-13688=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): biosdevname-0.6.1-0.16.3.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): biosdevname-debuginfo-0.6.1-0.16.3.2 biosdevname-debugsource-0.6.1-0.16.3.2 References: https://bugzilla.suse.com/1093625 From sle-updates at lists.suse.com Wed Jul 4 13:12:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Jul 2018 21:12:11 +0200 (CEST) Subject: SUSE-RU-2018:1881-1: moderate: Recommended update for fontconfig Message-ID: <20180704191211.D5FA6FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for fontconfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1881-1 Rating: moderate References: #1031344 #1079127 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for fontconfig provides the following fix: - Fix a memory leak that showed up on gnome panel. (bsc#1031344) - Prevent crashes by checking for the NULL pointer value in FcCharSetHasChar(). (bsc#1079127) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-fontconfig-13689=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-fontconfig-13689=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-fontconfig-13689=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): fontconfig-devel-2.6.0-10.20.5.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): fontconfig-devel-32bit-2.6.0-10.20.5.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): fontconfig-2.6.0-10.20.5.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): fontconfig-32bit-2.6.0-10.20.5.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): fontconfig-x86-2.6.0-10.20.5.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): fontconfig-debuginfo-2.6.0-10.20.5.2 fontconfig-debugsource-2.6.0-10.20.5.2 References: https://bugzilla.suse.com/1031344 https://bugzilla.suse.com/1079127 From sle-updates at lists.suse.com Thu Jul 5 04:10:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jul 2018 12:10:47 +0200 (CEST) Subject: SUSE-SU-2018:1882-1: moderate: Security update for exiv2 Message-ID: <20180705101047.D6C09FCA4@maintenance.suse.de> SUSE Security Update: Security update for exiv2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1882-1 Rating: moderate References: #1048883 #1050257 #1051188 #1054590 #1054592 #1054593 #1060995 #1060996 #1061000 #1061023 Cross-References: CVE-2017-11337 CVE-2017-11338 CVE-2017-11339 CVE-2017-11340 CVE-2017-11553 CVE-2017-11591 CVE-2017-11592 CVE-2017-11683 CVE-2017-12955 CVE-2017-12956 CVE-2017-12957 CVE-2017-14859 CVE-2017-14860 CVE-2017-14862 CVE-2017-14864 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for exiv2 to 0.26 fixes the following security issues: - CVE-2017-14864: Prevent invalid memory address dereference in Exiv2::getULong that could have caused a segmentation fault and application crash, which leads to denial of service (bsc#1060995). - CVE-2017-14862: Prevent invalid memory address dereference in Exiv2::DataValue::read that could have caused a segmentation fault and application crash, which leads to denial of service (bsc#1060996). - CVE-2017-14859: Prevent invalid memory address dereference in Exiv2::StringValueBase::read that could have caused a segmentation fault and application crash, which leads to denial of service (bsc#1061000). - CVE-2017-14860: Prevent heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function via a crafted input that could have lead to a denial of service attack (bsc#1061023). - CVE-2017-11337: Prevent invalid free in the Action::TaskFactory::cleanup function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883). - CVE-2017-11338: Prevent infinite loop in the Exiv2::Image::printIFDStructure function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883). - CVE-2017-11339: Prevent heap-based buffer overflow in the Image::printIFDStructure function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883). - CVE-2017-11340: Prevent Segmentation fault in the XmpParser::terminate() function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883). - CVE-2017-12955: Prevent heap-based buffer overflow. The vulnerability caused an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact (bsc#1054593). - CVE-2017-12956: Preventn illegal address access in Exiv2::FileIo::path[abi:cxx11]() that could have lead to remote denial of service (bsc#1054592). - CVE-2017-12957: Prevent heap-based buffer over-read that was triggered in the Exiv2::Image::io function and could have lead to remote denial of service (bsc#1054590). - CVE-2017-11683: Prevent reachable assertion in the Internal::TiffReader::visitDirectory function that could have lead to a remote denial of service attack via crafted input (bsc#1051188). - CVE-2017-11591: Prevent Floating point exception in the Exiv2::ValueType function that could have lead to a remote denial of service attack via crafted input (bsc#1050257). - CVE-2017-11553: Prevent illegal address access in the extend_alias_table function via a crafted input could have lead to remote denial of service. - CVE-2017-11592: Prevent mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function that could have lead to a remote denial of service attack (heap memory corruption) via crafted input. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1280=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.26-6.3.1 exiv2-debugsource-0.26-6.3.1 libexiv2-26-0.26-6.3.1 libexiv2-26-debuginfo-0.26-6.3.1 libexiv2-devel-0.26-6.3.1 References: https://www.suse.com/security/cve/CVE-2017-11337.html https://www.suse.com/security/cve/CVE-2017-11338.html https://www.suse.com/security/cve/CVE-2017-11339.html https://www.suse.com/security/cve/CVE-2017-11340.html https://www.suse.com/security/cve/CVE-2017-11553.html https://www.suse.com/security/cve/CVE-2017-11591.html https://www.suse.com/security/cve/CVE-2017-11592.html https://www.suse.com/security/cve/CVE-2017-11683.html https://www.suse.com/security/cve/CVE-2017-12955.html https://www.suse.com/security/cve/CVE-2017-12956.html https://www.suse.com/security/cve/CVE-2017-12957.html https://www.suse.com/security/cve/CVE-2017-14859.html https://www.suse.com/security/cve/CVE-2017-14860.html https://www.suse.com/security/cve/CVE-2017-14862.html https://www.suse.com/security/cve/CVE-2017-14864.html https://bugzilla.suse.com/1048883 https://bugzilla.suse.com/1050257 https://bugzilla.suse.com/1051188 https://bugzilla.suse.com/1054590 https://bugzilla.suse.com/1054592 https://bugzilla.suse.com/1054593 https://bugzilla.suse.com/1060995 https://bugzilla.suse.com/1060996 https://bugzilla.suse.com/1061000 https://bugzilla.suse.com/1061023 From sle-updates at lists.suse.com Thu Jul 5 04:12:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jul 2018 12:12:43 +0200 (CEST) Subject: SUSE-SU-2018:1883-1: moderate: Security update for unzip Message-ID: <20180705101243.AC0DFFCA4@maintenance.suse.de> SUSE Security Update: Security update for unzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1883-1 Rating: moderate References: #1080074 #910683 #914442 Cross-References: CVE-2014-9636 CVE-2018-1000035 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for unzip fixes the following issues: - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442) - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074) This non-security issue was fixed: +- Allow processing of Windows zip64 archives (Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher) (bnc#910683) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1277=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): unzip-6.00-4.3.1 unzip-debuginfo-6.00-4.3.1 unzip-debugsource-6.00-4.3.1 References: https://www.suse.com/security/cve/CVE-2014-9636.html https://www.suse.com/security/cve/CVE-2018-1000035.html https://bugzilla.suse.com/1080074 https://bugzilla.suse.com/910683 https://bugzilla.suse.com/914442 From sle-updates at lists.suse.com Thu Jul 5 04:13:37 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jul 2018 12:13:37 +0200 (CEST) Subject: SUSE-SU-2018:1884-1: moderate: Security update for ghostscript Message-ID: <20180705101337.3201EFCA2@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1884-1 Rating: moderate References: #1090099 Cross-References: CVE-2018-10194 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ghostscript fixes the following issues: - CVE-2018-10194: The set_text_distance function did not prevent overflows in text-positioning calculation, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document (bsc#1090099). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1281=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): ghostscript-9.23-3.3.1 ghostscript-debuginfo-9.23-3.3.1 ghostscript-debugsource-9.23-3.3.1 ghostscript-devel-9.23-3.3.1 ghostscript-x11-9.23-3.3.1 ghostscript-x11-debuginfo-9.23-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-10194.html https://bugzilla.suse.com/1090099 From sle-updates at lists.suse.com Thu Jul 5 04:14:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jul 2018 12:14:11 +0200 (CEST) Subject: SUSE-SU-2018:1885-1: moderate: Security update for libvorbis Message-ID: <20180705101411.51ABFFCA2@maintenance.suse.de> SUSE Security Update: Security update for libvorbis ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1885-1 Rating: moderate References: #1091070 Cross-References: CVE-2018-10392 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libvorbis fixes the following issues: The following security issue was fixed: - Fixed the validation of channels in mapping0_forward(), which previously allowed remote attackers to cause a denial of service via specially crafted files (CVE-2018-10392, bsc#1091070) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1282=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libvorbis-debugsource-1.3.6-4.3.1 libvorbis-devel-1.3.6-4.3.1 libvorbis0-1.3.6-4.3.1 libvorbis0-debuginfo-1.3.6-4.3.1 libvorbisenc2-1.3.6-4.3.1 libvorbisenc2-debuginfo-1.3.6-4.3.1 libvorbisfile3-1.3.6-4.3.1 libvorbisfile3-debuginfo-1.3.6-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-10392.html https://bugzilla.suse.com/1091070 From sle-updates at lists.suse.com Thu Jul 5 04:14:44 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jul 2018 12:14:44 +0200 (CEST) Subject: SUSE-SU-2018:1886-1: moderate: Security update for php7 Message-ID: <20180705101444.11BCBFCA2@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1886-1 Rating: moderate References: #1099098 Cross-References: CVE-2018-12882 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1278=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-1278=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.41.1 php7-debugsource-7.0.7-50.41.1 php7-devel-7.0.7-50.41.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.41.1 apache2-mod_php7-debuginfo-7.0.7-50.41.1 php7-7.0.7-50.41.1 php7-bcmath-7.0.7-50.41.1 php7-bcmath-debuginfo-7.0.7-50.41.1 php7-bz2-7.0.7-50.41.1 php7-bz2-debuginfo-7.0.7-50.41.1 php7-calendar-7.0.7-50.41.1 php7-calendar-debuginfo-7.0.7-50.41.1 php7-ctype-7.0.7-50.41.1 php7-ctype-debuginfo-7.0.7-50.41.1 php7-curl-7.0.7-50.41.1 php7-curl-debuginfo-7.0.7-50.41.1 php7-dba-7.0.7-50.41.1 php7-dba-debuginfo-7.0.7-50.41.1 php7-debuginfo-7.0.7-50.41.1 php7-debugsource-7.0.7-50.41.1 php7-dom-7.0.7-50.41.1 php7-dom-debuginfo-7.0.7-50.41.1 php7-enchant-7.0.7-50.41.1 php7-enchant-debuginfo-7.0.7-50.41.1 php7-exif-7.0.7-50.41.1 php7-exif-debuginfo-7.0.7-50.41.1 php7-fastcgi-7.0.7-50.41.1 php7-fastcgi-debuginfo-7.0.7-50.41.1 php7-fileinfo-7.0.7-50.41.1 php7-fileinfo-debuginfo-7.0.7-50.41.1 php7-fpm-7.0.7-50.41.1 php7-fpm-debuginfo-7.0.7-50.41.1 php7-ftp-7.0.7-50.41.1 php7-ftp-debuginfo-7.0.7-50.41.1 php7-gd-7.0.7-50.41.1 php7-gd-debuginfo-7.0.7-50.41.1 php7-gettext-7.0.7-50.41.1 php7-gettext-debuginfo-7.0.7-50.41.1 php7-gmp-7.0.7-50.41.1 php7-gmp-debuginfo-7.0.7-50.41.1 php7-iconv-7.0.7-50.41.1 php7-iconv-debuginfo-7.0.7-50.41.1 php7-imap-7.0.7-50.41.1 php7-imap-debuginfo-7.0.7-50.41.1 php7-intl-7.0.7-50.41.1 php7-intl-debuginfo-7.0.7-50.41.1 php7-json-7.0.7-50.41.1 php7-json-debuginfo-7.0.7-50.41.1 php7-ldap-7.0.7-50.41.1 php7-ldap-debuginfo-7.0.7-50.41.1 php7-mbstring-7.0.7-50.41.1 php7-mbstring-debuginfo-7.0.7-50.41.1 php7-mcrypt-7.0.7-50.41.1 php7-mcrypt-debuginfo-7.0.7-50.41.1 php7-mysql-7.0.7-50.41.1 php7-mysql-debuginfo-7.0.7-50.41.1 php7-odbc-7.0.7-50.41.1 php7-odbc-debuginfo-7.0.7-50.41.1 php7-opcache-7.0.7-50.41.1 php7-opcache-debuginfo-7.0.7-50.41.1 php7-openssl-7.0.7-50.41.1 php7-openssl-debuginfo-7.0.7-50.41.1 php7-pcntl-7.0.7-50.41.1 php7-pcntl-debuginfo-7.0.7-50.41.1 php7-pdo-7.0.7-50.41.1 php7-pdo-debuginfo-7.0.7-50.41.1 php7-pgsql-7.0.7-50.41.1 php7-pgsql-debuginfo-7.0.7-50.41.1 php7-phar-7.0.7-50.41.1 php7-phar-debuginfo-7.0.7-50.41.1 php7-posix-7.0.7-50.41.1 php7-posix-debuginfo-7.0.7-50.41.1 php7-pspell-7.0.7-50.41.1 php7-pspell-debuginfo-7.0.7-50.41.1 php7-shmop-7.0.7-50.41.1 php7-shmop-debuginfo-7.0.7-50.41.1 php7-snmp-7.0.7-50.41.1 php7-snmp-debuginfo-7.0.7-50.41.1 php7-soap-7.0.7-50.41.1 php7-soap-debuginfo-7.0.7-50.41.1 php7-sockets-7.0.7-50.41.1 php7-sockets-debuginfo-7.0.7-50.41.1 php7-sqlite-7.0.7-50.41.1 php7-sqlite-debuginfo-7.0.7-50.41.1 php7-sysvmsg-7.0.7-50.41.1 php7-sysvmsg-debuginfo-7.0.7-50.41.1 php7-sysvsem-7.0.7-50.41.1 php7-sysvsem-debuginfo-7.0.7-50.41.1 php7-sysvshm-7.0.7-50.41.1 php7-sysvshm-debuginfo-7.0.7-50.41.1 php7-tokenizer-7.0.7-50.41.1 php7-tokenizer-debuginfo-7.0.7-50.41.1 php7-wddx-7.0.7-50.41.1 php7-wddx-debuginfo-7.0.7-50.41.1 php7-xmlreader-7.0.7-50.41.1 php7-xmlreader-debuginfo-7.0.7-50.41.1 php7-xmlrpc-7.0.7-50.41.1 php7-xmlrpc-debuginfo-7.0.7-50.41.1 php7-xmlwriter-7.0.7-50.41.1 php7-xmlwriter-debuginfo-7.0.7-50.41.1 php7-xsl-7.0.7-50.41.1 php7-xsl-debuginfo-7.0.7-50.41.1 php7-zip-7.0.7-50.41.1 php7-zip-debuginfo-7.0.7-50.41.1 php7-zlib-7.0.7-50.41.1 php7-zlib-debuginfo-7.0.7-50.41.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.41.1 php7-pear-Archive_Tar-7.0.7-50.41.1 References: https://www.suse.com/security/cve/CVE-2018-12882.html https://bugzilla.suse.com/1099098 From sle-updates at lists.suse.com Thu Jul 5 04:15:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jul 2018 12:15:19 +0200 (CEST) Subject: SUSE-SU-2018:1887-1: moderate: Security update for openssl Message-ID: <20180705101519.765C0FCA2@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1887-1 Rating: moderate References: #1097158 #1097624 #1098592 Cross-References: CVE-2018-0732 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1276=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1276=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1276=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1276=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1276=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1276=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1276=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1276=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libopenssl-devel-1.0.2j-60.30.1 libopenssl1_0_0-1.0.2j-60.30.1 libopenssl1_0_0-32bit-1.0.2j-60.30.1 libopenssl1_0_0-debuginfo-1.0.2j-60.30.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.30.1 libopenssl1_0_0-hmac-1.0.2j-60.30.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.30.1 openssl-1.0.2j-60.30.1 openssl-debuginfo-1.0.2j-60.30.1 openssl-debugsource-1.0.2j-60.30.1 - SUSE OpenStack Cloud 7 (noarch): openssl-doc-1.0.2j-60.30.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.30.1 openssl-debuginfo-1.0.2j-60.30.1 openssl-debugsource-1.0.2j-60.30.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libopenssl-devel-1.0.2j-60.30.1 libopenssl1_0_0-1.0.2j-60.30.1 libopenssl1_0_0-debuginfo-1.0.2j-60.30.1 libopenssl1_0_0-hmac-1.0.2j-60.30.1 openssl-1.0.2j-60.30.1 openssl-debuginfo-1.0.2j-60.30.1 openssl-debugsource-1.0.2j-60.30.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libopenssl1_0_0-32bit-1.0.2j-60.30.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.30.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.30.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): openssl-doc-1.0.2j-60.30.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.30.1 libopenssl1_0_0-1.0.2j-60.30.1 libopenssl1_0_0-debuginfo-1.0.2j-60.30.1 libopenssl1_0_0-hmac-1.0.2j-60.30.1 openssl-1.0.2j-60.30.1 openssl-debuginfo-1.0.2j-60.30.1 openssl-debugsource-1.0.2j-60.30.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.30.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.30.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.30.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): openssl-doc-1.0.2j-60.30.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.30.1 libopenssl1_0_0-1.0.2j-60.30.1 libopenssl1_0_0-debuginfo-1.0.2j-60.30.1 libopenssl1_0_0-hmac-1.0.2j-60.30.1 openssl-1.0.2j-60.30.1 openssl-debuginfo-1.0.2j-60.30.1 openssl-debugsource-1.0.2j-60.30.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.30.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.30.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.30.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): openssl-doc-1.0.2j-60.30.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libopenssl-devel-1.0.2j-60.30.1 libopenssl1_0_0-1.0.2j-60.30.1 libopenssl1_0_0-32bit-1.0.2j-60.30.1 libopenssl1_0_0-debuginfo-1.0.2j-60.30.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.30.1 openssl-1.0.2j-60.30.1 openssl-debuginfo-1.0.2j-60.30.1 openssl-debugsource-1.0.2j-60.30.1 - SUSE Enterprise Storage 4 (noarch): openssl-doc-1.0.2j-60.30.1 - SUSE Enterprise Storage 4 (x86_64): libopenssl-devel-1.0.2j-60.30.1 libopenssl1_0_0-1.0.2j-60.30.1 libopenssl1_0_0-32bit-1.0.2j-60.30.1 libopenssl1_0_0-debuginfo-1.0.2j-60.30.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.30.1 libopenssl1_0_0-hmac-1.0.2j-60.30.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.30.1 openssl-1.0.2j-60.30.1 openssl-debuginfo-1.0.2j-60.30.1 openssl-debugsource-1.0.2j-60.30.1 - SUSE CaaS Platform ALL (x86_64): libopenssl1_0_0-1.0.2j-60.30.1 libopenssl1_0_0-debuginfo-1.0.2j-60.30.1 openssl-1.0.2j-60.30.1 openssl-debuginfo-1.0.2j-60.30.1 openssl-debugsource-1.0.2j-60.30.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libopenssl1_0_0-1.0.2j-60.30.1 libopenssl1_0_0-debuginfo-1.0.2j-60.30.1 openssl-1.0.2j-60.30.1 openssl-debuginfo-1.0.2j-60.30.1 openssl-debugsource-1.0.2j-60.30.1 References: https://www.suse.com/security/cve/CVE-2018-0732.html https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1097624 https://bugzilla.suse.com/1098592 From sle-updates at lists.suse.com Thu Jul 5 04:16:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jul 2018 12:16:12 +0200 (CEST) Subject: SUSE-SU-2018:1888-1: moderate: Security update for openvpn Message-ID: <20180705101612.57C93FCA4@maintenance.suse.de> SUSE Security Update: Security update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1888-1 Rating: moderate References: #1090839 Cross-References: CVE-2018-9336 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openvpn fixes the following issues: - CVE-2018-9336: Fix potential double-free() in Interactive Service could lead to denial of service (bsc#1090839). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1284=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): openvpn-2.4.3-5.3.19 openvpn-auth-pam-plugin-2.4.3-5.3.19 openvpn-auth-pam-plugin-debuginfo-2.4.3-5.3.19 openvpn-debuginfo-2.4.3-5.3.19 openvpn-debugsource-2.4.3-5.3.19 openvpn-devel-2.4.3-5.3.19 References: https://www.suse.com/security/cve/CVE-2018-9336.html https://bugzilla.suse.com/1090839 From sle-updates at lists.suse.com Thu Jul 5 04:16:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jul 2018 12:16:43 +0200 (CEST) Subject: SUSE-SU-2018:1889-1: moderate: Security update for tiff Message-ID: <20180705101643.C98B7FCA2@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1889-1 Rating: moderate References: #1074317 #1082332 #1082825 #1086408 #1092949 Cross-References: CVE-2017-11613 CVE-2017-18013 CVE-2018-10963 CVE-2018-7456 CVE-2018-8905 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for tiff fixes the following security issues: These security issues were fixed: - CVE-2017-18013: Fixed a NULL pointer dereference in the tif_print.cTIFFPrintDirectory function that could have lead to denial of service (bsc#1074317). - CVE-2018-10963: Fixed an assertion failure in the TIFFWriteDirectorySec() function in tif_dirwrite.c, which allowed remote attackers to cause a denial of service via a crafted file (bsc#1092949). - CVE-2018-7456: Prevent a NULL Pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825). - CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332). - CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1279=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1279=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): libtiff5-32bit-4.0.9-5.9.1 libtiff5-32bit-debuginfo-4.0.9-5.9.1 tiff-debugsource-4.0.9-5.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-5.9.1 libtiff5-4.0.9-5.9.1 libtiff5-debuginfo-4.0.9-5.9.1 tiff-debuginfo-4.0.9-5.9.1 tiff-debugsource-4.0.9-5.9.1 References: https://www.suse.com/security/cve/CVE-2017-11613.html https://www.suse.com/security/cve/CVE-2017-18013.html https://www.suse.com/security/cve/CVE-2018-10963.html https://www.suse.com/security/cve/CVE-2018-7456.html https://www.suse.com/security/cve/CVE-2018-8905.html https://bugzilla.suse.com/1074317 https://bugzilla.suse.com/1082332 https://bugzilla.suse.com/1082825 https://bugzilla.suse.com/1086408 https://bugzilla.suse.com/1092949 From sle-updates at lists.suse.com Thu Jul 5 13:07:55 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jul 2018 21:07:55 +0200 (CEST) Subject: SUSE-SU-2018:1890-1: important: Security update for rubygem-yard Message-ID: <20180705190755.BEC3FFCA4@maintenance.suse.de> SUSE Security Update: Security update for rubygem-yard ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1890-1 Rating: important References: #1070263 Cross-References: CVE-2017-17042 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-yard fixes the following issues: - CVE-2017-17042: The server in YARD did not block relative paths with an initial ../ sequence, which allowed attackers to conduct directory traversal attacks and read arbitrary files (bsc#1070263). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1286=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ruby2.1-rubygem-yard-0.8.7.3-7.3.1 References: https://www.suse.com/security/cve/CVE-2017-17042.html https://bugzilla.suse.com/1070263 From sle-updates at lists.suse.com Thu Jul 5 13:08:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jul 2018 21:08:58 +0200 (CEST) Subject: SUSE-RU-2018:1891-1: Recommended update for release-notes-suse-openstack-cloud Message-ID: <20180705190858.502A3FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-suse-openstack-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1891-1 Rating: low References: #1092579 #1095166 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-suse-openstack-cloud fixes the following issues: - Remove external storage not supported for CLM limitation. (bsc#1092579, bsc#1095166) - Fix information about Monasca in SOC8. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1285=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1285=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1285=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): release-notes-suse-openstack-cloud-8.20180702-3.8.1 - SUSE OpenStack Cloud 8 (noarch): release-notes-suse-openstack-cloud-8.20180702-3.8.1 - HPE Helion Openstack 8 (noarch): release-notes-hpe-helion-openstack-8.20180702-3.8.1 References: https://bugzilla.suse.com/1092579 https://bugzilla.suse.com/1095166 From sle-updates at lists.suse.com Thu Jul 5 13:09:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jul 2018 21:09:41 +0200 (CEST) Subject: SUSE-SU-2018:1892-1: moderate: Security update for nodejs6 Message-ID: <20180705190941.5EF12FCA2@maintenance.suse.de> SUSE Security Update: Security update for nodejs6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1892-1 Rating: moderate References: #1091764 #1097375 Cross-References: CVE-2018-7167 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for nodejs6 to version 6.14.3 fixes the following issues: The following security vulnerability was addressed: - Fixed a denial of service (DoS) vulnerability in Buffer.fill(), which could hang when being called (CVE-2018-7167, bsc#1097375). The following other changes were made: - Use absolute paths in executable shebang lines - Fixed building with ICU61.1 (bsc#1091764) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1287=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1287=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-1287=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1287=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): nodejs6-6.14.3-11.15.1 nodejs6-debuginfo-6.14.3-11.15.1 nodejs6-debugsource-6.14.3-11.15.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): nodejs6-6.14.3-11.15.1 nodejs6-debuginfo-6.14.3-11.15.1 nodejs6-debugsource-6.14.3-11.15.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs6-6.14.3-11.15.1 nodejs6-debuginfo-6.14.3-11.15.1 nodejs6-debugsource-6.14.3-11.15.1 nodejs6-devel-6.14.3-11.15.1 npm6-6.14.3-11.15.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs6-docs-6.14.3-11.15.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): nodejs6-6.14.3-11.15.1 nodejs6-debuginfo-6.14.3-11.15.1 nodejs6-debugsource-6.14.3-11.15.1 References: https://www.suse.com/security/cve/CVE-2018-7167.html https://bugzilla.suse.com/1091764 https://bugzilla.suse.com/1097375 From sle-updates at lists.suse.com Fri Jul 6 10:07:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Jul 2018 18:07:56 +0200 (CEST) Subject: SUSE-SU-2018:1902-1: moderate: Security update for libqt4 Message-ID: <20180706160756.82E01FCA4@maintenance.suse.de> SUSE Security Update: Security update for libqt4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1902-1 Rating: moderate References: #1039291 #1042657 #956357 #964458 #982826 Cross-References: CVE-2016-10040 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for libqt4 fixes the following issues: LibQt4 was updated to 4.8.7 (bsc#1039291, CVE-2016-10040): See http://download.qt.io/official_releases/qt/4.8/4.8.7/changes-4.8.7 for more details. Also libQtWebkit4 was updated to 2.3.4 to match libqt4. Also following bugs were fixed: - Enable libqt4-devel-32bit (bsc#982826) - Fixed bolder font in Qt4 apps (boo#956357) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1288=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1288=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1288=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1288=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libqt4-debuginfo-32bit-4.8.7-8.6.1 libqt4-debugsource-4.8.7-8.6.1 libqt4-sql-mysql-32bit-4.8.7-8.6.1 libqt4-sql-mysql-debuginfo-32bit-4.8.7-8.6.1 libqt4-sql-plugins-debugsource-4.8.7-8.6.1 libqt4-sql-postgresql-32bit-4.8.7-8.6.1 libqt4-sql-postgresql-4.8.7-8.6.1 libqt4-sql-postgresql-debuginfo-32bit-4.8.7-8.6.1 libqt4-sql-postgresql-debuginfo-4.8.7-8.6.1 libqt4-sql-sqlite-32bit-4.8.7-8.6.1 libqt4-sql-sqlite-debuginfo-32bit-4.8.7-8.6.1 libqt4-sql-unixODBC-32bit-4.8.7-8.6.1 libqt4-sql-unixODBC-4.8.7-8.6.1 libqt4-sql-unixODBC-debuginfo-32bit-4.8.7-8.6.1 libqt4-sql-unixODBC-debuginfo-4.8.7-8.6.1 qt4-qtscript-0.2.0-11.2.4 qt4-qtscript-debuginfo-0.2.0-11.2.4 qt4-qtscript-debugsource-0.2.0-11.2.4 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libQtWebKit-devel-4.8.7+2.3.4-4.5.1 libqca2-debuginfo-2.0.3-17.2.1 libqca2-debugsource-2.0.3-17.2.1 libqca2-devel-2.0.3-17.2.1 libqca2-devel-debuginfo-2.0.3-17.2.1 libqt4-debuginfo-4.8.7-8.6.1 libqt4-debugsource-4.8.7-8.6.1 libqt4-devel-4.8.7-8.6.1 libqt4-devel-debuginfo-4.8.7-8.6.1 libqt4-devel-doc-4.8.7-8.6.4 libqt4-devel-doc-debuginfo-4.8.7-8.6.4 libqt4-devel-doc-debugsource-4.8.7-8.6.4 libqt4-linguist-4.8.7-8.6.1 libqt4-linguist-debuginfo-4.8.7-8.6.1 libqt4-private-headers-devel-4.8.7-8.6.1 libqt4-sql-plugins-debugsource-4.8.7-8.6.1 libqt4-sql-postgresql-4.8.7-8.6.1 libqt4-sql-postgresql-debuginfo-4.8.7-8.6.1 libqt4-sql-unixODBC-4.8.7-8.6.1 libqt4-sql-unixODBC-debuginfo-4.8.7-8.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le x86_64): libQtWebKit4-debuginfo-4.8.7+2.3.4-4.5.1 libQtWebKit4-debugsource-4.8.7+2.3.4-4.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (s390x x86_64): libqt4-sql-postgresql-32bit-4.8.7-8.6.1 libqt4-sql-postgresql-debuginfo-32bit-4.8.7-8.6.1 libqt4-sql-unixODBC-32bit-4.8.7-8.6.1 libqt4-sql-unixODBC-debuginfo-32bit-4.8.7-8.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): libqt4-devel-doc-data-4.8.7-8.6.4 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libQtWebKit4-4.8.7+2.3.4-4.5.1 libqca2-2.0.3-17.2.1 libqca2-debuginfo-2.0.3-17.2.1 libqca2-debugsource-2.0.3-17.2.1 libqt4-4.8.7-8.6.1 libqt4-debuginfo-4.8.7-8.6.1 libqt4-debugsource-4.8.7-8.6.1 libqt4-devel-doc-debuginfo-4.8.7-8.6.4 libqt4-devel-doc-debugsource-4.8.7-8.6.4 libqt4-qt3support-4.8.7-8.6.1 libqt4-qt3support-debuginfo-4.8.7-8.6.1 libqt4-sql-4.8.7-8.6.1 libqt4-sql-debuginfo-4.8.7-8.6.1 libqt4-sql-mysql-4.8.7-8.6.1 libqt4-sql-mysql-debuginfo-4.8.7-8.6.1 libqt4-sql-plugins-debugsource-4.8.7-8.6.1 libqt4-sql-sqlite-4.8.7-8.6.1 libqt4-sql-sqlite-debuginfo-4.8.7-8.6.1 libqt4-x11-4.8.7-8.6.1 libqt4-x11-debuginfo-4.8.7-8.6.1 qt4-x11-tools-4.8.7-8.6.4 qt4-x11-tools-debuginfo-4.8.7-8.6.4 - SUSE Linux Enterprise Server 12-SP3 (ppc64le x86_64): libQtWebKit4-debuginfo-4.8.7+2.3.4-4.5.1 libQtWebKit4-debugsource-4.8.7+2.3.4-4.5.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libQtWebKit4-32bit-4.8.7+2.3.4-4.5.1 libqca2-32bit-2.0.3-17.2.1 libqca2-debuginfo-32bit-2.0.3-17.2.1 libqt4-32bit-4.8.7-8.6.1 libqt4-debuginfo-32bit-4.8.7-8.6.1 libqt4-qt3support-32bit-4.8.7-8.6.1 libqt4-qt3support-debuginfo-32bit-4.8.7-8.6.1 libqt4-sql-32bit-4.8.7-8.6.1 libqt4-sql-debuginfo-32bit-4.8.7-8.6.1 libqt4-x11-32bit-4.8.7-8.6.1 libqt4-x11-debuginfo-32bit-4.8.7-8.6.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): libQtWebKit4-debuginfo-32bit-4.8.7+2.3.4-4.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libQtWebKit4-32bit-4.8.7+2.3.4-4.5.1 libQtWebKit4-4.8.7+2.3.4-4.5.1 libQtWebKit4-debuginfo-32bit-4.8.7+2.3.4-4.5.1 libQtWebKit4-debuginfo-4.8.7+2.3.4-4.5.1 libQtWebKit4-debugsource-4.8.7+2.3.4-4.5.1 libqca2-2.0.3-17.2.1 libqca2-32bit-2.0.3-17.2.1 libqca2-debuginfo-2.0.3-17.2.1 libqca2-debuginfo-32bit-2.0.3-17.2.1 libqca2-debugsource-2.0.3-17.2.1 libqt4-32bit-4.8.7-8.6.1 libqt4-4.8.7-8.6.1 libqt4-debuginfo-32bit-4.8.7-8.6.1 libqt4-debuginfo-4.8.7-8.6.1 libqt4-debugsource-4.8.7-8.6.1 libqt4-qt3support-32bit-4.8.7-8.6.1 libqt4-qt3support-4.8.7-8.6.1 libqt4-qt3support-debuginfo-32bit-4.8.7-8.6.1 libqt4-qt3support-debuginfo-4.8.7-8.6.1 libqt4-sql-32bit-4.8.7-8.6.1 libqt4-sql-4.8.7-8.6.1 libqt4-sql-debuginfo-32bit-4.8.7-8.6.1 libqt4-sql-debuginfo-4.8.7-8.6.1 libqt4-sql-mysql-32bit-4.8.7-8.6.1 libqt4-sql-mysql-4.8.7-8.6.1 libqt4-sql-mysql-debuginfo-32bit-4.8.7-8.6.1 libqt4-sql-mysql-debuginfo-4.8.7-8.6.1 libqt4-sql-plugins-debugsource-4.8.7-8.6.1 libqt4-sql-postgresql-32bit-4.8.7-8.6.1 libqt4-sql-postgresql-4.8.7-8.6.1 libqt4-sql-postgresql-debuginfo-32bit-4.8.7-8.6.1 libqt4-sql-postgresql-debuginfo-4.8.7-8.6.1 libqt4-sql-sqlite-32bit-4.8.7-8.6.1 libqt4-sql-sqlite-4.8.7-8.6.1 libqt4-sql-sqlite-debuginfo-32bit-4.8.7-8.6.1 libqt4-sql-sqlite-debuginfo-4.8.7-8.6.1 libqt4-sql-unixODBC-32bit-4.8.7-8.6.1 libqt4-sql-unixODBC-4.8.7-8.6.1 libqt4-sql-unixODBC-debuginfo-32bit-4.8.7-8.6.1 libqt4-sql-unixODBC-debuginfo-4.8.7-8.6.1 libqt4-x11-32bit-4.8.7-8.6.1 libqt4-x11-4.8.7-8.6.1 libqt4-x11-debuginfo-32bit-4.8.7-8.6.1 libqt4-x11-debuginfo-4.8.7-8.6.1 qt4-qtscript-0.2.0-11.2.4 qt4-qtscript-debuginfo-0.2.0-11.2.4 qt4-qtscript-debugsource-0.2.0-11.2.4 References: https://www.suse.com/security/cve/CVE-2016-10040.html https://bugzilla.suse.com/1039291 https://bugzilla.suse.com/1042657 https://bugzilla.suse.com/956357 https://bugzilla.suse.com/964458 https://bugzilla.suse.com/982826 From sle-updates at lists.suse.com Fri Jul 6 13:07:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Jul 2018 21:07:59 +0200 (CEST) Subject: SUSE-RU-2018:1903-1: moderate: Recommended update for yast2-network Message-ID: <20180706190759.0BFA6FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1903-1 Rating: moderate References: #1095971 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-network provides the following fix: - AutoYaST: Do not crash when trying to convert the /etc/hosts profile declaration from multiple line host entries for the same host to just one line. (bsc#1095971) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1289=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1289=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-network-3.2.52-2.32.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): yast2-network-3.2.52-2.32.2 References: https://bugzilla.suse.com/1095971 From sle-updates at lists.suse.com Fri Jul 6 22:07:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Jul 2018 06:07:45 +0200 (CEST) Subject: SUSE-RU-2018:1915-1: important: Recommended update for sysstat Message-ID: <20180707040745.22CC9FCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1915-1 Rating: important References: #1089883 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sysstat reverts the fixes from the previous updates since they may cause some output to be invalid or corrupt. (bsc#1089883) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1290=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1290=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): sysstat-10.2.1-10.12.1 sysstat-debuginfo-10.2.1-10.12.1 sysstat-debugsource-10.2.1-10.12.1 sysstat-isag-10.2.1-10.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): sysstat-10.2.1-10.12.1 sysstat-debuginfo-10.2.1-10.12.1 sysstat-debugsource-10.2.1-10.12.1 References: https://bugzilla.suse.com/1089883 From sle-updates at lists.suse.com Mon Jul 9 07:08:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Jul 2018 15:08:05 +0200 (CEST) Subject: SUSE-SU-2018:1916-1: important: Security update for openslp Message-ID: <20180709130805.DF3E4FCA4@maintenance.suse.de> SUSE Security Update: Security update for openslp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1916-1 Rating: important References: #1090638 Cross-References: CVE-2017-17833 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-openslp-13690=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openslp-13690=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-openslp-13690=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openslp-13690=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openslp-13690=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openslp-13690=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openslp-13690=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): openslp-devel-1.2.0-172.27.3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): openslp-server-1.2.0-172.27.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): openslp-1.2.0-172.27.3.1 openslp-server-1.2.0-172.27.3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): openslp-32bit-1.2.0-172.27.3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): openslp-x86-1.2.0-172.27.3.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): openslp-1.2.0-172.27.3.1 openslp-server-1.2.0-172.27.3.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): openslp-32bit-1.2.0-172.27.3.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libslp1-openssl1-1.2.0-172.27.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): openslp-1.2.0-172.27.3.1 openslp-server-1.2.0-172.27.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openslp-debuginfo-1.2.0-172.27.3.1 openslp-debugsource-1.2.0-172.27.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): openslp-debuginfo-32bit-1.2.0-172.27.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): openslp-debuginfo-x86-1.2.0-172.27.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openslp-debuginfo-1.2.0-172.27.3.1 openslp-debugsource-1.2.0-172.27.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): openslp-debuginfo-32bit-1.2.0-172.27.3.1 References: https://www.suse.com/security/cve/CVE-2017-17833.html https://bugzilla.suse.com/1090638 From sle-updates at lists.suse.com Mon Jul 9 07:08:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Jul 2018 15:08:41 +0200 (CEST) Subject: SUSE-SU-2018:1917-1: important: Security update for openslp Message-ID: <20180709130841.B6B69FCA2@maintenance.suse.de> SUSE Security Update: Security update for openslp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1917-1 Rating: important References: #1090638 Cross-References: CVE-2017-17833 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-1292=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1292=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): openslp-debuginfo-2.0.0-6.3.1 openslp-debugsource-2.0.0-6.3.1 openslp-server-2.0.0-6.3.1 openslp-server-debuginfo-2.0.0-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): openslp-2.0.0-6.3.1 openslp-debuginfo-2.0.0-6.3.1 openslp-debugsource-2.0.0-6.3.1 openslp-devel-2.0.0-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): openslp-32bit-2.0.0-6.3.1 openslp-32bit-debuginfo-2.0.0-6.3.1 References: https://www.suse.com/security/cve/CVE-2017-17833.html https://bugzilla.suse.com/1090638 From sle-updates at lists.suse.com Mon Jul 9 07:09:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Jul 2018 15:09:12 +0200 (CEST) Subject: SUSE-SU-2018:1918-1: moderate: Security update for nodejs8 Message-ID: <20180709130912.60EDBFCA2@maintenance.suse.de> SUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1918-1 Rating: moderate References: #1091764 #1097375 #1097401 #1097404 Cross-References: CVE-2018-1000168 CVE-2018-7161 CVE-2018-7167 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for nodejs8 to version 8.11.3 fixes the following issues: These security issues were fixed: - CVE-2018-7167: Calling Buffer.fill() or Buffer.alloc() with some parameters could have lead to a hang which could have resulted in a DoS (bsc#1097375). - CVE-2018-7161: By interacting with the http2 server in a manner that triggered a cleanup bug where objects are used in native code after they are no longer available an attacker could have caused a denial of service (DoS) by causing a node server providing an http2 server to crash (bsc#1097404). - CVE-2018-1000168: Fixed a denial of service vulnerability by unbundling nghttp2 (bsc#1097401) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2018-1291=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): nodejs8-8.11.3-3.5.1 nodejs8-debuginfo-8.11.3-3.5.1 nodejs8-debugsource-8.11.3-3.5.1 nodejs8-devel-8.11.3-3.5.1 npm8-8.11.3-3.5.1 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): nodejs8-docs-8.11.3-3.5.1 References: https://www.suse.com/security/cve/CVE-2018-1000168.html https://www.suse.com/security/cve/CVE-2018-7161.html https://www.suse.com/security/cve/CVE-2018-7167.html https://bugzilla.suse.com/1091764 https://bugzilla.suse.com/1097375 https://bugzilla.suse.com/1097401 https://bugzilla.suse.com/1097404 From sle-updates at lists.suse.com Mon Jul 9 13:08:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Jul 2018 21:08:02 +0200 (CEST) Subject: SUSE-RU-2018:1919-1: moderate: Recommended update for ardana-neutron Message-ID: <20180709190802.D8F80FCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for ardana-neutron ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1919-1 Rating: moderate References: #1093963 Affected Products: SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ardana-neutron fixes the following issues: - Wait for Openvswitch to startup before continuing. (bsc#1093963) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1294=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1294=1 Package List: - SUSE OpenStack Cloud 8 (noarch): ardana-neutron-8.0+git.1526941638.4247f44-3.9.1 - HPE Helion Openstack 8 (noarch): ardana-neutron-8.0+git.1526941638.4247f44-3.9.1 References: https://bugzilla.suse.com/1093963 From sle-updates at lists.suse.com Tue Jul 10 07:08:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Jul 2018 15:08:11 +0200 (CEST) Subject: SUSE-SU-2018:1920-1: important: Security update for ceph Message-ID: <20180710130811.AF4F2FD41@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1920-1 Rating: important References: #1096748 #1099162 Cross-References: CVE-2018-10861 CVE-2018-1128 CVE-2018-1129 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for ceph to version ceph-12.2.5-419-g8cbf63d997 fixes the following issues: - CVE-2018-10861: Ensure that ceph-mon does perform authorization on all OSD pool ops (bsc#1099162). - CVE-2018-1129: cephx signature check bypass (bsc#1096748). - CVE-2018-1128: cephx protocol was vulnerable to replay attack (bsc#1096748). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-1296=1 Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): ceph-12.2.5+git.1530082629.8cbf63d997-2.16.1 ceph-base-12.2.5+git.1530082629.8cbf63d997-2.16.1 ceph-base-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 ceph-common-12.2.5+git.1530082629.8cbf63d997-2.16.1 ceph-common-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 ceph-debugsource-12.2.5+git.1530082629.8cbf63d997-2.16.1 ceph-fuse-12.2.5+git.1530082629.8cbf63d997-2.16.1 ceph-fuse-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 ceph-mds-12.2.5+git.1530082629.8cbf63d997-2.16.1 ceph-mds-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 ceph-mgr-12.2.5+git.1530082629.8cbf63d997-2.16.1 ceph-mgr-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 ceph-mon-12.2.5+git.1530082629.8cbf63d997-2.16.1 ceph-mon-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 ceph-osd-12.2.5+git.1530082629.8cbf63d997-2.16.1 ceph-osd-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 ceph-radosgw-12.2.5+git.1530082629.8cbf63d997-2.16.1 ceph-radosgw-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 libcephfs2-12.2.5+git.1530082629.8cbf63d997-2.16.1 libcephfs2-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 librados2-12.2.5+git.1530082629.8cbf63d997-2.16.1 librados2-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 libradosstriper1-12.2.5+git.1530082629.8cbf63d997-2.16.1 libradosstriper1-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 librbd1-12.2.5+git.1530082629.8cbf63d997-2.16.1 librbd1-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 librgw2-12.2.5+git.1530082629.8cbf63d997-2.16.1 librgw2-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 python-ceph-compat-12.2.5+git.1530082629.8cbf63d997-2.16.1 python-cephfs-12.2.5+git.1530082629.8cbf63d997-2.16.1 python-cephfs-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 python-rados-12.2.5+git.1530082629.8cbf63d997-2.16.1 python-rados-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 python-rbd-12.2.5+git.1530082629.8cbf63d997-2.16.1 python-rbd-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 python-rgw-12.2.5+git.1530082629.8cbf63d997-2.16.1 python-rgw-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 python3-ceph-argparse-12.2.5+git.1530082629.8cbf63d997-2.16.1 python3-cephfs-12.2.5+git.1530082629.8cbf63d997-2.16.1 python3-cephfs-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 python3-rados-12.2.5+git.1530082629.8cbf63d997-2.16.1 python3-rados-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 python3-rbd-12.2.5+git.1530082629.8cbf63d997-2.16.1 python3-rbd-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 python3-rgw-12.2.5+git.1530082629.8cbf63d997-2.16.1 python3-rgw-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 rbd-fuse-12.2.5+git.1530082629.8cbf63d997-2.16.1 rbd-fuse-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 rbd-mirror-12.2.5+git.1530082629.8cbf63d997-2.16.1 rbd-mirror-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 rbd-nbd-12.2.5+git.1530082629.8cbf63d997-2.16.1 rbd-nbd-debuginfo-12.2.5+git.1530082629.8cbf63d997-2.16.1 References: https://www.suse.com/security/cve/CVE-2018-10861.html https://www.suse.com/security/cve/CVE-2018-1128.html https://www.suse.com/security/cve/CVE-2018-1129.html https://bugzilla.suse.com/1096748 https://bugzilla.suse.com/1099162 From sle-updates at lists.suse.com Wed Jul 11 13:08:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Jul 2018 21:08:34 +0200 (CEST) Subject: SUSE-SU-2018:1925-1: moderate: Security update for slurm Message-ID: <20180711190834.BF734FCA4@maintenance.suse.de> SUSE Security Update: Security update for slurm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1925-1 Rating: moderate References: #1095508 Cross-References: CVE-2018-10995 Affected Products: SUSE Linux Enterprise Module for HPC 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slurm to version 17.11.7 fixes the following issues: This security issue was fixed: - CVE-2018-10995: Ensure correct handling of user names and group ids (bsc#1095508). These non-security issues were fixed: - CRAY - Add slurmsmwd to the contribs/cray dir - PMIX - Added the direct connect authentication. - Prevent the backup slurmctld from losing the active/available node features list on takeover. - Be able to force power_down of cloud node even if in power_save state. - Allow cloud nodes to be recognized in Slurm when booted out of band. - Notify srun and ctld when unkillable stepd exits. - Fixes daemoniziation in newly introduced slurmsmwd daemon. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15: zypper in -t patch SUSE-SLE-Module-HPC-15-2018-1306=1 Package List: - SUSE Linux Enterprise Module for HPC 15 (aarch64 x86_64): libpmi0-17.11.7-6.3.1 libpmi0-debuginfo-17.11.7-6.3.1 libslurm32-17.11.7-6.3.1 libslurm32-debuginfo-17.11.7-6.3.1 perl-slurm-17.11.7-6.3.1 perl-slurm-debuginfo-17.11.7-6.3.1 slurm-17.11.7-6.3.1 slurm-auth-none-17.11.7-6.3.1 slurm-auth-none-debuginfo-17.11.7-6.3.1 slurm-config-17.11.7-6.3.1 slurm-debuginfo-17.11.7-6.3.1 slurm-debugsource-17.11.7-6.3.1 slurm-devel-17.11.7-6.3.1 slurm-doc-17.11.7-6.3.1 slurm-lua-17.11.7-6.3.1 slurm-lua-debuginfo-17.11.7-6.3.1 slurm-munge-17.11.7-6.3.1 slurm-munge-debuginfo-17.11.7-6.3.1 slurm-node-17.11.7-6.3.1 slurm-node-debuginfo-17.11.7-6.3.1 slurm-pam_slurm-17.11.7-6.3.1 slurm-pam_slurm-debuginfo-17.11.7-6.3.1 slurm-plugins-17.11.7-6.3.1 slurm-plugins-debuginfo-17.11.7-6.3.1 slurm-slurmdbd-17.11.7-6.3.1 slurm-slurmdbd-debuginfo-17.11.7-6.3.1 slurm-sql-17.11.7-6.3.1 slurm-sql-debuginfo-17.11.7-6.3.1 slurm-torque-17.11.7-6.3.1 slurm-torque-debuginfo-17.11.7-6.3.1 References: https://www.suse.com/security/cve/CVE-2018-10995.html https://bugzilla.suse.com/1095508 From sle-updates at lists.suse.com Wed Jul 11 13:09:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Jul 2018 21:09:07 +0200 (CEST) Subject: SUSE-SU-2018:1926-1: important: Security update for ucode-intel Message-ID: <20180711190907.8280CFCA2@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1926-1 Rating: important References: #1087082 #1087083 #1100147 Cross-References: CVE-2018-3639 CVE-2018-3640 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for ucode-intel fixes the following issues: The microcode bundles was updated to the 20180703 release For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083). More information on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-D ata-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1299=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): ucode-intel-20180703-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-3640.html https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087083 https://bugzilla.suse.com/1100147 From sle-updates at lists.suse.com Wed Jul 11 13:09:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Jul 2018 21:09:59 +0200 (CEST) Subject: SUSE-RU-2018:1927-1: moderate: Recommended update for google-compute-engine Message-ID: <20180711190959.CE109FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1927-1 Rating: moderate References: #1097378 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for google-compute-engine fixes the following issues: - Ensure that google-ip-forwarding-daemon service and google-network-setup are stopped and disabled during upgrade. - Ensure that google-network-daemon service is enabled and started during upgrade. - Set run_dir to /var/run. (bsc#1097378, #1097616) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2018-1307=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): google-compute-engine-oslogin-20180510-4.3.1 google-compute-engine-oslogin-debuginfo-20180510-4.3.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): google-compute-engine-init-20180510-4.3.1 References: https://bugzilla.suse.com/1097378 From sle-updates at lists.suse.com Wed Jul 11 13:10:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Jul 2018 21:10:35 +0200 (CEST) Subject: SUSE-RU-2018:1928-1: moderate: Recommended update for gdm Message-ID: <20180711191035.056DBFCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1928-1 Rating: moderate References: #1086600 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gdm fixes the following issues: - Limit potentially expensive name lookups to avoid lengthy timeouts. (bsc#1086600) - Fix a problem that was causing _gdm_address_debug to always return NULL. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gdm-13692=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gdm-13692=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gdm-2.24.0-24.103.3.1 gdm-branding-upstream-2.24.0-24.103.3.1 gdm-lang-2.24.0-24.103.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gdm-debuginfo-2.24.0-24.103.3.1 gdm-debugsource-2.24.0-24.103.3.1 References: https://bugzilla.suse.com/1086600 From sle-updates at lists.suse.com Wed Jul 11 13:11:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Jul 2018 21:11:22 +0200 (CEST) Subject: SUSE-RU-2018:1929-1: moderate: Recommended update for SUSE Manager Server 3.1 Message-ID: <20180711191122.B86F4FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 3.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1929-1 Rating: moderate References: #1029726 #1039043 #1041134 #1075014 #1076931 #1079605 #1084128 #1084863 #1085464 #1085484 #1085516 #1086335 #1089185 #1089526 #1089571 #1090224 #1090664 #1092940 #1093381 #1093825 #1094190 #1094524 #1094530 #1094543 #1094578 #1094986 #1095210 #1095211 #1096009 #1096056 #1096511 #1096514 #1096747 #1097145 #1097615 #1097676 #1097699 #1097733 #1098225 #1099311 #1099934 Affected Products: SUSE Manager Server 3.1 ______________________________________________________________________________ An update that has 41 recommended fixes can now be installed. Description: This update provides the following fixes and improvements for SUSE Manager Server 3.1: cobbler: - Do not try to hardlink to a symlink. The result will be a dangling symlink in the general case. (bsc#1097733) - Fix signature for SLES15. (bsc#1075014) nutch: - Fix nutch log level. (bsc#1097145) spacecmd: - Add option to set cleanup type for system_delete. (bsc#1094190) spacewalk-backend: - Fix truncated result message of server actions. (bsc#1039043) - Do not copy 'foreign_entitlement' from virtual host to the registered guest. (bsc#1093381) spacewalk-java: - Improve cve-server-channels Taskomatic task's performance. (bsc#1094524) - Increase the default number of Quartz worker threads. (bsc#1096511) - Do not break backward compatibility on package installation/removal. (bsc#1096514) - proxyClients missing csrf token and paginations. (bsc#1098225) - Fix cleaning up tasks when starting up taskomatic. (bsc#1095210) - Fix truncated result message of server actions. (bsc#1039043) - Add missing result fields for errata query. (bsc#1097615) - Improve gatherer-matcher Taskomatic task's performance. (bsc#1094524) - Fix hardware refresh with multiple IPs on a network interface. (bsc#1041134) - Fix NPE in image pages when showing containers with non-SUSE distros. (bsc#1097676) - Do not log when received 'docker://' prefix from Kubernetes clusters. - Add new 'upgrade_satellite_refresh_custom_sls_files' task to refresh custom SLS files generated for minions. (bsc#1094543) - Fix limit naming of action chain. (bsc#1086335) - Specify old udev name as alternative when parsing hw results. - Fix detection of a xen virtualization host. (bsc#1096056) - Disallow colons in image labels. (bsc#1092940) - Fix registration of RHEL clients when multiple release packages are installed. (bsc#1076931) - Show chain of proxies correctly. (bsc#1084128) - Make mass-canceling of Actions faster. (bsc#1095211) - Show only directly connected systems for Proxy. (bsc#1094986) - Generate pillar after changeing gpg_check flag. (bsc#1079605) - Enable all TLS version for HTTPS connections. (bsc#1094530) - Added 404 handling inside the Spark framework. (bsc#1029726) - Allow multi selection/deletion of notification messages. - Honor user timezone setting for system overview dates. (bsc#1085516) - Schedule only one action when changing channel assignment for a group of servers on SSM. - Fix minion software profile to allow multiple installed versions for the same package name. (bsc#1089526) - Add API functions to specify system cleanup type when deleting a system. (bsc#1094190) - Change default cleanup type for XMLRPC API to NO_CLEANUP. (bsc#1094190) - Take organization into account when looking up for an erratum. (bsc#1089185) spacewalk-utils: - Add an ability to specify admin credentials in settings.conf. (bsc#1085484) spacewalk-web: - Avoid ISE when unsubscribing channels in SSM. (bsc#1094578) - Show feedback on button clicked. (bsc#1085464) - Fix typo in 'Installed Products' label in image overview page. - Disallow colons in image labels. (bsc#1092940) - Show chain of proxies correctly. (bsc#1084128) - Fix cve search box. (bsc#1089571) - Fix on UI content observer. (bsc#1084863) - Allow multi selection/deletion of notification messages. - Disable toggler if no recommended channels. (bsc#1090224) - Implemented new 404 page in react. (bsc#1029726) - Improve the gulpfile watch mode performance. (bsc#1096747) susemanager: - Fix mgr-create-bootstrap-repo with custom channels. (bsc#1099934) - Add python-pyudev to bootstrap repo. (bsc#1099311) susemanager-frontend-libs: - Update susemanager-nodejs-sdk-devel to 1.0.2. (bsc#1096747) susemanager-schema: - Fix truncated result message of server actions. (bsc#1039043) - Fix config channels state revision inconsistency after migration. (bsc#1094543) - Fix issue with "suse_img_repodigest_idx" index if multiple image tags. (bsc#1090664) susemanager-sls: - Use custom Salt capabilities to prevent breaking backward compatibility. (bsc#1096514) - Do not install 'python-salt' on container build hosts with older Salt versions. (bsc#1097699) - Fix bootstrap error when removing traditional stack. (bsc#1096009) - Fix migration from traditional stack to salt registration. (bsc#1093825) - Update profileupdate.sls to report all versions installed. (bsc#1089526) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-1300=1 Package List: - SUSE Manager Server 3.1 (s390x x86_64): susemanager-3.1.15-2.22.2 susemanager-tools-3.1.15-2.22.2 - SUSE Manager Server 3.1 (noarch): cobbler-2.6.6-5.13.2 nutch-1.0-0.9.10.2 spacecmd-2.7.8.11-2.19.2 spacewalk-backend-2.7.73.14-2.22.2 spacewalk-backend-app-2.7.73.14-2.22.2 spacewalk-backend-applet-2.7.73.14-2.22.2 spacewalk-backend-config-files-2.7.73.14-2.22.2 spacewalk-backend-config-files-common-2.7.73.14-2.22.2 spacewalk-backend-config-files-tool-2.7.73.14-2.22.2 spacewalk-backend-iss-2.7.73.14-2.22.2 spacewalk-backend-iss-export-2.7.73.14-2.22.2 spacewalk-backend-libs-2.7.73.14-2.22.2 spacewalk-backend-package-push-server-2.7.73.14-2.22.2 spacewalk-backend-server-2.7.73.14-2.22.2 spacewalk-backend-sql-2.7.73.14-2.22.2 spacewalk-backend-sql-oracle-2.7.73.14-2.22.2 spacewalk-backend-sql-postgresql-2.7.73.14-2.22.2 spacewalk-backend-tools-2.7.73.14-2.22.2 spacewalk-backend-xml-export-libs-2.7.73.14-2.22.2 spacewalk-backend-xmlrpc-2.7.73.14-2.22.2 spacewalk-base-2.7.1.17-2.22.2 spacewalk-base-minimal-2.7.1.17-2.22.2 spacewalk-base-minimal-config-2.7.1.17-2.22.2 spacewalk-html-2.7.1.17-2.22.2 spacewalk-java-2.7.46.15-2.28.2 spacewalk-java-config-2.7.46.15-2.28.2 spacewalk-java-lib-2.7.46.15-2.28.2 spacewalk-java-oracle-2.7.46.15-2.28.2 spacewalk-java-postgresql-2.7.46.15-2.28.2 spacewalk-taskomatic-2.7.46.15-2.28.2 spacewalk-utils-2.7.10.8-2.13.2 susemanager-frontend-libs-3.1.2-3.6.2 susemanager-schema-3.1.18-2.26.2 susemanager-sls-3.1.18-2.26.2 References: https://bugzilla.suse.com/1029726 https://bugzilla.suse.com/1039043 https://bugzilla.suse.com/1041134 https://bugzilla.suse.com/1075014 https://bugzilla.suse.com/1076931 https://bugzilla.suse.com/1079605 https://bugzilla.suse.com/1084128 https://bugzilla.suse.com/1084863 https://bugzilla.suse.com/1085464 https://bugzilla.suse.com/1085484 https://bugzilla.suse.com/1085516 https://bugzilla.suse.com/1086335 https://bugzilla.suse.com/1089185 https://bugzilla.suse.com/1089526 https://bugzilla.suse.com/1089571 https://bugzilla.suse.com/1090224 https://bugzilla.suse.com/1090664 https://bugzilla.suse.com/1092940 https://bugzilla.suse.com/1093381 https://bugzilla.suse.com/1093825 https://bugzilla.suse.com/1094190 https://bugzilla.suse.com/1094524 https://bugzilla.suse.com/1094530 https://bugzilla.suse.com/1094543 https://bugzilla.suse.com/1094578 https://bugzilla.suse.com/1094986 https://bugzilla.suse.com/1095210 https://bugzilla.suse.com/1095211 https://bugzilla.suse.com/1096009 https://bugzilla.suse.com/1096056 https://bugzilla.suse.com/1096511 https://bugzilla.suse.com/1096514 https://bugzilla.suse.com/1096747 https://bugzilla.suse.com/1097145 https://bugzilla.suse.com/1097615 https://bugzilla.suse.com/1097676 https://bugzilla.suse.com/1097699 https://bugzilla.suse.com/1097733 https://bugzilla.suse.com/1098225 https://bugzilla.suse.com/1099311 https://bugzilla.suse.com/1099934 From sle-updates at lists.suse.com Wed Jul 11 13:18:55 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Jul 2018 21:18:55 +0200 (CEST) Subject: SUSE-RU-2018:1930-1: moderate: Recommended update for google-compute-engine Message-ID: <20180711191855.DAF3EFCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1930-1 Rating: moderate References: #1066273 #1092214 #1097378 #1097616 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for google-compute-engine to version 20180510 provides the following fixes (bsc#1066273, bsc#1092214): - Prevent delay in configuring IP forwarding routes. - Include new google-network-daemon. - Stop shipping deprecated google-ip-forwarding-daemon service. - Install google_oslogin_nss_cache binary into oslogin package. - Create a new network daemon. - Refactor the IP forwarding daemon and network setup. - Improvements for using NSS cache in the accounts daemon. - Include libnss cache as part of the OS Login package. - Add distro specific logic. - Support SLES 11 and 12 in multi-nic setup. - Fix boto config documentation. - Add modprobe blacklist for nouveau and floppy modules. - Fix irqbalance conflict in Debian package. - Fix conflict with other applications that use curl and SSL. - Install new kernel module blacklist into /etc/modprobe.d. - Ensure that google-ip-forwarding-daemon service and google-network-setup are stopped and disabled during upgrade. - Ensure that google-network-daemon service is enabled and started during upgrade. - Set run_dir to /var/run. (bsc#1097378, bsc#1097616) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-google-compute-engine-13691=1 Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (i586 ia64 ppc64 s390x x86_64): google-compute-engine-init-20180510-15.1 google-compute-engine-oslogin-20180510-15.1 References: https://bugzilla.suse.com/1066273 https://bugzilla.suse.com/1092214 https://bugzilla.suse.com/1097378 https://bugzilla.suse.com/1097616 From sle-updates at lists.suse.com Wed Jul 11 13:20:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Jul 2018 21:20:13 +0200 (CEST) Subject: SUSE-RU-2018:1931-1: Recommended update for the SUSE Manager 3.1 release notes Message-ID: <20180711192013.0150EFCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager 3.1 release notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1931-1 Rating: low References: #1099934 Affected Products: SUSE Manager Server 3.1 SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the SUSE Manager 3.1 release notes documents the following fixes: - SUSE Manager Server bugs fixed by latest updates + bsc#1029726, bsc#1039043, bsc#1041134, bsc#1075014, bsc#1076931, bsc#1079605, bsc#1084128, bsc#1084863, bsc#1085464, bsc#1085484, bsc#1085516, bsc#1086335, bsc#1089185, bsc#1089526, bsc#1089571, bsc#1090224, bsc#1090664, bsc#1092940, bsc#1093381, bsc#1093825, bsc#1094190, bsc#1094524, bsc#1094530, bsc#1094543, bsc#1094578, bsc#1094986, bsc#1095210, bsc#1095211, bsc#1096009, bsc#1096056, bsc#1096511, bsc#1096514, bsc#1096747, bsc#1097145, bsc#1097615, bsc#1097676, bsc#1097699, bsc#1097733, bsc#1098225, bsc#1099311, bsc#1099934 - SUSE Manager Proxy bugs fixed by latest updates + bsc#1029726, bsc#1039043, bsc#1084128, bsc#1084863, bsc#1085464, bsc#1089571, bsc#1090224, bsc#1092940, bsc#1093381, bsc#1094578, bsc#1096747 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-1301=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-1301=1 Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): release-notes-susemanager-3.1.7-5.35.2 - SUSE Manager Proxy 3.1 (ppc64le x86_64): release-notes-susemanager-proxy-3.1.7-0.15.26.1 References: https://bugzilla.suse.com/1099934 From sle-updates at lists.suse.com Wed Jul 11 13:20:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Jul 2018 21:20:45 +0200 (CEST) Subject: SUSE-RU-2018:1932-1: moderate: Recommended update for gdm Message-ID: <20180711192045.539CCFCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1932-1 Rating: moderate References: #1086600 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gdm fixes the following issues: - Limit potentially expensive name lookups to avoid lengthy timeouts. (bsc#1086600) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1304=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1304=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1304=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gdm-debuginfo-3.10.0.1-54.3.1 gdm-debugsource-3.10.0.1-54.3.1 gdm-devel-3.10.0.1-54.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gdm-3.10.0.1-54.3.1 gdm-debuginfo-3.10.0.1-54.3.1 gdm-debugsource-3.10.0.1-54.3.1 libgdm1-3.10.0.1-54.3.1 libgdm1-debuginfo-3.10.0.1-54.3.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): gdm-lang-3.10.0.1-54.3.1 gdmflexiserver-3.10.0.1-54.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gdm-3.10.0.1-54.3.1 gdm-debuginfo-3.10.0.1-54.3.1 gdm-debugsource-3.10.0.1-54.3.1 libgdm1-3.10.0.1-54.3.1 libgdm1-debuginfo-3.10.0.1-54.3.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gdm-lang-3.10.0.1-54.3.1 gdmflexiserver-3.10.0.1-54.3.1 References: https://bugzilla.suse.com/1086600 From sle-updates at lists.suse.com Wed Jul 11 13:21:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Jul 2018 21:21:19 +0200 (CEST) Subject: SUSE-RU-2018:1933-1: moderate: Recommended update for SUSE Manager Proxy 3.1 Message-ID: <20180711192119.37F9BFCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1933-1 Rating: moderate References: #1029726 #1039043 #1084128 #1084863 #1085464 #1089571 #1090224 #1092940 #1093381 #1094578 #1096747 Affected Products: SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update provides the following fixes and improvements for SUSE Manager Server 3.1: spacewalk-backend: - Fix truncated result message of server actions. (bsc#1039043) - Do not copy 'foreign_entitlement' from virtual host to the registered guest. (bsc#1093381) spacewalk-web: - Avoid ISE when unsubscribing channels in SSM. (bsc#1094578) - Show feedback on button clicked. (bsc#1085464) - Fix typo in 'Installed Products' label in image overview page. - Disallow colons in image labels. (bsc#1092940) - Show chain of proxies correctly. (bsc#1084128) - Fix cve search box. (bsc#1089571) - Fix on UI content observer. (bsc#1084863) - Allow multi selection/deletion of notification messages. - Disable toggler if no recommended channels. (bsc#1090224) - Implemented new 404 page in react. (bsc#1029726) - Improve the gulpfile watch mode performance. (bsc#1096747) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-1300=1 Package List: - SUSE Manager Proxy 3.1 (noarch): spacewalk-backend-2.7.73.14-2.22.2 spacewalk-backend-libs-2.7.73.14-2.22.2 spacewalk-base-minimal-2.7.1.17-2.22.2 spacewalk-base-minimal-config-2.7.1.17-2.22.2 References: https://bugzilla.suse.com/1029726 https://bugzilla.suse.com/1039043 https://bugzilla.suse.com/1084128 https://bugzilla.suse.com/1084863 https://bugzilla.suse.com/1085464 https://bugzilla.suse.com/1089571 https://bugzilla.suse.com/1090224 https://bugzilla.suse.com/1092940 https://bugzilla.suse.com/1093381 https://bugzilla.suse.com/1094578 https://bugzilla.suse.com/1096747 From sle-updates at lists.suse.com Wed Jul 11 13:23:10 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Jul 2018 21:23:10 +0200 (CEST) Subject: SUSE-RU-2018:1934-1: moderate: Recommended update for SUSEConnect Message-ID: <20180711192310.2150DFCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1934-1 Rating: moderate References: #1093658 #1094348 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSEConnect provides the following fixes: - Add dependencies needed by the rmt-client-setup script as Recommends. (bsc#1093658, bsc#1094348) - Enhance error message generation. - Add not supported operation exception to PackageSearch API. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1303=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.11-3.3.1 References: https://bugzilla.suse.com/1093658 https://bugzilla.suse.com/1094348 From sle-updates at lists.suse.com Thu Jul 12 04:11:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jul 2018 12:11:16 +0200 (CEST) Subject: SUSE-SU-2018:1935-1: important: Recommended update for ucode-intel Message-ID: <20180712101116.B49DBFD2E@maintenance.suse.de> SUSE Security Update: Recommended update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1935-1 Rating: important References: #1087082 #1087083 #1096141 #1100147 Cross-References: CVE-2018-3639 CVE-2018-3640 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: The Intel CPU microcode bundle was updated to the 20180703 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083). More information on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-D ata-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx - Add a new style supplements for the recent kernels. (bsc#1096141) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1308=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1308=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1308=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1308=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1308=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1308=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1308=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1308=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1308=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 - SUSE Enterprise Storage 4 (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-3640.html https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087083 https://bugzilla.suse.com/1096141 https://bugzilla.suse.com/1100147 From sle-updates at lists.suse.com Thu Jul 12 07:08:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jul 2018 15:08:02 +0200 (CEST) Subject: SUSE-SU-2018:1936-1: moderate: Security update for php7 Message-ID: <20180712130802.6BE0DFCA4@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1936-1 Rating: moderate References: #1099098 Cross-References: CVE-2018-12882 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2018-1317=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x): apache2-mod_php7-7.2.5-4.3.1 apache2-mod_php7-debuginfo-7.2.5-4.3.1 php7-7.2.5-4.3.1 php7-bcmath-7.2.5-4.3.1 php7-bcmath-debuginfo-7.2.5-4.3.1 php7-bz2-7.2.5-4.3.1 php7-bz2-debuginfo-7.2.5-4.3.1 php7-calendar-7.2.5-4.3.1 php7-calendar-debuginfo-7.2.5-4.3.1 php7-ctype-7.2.5-4.3.1 php7-ctype-debuginfo-7.2.5-4.3.1 php7-curl-7.2.5-4.3.1 php7-curl-debuginfo-7.2.5-4.3.1 php7-dba-7.2.5-4.3.1 php7-dba-debuginfo-7.2.5-4.3.1 php7-debuginfo-7.2.5-4.3.1 php7-debugsource-7.2.5-4.3.1 php7-devel-7.2.5-4.3.1 php7-dom-7.2.5-4.3.1 php7-dom-debuginfo-7.2.5-4.3.1 php7-enchant-7.2.5-4.3.1 php7-enchant-debuginfo-7.2.5-4.3.1 php7-exif-7.2.5-4.3.1 php7-exif-debuginfo-7.2.5-4.3.1 php7-fastcgi-7.2.5-4.3.1 php7-fastcgi-debuginfo-7.2.5-4.3.1 php7-fileinfo-7.2.5-4.3.1 php7-fileinfo-debuginfo-7.2.5-4.3.1 php7-fpm-7.2.5-4.3.1 php7-fpm-debuginfo-7.2.5-4.3.1 php7-ftp-7.2.5-4.3.1 php7-ftp-debuginfo-7.2.5-4.3.1 php7-gd-7.2.5-4.3.1 php7-gd-debuginfo-7.2.5-4.3.1 php7-gettext-7.2.5-4.3.1 php7-gettext-debuginfo-7.2.5-4.3.1 php7-gmp-7.2.5-4.3.1 php7-gmp-debuginfo-7.2.5-4.3.1 php7-iconv-7.2.5-4.3.1 php7-iconv-debuginfo-7.2.5-4.3.1 php7-intl-7.2.5-4.3.1 php7-intl-debuginfo-7.2.5-4.3.1 php7-json-7.2.5-4.3.1 php7-json-debuginfo-7.2.5-4.3.1 php7-ldap-7.2.5-4.3.1 php7-ldap-debuginfo-7.2.5-4.3.1 php7-mbstring-7.2.5-4.3.1 php7-mbstring-debuginfo-7.2.5-4.3.1 php7-mysql-7.2.5-4.3.1 php7-mysql-debuginfo-7.2.5-4.3.1 php7-odbc-7.2.5-4.3.1 php7-odbc-debuginfo-7.2.5-4.3.1 php7-opcache-7.2.5-4.3.1 php7-opcache-debuginfo-7.2.5-4.3.1 php7-openssl-7.2.5-4.3.1 php7-openssl-debuginfo-7.2.5-4.3.1 php7-pcntl-7.2.5-4.3.1 php7-pcntl-debuginfo-7.2.5-4.3.1 php7-pdo-7.2.5-4.3.1 php7-pdo-debuginfo-7.2.5-4.3.1 php7-pgsql-7.2.5-4.3.1 php7-pgsql-debuginfo-7.2.5-4.3.1 php7-phar-7.2.5-4.3.1 php7-phar-debuginfo-7.2.5-4.3.1 php7-posix-7.2.5-4.3.1 php7-posix-debuginfo-7.2.5-4.3.1 php7-shmop-7.2.5-4.3.1 php7-shmop-debuginfo-7.2.5-4.3.1 php7-snmp-7.2.5-4.3.1 php7-snmp-debuginfo-7.2.5-4.3.1 php7-soap-7.2.5-4.3.1 php7-soap-debuginfo-7.2.5-4.3.1 php7-sockets-7.2.5-4.3.1 php7-sockets-debuginfo-7.2.5-4.3.1 php7-sqlite-7.2.5-4.3.1 php7-sqlite-debuginfo-7.2.5-4.3.1 php7-sysvmsg-7.2.5-4.3.1 php7-sysvmsg-debuginfo-7.2.5-4.3.1 php7-sysvsem-7.2.5-4.3.1 php7-sysvsem-debuginfo-7.2.5-4.3.1 php7-sysvshm-7.2.5-4.3.1 php7-sysvshm-debuginfo-7.2.5-4.3.1 php7-tokenizer-7.2.5-4.3.1 php7-tokenizer-debuginfo-7.2.5-4.3.1 php7-wddx-7.2.5-4.3.1 php7-wddx-debuginfo-7.2.5-4.3.1 php7-xmlreader-7.2.5-4.3.1 php7-xmlreader-debuginfo-7.2.5-4.3.1 php7-xmlrpc-7.2.5-4.3.1 php7-xmlrpc-debuginfo-7.2.5-4.3.1 php7-xmlwriter-7.2.5-4.3.1 php7-xmlwriter-debuginfo-7.2.5-4.3.1 php7-xsl-7.2.5-4.3.1 php7-xsl-debuginfo-7.2.5-4.3.1 php7-zip-7.2.5-4.3.1 php7-zip-debuginfo-7.2.5-4.3.1 php7-zlib-7.2.5-4.3.1 php7-zlib-debuginfo-7.2.5-4.3.1 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): php7-pear-7.2.5-4.3.1 php7-pear-Archive_Tar-7.2.5-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-12882.html https://bugzilla.suse.com/1099098 From sle-updates at lists.suse.com Thu Jul 12 07:08:37 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jul 2018 15:08:37 +0200 (CEST) Subject: SUSE-SU-2018:1937-1: moderate: Security update for rsyslog Message-ID: <20180712130837.2F326FCA4@maintenance.suse.de> SUSE Security Update: Security update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1937-1 Rating: moderate References: #935393 Cross-References: CVE-2015-3243 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rsyslog fixes the following security issue: - CVE-2015-3243: Prevent weak permissions for generated log files, which allowed local users to obtain sensitive information (bsc#935393). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-1318=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1318=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x): rsyslog-debuginfo-8.33.1-3.3.1 rsyslog-debugsource-8.33.1-3.3.1 rsyslog-module-gssapi-8.33.1-3.3.1 rsyslog-module-gssapi-debuginfo-8.33.1-3.3.1 rsyslog-module-mysql-8.33.1-3.3.1 rsyslog-module-mysql-debuginfo-8.33.1-3.3.1 rsyslog-module-pgsql-8.33.1-3.3.1 rsyslog-module-pgsql-debuginfo-8.33.1-3.3.1 rsyslog-module-relp-8.33.1-3.3.1 rsyslog-module-relp-debuginfo-8.33.1-3.3.1 rsyslog-module-snmp-8.33.1-3.3.1 rsyslog-module-snmp-debuginfo-8.33.1-3.3.1 rsyslog-module-udpspoof-8.33.1-3.3.1 rsyslog-module-udpspoof-debuginfo-8.33.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x): rsyslog-8.33.1-3.3.1 rsyslog-debuginfo-8.33.1-3.3.1 rsyslog-debugsource-8.33.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2015-3243.html https://bugzilla.suse.com/935393 From sle-updates at lists.suse.com Thu Jul 12 07:09:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jul 2018 15:09:15 +0200 (CEST) Subject: SUSE-SU-2018:1938-1: important: Security update for java-1_8_0-openjdk Message-ID: <20180712130915.93FC7FCA2@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1938-1 Rating: important References: #1087066 #1090023 #1090024 #1090025 #1090026 #1090027 #1090028 #1090029 #1090030 #1090032 #1090033 Cross-References: CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has one errata is now available. Description: This update for java-1_8_0-openjdk to version 8u171 fixes the following issues: These security issues were fixed: - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries - S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability - S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability - S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability - S8189989, CVE-2018-2798, bsc#1090028: Improve container portability - S8189993, CVE-2018-2799, bsc#1090029: Improve document portability - S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms - S8190478: Improved interface method selection - S8190877: Better handling of abstract classes - S8191696: Better mouse positioning - S8192025, CVE-2018-2814, bsc#1090032: Less referential references - S8192030: Better MTSchema support - S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation - S8193409: Improve AES supporting classes - S8193414: Improvements in MethodType lookups - S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For other changes please consult the changelog. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-1319=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x): java-1_8_0-openjdk-1.8.0.171-3.3.2 java-1_8_0-openjdk-debuginfo-1.8.0.171-3.3.2 java-1_8_0-openjdk-debugsource-1.8.0.171-3.3.2 java-1_8_0-openjdk-demo-1.8.0.171-3.3.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.171-3.3.2 java-1_8_0-openjdk-devel-1.8.0.171-3.3.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.171-3.3.2 java-1_8_0-openjdk-headless-1.8.0.171-3.3.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.171-3.3.2 References: https://www.suse.com/security/cve/CVE-2018-2790.html https://www.suse.com/security/cve/CVE-2018-2794.html https://www.suse.com/security/cve/CVE-2018-2795.html https://www.suse.com/security/cve/CVE-2018-2796.html https://www.suse.com/security/cve/CVE-2018-2797.html https://www.suse.com/security/cve/CVE-2018-2798.html https://www.suse.com/security/cve/CVE-2018-2799.html https://www.suse.com/security/cve/CVE-2018-2800.html https://www.suse.com/security/cve/CVE-2018-2814.html https://www.suse.com/security/cve/CVE-2018-2815.html https://bugzilla.suse.com/1087066 https://bugzilla.suse.com/1090023 https://bugzilla.suse.com/1090024 https://bugzilla.suse.com/1090025 https://bugzilla.suse.com/1090026 https://bugzilla.suse.com/1090027 https://bugzilla.suse.com/1090028 https://bugzilla.suse.com/1090029 https://bugzilla.suse.com/1090030 https://bugzilla.suse.com/1090032 https://bugzilla.suse.com/1090033 From sle-updates at lists.suse.com Thu Jul 12 10:07:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jul 2018 18:07:59 +0200 (CEST) Subject: SUSE-SU-2018:1940-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) Message-ID: <20180712160759.D1A17FCA2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1940-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.103-92_53 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1311=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1311=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_103-92_53-default-7-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_103-92_53-default-7-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Thu Jul 12 10:08:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jul 2018 18:08:42 +0200 (CEST) Subject: SUSE-SU-2018:1937-2: moderate: Security update for rsyslog Message-ID: <20180712160842.B0D54FCA4@maintenance.suse.de> SUSE Security Update: Security update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1937-2 Rating: moderate References: #935393 Cross-References: CVE-2015-3243 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rsyslog fixes the following security issue: - CVE-2015-3243: Prevent weak permissions for generated log files, which allowed local users to obtain sensitive information (bsc#935393). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-1318=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1318=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): rsyslog-debuginfo-8.33.1-3.3.1 rsyslog-debugsource-8.33.1-3.3.1 rsyslog-module-gssapi-8.33.1-3.3.1 rsyslog-module-gssapi-debuginfo-8.33.1-3.3.1 rsyslog-module-mysql-8.33.1-3.3.1 rsyslog-module-mysql-debuginfo-8.33.1-3.3.1 rsyslog-module-pgsql-8.33.1-3.3.1 rsyslog-module-pgsql-debuginfo-8.33.1-3.3.1 rsyslog-module-relp-8.33.1-3.3.1 rsyslog-module-relp-debuginfo-8.33.1-3.3.1 rsyslog-module-snmp-8.33.1-3.3.1 rsyslog-module-snmp-debuginfo-8.33.1-3.3.1 rsyslog-module-udpspoof-8.33.1-3.3.1 rsyslog-module-udpspoof-debuginfo-8.33.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): rsyslog-8.33.1-3.3.1 rsyslog-debuginfo-8.33.1-3.3.1 rsyslog-debugsource-8.33.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2015-3243.html https://bugzilla.suse.com/935393 From sle-updates at lists.suse.com Thu Jul 12 10:09:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jul 2018 18:09:15 +0200 (CEST) Subject: SUSE-RU-2018:1941-1: moderate: Recommended update for geoclue2 Message-ID: <20180712160915.49E18FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for geoclue2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1941-1 Rating: moderate References: #1051612 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for geoclue2 provides the following fix: - Backport some upstream fixes to improve network availability detection in order to get automatic timezone switch to work properly. (bsc#1051612) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1320=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1320=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1320=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): geoclue2-debuginfo-2.4.3-9.3.3 geoclue2-debugsource-2.4.3-9.3.3 typelib-1_0-Geoclue-2_0-2.4.3-9.3.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): geoclue2-2.4.3-9.3.3 geoclue2-debuginfo-2.4.3-9.3.3 geoclue2-debugsource-2.4.3-9.3.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): geoclue2-2.4.3-9.3.3 geoclue2-debuginfo-2.4.3-9.3.3 geoclue2-debugsource-2.4.3-9.3.3 typelib-1_0-Geoclue-2_0-2.4.3-9.3.3 References: https://bugzilla.suse.com/1051612 From sle-updates at lists.suse.com Thu Jul 12 10:09:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jul 2018 18:09:52 +0200 (CEST) Subject: SUSE-SU-2018:1942-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP2) Message-ID: <20180712160952.1B7ABFCA2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1942-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.90-92_45 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1313=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1313=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_90-92_45-default-8-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_90-92_45-default-8-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Thu Jul 12 10:10:33 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jul 2018 18:10:33 +0200 (CEST) Subject: SUSE-SU-2018:1938-2: important: Security update for java-1_8_0-openjdk Message-ID: <20180712161033.B0FDEFCA2@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1938-2 Rating: important References: #1087066 #1090023 #1090024 #1090025 #1090026 #1090027 #1090028 #1090029 #1090030 #1090032 #1090033 Cross-References: CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has one errata is now available. Description: This update for java-1_8_0-openjdk to version 8u171 fixes the following issues: These security issues were fixed: - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries - S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability - S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability - S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability - S8189989, CVE-2018-2798, bsc#1090028: Improve container portability - S8189993, CVE-2018-2799, bsc#1090029: Improve document portability - S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms - S8190478: Improved interface method selection - S8190877: Better handling of abstract classes - S8191696: Better mouse positioning - S8192025, CVE-2018-2814, bsc#1090032: Less referential references - S8192030: Better MTSchema support - S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation - S8193409: Improve AES supporting classes - S8193414: Improvements in MethodType lookups - S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For other changes please consult the changelog. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-1319=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15 (x86_64): java-1_8_0-openjdk-1.8.0.171-3.3.2 java-1_8_0-openjdk-debuginfo-1.8.0.171-3.3.2 java-1_8_0-openjdk-debugsource-1.8.0.171-3.3.2 java-1_8_0-openjdk-demo-1.8.0.171-3.3.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.171-3.3.2 java-1_8_0-openjdk-devel-1.8.0.171-3.3.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.171-3.3.2 java-1_8_0-openjdk-headless-1.8.0.171-3.3.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.171-3.3.2 References: https://www.suse.com/security/cve/CVE-2018-2790.html https://www.suse.com/security/cve/CVE-2018-2794.html https://www.suse.com/security/cve/CVE-2018-2795.html https://www.suse.com/security/cve/CVE-2018-2796.html https://www.suse.com/security/cve/CVE-2018-2797.html https://www.suse.com/security/cve/CVE-2018-2798.html https://www.suse.com/security/cve/CVE-2018-2799.html https://www.suse.com/security/cve/CVE-2018-2800.html https://www.suse.com/security/cve/CVE-2018-2814.html https://www.suse.com/security/cve/CVE-2018-2815.html https://bugzilla.suse.com/1087066 https://bugzilla.suse.com/1090023 https://bugzilla.suse.com/1090024 https://bugzilla.suse.com/1090025 https://bugzilla.suse.com/1090026 https://bugzilla.suse.com/1090027 https://bugzilla.suse.com/1090028 https://bugzilla.suse.com/1090029 https://bugzilla.suse.com/1090030 https://bugzilla.suse.com/1090032 https://bugzilla.suse.com/1090033 From sle-updates at lists.suse.com Thu Jul 12 10:12:33 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jul 2018 18:12:33 +0200 (CEST) Subject: SUSE-SU-2018:1943-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) Message-ID: <20180712161233.CED5BFCA2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1943-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.114-92_67 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1310=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1310=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_114-92_67-default-5-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_114-92_67-default-5-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Thu Jul 12 10:13:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jul 2018 18:13:14 +0200 (CEST) Subject: SUSE-SU-2018:1944-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) Message-ID: <20180712161314.56956FCA2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1944-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1312=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1312=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_103-92_56-default-7-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_103-92_56-default-7-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Thu Jul 12 10:13:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jul 2018 18:13:56 +0200 (CEST) Subject: SUSE-SU-2018:1945-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) Message-ID: <20180712161356.CCA3CFCA2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1945-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.114-92_64 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1309=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1309=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_114-92_64-default-5-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_114-92_64-default-5-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Thu Jul 12 10:14:38 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jul 2018 18:14:38 +0200 (CEST) Subject: SUSE-SU-2018:1946-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) Message-ID: <20180712161438.81605FCA2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1946-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.121-92_80 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1315=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1315=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_121-92_80-default-3-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_121-92_80-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Thu Jul 12 10:15:18 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jul 2018 18:15:18 +0200 (CEST) Subject: SUSE-SU-2018:1947-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2) Message-ID: <20180712161518.B4FCDFCA2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1947-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.90-92_50 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1314=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1314=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_90-92_50-default-8-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_90-92_50-default-8-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Thu Jul 12 10:16:00 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jul 2018 18:16:00 +0200 (CEST) Subject: SUSE-SU-2018:1948-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) Message-ID: <20180712161600.0DA4CFCA2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1948-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.120-92_70 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1316=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1316=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_120-92_70-default-4-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_120-92_70-default-4-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Thu Jul 12 10:16:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jul 2018 18:16:41 +0200 (CEST) Subject: SUSE-SU-2018:1936-2: moderate: Security update for php7 Message-ID: <20180712161641.406AFFCA2@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1936-2 Rating: moderate References: #1099098 Cross-References: CVE-2018-12882 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2018-1317=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): php7-pear-7.2.5-4.3.1 php7-pear-Archive_Tar-7.2.5-4.3.1 - SUSE Linux Enterprise Module for Web Scripting 15 (x86_64): apache2-mod_php7-7.2.5-4.3.1 apache2-mod_php7-debuginfo-7.2.5-4.3.1 php7-7.2.5-4.3.1 php7-bcmath-7.2.5-4.3.1 php7-bcmath-debuginfo-7.2.5-4.3.1 php7-bz2-7.2.5-4.3.1 php7-bz2-debuginfo-7.2.5-4.3.1 php7-calendar-7.2.5-4.3.1 php7-calendar-debuginfo-7.2.5-4.3.1 php7-ctype-7.2.5-4.3.1 php7-ctype-debuginfo-7.2.5-4.3.1 php7-curl-7.2.5-4.3.1 php7-curl-debuginfo-7.2.5-4.3.1 php7-dba-7.2.5-4.3.1 php7-dba-debuginfo-7.2.5-4.3.1 php7-debuginfo-7.2.5-4.3.1 php7-debugsource-7.2.5-4.3.1 php7-devel-7.2.5-4.3.1 php7-dom-7.2.5-4.3.1 php7-dom-debuginfo-7.2.5-4.3.1 php7-enchant-7.2.5-4.3.1 php7-enchant-debuginfo-7.2.5-4.3.1 php7-exif-7.2.5-4.3.1 php7-exif-debuginfo-7.2.5-4.3.1 php7-fastcgi-7.2.5-4.3.1 php7-fastcgi-debuginfo-7.2.5-4.3.1 php7-fileinfo-7.2.5-4.3.1 php7-fileinfo-debuginfo-7.2.5-4.3.1 php7-fpm-7.2.5-4.3.1 php7-fpm-debuginfo-7.2.5-4.3.1 php7-ftp-7.2.5-4.3.1 php7-ftp-debuginfo-7.2.5-4.3.1 php7-gd-7.2.5-4.3.1 php7-gd-debuginfo-7.2.5-4.3.1 php7-gettext-7.2.5-4.3.1 php7-gettext-debuginfo-7.2.5-4.3.1 php7-gmp-7.2.5-4.3.1 php7-gmp-debuginfo-7.2.5-4.3.1 php7-iconv-7.2.5-4.3.1 php7-iconv-debuginfo-7.2.5-4.3.1 php7-intl-7.2.5-4.3.1 php7-intl-debuginfo-7.2.5-4.3.1 php7-json-7.2.5-4.3.1 php7-json-debuginfo-7.2.5-4.3.1 php7-ldap-7.2.5-4.3.1 php7-ldap-debuginfo-7.2.5-4.3.1 php7-mbstring-7.2.5-4.3.1 php7-mbstring-debuginfo-7.2.5-4.3.1 php7-mysql-7.2.5-4.3.1 php7-mysql-debuginfo-7.2.5-4.3.1 php7-odbc-7.2.5-4.3.1 php7-odbc-debuginfo-7.2.5-4.3.1 php7-opcache-7.2.5-4.3.1 php7-opcache-debuginfo-7.2.5-4.3.1 php7-openssl-7.2.5-4.3.1 php7-openssl-debuginfo-7.2.5-4.3.1 php7-pcntl-7.2.5-4.3.1 php7-pcntl-debuginfo-7.2.5-4.3.1 php7-pdo-7.2.5-4.3.1 php7-pdo-debuginfo-7.2.5-4.3.1 php7-pgsql-7.2.5-4.3.1 php7-pgsql-debuginfo-7.2.5-4.3.1 php7-phar-7.2.5-4.3.1 php7-phar-debuginfo-7.2.5-4.3.1 php7-posix-7.2.5-4.3.1 php7-posix-debuginfo-7.2.5-4.3.1 php7-shmop-7.2.5-4.3.1 php7-shmop-debuginfo-7.2.5-4.3.1 php7-snmp-7.2.5-4.3.1 php7-snmp-debuginfo-7.2.5-4.3.1 php7-soap-7.2.5-4.3.1 php7-soap-debuginfo-7.2.5-4.3.1 php7-sockets-7.2.5-4.3.1 php7-sockets-debuginfo-7.2.5-4.3.1 php7-sqlite-7.2.5-4.3.1 php7-sqlite-debuginfo-7.2.5-4.3.1 php7-sysvmsg-7.2.5-4.3.1 php7-sysvmsg-debuginfo-7.2.5-4.3.1 php7-sysvsem-7.2.5-4.3.1 php7-sysvsem-debuginfo-7.2.5-4.3.1 php7-sysvshm-7.2.5-4.3.1 php7-sysvshm-debuginfo-7.2.5-4.3.1 php7-tokenizer-7.2.5-4.3.1 php7-tokenizer-debuginfo-7.2.5-4.3.1 php7-wddx-7.2.5-4.3.1 php7-wddx-debuginfo-7.2.5-4.3.1 php7-xmlreader-7.2.5-4.3.1 php7-xmlreader-debuginfo-7.2.5-4.3.1 php7-xmlrpc-7.2.5-4.3.1 php7-xmlrpc-debuginfo-7.2.5-4.3.1 php7-xmlwriter-7.2.5-4.3.1 php7-xmlwriter-debuginfo-7.2.5-4.3.1 php7-xsl-7.2.5-4.3.1 php7-xsl-debuginfo-7.2.5-4.3.1 php7-zip-7.2.5-4.3.1 php7-zip-debuginfo-7.2.5-4.3.1 php7-zlib-7.2.5-4.3.1 php7-zlib-debuginfo-7.2.5-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-12882.html https://bugzilla.suse.com/1099098 From sle-updates at lists.suse.com Fri Jul 13 07:14:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Jul 2018 15:14:19 +0200 (CEST) Subject: SUSE-SU-2018:1949-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) Message-ID: <20180713131419.2C186FCA4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1949-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.121-92_73 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1321=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1321=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_121-92_73-default-3-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_121-92_73-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 13 07:15:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Jul 2018 15:15:04 +0200 (CEST) Subject: SUSE-SU-2018:1950-1: moderate: Security update for gdk-pixbuf Message-ID: <20180713131504.D4E1BFCA2@maintenance.suse.de> SUSE Security Update: Security update for gdk-pixbuf ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1950-1 Rating: moderate References: #1074462 Cross-References: CVE-2017-1000422 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gdk-pixbuf fixes the following security issue: - CVE-2017-1000422: Prevent several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution (bsc#1074462). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1322=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1322=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1322=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gdk-pixbuf-debugsource-2.34.0-19.11.1 gdk-pixbuf-devel-2.34.0-19.11.1 gdk-pixbuf-devel-debuginfo-2.34.0-19.11.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gdk-pixbuf-debugsource-2.34.0-19.11.1 gdk-pixbuf-query-loaders-2.34.0-19.11.1 gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.11.1 libgdk_pixbuf-2_0-0-2.34.0-19.11.1 libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.11.1 typelib-1_0-GdkPixbuf-2_0-2.34.0-19.11.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): gdk-pixbuf-query-loaders-32bit-2.34.0-19.11.1 gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.11.1 libgdk_pixbuf-2_0-0-32bit-2.34.0-19.11.1 libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.11.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): gdk-pixbuf-lang-2.34.0-19.11.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gdk-pixbuf-debugsource-2.34.0-19.11.1 gdk-pixbuf-query-loaders-2.34.0-19.11.1 gdk-pixbuf-query-loaders-32bit-2.34.0-19.11.1 gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.11.1 gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.11.1 libgdk_pixbuf-2_0-0-2.34.0-19.11.1 libgdk_pixbuf-2_0-0-32bit-2.34.0-19.11.1 libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.11.1 libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.11.1 typelib-1_0-GdkPixbuf-2_0-2.34.0-19.11.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gdk-pixbuf-lang-2.34.0-19.11.1 References: https://www.suse.com/security/cve/CVE-2017-1000422.html https://bugzilla.suse.com/1074462 From sle-updates at lists.suse.com Fri Jul 13 07:15:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Jul 2018 15:15:48 +0200 (CEST) Subject: SUSE-SU-2018:1951-1: moderate: Security update for libopenmpt Message-ID: <20180713131548.A5412FCA2@maintenance.suse.de> SUSE Security Update: Security update for libopenmpt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1951-1 Rating: moderate References: #1089080 #1095644 Cross-References: CVE-2018-10017 CVE-2018-11710 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libopenmpt to version 0.3.9 fixes the following issues: These security issues were fixed: - CVE-2018-11710: Prevent write near address 0 in out-of-memory situations when reading AMS files (bsc#1095644) - CVE-2018-10017: Preven out-of-bounds memory read with IT/ITP/MO3 files containing pattern loops (bsc#1089080) These non-security issues were fixed: - [Bug] openmpt123: Fixed build failure in C++17 due to use of removed feature std::random_shuffle. - STM: Having both Bxx and Cxx commands in a pattern imported the Bxx command incorrectly. - STM: Last character of sample name was missing. - Speed up reading of truncated ULT files. - ULT: Portamento import was sometimes broken. - The resonant filter was sometimes unstable when combining low-volume samples, low cutoff and high mixing rates. - Keep track of active SFx macro during seeking. - The "note cut" duplicate note action did not volume-ramp the previously playing sample. - A song starting with non-existing patterns could not be played. - DSM: Support restart position and 16-bit samples. - DTM: Import global volume. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1323=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libmodplug-devel-0.3.9-3.3.1 libmodplug1-0.3.9-3.3.1 libmodplug1-debuginfo-0.3.9-3.3.1 libopenmpt-debugsource-0.3.9-3.3.1 libopenmpt-devel-0.3.9-3.3.1 libopenmpt0-0.3.9-3.3.1 libopenmpt0-debuginfo-0.3.9-3.3.1 libopenmpt_modplug1-0.3.9-3.3.1 libopenmpt_modplug1-debuginfo-0.3.9-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-10017.html https://www.suse.com/security/cve/CVE-2018-11710.html https://bugzilla.suse.com/1089080 https://bugzilla.suse.com/1095644 From sle-updates at lists.suse.com Fri Jul 13 10:07:55 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Jul 2018 18:07:55 +0200 (CEST) Subject: SUSE-SU-2018:1952-1: moderate: Initial update for kernel-azure Message-ID: <20180713160755.8A282FCA4@maintenance.suse.de> SUSE Security Update: Initial update for kernel-azure ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1952-1 Rating: moderate References: #1094420 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update is the initial delivery of the Azure flavor of the Linux Kernel, which contains enhancements and optimizations for running the SUSE Linux Enterprise kernel in the Azure cloud. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-1324=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2018-1324=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1324=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-1324=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le x86_64): dpdk-17.11.2-3.2.1 dpdk-debuginfo-17.11.2-3.2.1 dpdk-debugsource-17.11.2-3.2.1 dpdk-devel-17.11.2-3.2.1 dpdk-devel-debuginfo-17.11.2-3.2.1 dpdk-kmp-default-17.11.2_k4.12.14_23-3.2.1 dpdk-kmp-default-debuginfo-17.11.2_k4.12.14_23-3.2.1 dpdk-tools-17.11.2-3.2.1 dpdk-tools-debuginfo-17.11.2-3.2.1 libdpdk-17_11-0-17.11.2-3.2.1 libdpdk-17_11-0-debuginfo-17.11.2-3.2.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64): dpdk-thunderx-17.11.2-3.2.1 dpdk-thunderx-debuginfo-17.11.2-3.2.1 dpdk-thunderx-debugsource-17.11.2-3.2.1 dpdk-thunderx-devel-17.11.2-3.2.1 dpdk-thunderx-devel-debuginfo-17.11.2-3.2.1 dpdk-thunderx-kmp-default-17.11.2_k4.12.14_23-3.2.1 dpdk-thunderx-kmp-default-debuginfo-17.11.2_k4.12.14_23-3.2.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): kernel-devel-azure-4.12.14-5.5.1 kernel-source-azure-4.12.14-5.5.1 - SUSE Linux Enterprise Module for Public Cloud 15 (x86_64): kernel-azure-4.12.14-5.5.1 kernel-azure-base-4.12.14-5.5.1 kernel-azure-base-debuginfo-4.12.14-5.5.1 kernel-azure-debuginfo-4.12.14-5.5.1 kernel-azure-devel-4.12.14-5.5.1 kernel-syms-azure-4.12.14-5.5.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): crash-7.2.1-3.2.1 crash-debuginfo-7.2.1-3.2.1 crash-debugsource-7.2.1-3.2.1 crash-devel-7.2.1-3.2.1 crash-kmp-default-7.2.1_k4.12.14_23-3.2.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_23-3.2.1 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): lttng-modules-2.10.0-5.2.1 lttng-modules-debugsource-2.10.0-5.2.1 lttng-modules-kmp-default-2.10.0_k4.12.14_23-5.2.1 lttng-modules-kmp-default-debuginfo-2.10.0_k4.12.14_23-5.2.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): drbd-9.0.13+git.b83ade31-3.2.1 drbd-debugsource-9.0.13+git.b83ade31-3.2.1 drbd-kmp-default-9.0.13+git.b83ade31_k4.12.14_23-3.2.1 drbd-kmp-default-debuginfo-9.0.13+git.b83ade31_k4.12.14_23-3.2.1 References: https://bugzilla.suse.com/1094420 From sle-updates at lists.suse.com Mon Jul 16 04:10:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Jul 2018 12:10:24 +0200 (CEST) Subject: SUSE-SU-2018:1968-1: moderate: Security update for openssl Message-ID: <20180716101024.D5025FCA4@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1968-1 Rating: moderate References: #1097158 #1097624 #1098592 Cross-References: CVE-2018-0732 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1325=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1325=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libopenssl1_0_0-1.0.1i-54.14.1 libopenssl1_0_0-debuginfo-1.0.1i-54.14.1 libopenssl1_0_0-hmac-1.0.1i-54.14.1 openssl-1.0.1i-54.14.1 openssl-debuginfo-1.0.1i-54.14.1 openssl-debugsource-1.0.1i-54.14.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libopenssl1_0_0-32bit-1.0.1i-54.14.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.14.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.14.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): openssl-doc-1.0.1i-54.14.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-54.14.1 libopenssl1_0_0-debuginfo-1.0.1i-54.14.1 libopenssl1_0_0-hmac-1.0.1i-54.14.1 openssl-1.0.1i-54.14.1 openssl-debuginfo-1.0.1i-54.14.1 openssl-debugsource-1.0.1i-54.14.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-54.14.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.14.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.14.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): openssl-doc-1.0.1i-54.14.1 References: https://www.suse.com/security/cve/CVE-2018-0732.html https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1097624 https://bugzilla.suse.com/1098592 From sle-updates at lists.suse.com Mon Jul 16 10:07:55 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Jul 2018 18:07:55 +0200 (CEST) Subject: SUSE-RU-2018:1929-2: moderate: Recommended update for SUSE Manager Server 3.1 Message-ID: <20180716160755.C5090FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 3.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1929-2 Rating: moderate References: #1029726 #1039043 #1041134 #1075014 #1076931 #1079605 #1084128 #1084863 #1085464 #1085484 #1085516 #1086335 #1089185 #1089526 #1089571 #1090224 #1090664 #1092940 #1093381 #1093825 #1094190 #1094524 #1094530 #1094543 #1094578 #1094986 #1095210 #1095211 #1096009 #1096056 #1096511 #1096514 #1096747 #1097145 #1097615 #1097676 #1097699 #1097733 #1098225 #1099311 #1099934 Affected Products: SUSE Manager Server 3.1 ______________________________________________________________________________ An update that has 41 recommended fixes can now be installed. Description: This update provides the following fixes and improvements for SUSE Manager Server 3.1: cobbler: - Do not try to hardlink to a symlink. The result will be a dangling symlink in the general case. (bsc#1097733) - Fix signature for SLES15. (bsc#1075014) nutch: - Fix nutch log level. (bsc#1097145) spacecmd: - Add option to set cleanup type for system_delete. (bsc#1094190) spacewalk-backend: - Fix truncated result message of server actions. (bsc#1039043) - Do not copy 'foreign_entitlement' from virtual host to the registered guest. (bsc#1093381) spacewalk-java: - Improve cve-server-channels Taskomatic task's performance. (bsc#1094524) - Increase the default number of Quartz worker threads. (bsc#1096511) - Do not break backward compatibility on package installation/removal. (bsc#1096514) - proxyClients missing csrf token and paginations. (bsc#1098225) - Fix cleaning up tasks when starting up taskomatic. (bsc#1095210) - Fix truncated result message of server actions. (bsc#1039043) - Add missing result fields for errata query. (bsc#1097615) - Improve gatherer-matcher Taskomatic task's performance. (bsc#1094524) - Fix hardware refresh with multiple IPs on a network interface. (bsc#1041134) - Fix NPE in image pages when showing containers with non-SUSE distros. (bsc#1097676) - Do not log when received 'docker://' prefix from Kubernetes clusters. - Add new 'upgrade_satellite_refresh_custom_sls_files' task to refresh custom SLS files generated for minions. (bsc#1094543) - Fix limit naming of action chain. (bsc#1086335) - Specify old udev name as alternative when parsing hw results. - Fix detection of a xen virtualization host. (bsc#1096056) - Disallow colons in image labels. (bsc#1092940) - Fix registration of RHEL clients when multiple release packages are installed. (bsc#1076931) - Show chain of proxies correctly. (bsc#1084128) - Make mass-canceling of Actions faster. (bsc#1095211) - Show only directly connected systems for Proxy. (bsc#1094986) - Generate pillar after changeing gpg_check flag. (bsc#1079605) - Enable all TLS version for HTTPS connections. (bsc#1094530) - Added 404 handling inside the Spark framework. (bsc#1029726) - Allow multi selection/deletion of notification messages. - Honor user timezone setting for system overview dates. (bsc#1085516) - Schedule only one action when changing channel assignment for a group of servers on SSM. - Fix minion software profile to allow multiple installed versions for the same package name. (bsc#1089526) - Add API functions to specify system cleanup type when deleting a system. (bsc#1094190) - Change default cleanup type for XMLRPC API to NO_CLEANUP. (bsc#1094190) - Take organization into account when looking up for an erratum. (bsc#1089185) spacewalk-utils: - Add an ability to specify admin credentials in settings.conf. (bsc#1085484) spacewalk-web: - Avoid ISE when unsubscribing channels in SSM. (bsc#1094578) - Show feedback on button clicked. (bsc#1085464) - Fix typo in 'Installed Products' label in image overview page. - Disallow colons in image labels. (bsc#1092940) - Show chain of proxies correctly. (bsc#1084128) - Fix cve search box. (bsc#1089571) - Fix on UI content observer. (bsc#1084863) - Allow multi selection/deletion of notification messages. - Disable toggler if no recommended channels. (bsc#1090224) - Implemented new 404 page in react. (bsc#1029726) - Improve the gulpfile watch mode performance. (bsc#1096747) susemanager: - Fix mgr-create-bootstrap-repo with custom channels. (bsc#1099934) - Add python-pyudev to bootstrap repo. (bsc#1099311) susemanager-frontend-libs: - Update susemanager-nodejs-sdk-devel to 1.0.2. (bsc#1096747) susemanager-schema: - Fix truncated result message of server actions. (bsc#1039043) - Fix config channels state revision inconsistency after migration. (bsc#1094543) - Fix issue with "suse_img_repodigest_idx" index if multiple image tags. (bsc#1090664) susemanager-sls: - Use custom Salt capabilities to prevent breaking backward compatibility. (bsc#1096514) - Do not install 'python-salt' on container build hosts with older Salt versions. (bsc#1097699) - Fix bootstrap error when removing traditional stack. (bsc#1096009) - Fix migration from traditional stack to salt registration. (bsc#1093825) - Update profileupdate.sls to report all versions installed. (bsc#1089526) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-1300=1 Package List: - SUSE Manager Server 3.1 (ppc64le): susemanager-3.1.15-2.23.1 susemanager-tools-3.1.15-2.23.1 - SUSE Manager Server 3.1 (noarch): cobbler-2.6.6-5.14.1 nutch-1.0-0.9.11.1 spacecmd-2.7.8.11-2.20.1 spacewalk-backend-2.7.73.14-2.23.1 spacewalk-backend-app-2.7.73.14-2.23.1 spacewalk-backend-applet-2.7.73.14-2.23.1 spacewalk-backend-config-files-2.7.73.14-2.23.1 spacewalk-backend-config-files-common-2.7.73.14-2.23.1 spacewalk-backend-config-files-tool-2.7.73.14-2.23.1 spacewalk-backend-iss-2.7.73.14-2.23.1 spacewalk-backend-iss-export-2.7.73.14-2.23.1 spacewalk-backend-libs-2.7.73.14-2.23.1 spacewalk-backend-package-push-server-2.7.73.14-2.23.1 spacewalk-backend-server-2.7.73.14-2.23.1 spacewalk-backend-sql-2.7.73.14-2.23.1 spacewalk-backend-sql-oracle-2.7.73.14-2.23.1 spacewalk-backend-sql-postgresql-2.7.73.14-2.23.1 spacewalk-backend-tools-2.7.73.14-2.23.1 spacewalk-backend-xml-export-libs-2.7.73.14-2.23.1 spacewalk-backend-xmlrpc-2.7.73.14-2.23.1 spacewalk-base-2.7.1.17-2.23.1 spacewalk-base-minimal-2.7.1.17-2.23.1 spacewalk-base-minimal-config-2.7.1.17-2.23.1 spacewalk-html-2.7.1.17-2.23.1 spacewalk-java-2.7.46.15-2.29.1 spacewalk-java-config-2.7.46.15-2.29.1 spacewalk-java-lib-2.7.46.15-2.29.1 spacewalk-java-oracle-2.7.46.15-2.29.1 spacewalk-java-postgresql-2.7.46.15-2.29.1 spacewalk-taskomatic-2.7.46.15-2.29.1 spacewalk-utils-2.7.10.8-2.14.1 susemanager-frontend-libs-3.1.2-3.7.1 susemanager-schema-3.1.18-2.27.1 susemanager-sls-3.1.18-2.27.1 References: https://bugzilla.suse.com/1029726 https://bugzilla.suse.com/1039043 https://bugzilla.suse.com/1041134 https://bugzilla.suse.com/1075014 https://bugzilla.suse.com/1076931 https://bugzilla.suse.com/1079605 https://bugzilla.suse.com/1084128 https://bugzilla.suse.com/1084863 https://bugzilla.suse.com/1085464 https://bugzilla.suse.com/1085484 https://bugzilla.suse.com/1085516 https://bugzilla.suse.com/1086335 https://bugzilla.suse.com/1089185 https://bugzilla.suse.com/1089526 https://bugzilla.suse.com/1089571 https://bugzilla.suse.com/1090224 https://bugzilla.suse.com/1090664 https://bugzilla.suse.com/1092940 https://bugzilla.suse.com/1093381 https://bugzilla.suse.com/1093825 https://bugzilla.suse.com/1094190 https://bugzilla.suse.com/1094524 https://bugzilla.suse.com/1094530 https://bugzilla.suse.com/1094543 https://bugzilla.suse.com/1094578 https://bugzilla.suse.com/1094986 https://bugzilla.suse.com/1095210 https://bugzilla.suse.com/1095211 https://bugzilla.suse.com/1096009 https://bugzilla.suse.com/1096056 https://bugzilla.suse.com/1096511 https://bugzilla.suse.com/1096514 https://bugzilla.suse.com/1096747 https://bugzilla.suse.com/1097145 https://bugzilla.suse.com/1097615 https://bugzilla.suse.com/1097676 https://bugzilla.suse.com/1097699 https://bugzilla.suse.com/1097733 https://bugzilla.suse.com/1098225 https://bugzilla.suse.com/1099311 https://bugzilla.suse.com/1099934 From sle-updates at lists.suse.com Mon Jul 16 10:15:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Jul 2018 18:15:16 +0200 (CEST) Subject: SUSE-RU-2018:1933-2: moderate: Recommended update for SUSE Manager Proxy 3.1 Message-ID: <20180716161516.4F4CFFD85@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1933-2 Rating: moderate References: #1029726 #1039043 #1084128 #1084863 #1085464 #1089571 #1090224 #1092940 #1093381 #1094578 #1096747 Affected Products: SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update provides the following fixes and improvements for SUSE Manager Server 3.1: spacewalk-backend: - Fix truncated result message of server actions. (bsc#1039043) - Do not copy 'foreign_entitlement' from virtual host to the registered guest. (bsc#1093381) spacewalk-web: - Avoid ISE when unsubscribing channels in SSM. (bsc#1094578) - Show feedback on button clicked. (bsc#1085464) - Fix typo in 'Installed Products' label in image overview page. - Disallow colons in image labels. (bsc#1092940) - Show chain of proxies correctly. (bsc#1084128) - Fix cve search box. (bsc#1089571) - Fix on UI content observer. (bsc#1084863) - Allow multi selection/deletion of notification messages. - Disable toggler if no recommended channels. (bsc#1090224) - Implemented new 404 page in react. (bsc#1029726) - Improve the gulpfile watch mode performance. (bsc#1096747) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-1300=1 Package List: - SUSE Manager Proxy 3.1 (noarch): spacewalk-backend-2.7.73.14-2.23.1 spacewalk-backend-libs-2.7.73.14-2.23.1 spacewalk-base-minimal-2.7.1.17-2.23.1 spacewalk-base-minimal-config-2.7.1.17-2.23.1 References: https://bugzilla.suse.com/1029726 https://bugzilla.suse.com/1039043 https://bugzilla.suse.com/1084128 https://bugzilla.suse.com/1084863 https://bugzilla.suse.com/1085464 https://bugzilla.suse.com/1089571 https://bugzilla.suse.com/1090224 https://bugzilla.suse.com/1092940 https://bugzilla.suse.com/1093381 https://bugzilla.suse.com/1094578 https://bugzilla.suse.com/1096747 From sle-updates at lists.suse.com Tue Jul 17 04:11:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jul 2018 12:11:43 +0200 (CEST) Subject: SUSE-RU-2018:1970-1: moderate: Recommended update for bind Message-ID: <20180717101143.7FCF2FD8B@maintenance.suse.de> SUSE Recommended Update: Recommended update for bind ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1970-1 Rating: moderate References: #901577 #965748 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for bind provides the following fix: - Fixed ldapdump to use a temporary pseudo nameserver that conforms to BIND's expected syntax. Prior versions would not work correctly with an LDAP backed DNS server. (bsc#965748) - Add SPF records in dnszone-schema file. (bsc#901577) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-1333=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1333=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): bind-9.11.2-12.5.1 bind-chrootenv-9.11.2-12.5.1 bind-debuginfo-9.11.2-12.5.1 bind-debugsource-9.11.2-12.5.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): bind-doc-9.11.2-12.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.11.2-12.5.1 bind-debugsource-9.11.2-12.5.1 bind-devel-9.11.2-12.5.1 bind-utils-9.11.2-12.5.1 bind-utils-debuginfo-9.11.2-12.5.1 libbind9-160-9.11.2-12.5.1 libbind9-160-debuginfo-9.11.2-12.5.1 libdns169-9.11.2-12.5.1 libdns169-debuginfo-9.11.2-12.5.1 libirs-devel-9.11.2-12.5.1 libirs160-9.11.2-12.5.1 libirs160-debuginfo-9.11.2-12.5.1 libisc166-9.11.2-12.5.1 libisc166-debuginfo-9.11.2-12.5.1 libisccc160-9.11.2-12.5.1 libisccc160-debuginfo-9.11.2-12.5.1 libisccfg160-9.11.2-12.5.1 libisccfg160-debuginfo-9.11.2-12.5.1 liblwres160-9.11.2-12.5.1 liblwres160-debuginfo-9.11.2-12.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): python3-bind-9.11.2-12.5.1 References: https://bugzilla.suse.com/901577 https://bugzilla.suse.com/965748 From sle-updates at lists.suse.com Tue Jul 17 04:12:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jul 2018 12:12:35 +0200 (CEST) Subject: SUSE-SU-2018:1971-1: important: Security update for python-paramiko Message-ID: <20180717101235.C5E94FD87@maintenance.suse.de> SUSE Security Update: Security update for python-paramiko ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1971-1 Rating: important References: #1085276 Cross-References: CVE-2018-7750 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-paramiko fixes the following issues: - CVE-2018-7750: transport.py in the SSH server implementation of Paramiko did not properly check whether authentication is completed processing other requests. A customized SSH client could have skipped the authentication step (bsc#1085276) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-1329=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-paramiko-1.15.2-2.9.1 References: https://www.suse.com/security/cve/CVE-2018-7750.html https://bugzilla.suse.com/1085276 From sle-updates at lists.suse.com Tue Jul 17 04:13:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jul 2018 12:13:13 +0200 (CEST) Subject: SUSE-SU-2018:1972-1: important: Security update for perl Message-ID: <20180717101313.EC263FD8B@maintenance.suse.de> SUSE Security Update: Security update for perl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1972-1 Rating: important References: #1068565 #1082216 #1082233 #1082234 #1096718 Cross-References: CVE-2018-12015 CVE-2018-6797 CVE-2018-6798 CVE-2018-6913 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for perl fixes the following issues: These security issue were fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). - CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234). - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) This non-security issue was fixed: - fix debugger crash in tab completion with Term::ReadLine::Gnu [bsc#1068565] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1328=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1328=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1328=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1328=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1328=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1328=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1328=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1328=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1328=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1328=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): perl-32bit-5.18.2-12.14.1 perl-5.18.2-12.14.1 perl-base-5.18.2-12.14.1 perl-base-debuginfo-5.18.2-12.14.1 perl-debuginfo-32bit-5.18.2-12.14.1 perl-debuginfo-5.18.2-12.14.1 perl-debugsource-5.18.2-12.14.1 - SUSE OpenStack Cloud 7 (noarch): perl-doc-5.18.2-12.14.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): perl-5.18.2-12.14.1 perl-base-5.18.2-12.14.1 perl-base-debuginfo-5.18.2-12.14.1 perl-debuginfo-5.18.2-12.14.1 perl-debugsource-5.18.2-12.14.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): perl-32bit-5.18.2-12.14.1 perl-debuginfo-32bit-5.18.2-12.14.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): perl-doc-5.18.2-12.14.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): perl-5.18.2-12.14.1 perl-base-5.18.2-12.14.1 perl-base-debuginfo-5.18.2-12.14.1 perl-debuginfo-5.18.2-12.14.1 perl-debugsource-5.18.2-12.14.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): perl-32bit-5.18.2-12.14.1 perl-debuginfo-32bit-5.18.2-12.14.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): perl-doc-5.18.2-12.14.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): perl-5.18.2-12.14.1 perl-base-5.18.2-12.14.1 perl-base-debuginfo-5.18.2-12.14.1 perl-debuginfo-5.18.2-12.14.1 perl-debugsource-5.18.2-12.14.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): perl-32bit-5.18.2-12.14.1 perl-debuginfo-32bit-5.18.2-12.14.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): perl-doc-5.18.2-12.14.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): perl-5.18.2-12.14.1 perl-base-5.18.2-12.14.1 perl-base-debuginfo-5.18.2-12.14.1 perl-debuginfo-5.18.2-12.14.1 perl-debugsource-5.18.2-12.14.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): perl-32bit-5.18.2-12.14.1 perl-debuginfo-32bit-5.18.2-12.14.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): perl-doc-5.18.2-12.14.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): perl-5.18.2-12.14.1 perl-base-5.18.2-12.14.1 perl-base-debuginfo-5.18.2-12.14.1 perl-debuginfo-5.18.2-12.14.1 perl-debugsource-5.18.2-12.14.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): perl-32bit-5.18.2-12.14.1 perl-debuginfo-32bit-5.18.2-12.14.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): perl-doc-5.18.2-12.14.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): perl-5.18.2-12.14.1 perl-base-5.18.2-12.14.1 perl-base-debuginfo-5.18.2-12.14.1 perl-debuginfo-5.18.2-12.14.1 perl-debugsource-5.18.2-12.14.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): perl-32bit-5.18.2-12.14.1 perl-debuginfo-32bit-5.18.2-12.14.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): perl-doc-5.18.2-12.14.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): perl-doc-5.18.2-12.14.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): perl-32bit-5.18.2-12.14.1 perl-5.18.2-12.14.1 perl-base-5.18.2-12.14.1 perl-base-debuginfo-5.18.2-12.14.1 perl-debuginfo-32bit-5.18.2-12.14.1 perl-debuginfo-5.18.2-12.14.1 perl-debugsource-5.18.2-12.14.1 - SUSE Enterprise Storage 4 (noarch): perl-doc-5.18.2-12.14.1 - SUSE Enterprise Storage 4 (x86_64): perl-32bit-5.18.2-12.14.1 perl-5.18.2-12.14.1 perl-base-5.18.2-12.14.1 perl-base-debuginfo-5.18.2-12.14.1 perl-debuginfo-32bit-5.18.2-12.14.1 perl-debuginfo-5.18.2-12.14.1 perl-debugsource-5.18.2-12.14.1 - SUSE CaaS Platform ALL (x86_64): perl-5.18.2-12.14.1 perl-base-5.18.2-12.14.1 perl-base-debuginfo-5.18.2-12.14.1 perl-debuginfo-5.18.2-12.14.1 perl-debugsource-5.18.2-12.14.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): perl-5.18.2-12.14.1 perl-base-5.18.2-12.14.1 perl-base-debuginfo-5.18.2-12.14.1 perl-debuginfo-5.18.2-12.14.1 perl-debugsource-5.18.2-12.14.1 References: https://www.suse.com/security/cve/CVE-2018-12015.html https://www.suse.com/security/cve/CVE-2018-6797.html https://www.suse.com/security/cve/CVE-2018-6798.html https://www.suse.com/security/cve/CVE-2018-6913.html https://bugzilla.suse.com/1068565 https://bugzilla.suse.com/1082216 https://bugzilla.suse.com/1082233 https://bugzilla.suse.com/1082234 https://bugzilla.suse.com/1096718 From sle-updates at lists.suse.com Tue Jul 17 04:14:26 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jul 2018 12:14:26 +0200 (CEST) Subject: SUSE-RU-2018:1973-1: moderate: Recommended update for mozilla-nss Message-ID: <20180717101426.CC9F6FD87@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1973-1 Rating: moderate References: #1096515 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mozilla-nss provides the following fixes: - Update to NSS 3.36.4 required by Firefox 60.0.2. (bsc#1096515) - Fix a problem that would cause connections to a server that was recently upgraded to TLS 1.3 to result in a SSL_RX_MALFORMED_SERVER_HELLO error. - Fix a rare bug with PKCS#12 files. - Use relro linker option. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1334=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libfreebl3-3.36.4-3.3.1 libfreebl3-debuginfo-3.36.4-3.3.1 libsoftokn3-3.36.4-3.3.1 libsoftokn3-debuginfo-3.36.4-3.3.1 mozilla-nss-3.36.4-3.3.1 mozilla-nss-certs-3.36.4-3.3.1 mozilla-nss-certs-debuginfo-3.36.4-3.3.1 mozilla-nss-debuginfo-3.36.4-3.3.1 mozilla-nss-debugsource-3.36.4-3.3.1 mozilla-nss-devel-3.36.4-3.3.1 mozilla-nss-sysinit-3.36.4-3.3.1 mozilla-nss-sysinit-debuginfo-3.36.4-3.3.1 mozilla-nss-tools-3.36.4-3.3.1 mozilla-nss-tools-debuginfo-3.36.4-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libfreebl3-32bit-3.36.4-3.3.1 libfreebl3-32bit-debuginfo-3.36.4-3.3.1 libsoftokn3-32bit-3.36.4-3.3.1 libsoftokn3-32bit-debuginfo-3.36.4-3.3.1 mozilla-nss-32bit-3.36.4-3.3.1 mozilla-nss-32bit-debuginfo-3.36.4-3.3.1 mozilla-nss-certs-32bit-3.36.4-3.3.1 mozilla-nss-certs-32bit-debuginfo-3.36.4-3.3.1 References: https://bugzilla.suse.com/1096515 From sle-updates at lists.suse.com Tue Jul 17 04:15:00 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jul 2018 12:15:00 +0200 (CEST) Subject: SUSE-RU-2018:1974-1: moderate: Recommended update for timezone Message-ID: <20180717101500.48370FD87@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1974-1 Rating: moderate References: #1073299 #1093392 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1332=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): timezone-2018e-3.5.1 timezone-debuginfo-2018e-3.5.1 timezone-debugsource-2018e-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): timezone-java-2018e-3.5.1 References: https://bugzilla.suse.com/1073299 https://bugzilla.suse.com/1093392 From sle-updates at lists.suse.com Tue Jul 17 04:15:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jul 2018 12:15:47 +0200 (CEST) Subject: SUSE-RU-2018:1975-1: moderate: Recommended update for yast2-registration Message-ID: <20180717101547.AE0DDFD87@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-registration ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1975-1 Rating: moderate References: #1096813 #1099691 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise INSTALLER 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-registration fixes the following issues: - Use SCC credentials at upgrade when both NCC and SCC credentials are present in the system (bsc#1096813) - Added additional searchkeys to desktop file (fate#321043). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1330=1 - SUSE Linux Enterprise INSTALLER 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2018-1330=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-registration-4.0.42-3.6.1 - SUSE Linux Enterprise INSTALLER 15 (noarch): yast2-registration-4.0.42-3.6.1 References: https://bugzilla.suse.com/1096813 https://bugzilla.suse.com/1099691 From sle-updates at lists.suse.com Tue Jul 17 04:16:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jul 2018 12:16:30 +0200 (CEST) Subject: SUSE-RU-2018:1976-1: moderate: Recommended update for virt-manager Message-ID: <20180717101630.03D0CFD87@maintenance.suse.de> SUSE Recommended Update: Recommended update for virt-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1976-1 Rating: moderate References: #1027942 #1081542 #1081544 #1096819 #1098054 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for virt-manager provides the following fixes: - Fix the "Couldn't find hvm kernel for SUSE tree" error. (bsc#1096819) - Make sure osinfo-query and virt-install detect CaaS Platform 3.0 correctly. (bsc#1098054) - Fix some untranslated text. (bsc#1081544, bsc#1081542) - Backport some missing upstream fixes. (bsc#1027942) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-1331=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (noarch): virt-install-1.5.1-7.3.1 virt-manager-1.5.1-7.3.1 virt-manager-common-1.5.1-7.3.1 References: https://bugzilla.suse.com/1027942 https://bugzilla.suse.com/1081542 https://bugzilla.suse.com/1081544 https://bugzilla.suse.com/1096819 https://bugzilla.suse.com/1098054 From sle-updates at lists.suse.com Tue Jul 17 04:17:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jul 2018 12:17:42 +0200 (CEST) Subject: SUSE-SU-2018:1977-1: moderate: Security update for perl Message-ID: <20180717101742.8ECADFD87@maintenance.suse.de> SUSE Security Update: Security update for perl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1977-1 Rating: moderate References: #1096718 Cross-References: CVE-2018-12015 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl fixes the following issues: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1327=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1327=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (noarch): perl-doc-5.26.1-7.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): perl-5.26.1-7.3.1 perl-base-5.26.1-7.3.1 perl-base-debuginfo-5.26.1-7.3.1 perl-debuginfo-5.26.1-7.3.1 perl-debugsource-5.26.1-7.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): perl-32bit-debuginfo-5.26.1-7.3.1 perl-base-32bit-5.26.1-7.3.1 perl-base-32bit-debuginfo-5.26.1-7.3.1 References: https://www.suse.com/security/cve/CVE-2018-12015.html https://bugzilla.suse.com/1096718 From sle-updates at lists.suse.com Tue Jul 17 07:08:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jul 2018 15:08:08 +0200 (CEST) Subject: SUSE-RU-2018:1978-1: moderate: Recommended update for cloud-netconfig Message-ID: <20180717130808.140B3FD86@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-netconfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1978-1 Rating: moderate References: #1095485 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-netconfig fixes the following issues: - Make interface names in Azure persistent. (bsc#1095485) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2018-1335=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cloud-netconfig-azure-0.7-5.3.1 cloud-netconfig-ec2-0.7-5.3.1 References: https://bugzilla.suse.com/1095485 From sle-updates at lists.suse.com Tue Jul 17 10:08:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jul 2018 18:08:02 +0200 (CEST) Subject: SUSE-RU-2018:1979-1: moderate: Recommended update for zypper-docker Message-ID: <20180717160802.07622FD87@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypper-docker ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1979-1 Rating: moderate References: #1018823 #1022052 #1097442 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for zypper-docker provides version 2.0.0 and brings the following fixes and improvements: - Features + Allow inspection of stopped containers. Using zypper-docker luc,lpc or pchkc on a stopped container is now possible. + Analyze container instead of base image by default. Note: This is a backwards incompatible change. If the base image of a container needs to be analyzed, which was the former default a new --base flag can be used. e.g. zypper-docker pchkc --base - Minor Improvements / Fixes + Add short forms of commands to help section. (bsc#1022052) + Fix bug that caused images not to be removed properly in some cases. + Fix bug that caused lpc command to log to stdout. + Fix bug that caused force flag not to work with zypper-docker images. + Fix zypper-docker ps command. + Fix bug with zypper-docker up/patch --no-recommends. + Fix update behavior when getting a zypper update. - Other + Update and use zypper exit codes. (bsc#1018823) + Support recent version of the docker API. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2018-1336=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): zypper-docker-2.0.0-15.3.2 zypper-docker-debuginfo-2.0.0-15.3.2 zypper-docker-debugsource-2.0.0-15.3.2 References: https://bugzilla.suse.com/1018823 https://bugzilla.suse.com/1022052 https://bugzilla.suse.com/1097442 From sle-updates at lists.suse.com Tue Jul 17 10:08:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jul 2018 18:08:56 +0200 (CEST) Subject: SUSE-RU-2018:1980-1: important: Recommended update for nut Message-ID: <20180717160856.0464CFD87@maintenance.suse.de> SUSE Recommended Update: Recommended update for nut ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1980-1 Rating: important References: #1063897 #1069988 #1070373 #801542 #907387 #963505 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update of nut to version 2.7.4 brings the following fixes and enhancements (fate#325455): - New class of devices supported: ATS - Automatic Transfer Switch. - NUT command and variable naming scheme changes. - Add support for a wide range of new devices. - snmp-ups improvements. - Eaton: Improvements and fixes of 3ph SNMP, ePDU (G2 and G3) and XML/PDC. - Further fixes and improvements of bcmxcp_usb, dummy-ups, libnutclient, nutdrv_atcl_usb, nutdrv_qx, nut-ipmipsu, solis, tripplitesu, usbhid-ups. - nut-scanner: Do not depend on development libraries. (bsc#963505) - Improve SSL support through Mozilla NSS, Augeas support. - Fixed UPower device matching in recent kernels. - nut-server.service: Restore systemd relationship. (bsc#907387) - Network protocol information change. - Add support for OpenSSL 1.1.0 library, allow TLSv1 and higher (not just TLSv1) and report TLS version used in debug mode level 3 and higher. (bsc#1069988) - No more conflict with apcupsd. (bsc#1070373). - Do not depend on upquote.sty as this makes asciidoc too expensive. (bsc#1063897) - Drop the aspell dependency, as it is only used for verification of the man pages. (fate#323578) - Drop dummy init scripts that are not needed anymore. (bsc#801542#c2) - Fix service files paths. (bsc#907387) - Remove support for FreeDesktop Hardware Abstraction Layer (HAL). - nutdrv_atcl_usb: New driver for 'ATCL FOR UPS'. - al175: Re-introduced this driver. - upsdrvctl now provides retry options for upsdrvctl and drivers. - snmp-ups: Add support for XPPC-MIB and Tripp Lite SU10KRT3/1X. Also fix erroneous status in HP/Compaq SNMP MIB (with the most recent HP firmware. - nutdrv_qx: Add new 'fallback' Q1 subdriver, with minimal 'Q1' support. Also add general improvements on all subdrivers. - Fix path to upsdrvctl. (bsc#907387) For a complete list of changes, see the NEWS and UPGRADING files in /usr/share/doc/packages/nut. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1337=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1337=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): nut-cgi-2.7.4-6.3.3 nut-cgi-debuginfo-2.7.4-6.3.3 nut-debuginfo-2.7.4-6.3.3 nut-debugsource-2.7.4-6.3.3 nut-devel-2.7.4-6.3.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libupsclient1-2.7.4-6.3.3 libupsclient1-debuginfo-2.7.4-6.3.3 nut-2.7.4-6.3.3 nut-debuginfo-2.7.4-6.3.3 nut-debugsource-2.7.4-6.3.3 nut-drivers-net-2.7.4-6.3.3 nut-drivers-net-debuginfo-2.7.4-6.3.3 References: https://bugzilla.suse.com/1063897 https://bugzilla.suse.com/1069988 https://bugzilla.suse.com/1070373 https://bugzilla.suse.com/801542 https://bugzilla.suse.com/907387 https://bugzilla.suse.com/963505 From sle-updates at lists.suse.com Tue Jul 17 13:07:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jul 2018 21:07:52 +0200 (CEST) Subject: SUSE-SU-2018:1981-1: important: Security update for xen Message-ID: <20180717190752.C1AA0FD82@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1981-1 Rating: important References: #1027519 #1079730 #1087289 #1095242 #1097521 #1097522 #1097523 #1098403 Cross-References: CVE-2018-12891 CVE-2018-12892 CVE-2018-12893 CVE-2018-3665 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has four fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242). - CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521). - CVE-2018-12892: Fix libxl to honour the readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523). - CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522). Bug fixes: - bsc#1027519: Add upstream patches from January. - bsc#1098403: Fix regression introduced by changes for bsc#1079730. A PV domU without qcow2 and/or vfb has no qemu attached. Ignore QMP errors for PV domUs to handle PV domUs with and without an attached qemu-xen. - bsc#1087289: Fix xen scheduler crash. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-1342=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1342=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): xen-4.10.1_06-3.3.1 xen-debugsource-4.10.1_06-3.3.1 xen-devel-4.10.1_06-3.3.1 xen-tools-4.10.1_06-3.3.1 xen-tools-debuginfo-4.10.1_06-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): xen-debugsource-4.10.1_06-3.3.1 xen-libs-4.10.1_06-3.3.1 xen-libs-debuginfo-4.10.1_06-3.3.1 xen-tools-domU-4.10.1_06-3.3.1 xen-tools-domU-debuginfo-4.10.1_06-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-12891.html https://www.suse.com/security/cve/CVE-2018-12892.html https://www.suse.com/security/cve/CVE-2018-12893.html https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1079730 https://bugzilla.suse.com/1087289 https://bugzilla.suse.com/1095242 https://bugzilla.suse.com/1097521 https://bugzilla.suse.com/1097522 https://bugzilla.suse.com/1097523 https://bugzilla.suse.com/1098403 From sle-updates at lists.suse.com Wed Jul 18 07:07:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Jul 2018 15:07:56 +0200 (CEST) Subject: SUSE-RU-2018:1985-1: moderate: Recommended update for supportutils Message-ID: <20180718130756.F3180FD86@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1985-1 Rating: moderate References: #1043311 #1046681 #1051797 #1069457 #1071545 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for supportutils fixes the following issues: - Added only cpu0 with sched_domain info - Added missed sched_domain to blacklist - Blacklisted sched_domain from proc.txt (bsc#1046681) - Added kdumptool calibrate to crash.txt - Added tuned feature OPTION_TUNED tuned.txt (bsc#1071545) - Fixed udev service reference (bsc#1051797) - Fixed device error with sfdisk (bsc#1043311) - Fixed docker package detection (bsc#1069457) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1344=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1344=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): supportutils-3.0-95.15.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): supportutils-3.0-95.15.1 - SUSE CaaS Platform ALL (noarch): supportutils-3.0-95.15.1 References: https://bugzilla.suse.com/1043311 https://bugzilla.suse.com/1046681 https://bugzilla.suse.com/1051797 https://bugzilla.suse.com/1069457 https://bugzilla.suse.com/1071545 From sle-updates at lists.suse.com Wed Jul 18 13:07:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Jul 2018 21:07:56 +0200 (CEST) Subject: SUSE-RU-2018:1986-1: moderate: Recommended update for osinfo-db Message-ID: <20180718190756.5A163FD82@maintenance.suse.de> SUSE Recommended Update: Recommended update for osinfo-db ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1986-1 Rating: moderate References: #1098054 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for osinfo-db provides the following fixes: - Make sure osinfo-query and virt-install detect CaaS Platform 3.0 correctly. (bsc#1098054) - Update database to version 20180612. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1345=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): osinfo-db-20180612-3.3.1 References: https://bugzilla.suse.com/1098054 From sle-updates at lists.suse.com Thu Jul 19 07:08:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 15:08:15 +0200 (CEST) Subject: SUSE-SU-2018:1987-1: moderate: Security update for e2fsprogs Message-ID: <20180719130815.A5476FD84@maintenance.suse.de> SUSE Security Update: Security update for e2fsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1987-1 Rating: moderate References: #1009532 #1038194 #915402 #918346 #960273 Cross-References: CVE-2015-0247 CVE-2015-1572 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for e2fsprogs fixes the following issues: Security issues fixed: - CVE-2015-0247: Fixed couple of heap overflows in e2fsprogs (fsck, dumpe2fs, e2image...) (bsc#915402). - CVE-2015-1572: Fixed potential buffer overflow in closefs() (bsc#918346). Bug fixes: - bsc#1038194: generic/405 test fails with /dev/mapper/thin-vol is inconsistent on ext4 file system. - bsc#1009532: resize2fs hangs when trying to resize a large ext4 file system. - bsc#960273: xfsprogs does not call %{?regenerate_initrd_post}. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1353=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): e2fsprogs-1.43.8-4.3.1 e2fsprogs-debuginfo-1.43.8-4.3.1 e2fsprogs-debugsource-1.43.8-4.3.1 e2fsprogs-devel-1.43.8-4.3.1 libcom_err-devel-1.43.8-4.3.1 libcom_err-devel-static-1.43.8-4.3.1 libcom_err2-1.43.8-4.3.1 libcom_err2-debuginfo-1.43.8-4.3.1 libext2fs-devel-1.43.8-4.3.1 libext2fs-devel-static-1.43.8-4.3.1 libext2fs2-1.43.8-4.3.1 libext2fs2-debuginfo-1.43.8-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): e2fsprogs-32bit-debuginfo-1.43.8-4.3.1 libcom_err2-32bit-1.43.8-4.3.1 libcom_err2-32bit-debuginfo-1.43.8-4.3.1 References: https://www.suse.com/security/cve/CVE-2015-0247.html https://www.suse.com/security/cve/CVE-2015-1572.html https://bugzilla.suse.com/1009532 https://bugzilla.suse.com/1038194 https://bugzilla.suse.com/915402 https://bugzilla.suse.com/918346 https://bugzilla.suse.com/960273 From sle-updates at lists.suse.com Thu Jul 19 07:09:40 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 15:09:40 +0200 (CEST) Subject: SUSE-SU-2018:1988-1: moderate: Security update for wireshark Message-ID: <20180719130940.DCD0CFD83@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1988-1 Rating: moderate References: #1094301 Cross-References: CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11362 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for wireshark fixes vulnerabilities that could be used to trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files (bsc#1094301). This includes: - CVE-2018-11356: DNS dissector crash - CVE-2018-11357: Multiple dissectors could consume excessive memory - CVE-2018-11358: Q.931 dissector crash - CVE-2018-11359: The RRC dissector and other dissectors could crash - CVE-2018-11360: GSM A DTAP dissector crash - CVE-2018-11362: LDSS dissector crash Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1348=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1348=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.7-3.3.4 wireshark-debugsource-2.4.7-3.3.4 wireshark-devel-2.4.7-3.3.4 wireshark-ui-qt-2.4.7-3.3.4 wireshark-ui-qt-debuginfo-2.4.7-3.3.4 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.7-3.3.4 libwireshark9-debuginfo-2.4.7-3.3.4 libwiretap7-2.4.7-3.3.4 libwiretap7-debuginfo-2.4.7-3.3.4 libwscodecs1-2.4.7-3.3.4 libwscodecs1-debuginfo-2.4.7-3.3.4 libwsutil8-2.4.7-3.3.4 libwsutil8-debuginfo-2.4.7-3.3.4 wireshark-2.4.7-3.3.4 wireshark-debuginfo-2.4.7-3.3.4 wireshark-debugsource-2.4.7-3.3.4 References: https://www.suse.com/security/cve/CVE-2018-11356.html https://www.suse.com/security/cve/CVE-2018-11357.html https://www.suse.com/security/cve/CVE-2018-11358.html https://www.suse.com/security/cve/CVE-2018-11359.html https://www.suse.com/security/cve/CVE-2018-11360.html https://www.suse.com/security/cve/CVE-2018-11362.html https://bugzilla.suse.com/1094301 From sle-updates at lists.suse.com Thu Jul 19 07:10:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 15:10:15 +0200 (CEST) Subject: SUSE-SU-2018:1989-1: moderate: Security update for openssh Message-ID: <20180719131015.4F3C3FD83@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1989-1 Rating: moderate References: #1076957 Cross-References: CVE-2016-10708 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssh fixes the following issues: Security issue fixed: - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1352=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1352=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1352=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): openssh-7.2p2-74.19.1 openssh-askpass-gnome-7.2p2-74.19.1 openssh-askpass-gnome-debuginfo-7.2p2-74.19.1 openssh-debuginfo-7.2p2-74.19.1 openssh-debugsource-7.2p2-74.19.1 openssh-fips-7.2p2-74.19.1 openssh-helpers-7.2p2-74.19.1 openssh-helpers-debuginfo-7.2p2-74.19.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): openssh-7.2p2-74.19.1 openssh-askpass-gnome-7.2p2-74.19.1 openssh-askpass-gnome-debuginfo-7.2p2-74.19.1 openssh-debuginfo-7.2p2-74.19.1 openssh-debugsource-7.2p2-74.19.1 openssh-helpers-7.2p2-74.19.1 openssh-helpers-debuginfo-7.2p2-74.19.1 - SUSE CaaS Platform ALL (x86_64): openssh-7.2p2-74.19.1 openssh-debuginfo-7.2p2-74.19.1 openssh-debugsource-7.2p2-74.19.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): openssh-7.2p2-74.19.1 openssh-debuginfo-7.2p2-74.19.1 openssh-debugsource-7.2p2-74.19.1 References: https://www.suse.com/security/cve/CVE-2016-10708.html https://bugzilla.suse.com/1076957 From sle-updates at lists.suse.com Thu Jul 19 07:10:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 15:10:49 +0200 (CEST) Subject: SUSE-SU-2018:1990-1: moderate: Security update for mercurial Message-ID: <20180719131049.03F30FD83@maintenance.suse.de> SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1990-1 Rating: moderate References: #1100353 #1100354 #1100355 Cross-References: CVE-2018-13346 CVE-2018-13347 CVE-2018-13348 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for mercurial fixes the following issues: Security issues fixed: - CVE-2018-13346: Fix mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (bsc#1100354). - CVE-2018-13347: Fix mpatch.c that mishandles integer addition and subtraction (bsc#1100355). - CVE-2018-13348: Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data (bsc#1100353). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1356=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): mercurial-2.8.2-15.13.1 mercurial-debuginfo-2.8.2-15.13.1 mercurial-debugsource-2.8.2-15.13.1 References: https://www.suse.com/security/cve/CVE-2018-13346.html https://www.suse.com/security/cve/CVE-2018-13347.html https://www.suse.com/security/cve/CVE-2018-13348.html https://bugzilla.suse.com/1100353 https://bugzilla.suse.com/1100354 https://bugzilla.suse.com/1100355 From sle-updates at lists.suse.com Thu Jul 19 07:11:39 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 15:11:39 +0200 (CEST) Subject: SUSE-SU-2018:1991-1: moderate: Security update for glibc Message-ID: <20180719131139.7D4E7FD83@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1991-1 Rating: moderate References: #1082318 #1092877 #1094150 #1094154 #1094161 Cross-References: CVE-2017-18269 CVE-2018-11236 CVE-2018-11237 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for glibc fixes the following security issues: - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the copy operation. This may have disclosed information to context-dependent attackers, resulted in a denial of service or code execution (bsc#1094150). - CVE-2018-11236: Prevent integer overflow on 32-bit architectures when processing very long pathname arguments to the realpath function, leading to a stack-based buffer overflow (bsc#1094161). - CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function may have writen data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper (bsc#1092877, bsc#1094154). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1346=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1346=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.26-13.3.1 glibc-debugsource-2.26-13.3.1 glibc-devel-static-2.26-13.3.1 glibc-utils-2.26-13.3.1 glibc-utils-debuginfo-2.26-13.3.1 glibc-utils-src-debugsource-2.26-13.3.1 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): glibc-32bit-debuginfo-2.26-13.3.1 glibc-devel-32bit-2.26-13.3.1 glibc-devel-32bit-debuginfo-2.26-13.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): glibc-2.26-13.3.1 glibc-debuginfo-2.26-13.3.1 glibc-debugsource-2.26-13.3.1 glibc-devel-2.26-13.3.1 glibc-devel-debuginfo-2.26-13.3.1 glibc-extra-2.26-13.3.1 glibc-extra-debuginfo-2.26-13.3.1 glibc-locale-2.26-13.3.1 glibc-locale-debuginfo-2.26-13.3.1 glibc-profile-2.26-13.3.1 nscd-2.26-13.3.1 nscd-debuginfo-2.26-13.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): glibc-32bit-2.26-13.3.1 glibc-32bit-debuginfo-2.26-13.3.1 glibc-locale-32bit-2.26-13.3.1 glibc-locale-32bit-debuginfo-2.26-13.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): glibc-i18ndata-2.26-13.3.1 glibc-info-2.26-13.3.1 References: https://www.suse.com/security/cve/CVE-2017-18269.html https://www.suse.com/security/cve/CVE-2018-11236.html https://www.suse.com/security/cve/CVE-2018-11237.html https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1092877 https://bugzilla.suse.com/1094150 https://bugzilla.suse.com/1094154 https://bugzilla.suse.com/1094161 From sle-updates at lists.suse.com Thu Jul 19 07:12:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 15:12:57 +0200 (CEST) Subject: SUSE-SU-2018:1992-1: moderate: Security update for perl Message-ID: <20180719131257.C9F33FD83@maintenance.suse.de> SUSE Security Update: Security update for perl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1992-1 Rating: moderate References: #1096718 Cross-References: CVE-2018-12015 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl fixes the following issues: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-perl-13695=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-perl-13695=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-perl-13695=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-perl-13695=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-perl-13695=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-perl-13695=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): perl-base-32bit-5.10.0-64.81.13.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-5.10.0-64.81.13.1 perl-Module-Build-0.2808.01-0.81.13.1 perl-Test-Simple-0.72-0.81.13.1 perl-base-5.10.0-64.81.13.1 perl-doc-5.10.0-64.81.13.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): perl-32bit-5.10.0-64.81.13.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): perl-x86-5.10.0-64.81.13.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): perl-5.10.0-64.81.13.1 perl-Module-Build-0.2808.01-0.81.13.1 perl-Test-Simple-0.72-0.81.13.1 perl-base-5.10.0-64.81.13.1 perl-doc-5.10.0-64.81.13.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): perl-32bit-5.10.0-64.81.13.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): perl-5.10.0-64.81.13.1 perl-Module-Build-0.2808.01-0.81.13.1 perl-Test-Simple-0.72-0.81.13.1 perl-base-5.10.0-64.81.13.1 perl-doc-5.10.0-64.81.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-debuginfo-5.10.0-64.81.13.1 perl-debugsource-5.10.0-64.81.13.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): perl-debuginfo-5.10.0-64.81.13.1 perl-debugsource-5.10.0-64.81.13.1 References: https://www.suse.com/security/cve/CVE-2018-12015.html https://bugzilla.suse.com/1096718 From sle-updates at lists.suse.com Thu Jul 19 07:13:33 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 15:13:33 +0200 (CEST) Subject: SUSE-SU-2018:1993-1: moderate: Security update for libgcrypt Message-ID: <20180719131333.08F3DFD83@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1993-1 Rating: moderate References: #1097410 Cross-References: CVE-2018-0495 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libgcrypt fixes the following issue: The following security issue was fixed: - CVE-2018-0495: Fixed a novel side-channel attack, by enabling blinding for ECDSA signatures (bsc#1097410) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1347=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.8.2-6.3.1 libgcrypt-devel-1.8.2-6.3.1 libgcrypt-devel-debuginfo-1.8.2-6.3.1 libgcrypt20-1.8.2-6.3.1 libgcrypt20-debuginfo-1.8.2-6.3.1 libgcrypt20-hmac-1.8.2-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libgcrypt20-32bit-1.8.2-6.3.1 libgcrypt20-32bit-debuginfo-1.8.2-6.3.1 libgcrypt20-hmac-32bit-1.8.2-6.3.1 References: https://www.suse.com/security/cve/CVE-2018-0495.html https://bugzilla.suse.com/1097410 From sle-updates at lists.suse.com Thu Jul 19 07:14:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 15:14:06 +0200 (CEST) Subject: SUSE-SU-2018:1994-1: moderate: Security update for rubygem-sprockets Message-ID: <20180719131406.C1BEEFD83@maintenance.suse.de> SUSE Security Update: Security update for rubygem-sprockets ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1994-1 Rating: moderate References: #1098369 Cross-References: CVE-2018-3760 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-sprockets fixes the following issues: The following security vulnerability was addressed: - CVE-2018-3760: Fixed a path traversal issue in sprockets/server.rb:forbidden_request?(), which allowed remote attackers to read arbitrary files (bsc#1098369) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-1349=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-sprockets-3.7.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-3760.html https://bugzilla.suse.com/1098369 From sle-updates at lists.suse.com Thu Jul 19 07:14:39 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 15:14:39 +0200 (CEST) Subject: SUSE-SU-2018:1995-1: important: Security update for shadow Message-ID: <20180719131439.9D29DFD84@maintenance.suse.de> SUSE Security Update: Security update for shadow ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1995-1 Rating: important References: #1099310 Cross-References: CVE-2016-6252 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for shadow fixes the following issues: - CVE-2016-6252: Fixed incorrect integer handling that could results in a local privilege escalation (bsc#1099310) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1354=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1354=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1354=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): shadow-4.1.5.1-19.8.1 shadow-debuginfo-4.1.5.1-19.8.1 shadow-debugsource-4.1.5.1-19.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): shadow-4.1.5.1-19.8.1 shadow-debuginfo-4.1.5.1-19.8.1 shadow-debugsource-4.1.5.1-19.8.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): shadow-4.1.5.1-19.8.1 shadow-debuginfo-4.1.5.1-19.8.1 shadow-debugsource-4.1.5.1-19.8.1 References: https://www.suse.com/security/cve/CVE-2016-6252.html https://bugzilla.suse.com/1099310 From sle-updates at lists.suse.com Thu Jul 19 07:15:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 15:15:12 +0200 (CEST) Subject: SUSE-SU-2018:1996-1: moderate: Security update for mercurial Message-ID: <20180719131512.48796FD83@maintenance.suse.de> SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1996-1 Rating: moderate References: #1100353 #1100354 #1100355 Cross-References: CVE-2018-13346 CVE-2018-13347 CVE-2018-13348 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for mercurial fixes the following issues: Security issues fixed: - CVE-2018-13346: Fix mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (bsc#1100354). - CVE-2018-13347: Fix mpatch.c that mishandles integer addition and subtraction (bsc#1100355). - CVE-2018-13348: Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data (bsc#1100353). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mercurial-13696=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mercurial-13696=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): mercurial-2.3.2-0.18.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mercurial-debuginfo-2.3.2-0.18.9.1 mercurial-debugsource-2.3.2-0.18.9.1 References: https://www.suse.com/security/cve/CVE-2018-13346.html https://www.suse.com/security/cve/CVE-2018-13347.html https://www.suse.com/security/cve/CVE-2018-13348.html https://bugzilla.suse.com/1100353 https://bugzilla.suse.com/1100354 https://bugzilla.suse.com/1100355 From sle-updates at lists.suse.com Thu Jul 19 07:16:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 15:16:01 +0200 (CEST) Subject: SUSE-SU-2018:1997-1: important: Security update for shadow Message-ID: <20180719131601.2224FFD83@maintenance.suse.de> SUSE Security Update: Security update for shadow ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1997-1 Rating: important References: #1099310 Cross-References: CVE-2016-6252 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for shadow fixes the following issues: - CVE-2016-6252: Incorrect integer handling could results in local privilege escalation (bsc#1099310) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1351=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1351=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1351=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1351=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1351=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1351=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1351=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): shadow-4.2.1-27.9.1 shadow-debuginfo-4.2.1-27.9.1 shadow-debugsource-4.2.1-27.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): shadow-4.2.1-27.9.1 shadow-debuginfo-4.2.1-27.9.1 shadow-debugsource-4.2.1-27.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): shadow-4.2.1-27.9.1 shadow-debuginfo-4.2.1-27.9.1 shadow-debugsource-4.2.1-27.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): shadow-4.2.1-27.9.1 shadow-debuginfo-4.2.1-27.9.1 shadow-debugsource-4.2.1-27.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): shadow-4.2.1-27.9.1 shadow-debuginfo-4.2.1-27.9.1 shadow-debugsource-4.2.1-27.9.1 - SUSE Enterprise Storage 4 (x86_64): shadow-4.2.1-27.9.1 shadow-debuginfo-4.2.1-27.9.1 shadow-debugsource-4.2.1-27.9.1 - SUSE CaaS Platform ALL (x86_64): shadow-4.2.1-27.9.1 shadow-debuginfo-4.2.1-27.9.1 shadow-debugsource-4.2.1-27.9.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): shadow-4.2.1-27.9.1 shadow-debuginfo-4.2.1-27.9.1 shadow-debugsource-4.2.1-27.9.1 References: https://www.suse.com/security/cve/CVE-2016-6252.html https://bugzilla.suse.com/1099310 From sle-updates at lists.suse.com Thu Jul 19 07:16:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 15:16:34 +0200 (CEST) Subject: SUSE-SU-2018:1998-1: moderate: Security update for mercurial Message-ID: <20180719131634.9A487FD83@maintenance.suse.de> SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1998-1 Rating: moderate References: #1100353 #1100354 #1100355 Cross-References: CVE-2018-13346 CVE-2018-13347 CVE-2018-13348 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for mercurial fixes the following issues: Security issues fixed: - CVE-2018-13346: Fix mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (bsc#1100354). - CVE-2018-13347: Fix mpatch.c that mishandles integer addition and subtraction (bsc#1100355). - CVE-2018-13348: Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data (bsc#1100353). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1355=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): mercurial-4.5.2-3.3.1 mercurial-debuginfo-4.5.2-3.3.1 mercurial-debugsource-4.5.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-13346.html https://www.suse.com/security/cve/CVE-2018-13347.html https://www.suse.com/security/cve/CVE-2018-13348.html https://bugzilla.suse.com/1100353 https://bugzilla.suse.com/1100354 https://bugzilla.suse.com/1100355 From sle-updates at lists.suse.com Thu Jul 19 10:08:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 18:08:15 +0200 (CEST) Subject: SUSE-RU-2018:1999-1: moderate: Recommended update for slurm Message-ID: <20180719160815.938B1FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for slurm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1999-1 Rating: moderate References: #1100850 Affected Products: SUSE Linux Enterprise Module for HPC 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for slurm fixes the following issues: - avoid postun error in libpmi0 (bsc#1100850) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15: zypper in -t patch SUSE-SLE-Module-HPC-15-2018-1361=1 Package List: - SUSE Linux Enterprise Module for HPC 15 (aarch64 x86_64): libpmi0-17.11.7-6.6.1 libpmi0-debuginfo-17.11.7-6.6.1 libslurm32-17.11.7-6.6.1 libslurm32-debuginfo-17.11.7-6.6.1 perl-slurm-17.11.7-6.6.1 perl-slurm-debuginfo-17.11.7-6.6.1 slurm-17.11.7-6.6.1 slurm-auth-none-17.11.7-6.6.1 slurm-auth-none-debuginfo-17.11.7-6.6.1 slurm-config-17.11.7-6.6.1 slurm-debuginfo-17.11.7-6.6.1 slurm-debugsource-17.11.7-6.6.1 slurm-devel-17.11.7-6.6.1 slurm-doc-17.11.7-6.6.1 slurm-lua-17.11.7-6.6.1 slurm-lua-debuginfo-17.11.7-6.6.1 slurm-munge-17.11.7-6.6.1 slurm-munge-debuginfo-17.11.7-6.6.1 slurm-node-17.11.7-6.6.1 slurm-node-debuginfo-17.11.7-6.6.1 slurm-pam_slurm-17.11.7-6.6.1 slurm-pam_slurm-debuginfo-17.11.7-6.6.1 slurm-plugins-17.11.7-6.6.1 slurm-plugins-debuginfo-17.11.7-6.6.1 slurm-slurmdbd-17.11.7-6.6.1 slurm-slurmdbd-debuginfo-17.11.7-6.6.1 slurm-sql-17.11.7-6.6.1 slurm-sql-debuginfo-17.11.7-6.6.1 slurm-torque-17.11.7-6.6.1 slurm-torque-debuginfo-17.11.7-6.6.1 References: https://bugzilla.suse.com/1100850 From sle-updates at lists.suse.com Thu Jul 19 10:08:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 18:08:45 +0200 (CEST) Subject: SUSE-RU-2018:2000-1: moderate: Recommended update for ca-certificates-mozilla Message-ID: <20180719160845.E3D38FD83@maintenance.suse.de> SUSE Recommended Update: Recommended update for ca-certificates-mozilla ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2000-1 Rating: moderate References: #1100415 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: ca-certificates-mozilla was updated to the 2.24 state of the Mozilla NSS Certificate store. (bsc#1100415) Following CAs were removed: * S-TRUST_Universal_Root_CA * TC_TrustCenter_Class_3_CA_II * TUeRKTRUST_Elektronik_Sertifika_Hizmet_Saglayicisi_H5 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1362=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): ca-certificates-mozilla-2.24-4.3.1 References: https://bugzilla.suse.com/1100415 From sle-updates at lists.suse.com Thu Jul 19 10:09:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 18:09:28 +0200 (CEST) Subject: SUSE-RU-2018:2002-1: moderate: Recommended update for kdump Message-ID: <20180719160928.B4C1FFD83@maintenance.suse.de> SUSE Recommended Update: Recommended update for kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2002-1 Rating: moderate References: #1047609 #1050349 #1062026 #1072711 #1073972 #1081864 #1083155 #1091304 #1093795 #1094581 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for kdump fixes the following issues: - Restore only static routes in kdump initrd (bsc#1093795) - IP setup: don't bother with IPv4 if there are no addresses (bsc#1062026, bsc#1093795) - IP setup: pass all routes to kdump environment (bsc#1062026, bsc#1093795) - IPv6 setup: pass address prefix in a separate dracut argument (bsc#1062026, bsc#1093795) - Support yes/no style for KDUMP_CONTINUE_ON_ERROR (bsc#1083155) - Fixes an issue where a crashdump was not possible (bsc#1047609) - Replaces obsolete perl-Bootloader library with pbl (bsc#1050349) - Handle additional mounts in the kdump dracut module (bsc#1094581, bsc#1072711) - Run mkinitrd if fadump is active (bsc#1094581, bsc#1072711) - Do not touch dracut variables when generating a non-kdump initrd (bsc#1091304, bsc#1094581) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1358=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1358=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kdump-0.8.16-7.8.1 kdump-debuginfo-0.8.16-7.8.1 kdump-debugsource-0.8.16-7.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kdump-0.8.16-7.8.1 kdump-debuginfo-0.8.16-7.8.1 kdump-debugsource-0.8.16-7.8.1 - SUSE CaaS Platform ALL (x86_64): kdump-0.8.16-7.8.1 kdump-debuginfo-0.8.16-7.8.1 kdump-debugsource-0.8.16-7.8.1 - SUSE CaaS Platform 3.0 (x86_64): kdump-0.8.16-7.8.1 kdump-debuginfo-0.8.16-7.8.1 kdump-debugsource-0.8.16-7.8.1 References: https://bugzilla.suse.com/1047609 https://bugzilla.suse.com/1050349 https://bugzilla.suse.com/1062026 https://bugzilla.suse.com/1072711 https://bugzilla.suse.com/1073972 https://bugzilla.suse.com/1081864 https://bugzilla.suse.com/1083155 https://bugzilla.suse.com/1091304 https://bugzilla.suse.com/1093795 https://bugzilla.suse.com/1094581 From sle-updates at lists.suse.com Thu Jul 19 10:12:00 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 18:12:00 +0200 (CEST) Subject: SUSE-RU-2018:2003-1: moderate: Recommended update for perl-Bootloader Message-ID: <20180719161200.74E9AFD83@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-Bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2003-1 Rating: moderate References: #1033776 #1050349 #1082318 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for perl-Bootloader fixes the following issues: - Adds --get-option to pbl (bsc#1033776, bsc#1050349) - Install license file in the correct directory (bsc#1082318) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1359=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1359=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): perl-Bootloader-0.921-3.3.1 perl-Bootloader-YAML-0.921-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): perl-Bootloader-0.921-3.3.1 perl-Bootloader-YAML-0.921-3.3.1 - SUSE CaaS Platform ALL (x86_64): perl-Bootloader-0.921-3.3.1 - SUSE CaaS Platform 3.0 (x86_64): perl-Bootloader-0.921-3.3.1 References: https://bugzilla.suse.com/1033776 https://bugzilla.suse.com/1050349 https://bugzilla.suse.com/1082318 From sle-updates at lists.suse.com Thu Jul 19 10:12:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 18:12:58 +0200 (CEST) Subject: SUSE-RU-2018:2004-1: moderate: Recommended update for dbus-1 Message-ID: <20180719161259.00A7DFD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2004-1 Rating: moderate References: #1090267 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dbus-1 fixes the following issues: - Fix file descriptor leak. (bsc#1090267) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-dbus-1-13697=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-dbus-1-13697=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-dbus-1-13697=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-dbus-1-13697=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): dbus-1-devel-1.2.10-3.34.3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): dbus-1-devel-1.2.10-3.34.3.1 dbus-1-devel-doc-1.2.10-3.34.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): dbus-1-1.2.10-3.34.3.1 dbus-1-x11-1.2.10-3.34.3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): dbus-1-32bit-1.2.10-3.34.3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): dbus-1-x86-1.2.10-3.34.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): dbus-1-debuginfo-1.2.10-3.34.3.1 dbus-1-debugsource-1.2.10-3.34.3.1 dbus-1-x11-debuginfo-1.2.10-3.34.3.1 dbus-1-x11-debugsource-1.2.10-3.34.3.1 References: https://bugzilla.suse.com/1090267 From sle-updates at lists.suse.com Thu Jul 19 10:13:32 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 18:13:32 +0200 (CEST) Subject: SUSE-OU-2018:2005-1: moderate: Initial release of yast2-hana-update Message-ID: <20180719161332.2EEDBFD83@maintenance.suse.de> SUSE Optional Update: Initial release of yast2-hana-update ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:2005-1 Rating: moderate References: #1064732 #1066935 #1066946 #1066975 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has four optional fixes can now be installed. Description: The new yast2-hana-update module for YaST, which allows easy update of SAP HANA software when operated within a SUSE HA cluster, has been added to SUSE Linux Enterprise Server 12-SP3 for SAP Applications. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2018-1363=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): yast2-hana-update-1.2.0-4.9.1 References: https://bugzilla.suse.com/1064732 https://bugzilla.suse.com/1066935 https://bugzilla.suse.com/1066946 https://bugzilla.suse.com/1066975 From sle-updates at lists.suse.com Thu Jul 19 13:07:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 21:07:53 +0200 (CEST) Subject: SUSE-RU-2018:2007-1: moderate: Recommended update for osinfo-db Message-ID: <20180719190753.EEB22FD43@maintenance.suse.de> SUSE Recommended Update: Recommended update for osinfo-db ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2007-1 Rating: moderate References: #1098054 #974580 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for osinfo-db provides the following fixes: - Make sure osinfo-query and virt-install detect CaaS Platform 3.0 correctly. (bsc#1098054) - Update database to version 20180612. - Modify volume id for windows 2k12-r2 iso files (bsc#974580): * First, use "X64FREE?" instead of "X64FRE". * Second, add "IR1_SSS_X64FREV_EN-US_DV5". Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1364=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1364=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): osinfo-db-20180612-3.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): osinfo-db-20180612-3.6.1 References: https://bugzilla.suse.com/1098054 https://bugzilla.suse.com/974580 From sle-updates at lists.suse.com Thu Jul 19 13:08:39 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 21:08:39 +0200 (CEST) Subject: SUSE-RU-2018:2008-1: moderate: Recommended update for system-role-hpc-compute Message-ID: <20180719190839.5EB94FD43@maintenance.suse.de> SUSE Recommended Update: Recommended update for system-role-hpc-compute ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2008-1 Rating: moderate References: #1097235 Affected Products: SUSE Linux Enterprise Module for HPC 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for system-role-hpc-compute fixes the following issue: - Add missing aarch64 grub2 efi subvolume. (bsc#1097235) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15: zypper in -t patch SUSE-SLE-Module-HPC-15-2018-1366=1 Package List: - SUSE Linux Enterprise Module for HPC 15 (aarch64 x86_64): system-role-hpc-compute-15.0.14-3.3.1 References: https://bugzilla.suse.com/1097235 From sle-updates at lists.suse.com Thu Jul 19 13:09:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jul 2018 21:09:11 +0200 (CEST) Subject: SUSE-RU-2018:2009-1: moderate: Recommended update for system-role-hpc-server Message-ID: <20180719190911.AD7BDFD43@maintenance.suse.de> SUSE Recommended Update: Recommended update for system-role-hpc-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2009-1 Rating: moderate References: #1089511 #1097235 Affected Products: SUSE Linux Enterprise Module for HPC 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for system-role-hpc-server fixes the following issues: - Add missing aarch64 grub2 efi subvolume. (bsc#1097235) - Added option disable_order to root-fs in order to fit on small disks. (bsc#1091123) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15: zypper in -t patch SUSE-SLE-Module-HPC-15-2018-1365=1 Package List: - SUSE Linux Enterprise Module for HPC 15 (aarch64 x86_64): system-role-hpc-server-15.0.12-3.3.1 References: https://bugzilla.suse.com/1089511 https://bugzilla.suse.com/1097235 From sle-updates at lists.suse.com Fri Jul 20 10:08:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jul 2018 18:08:02 +0200 (CEST) Subject: SUSE-RU-2018:2028-1: moderate: Recommended update for docker Message-ID: <20180720160802.BA53FFD48@maintenance.suse.de> SUSE Recommended Update: Recommended update for docker ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2028-1 Rating: moderate References: #1099277 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for docker fixes the following issues: - Update the AppArmor patchset again to fix a separate issue where changed AppArmor profiles don't actually get applied on Docker daemon reboot. (bsc#1099277) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2018-1367=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): docker-17.09.1_ce-98.15.1 docker-debuginfo-17.09.1_ce-98.15.1 docker-debugsource-17.09.1_ce-98.15.1 References: https://bugzilla.suse.com/1099277 From sle-updates at lists.suse.com Fri Jul 20 10:08:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jul 2018 18:08:34 +0200 (CEST) Subject: SUSE-RU-2018:2029-1: moderate: Recommended update for biosdevname Message-ID: <20180720160834.0469CFD43@maintenance.suse.de> SUSE Recommended Update: Recommended update for biosdevname ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2029-1 Rating: moderate References: #1093625 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for biosdevname provides the following fix: - Prevent an infinite recursion in dmidecode.c::smbios_setslot by checking that subordinate bus has a number greater than the current bus. (bsc#1093625) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1369=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1369=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (x86_64): biosdevname-0.7.2-11.5.3 biosdevname-debuginfo-0.7.2-11.5.3 biosdevname-debugsource-0.7.2-11.5.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): biosdevname-0.7.2-11.5.3 biosdevname-debuginfo-0.7.2-11.5.3 biosdevname-debugsource-0.7.2-11.5.3 - SUSE CaaS Platform ALL (x86_64): biosdevname-0.7.2-11.5.3 biosdevname-debuginfo-0.7.2-11.5.3 biosdevname-debugsource-0.7.2-11.5.3 References: https://bugzilla.suse.com/1093625 From sle-updates at lists.suse.com Fri Jul 20 10:09:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jul 2018 18:09:06 +0200 (CEST) Subject: SUSE-RU-2018:2030-1: moderate: Recommended update for munge Message-ID: <20180720160906.B83B4FD43@maintenance.suse.de> SUSE Recommended Update: Recommended update for munge ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2030-1 Rating: moderate References: #1069468 #1085665 #1096944 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for munge provides version 0.5.13 and fixes the following issues: - Added README.SUSE file. (bsc#1085665) - Added support for OpenSSL 1.1.0. - Added support for UID/GID values >= 2^31. - Added support for getentropy() and getrandom(). - Added --trusted-group cmdline opt to munged. - Added --log-file and --seed-file cmdline opts to munged. - Changed default MAC algorithm to SHA-256. - Fixed autoconf installation directory variable substitution. - Fixed all gcc, clang, and valgrind warnings. - Improved resilience and unpredictability of PRNG. - Improved hash table performance. - Removed libmissing dependency from libmunge. - Replace references to /var/adm/fillup-templates with new %_fillupdir macro. (bsc#1069468) - Use user 'munge', group 'munge' for systemd and user 'daemon', group 'root' for non-systemd by setting the appropriate macros '%munge_u' and '%munge_g'. - Create user/group munge if they don't exist. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2018-1368=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libmunge2-0.5.13-3.3.1 libmunge2-debuginfo-0.5.13-3.3.1 munge-0.5.13-3.3.1 munge-debuginfo-0.5.13-3.3.1 munge-debugsource-0.5.13-3.3.1 munge-devel-0.5.13-3.3.1 References: https://bugzilla.suse.com/1069468 https://bugzilla.suse.com/1085665 https://bugzilla.suse.com/1096944 From sle-updates at lists.suse.com Fri Jul 20 13:07:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jul 2018 21:07:52 +0200 (CEST) Subject: SUSE-RU-2018:2031-1: moderate: Recommended update for rabbitmq-server Message-ID: <20180720190752.97C97FD43@maintenance.suse.de> SUSE Recommended Update: Recommended update for rabbitmq-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2031-1 Rating: moderate References: #1093046 #1094896 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rabbitmq-server fixes the following issues: - Add sysexits-in-ocf.patch to handle new rabbitmqctl exit codes. (bsc#1093046) - Add TasksMax=8192 to start on large machines. (bsc#1094896) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1370=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1370=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1370=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): rabbitmq-server-3.6.15-3.3.1 rabbitmq-server-plugins-3.6.15-3.3.1 - SUSE OpenStack Cloud 8 (x86_64): rabbitmq-server-3.6.15-3.3.1 rabbitmq-server-plugins-3.6.15-3.3.1 - HPE Helion Openstack 8 (x86_64): rabbitmq-server-3.6.15-3.3.1 rabbitmq-server-plugins-3.6.15-3.3.1 References: https://bugzilla.suse.com/1093046 https://bugzilla.suse.com/1094896 From sle-updates at lists.suse.com Mon Jul 23 07:08:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Jul 2018 15:08:02 +0200 (CEST) Subject: SUSE-SU-2018:2036-1: moderate: Security update for openssl-1_1 Message-ID: <20180723130802.D645BFD81@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2036-1 Rating: moderate References: #1097158 #1097624 #1098592 Cross-References: CVE-2018-0732 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1372=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.0h-4.3.1 libopenssl1_1-1.1.0h-4.3.1 libopenssl1_1-debuginfo-1.1.0h-4.3.1 libopenssl1_1-hmac-1.1.0h-4.3.1 openssl-1_1-1.1.0h-4.3.1 openssl-1_1-debuginfo-1.1.0h-4.3.1 openssl-1_1-debugsource-1.1.0h-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libopenssl1_1-32bit-1.1.0h-4.3.1 libopenssl1_1-32bit-debuginfo-1.1.0h-4.3.1 libopenssl1_1-hmac-32bit-1.1.0h-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-0732.html https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1097624 https://bugzilla.suse.com/1098592 From sle-updates at lists.suse.com Mon Jul 23 07:08:54 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Jul 2018 15:08:54 +0200 (CEST) Subject: SUSE-SU-2018:2037-1: moderate: Security update for xen Message-ID: <20180723130854.5DF7DFD7E@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2037-1 Rating: moderate References: #1027519 #1079730 #1095242 #1096224 #1097521 #1097522 #1098744 Cross-References: CVE-2018-11806 CVE-2018-12617 CVE-2018-12891 CVE-2018-12893 CVE-2018-3665 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2018-12617: Fix integer overflow that causes segmentation fault in qmp_guest_file_read() with g_malloc() (bsc#1098744). - CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). - CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521). - CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522). Bug fixes: - bsc#1079730: Fix failed "write" lock. - bsc#1027519: Add upstream patches from January. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-13698=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-13698=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-13698=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_34-61.32.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1 xen-libs-4.4.4_34-61.32.1 xen-tools-domU-4.4.4_34-61.32.1 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_34-61.32.1 xen-doc-html-4.4.4_34-61.32.1 xen-libs-32bit-4.4.4_34-61.32.1 xen-tools-4.4.4_34-61.32.1 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_34-61.32.1 xen-debugsource-4.4.4_34-61.32.1 References: https://www.suse.com/security/cve/CVE-2018-11806.html https://www.suse.com/security/cve/CVE-2018-12617.html https://www.suse.com/security/cve/CVE-2018-12891.html https://www.suse.com/security/cve/CVE-2018-12893.html https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1079730 https://bugzilla.suse.com/1095242 https://bugzilla.suse.com/1096224 https://bugzilla.suse.com/1097521 https://bugzilla.suse.com/1097522 https://bugzilla.suse.com/1098744 From sle-updates at lists.suse.com Mon Jul 23 07:10:26 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Jul 2018 15:10:26 +0200 (CEST) Subject: SUSE-SU-2018:2038-1: moderate: Security update for rsyslog Message-ID: <20180723131026.043E1FD7E@maintenance.suse.de> SUSE Security Update: Security update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2038-1 Rating: moderate References: #935393 Cross-References: CVE-2015-3243 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rsyslog fixes the following issues: The following security vulnerability was addressed: CVE-2015-3243: Make sure that log files are not created world-readable (bsc#935393) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1375=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1375=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): rsyslog-8.24.0-3.3.1 rsyslog-debuginfo-8.24.0-3.3.1 rsyslog-debugsource-8.24.0-3.3.1 rsyslog-diag-tools-8.24.0-3.3.1 rsyslog-diag-tools-debuginfo-8.24.0-3.3.1 rsyslog-doc-8.24.0-3.3.1 rsyslog-module-gssapi-8.24.0-3.3.1 rsyslog-module-gssapi-debuginfo-8.24.0-3.3.1 rsyslog-module-gtls-8.24.0-3.3.1 rsyslog-module-gtls-debuginfo-8.24.0-3.3.1 rsyslog-module-mysql-8.24.0-3.3.1 rsyslog-module-mysql-debuginfo-8.24.0-3.3.1 rsyslog-module-pgsql-8.24.0-3.3.1 rsyslog-module-pgsql-debuginfo-8.24.0-3.3.1 rsyslog-module-relp-8.24.0-3.3.1 rsyslog-module-relp-debuginfo-8.24.0-3.3.1 rsyslog-module-snmp-8.24.0-3.3.1 rsyslog-module-snmp-debuginfo-8.24.0-3.3.1 rsyslog-module-udpspoof-8.24.0-3.3.1 rsyslog-module-udpspoof-debuginfo-8.24.0-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): rsyslog-8.24.0-3.3.1 rsyslog-debuginfo-8.24.0-3.3.1 rsyslog-debugsource-8.24.0-3.3.1 - SUSE CaaS Platform ALL (x86_64): rsyslog-8.24.0-3.3.1 rsyslog-debuginfo-8.24.0-3.3.1 rsyslog-debugsource-8.24.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2015-3243.html https://bugzilla.suse.com/935393 From sle-updates at lists.suse.com Mon Jul 23 07:10:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Jul 2018 15:10:58 +0200 (CEST) Subject: SUSE-SU-2018:2039-1: moderate: Security update for rubygem-passenger Message-ID: <20180723131058.C2D69FD7E@maintenance.suse.de> SUSE Security Update: Security update for rubygem-passenger ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2039-1 Rating: moderate References: #1097663 Cross-References: CVE-2018-12029 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-passenger fixes the following issue: The following security vulnerability was addressed: - CVE-2018-12029: Fixed a file system access race condition in the chown command, which allowed for local privilege escalation and affects the Nginx module (bsc#1097663). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2018-1373=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): ruby2.1-rubygem-passenger-5.0.18-12.9.1 ruby2.1-rubygem-passenger-debuginfo-5.0.18-12.9.1 rubygem-passenger-5.0.18-12.9.1 rubygem-passenger-apache2-5.0.18-12.9.1 rubygem-passenger-apache2-debuginfo-5.0.18-12.9.1 rubygem-passenger-debuginfo-5.0.18-12.9.1 rubygem-passenger-debugsource-5.0.18-12.9.1 References: https://www.suse.com/security/cve/CVE-2018-12029.html https://bugzilla.suse.com/1097663 From sle-updates at lists.suse.com Mon Jul 23 07:11:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Jul 2018 15:11:30 +0200 (CEST) Subject: SUSE-SU-2018:2040-1: moderate: Security update for python Message-ID: <20180723131130.B2517FD7E@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2040-1 Rating: moderate References: #1083507 Cross-References: CVE-2017-18207 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issues: The following security vulnerabilities were addressed: - Add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this, attackers could cause a denial of service via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1376=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1376=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1376=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1376=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-1376=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1376=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): python-base-debuginfo-2.7.13-28.6.1 python-base-debugsource-2.7.13-28.6.1 python-devel-2.7.13-28.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.13-28.6.1 python-base-debugsource-2.7.13-28.6.1 python-devel-2.7.13-28.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.6.1 libpython2_7-1_0-debuginfo-2.7.13-28.6.1 python-2.7.13-28.6.1 python-base-2.7.13-28.6.1 python-base-debuginfo-2.7.13-28.6.1 python-base-debugsource-2.7.13-28.6.1 python-curses-2.7.13-28.6.1 python-curses-debuginfo-2.7.13-28.6.1 python-debuginfo-2.7.13-28.6.1 python-debugsource-2.7.13-28.6.1 python-demo-2.7.13-28.6.1 python-gdbm-2.7.13-28.6.1 python-gdbm-debuginfo-2.7.13-28.6.1 python-idle-2.7.13-28.6.1 python-tk-2.7.13-28.6.1 python-tk-debuginfo-2.7.13-28.6.1 python-xml-2.7.13-28.6.1 python-xml-debuginfo-2.7.13-28.6.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.6.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.6.1 python-32bit-2.7.13-28.6.1 python-base-32bit-2.7.13-28.6.1 python-base-debuginfo-32bit-2.7.13-28.6.1 python-debuginfo-32bit-2.7.13-28.6.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): python-doc-2.7.13-28.6.1 python-doc-pdf-2.7.13-28.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpython2_7-1_0-2.7.13-28.6.1 libpython2_7-1_0-32bit-2.7.13-28.6.1 libpython2_7-1_0-debuginfo-2.7.13-28.6.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.6.1 python-2.7.13-28.6.1 python-base-2.7.13-28.6.1 python-base-debuginfo-2.7.13-28.6.1 python-base-debuginfo-32bit-2.7.13-28.6.1 python-base-debugsource-2.7.13-28.6.1 python-curses-2.7.13-28.6.1 python-curses-debuginfo-2.7.13-28.6.1 python-debuginfo-2.7.13-28.6.1 python-debugsource-2.7.13-28.6.1 python-devel-2.7.13-28.6.1 python-tk-2.7.13-28.6.1 python-tk-debuginfo-2.7.13-28.6.1 python-xml-2.7.13-28.6.1 python-xml-debuginfo-2.7.13-28.6.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): python-debuginfo-2.7.13-28.6.1 python-debugsource-2.7.13-28.6.1 python-strict-tls-check-2.7.13-28.6.1 - SUSE CaaS Platform ALL (x86_64): libpython2_7-1_0-2.7.13-28.6.1 libpython2_7-1_0-debuginfo-2.7.13-28.6.1 python-2.7.13-28.6.1 python-base-2.7.13-28.6.1 python-base-debuginfo-2.7.13-28.6.1 python-base-debugsource-2.7.13-28.6.1 python-debuginfo-2.7.13-28.6.1 python-debugsource-2.7.13-28.6.1 python-xml-2.7.13-28.6.1 python-xml-debuginfo-2.7.13-28.6.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libpython2_7-1_0-2.7.13-28.6.1 libpython2_7-1_0-debuginfo-2.7.13-28.6.1 python-2.7.13-28.6.1 python-base-2.7.13-28.6.1 python-base-debuginfo-2.7.13-28.6.1 python-base-debugsource-2.7.13-28.6.1 python-debuginfo-2.7.13-28.6.1 python-debugsource-2.7.13-28.6.1 python-xml-2.7.13-28.6.1 python-xml-debuginfo-2.7.13-28.6.1 References: https://www.suse.com/security/cve/CVE-2017-18207.html https://bugzilla.suse.com/1083507 From sle-updates at lists.suse.com Mon Jul 23 07:12:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Jul 2018 15:12:04 +0200 (CEST) Subject: SUSE-SU-2018:2041-1: moderate: Security update for openssl-1_1 Message-ID: <20180723131204.06A2DFD7E@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2041-1 Rating: moderate References: #1097158 #1097624 #1098592 Cross-References: CVE-2018-0732 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-1371=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2n-3.3.1 libopenssl1_0_0-1.0.2n-3.3.1 libopenssl1_0_0-debuginfo-1.0.2n-3.3.1 openssl-1_0_0-1.0.2n-3.3.1 openssl-1_0_0-debuginfo-1.0.2n-3.3.1 openssl-1_0_0-debugsource-1.0.2n-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-0732.html https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1097624 https://bugzilla.suse.com/1098592 From sle-updates at lists.suse.com Mon Jul 23 07:12:51 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Jul 2018 15:12:51 +0200 (CEST) Subject: SUSE-SU-2018:2042-1: moderate: Security update for procps Message-ID: <20180723131251.7085AFD7E@maintenance.suse.de> SUSE Security Update: Security update for procps ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2042-1 Rating: moderate References: #1092100 Cross-References: CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-procps-13699=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): procps-3.2.7-152.31.1 References: https://www.suse.com/security/cve/CVE-2018-1122.html https://www.suse.com/security/cve/CVE-2018-1123.html https://www.suse.com/security/cve/CVE-2018-1124.html https://www.suse.com/security/cve/CVE-2018-1125.html https://www.suse.com/security/cve/CVE-2018-1126.html https://bugzilla.suse.com/1092100 From sle-updates at lists.suse.com Mon Jul 23 13:07:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Jul 2018 21:07:56 +0200 (CEST) Subject: SUSE-SU-2018:2043-1: moderate: Security update for ImageMagick Message-ID: <20180723190756.9CB6AFD81@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2043-1 Rating: moderate References: #1094742 #1094745 #1095812 #1096200 #1096203 #1098545 #1098546 Cross-References: CVE-2018-10805 CVE-2018-11624 CVE-2018-11625 CVE-2018-12599 CVE-2018-12600 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This update for ImageMagick fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-11625: Fixed heap-based buffer over-read in SetGrayscaleImage in the quantize.c file, which allowed remote attackers to cause buffer over-read via a crafted file. (bsc#1096200) - CVE-2018-11624: Fixed a use-after-free issue in the ReadMATImage function in coders/mat.c. (bsc#1096203) - CVE-2018-10805: Fixed several memory leaks in bgr.c, rgb.c, cmyk.c, gray.c, and ycbcr.c (bsc#1095812) - CVE-2018-12600: The ReadDIBImage and WriteDIBImage functions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098545). - CVE-2018-12599: The ReadBMPImage and WriteBMPImage fucntions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098546). The following other changes were made: - Fix -gamma issues in special cases. (bsc#1094745, bsc#1094742) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1380=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1380=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.9.1 ImageMagick-debugsource-7.0.7.34-3.9.1 perl-PerlMagick-7.0.7.34-3.9.1 perl-PerlMagick-debuginfo-7.0.7.34-3.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.9.1 ImageMagick-debuginfo-7.0.7.34-3.9.1 ImageMagick-debugsource-7.0.7.34-3.9.1 ImageMagick-devel-7.0.7.34-3.9.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.9.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.9.1 libMagick++-devel-7.0.7.34-3.9.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.9.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.9.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.9.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.9.1 References: https://www.suse.com/security/cve/CVE-2018-10805.html https://www.suse.com/security/cve/CVE-2018-11624.html https://www.suse.com/security/cve/CVE-2018-11625.html https://www.suse.com/security/cve/CVE-2018-12599.html https://www.suse.com/security/cve/CVE-2018-12600.html https://bugzilla.suse.com/1094742 https://bugzilla.suse.com/1094745 https://bugzilla.suse.com/1095812 https://bugzilla.suse.com/1096200 https://bugzilla.suse.com/1096203 https://bugzilla.suse.com/1098545 https://bugzilla.suse.com/1098546 From sle-updates at lists.suse.com Mon Jul 23 13:09:21 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Jul 2018 21:09:21 +0200 (CEST) Subject: SUSE-SU-2018:2044-1: moderate: Security update for php53 Message-ID: <20180723190921.882D1FD81@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2044-1 Rating: moderate References: #1096984 #1099098 Cross-References: CVE-2018-10360 CVE-2018-12882 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php53 fixes the following issues: The following security issue was fixed: - An out-of-bounds read in the do_core_note function in readelf.c in libmagic.a allowed remote attackers to cause a denial of service via a crafted ELF file (CVE-2018-10360, bsc#1096984) - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-13700=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-13700=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-13700=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-112.28.1 php53-imap-5.3.17-112.28.1 php53-posix-5.3.17-112.28.1 php53-readline-5.3.17-112.28.1 php53-sockets-5.3.17-112.28.1 php53-sqlite-5.3.17-112.28.1 php53-tidy-5.3.17-112.28.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-112.28.1 php53-5.3.17-112.28.1 php53-bcmath-5.3.17-112.28.1 php53-bz2-5.3.17-112.28.1 php53-calendar-5.3.17-112.28.1 php53-ctype-5.3.17-112.28.1 php53-curl-5.3.17-112.28.1 php53-dba-5.3.17-112.28.1 php53-dom-5.3.17-112.28.1 php53-exif-5.3.17-112.28.1 php53-fastcgi-5.3.17-112.28.1 php53-fileinfo-5.3.17-112.28.1 php53-ftp-5.3.17-112.28.1 php53-gd-5.3.17-112.28.1 php53-gettext-5.3.17-112.28.1 php53-gmp-5.3.17-112.28.1 php53-iconv-5.3.17-112.28.1 php53-intl-5.3.17-112.28.1 php53-json-5.3.17-112.28.1 php53-ldap-5.3.17-112.28.1 php53-mbstring-5.3.17-112.28.1 php53-mcrypt-5.3.17-112.28.1 php53-mysql-5.3.17-112.28.1 php53-odbc-5.3.17-112.28.1 php53-openssl-5.3.17-112.28.1 php53-pcntl-5.3.17-112.28.1 php53-pdo-5.3.17-112.28.1 php53-pear-5.3.17-112.28.1 php53-pgsql-5.3.17-112.28.1 php53-pspell-5.3.17-112.28.1 php53-shmop-5.3.17-112.28.1 php53-snmp-5.3.17-112.28.1 php53-soap-5.3.17-112.28.1 php53-suhosin-5.3.17-112.28.1 php53-sysvmsg-5.3.17-112.28.1 php53-sysvsem-5.3.17-112.28.1 php53-sysvshm-5.3.17-112.28.1 php53-tokenizer-5.3.17-112.28.1 php53-wddx-5.3.17-112.28.1 php53-xmlreader-5.3.17-112.28.1 php53-xmlrpc-5.3.17-112.28.1 php53-xmlwriter-5.3.17-112.28.1 php53-xsl-5.3.17-112.28.1 php53-zip-5.3.17-112.28.1 php53-zlib-5.3.17-112.28.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-112.28.1 php53-debugsource-5.3.17-112.28.1 References: https://www.suse.com/security/cve/CVE-2018-10360.html https://www.suse.com/security/cve/CVE-2018-12882.html https://bugzilla.suse.com/1096984 https://bugzilla.suse.com/1099098 From sle-updates at lists.suse.com Tue Jul 24 07:08:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Jul 2018 15:08:08 +0200 (CEST) Subject: SUSE-SU-2018:2045-1: important: Security update for libofx Message-ID: <20180724130808.B0DB4FD81@maintenance.suse.de> SUSE Security Update: Security update for libofx ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2045-1 Rating: important References: #1058673 #1060437 #1061964 Cross-References: CVE-2017-14731 CVE-2017-2816 CVE-2017-2920 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libofx fixes the following issues: Security issues fixed: - CVE-2017-2816: Fix an exploitable buffer overflow vulnerability in the tag parsing functionality (bsc#1058673). - CVE-2017-2920: Fix a buffer overflow vulnerability in sanitize_proprietary_tags in lib/ofx_preproc.cpp (bsc#1061964). - CVE-2017-14731: Fix remote denial of service via a crafted file in ofx_proc_file in ofx_preproc.cpp (bsc#1060437). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libofx-13701=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libofx-13701=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libofx-0.9.0-3.7.1 libofx-devel-0.9.0-3.7.1 libofx4-0.9.0-3.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): libofx-debuginfo-0.9.0-3.7.1 libofx-debugsource-0.9.0-3.7.1 References: https://www.suse.com/security/cve/CVE-2017-14731.html https://www.suse.com/security/cve/CVE-2017-2816.html https://www.suse.com/security/cve/CVE-2017-2920.html https://bugzilla.suse.com/1058673 https://bugzilla.suse.com/1060437 https://bugzilla.suse.com/1061964 From sle-updates at lists.suse.com Tue Jul 24 07:09:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Jul 2018 15:09:24 +0200 (CEST) Subject: SUSE-SU-2018:2047-1: moderate: Security update for python-dulwich Message-ID: <20180724130924.19887FD7E@maintenance.suse.de> SUSE Security Update: Security update for python-dulwich ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2047-1 Rating: moderate References: #1066430 Cross-References: CVE-2017-16228 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-dulwich to version 0.18.5 fixes this security issue: - CVE-2017-16228: Dulwich, when an SSH subprocess is used, allowed remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname (bsc#1066430). For detailed changes please see https://www.dulwich.io/code/dulwich/ Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-1382=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): python-dulwich-0.18.5-4.3.1 References: https://www.suse.com/security/cve/CVE-2017-16228.html https://bugzilla.suse.com/1066430 From sle-updates at lists.suse.com Tue Jul 24 07:09:55 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Jul 2018 15:09:55 +0200 (CEST) Subject: SUSE-SU-2018:2048-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP2) Message-ID: <20180724130955.E170FFD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2048-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.74-92_32 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1383=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1383=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_74-92_32-default-11-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_74-92_32-default-11-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Tue Jul 24 10:08:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Jul 2018 18:08:16 +0200 (CEST) Subject: SUSE-RU-2018:2050-1: Recommended update for lshw Message-ID: <20180724160816.13B4AFD7E@maintenance.suse.de> SUSE Recommended Update: Recommended update for lshw ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2050-1 Rating: low References: #1100347 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update ships the "lshw" (List Hardware) tool for the x86_64 platform. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1386=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (ppc64le x86_64): lshw-B.02.18-4.2.1 lshw-debuginfo-B.02.18-4.2.1 lshw-debugsource-B.02.18-4.2.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): lshw-lang-B.02.18-4.2.1 References: https://bugzilla.suse.com/1100347 From sle-updates at lists.suse.com Tue Jul 24 10:08:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Jul 2018 18:08:52 +0200 (CEST) Subject: SUSE-SU-2018:2051-1: important: Security update for the Linux Kernel Message-ID: <20180724160852.8BB9BFD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2051-1 Rating: important References: #1012382 #1064232 #1075876 #1076110 #1085185 #1085657 #1089525 #1090435 #1090888 #1091171 #1092207 #1094244 #1094248 #1094643 #1095453 #1096790 #1097034 #1097140 #1097492 #1097501 #1097551 #1097808 #1097931 #1097961 #1098016 #1098236 #1098425 #1098435 #1098527 #1098599 #1099042 #1099183 #1099279 #1099713 #1099732 #1099792 #1099810 #1099918 #1099924 #1099966 #1099993 #1100089 #1100340 #1100416 #1100418 #1100491 #1100843 #1101296 Cross-References: CVE-2018-13053 CVE-2018-13405 CVE-2018-13406 CVE-2018-9385 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves four vulnerabilities and has 44 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.140 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13053: The alarm_timer_nsleep function had an integer overflow via a large relative timeout because ktime_add_safe was not used (bnc#1099924) - CVE-2018-9385: Prevent overread of the "driver_override" buffer (bsc#1100491) - CVE-2018-13405: The inode_init_owner function allowed local users to create files with an unintended group ownership allowing attackers to escalate privileges by making a plain file executable and SGID (bnc#1100416) - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function could have result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1100418) The following non-security bugs were fixed: - 1wire: family module autoload fails because of upper/lower case mismatch (bnc#1012382). - ALSA: hda - Clean up ALC299 init code (bsc#1099810). - ALSA: hda - Enable power_save_node for CX20722 (bsc#1099810). - ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines (bsc#1099810). - ALSA: hda - Fix incorrect usage of IS_REACHABLE() (bsc#1099810). - ALSA: hda - Fix pincfg at resume on Lenovo T470 dock (bsc#1099810). - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() (bnc#1012382). - ALSA: hda - Use acpi_dev_present() (bsc#1099810). - ALSA: hda - add a new condition to check if it is thinkpad (bsc#1099810). - ALSA: hda - silence uninitialized variable warning in activate_amp_in() (bsc#1099810). - ALSA: hda/patch_sigmatel: Add AmigaOne X1000 pinconfigs (bsc#1099810). - ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 (bsc#1099810). - ALSA: hda/realtek - Add headset mode support for Dell laptop (bsc#1099810). - ALSA: hda/realtek - Add support headset mode for DELL WYSE (bsc#1099810). - ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup (bsc#1099810). - ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform (bsc#1099810). - ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs (bsc#1099810). - ALSA: hda/realtek - Fix Dell headset Mic can't record (bsc#1099810). - ALSA: hda/realtek - Fix pop noise on Lenovo P50 and co (bsc#1099810). - ALSA: hda/realtek - Fix the problem of two front mics on more machines (bsc#1099810). - ALSA: hda/realtek - Fixup for HP x360 laptops with BandO speakers (bsc#1099810). - ALSA: hda/realtek - Fixup mute led on HP Spectre x360 (bsc#1099810). - ALSA: hda/realtek - Make dock sound work on ThinkPad L570 (bsc#1099810). - ALSA: hda/realtek - Refactor alc269_fixup_hp_mute_led_mic*() (bsc#1099810). - ALSA: hda/realtek - Reorder ALC269 ASUS quirk entries (bsc#1099810). - ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289 (bsc#1099810). - ALSA: hda/realtek - Update ALC255 depop optimize (bsc#1099810). - ALSA: hda/realtek - adjust the location of one mic (bsc#1099810). - ALSA: hda/realtek - change the location for one of two front mics (bsc#1099810). - ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags (bsc#1099810). - ALSA: hda/realtek - update ALC215 depop optimize (bsc#1099810). - ALSA: hda/realtek - update ALC225 depop optimize (bsc#1099810). - ALSA: hda/realtek: Fix mic and headset jack sense on Asus X705UD (bsc#1099810). - ALSA: hda/realtek: Limit mic boost on T480 (bsc#1099810). - ALSA: hda: Fix forget to free resource in error handling code path in hda_codec_driver_probe (bsc#1099810). - ALSA: hda: add dock and led support for HP EliteBook 830 G5 (bsc#1099810). - ALSA: hda: add dock and led support for HP ProBook 640 G4 (bsc#1099810). - ALSA: hda: fix some klockwork scan warnings (bsc#1099810). - ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size (bnc#1012382). - ARM: dts: imx6q: Use correct SDMA script for SPI5 core (bnc#1012382). - ASoC: cirrus: i2s: Fix LRCLK configuration (bnc#1012382). - ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup (bnc#1012382). - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it (bnc#1012382). - Bluetooth: Fix connection if directed advertising and privacy is used (bnc#1012382). - Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader (bnc#1012382). - Btrfs: fix clone vs chattr NODATASUM race (bnc#1012382). - Btrfs: fix unexpected cow in run_delalloc_nocow (bnc#1012382). - Btrfs: make raid6 rebuild retry more (bnc#1012382). - Correct the arguments to verbose() (bsc#1098425) - HID: debug: check length before copy_to_user() (bnc#1012382). - HID: hiddev: fix potential Spectre v1 (bnc#1012382). - HID: i2c-hid: Fix "incomplete report" noise (bnc#1012382). - Hang/soft lockup in d_invalidate with simultaneous calls (bsc#1094248, bsc at 1097140). - IB/qib: Fix DMA api warning with debug kernel (bnc#1012382). - Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID (bnc#1012382). - Input: elan_i2c_smbus - fix more potential stack buffer overflows (bnc#1012382). - Input: elantech - enable middle button of touchpads on ThinkPad P52 (bnc#1012382). - Input: elantech - fix V4 report decoding for module with middle key (bnc#1012382). - MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum (bnc#1012382). - MIPS: io: Add barrier after register read in inX() (bnc#1012382). - NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message (bnc#1012382). - PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume (bnc#1012382). - RDMA/mlx4: Discard unknown SQP work requests (bnc#1012382). - Refresh with upstream commit:62290a5c194b since the typo fix has been merged in upstream. (bsc#1085185) - Remove broken patches for dac9063 watchdog (bsc#1100843) - Remove sorted section marker This branch contains a small sorted section with an old format that fails the current checker. Updating the section and scripts to the new format might make merges with other branches more difficult. Instead, simply remove the section marker. - Revert "Btrfs: fix scrub to repair raid6 corruption" (bnc#1012382). - Revert "kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183)." This turned out to be superfluous for 4.4.x kernels. - Revert "scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1089525)." This reverts commit b054499f7615e2ffa7571ac0d05c7d5c9a8c0327. - UBIFS: Fix potential integer overflow in allocation (bnc#1012382). - USB: serial: cp210x: add CESINEL device ids (bnc#1012382). - USB: serial: cp210x: add Silicon Labs IDs for Windows Update (bnc#1012382). - Update patches.fixes/nvme-expand-nvmf_check_if_ready-checks.patch (bsc#1098527). - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode (bnc#1012382). - atm: zatm: fix memcmp casting (bnc#1012382). - backlight: as3711_bl: Fix Device Tree node lookup (bnc#1012382). - backlight: max8925_bl: Fix Device Tree node lookup (bnc#1012382). - backlight: tps65217_bl: Fix Device Tree node lookup (bnc#1012382). - bcache: Add __printf annotation to __bch_check_keys() (bsc#1064232). - bcache: Annotate switch fall-through (bsc#1064232). - bcache: Fix a compiler warning in bcache_device_init() (bsc#1064232). - bcache: Fix indentation (bsc#1064232). - bcache: Fix kernel-doc warnings (bsc#1064232). - bcache: Fix, improve efficiency of closure_sync() (bsc#1076110). - bcache: Reduce the number of sparse complaints about lock imbalances (bsc#1064232). - bcache: Remove an unused variable (bsc#1064232). - bcache: Suppress more warnings about set-but-not-used variables (bsc#1064232). - bcache: Use PTR_ERR_OR_ZERO() (bsc#1076110). - bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1064232). - bcache: add backing_request_endio() for bi_end_io (bsc#1064232). - bcache: add io_disable to struct cached_dev (bsc#1064232). - bcache: add journal statistic (bsc#1076110). - bcache: add stop_when_cache_set_failed option to backing device (bsc#1064232). - bcache: add wait_for_kthread_stop() in bch_allocator_thread() (bsc#1064232). - bcache: closures: move control bits one bit right (bsc#1076110). - bcache: correct flash only vols (check all uuids) (bsc#1064232). - bcache: count backing device I/O error for writeback I/O (bsc#1064232). - bcache: fix cached_dev->count usage for bch_cache_set_error() (bsc#1064232). - bcache: fix crashes in duplicate cache device register (bsc#1076110). - bcache: fix error return value in memory shrink (bsc#1064232). - bcache: fix high CPU occupancy during journal (bsc#1076110). - bcache: fix inaccurate io state for detached bcache devices (bsc#1064232). - bcache: fix incorrect sysfs output value of strip size (bsc#1064232). - bcache: fix misleading error message in bch_count_io_errors() (bsc#1064232). - bcache: fix using of loop variable in memory shrink (bsc#1064232). - bcache: fix writeback target calc on large devices (bsc#1076110). - bcache: fix wrong return value in bch_debug_init() (bsc#1076110). - bcache: mark closure_sync() __sched (bsc#1076110). - bcache: move closure debug file into debug directory (bsc#1064232). - bcache: reduce cache_set devices iteration by devices_max_used (bsc#1064232). - bcache: ret IOERR when read meets metadata error (bsc#1076110). - bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n (bsc#1064232). - bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1064232). - bcache: set dc->io_disable to true in conditional_stop_bcache_device() (bsc#1064232). - bcache: set error_limit correctly (bsc#1064232). - bcache: set writeback_rate_update_seconds in range [1, 60] seconds (bsc#1064232). - bcache: stop bcache device when backing device is offline (bsc#1064232). - bcache: stop dc->writeback_rate_update properly (bsc#1064232). - bcache: stop writeback thread after detaching (bsc#1076110). - bcache: store disk name in struct cache and struct cached_dev (bsc#1064232). - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set (bsc#1064232). - block: Fix transfer when chunk sectors exceeds max (bnc#1012382). - bonding: re-evaluate force_primary when the primary slave name changes (bnc#1012382). - bpf: properly enforce index mask to prevent out-of-bounds speculation (bsc#1098425). - branch-check: fix long->int truncation when profiling branches (bnc#1012382). - btrfs: scrub: Do not use inode pages for device replace (bnc#1012382). - cdc_ncm: avoid padding beyond end of skb (bnc#1012382). - ceph: fix dentry leak in splice_dentry() (bsc#1098236). - ceph: fix use-after-free in ceph_statfs() (bsc#1098236). - ceph: fix wrong check for the case of updating link count (bsc#1098236). - ceph: prevent i_version from going back (bsc#1098236). - ceph: support file lock on directory (bsc#1098236). - cifs: Check for timeout on Negotiate stage (bsc#1091171). - cifs: Fix infinite loop when using hard mount option (bnc#1012382). - cpufreq: Fix new policy initialization during limits updates via sysfs (bnc#1012382). - cpuidle: powernv: Fix promotion from snooze if next state disabled (bnc#1012382). - dm thin: handle running out of data space vs concurrent discard (bnc#1012382). - dm: convert DM printk macros to pr level macros (bsc#1099918). - dm: fix printk() rate limiting code (bsc#1099918). - drbd: fix access after free (bnc#1012382). - driver core: Do not ignore class_dir_create_and_add() failure (bnc#1012382). - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes (bsc#1075876). - ext4: add more inode number paranoia checks (bnc#1012382). - ext4: add more mount time checks of the superblock (bnc#1012382). - ext4: always check block group bounds in ext4_init_block_bitmap() (bnc#1012382). - ext4: check superblock mapped prior to committing (bnc#1012382). - ext4: clear i_data in ext4_inode_info when removing inline data (bnc#1012382). - ext4: fix fencepost error in check for inode count overflow during resize (bnc#1012382). - ext4: fix unsupported feature message formatting (bsc#1098435). - ext4: include the illegal physical block in the bad map ext4_error msg (bnc#1012382). - ext4: make sure bitmaps and the inode table do not overlap with bg descriptors (bnc#1012382). - ext4: only look at the bg_flags field if it is valid (bnc#1012382). - ext4: update mtime in ext4_punch_hole even if no blocks are released (bnc#1012382). - ext4: verify the depth of extent tree in ext4_find_extent() (bnc#1012382). - fs/binfmt_misc.c: do not allow offset overflow (bsc#1099279). - fuse: atomic_o_trunc should truncate pagecache (bnc#1012382). - fuse: do not keep dead fuse_conn at fuse_fill_super() (bnc#1012382). - fuse: fix control dir setup and teardown (bnc#1012382). - hv_netvsc: avoid repeated updates of packet filter (bsc#1097492). - hv_netvsc: defer queue selection to VF (bsc#1097492). - hv_netvsc: enable multicast if necessary (bsc#1097492). - hv_netvsc: filter multicast/broadcast (bsc#1097492). - hv_netvsc: fix filter flags (bsc#1097492). - hv_netvsc: fix locking during VF setup (bsc#1097492). - hv_netvsc: fix locking for rx_mode (bsc#1097492). - hv_netvsc: propagate rx filters to VF (bsc#1097492). - i2c: rcar: fix resume by always initializing registers before transfer (bnc#1012382). - iio:buffer: make length types match kfifo types (bnc#1012382). - iommu/vt-d: Fix race condition in add_unmap() (bsc#1096790, bsc#1097034). - ipmi:bt: Set the timeout before doing a capabilities check (bnc#1012382). - ipv4: Fix error return value in fib_convert_metrics() (bnc#1012382). - ipvs: fix buffer overflow with sync daemon and service (bnc#1012382). - iwlmvm: tdls: Check TDLS channel switch support (bsc#1099810). - iwlwifi: fix non_shared_ant for 9000 devices (bsc#1099810). - jbd2: do not mark block as modified if the handle is out of credits (bnc#1012382). - kabi/severities: add 'drivers/md/bcache/* PASS' since no one uses symboles expoted by bcache. - kmod: fix wait on recursive loop (bsc#1099792). - kmod: reduce atomic operations on kmod_concurrent and simplify (bsc#1099792). - kmod: throttle kmod thread limit (bsc#1099792). - kprobes/x86: Do not modify singlestep buffer while resuming (bnc#1012382). - kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183). - lib/vsprintf: Remove atomic-unsafe support for %pCr (bnc#1012382). - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk (bnc#1012382). - libata: zpodd: make arrays cdb static, reduces object code size (bnc#1012382). - libata: zpodd: small read overflow in eject_tray() (bnc#1012382). - linvdimm, pmem: Preserve read-only setting for pmem devices (bnc#1012382). - m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() (bnc#1012382). - mac80211: Fix condition validating WMM IE (bsc#1099810,bsc#1099732). - media: cx231xx: Add support for AverMedia DVD EZMaker 7 (bnc#1012382). - media: cx25840: Use subdev host data for PLL override (bnc#1012382). - media: dvb_frontend: fix locking issues at dvb_frontend_get_event() (bnc#1012382). - media: smiapp: fix timeout checking in smiapp_read_nvm (bsc#1099918). - media: v4l2-compat-ioctl32: prevent go past max size (bnc#1012382). - mfd: intel-lpss: Program REMAP register in PIO mode (bnc#1012382). - mips: ftrace: fix static function graph tracing (bnc#1012382). - mm: hugetlb: yield when prepping struct pages (bnc#1012382). - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bnc#1012382). - mtd: cfi_cmdset_0002: Change definition naming to retry write operation (bnc#1012382). - mtd: cfi_cmdset_0002: Change erase functions to check chip good only (bnc#1012382). - mtd: cfi_cmdset_0002: Change erase functions to retry for error (bnc#1012382). - mtd: cfi_cmdset_0002: Change write buffer to check correct value (bnc#1012382). - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bnc#1012382). - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bnc#1012382). - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bnc#1012382). - mtd: cmdlinepart: Update comment for introduction of OFFSET_CONTINUOUS (bsc#1099918). - mtd: partitions: add helper for deleting partition (bsc#1099918). - mtd: partitions: remove sysfs files when deleting all master's partitions (bsc#1099918). - mtd: rawnand: mxc: set spare area size register explicitly (bnc#1012382). - n_tty: Access echo_* variables carefully (bnc#1012382). - n_tty: Fix stall at n_tty_receive_char_special() (bnc#1012382). - net/sonic: Use dma_mapping_error() (bnc#1012382). - net: qmi_wwan: Add Netgear Aircard 779S (bnc#1012382). - netfilter: ebtables: handle string from userspace with care (bnc#1012382). - netfilter: nf_log: do not hold nf_log_mutex during user access (bnc#1012382). - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() (bnc#1012382). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (bnc#1012382). - nvme-fabrics: allow duplicate connections to the discovery controller (bsc#1098527). - nvme-fabrics: allow internal passthrough command on deleting controllers (bsc#1098527). - nvme-fabrics: centralize discovery controller defaults (bsc#1098527). - nvme-fabrics: fix and refine state checks in __nvmf_check_ready (bsc#1098527). - nvme-fabrics: refactor queue ready check (bsc#1098527). - nvme-fc: change controllers first connect to use reconnect path (bsc#1098527). - nvme-fc: fix nulling of queue data on reconnect (bsc#1098527). - nvme-fc: remove reinit_request routine (bsc#1098527). - nvme-fc: remove setting DNR on exception conditions (bsc#1098527). - nvme-pci: initialize queue memory before interrupts (bnc#1012382). - nvme: allow duplicate controller if prior controller being deleted (bsc#1098527). - nvme: move init of keep_alive work item to controller initialization (bsc#1098527). - nvme: reimplement nvmf_check_if_ready() to avoid kabi breakage (bsc#1098527). - nvmet-fc: increase LS buffer count per fc port (bsc#1098527). - nvmet: switch loopback target state to connecting when resetting (bsc#1098527). - of: unittest: for strings, account for trailing \0 in property length field (bnc#1012382). - ovl: fix random return value on mount (bsc#1099993). - ovl: fix uid/gid when creating over whiteout (bsc#1099993). - ovl: override creds with the ones from the superblock mounter (bsc#1099993). - perf intel-pt: Fix "Unexpected indirect branch" error (bnc#1012382). - perf intel-pt: Fix MTC timing after overflow (bnc#1012382). - perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP (bnc#1012382). - perf intel-pt: Fix packet decoding of CYC packets (bnc#1012382). - perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING (bnc#1012382). - perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 (bnc#1012382). - platform/x86: thinkpad_acpi: Adding new hotkey ID for Lenovo thinkpad (bsc#1099810). - powerpc/64s: Exception macro for stack frame and initial register save (bsc#1094244). - powerpc/64s: Fix mce accounting for powernv (bsc#1094244). - powerpc/fadump: Unregister fadump on kexec down path (bnc#1012382). - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bnc#1012382). - powerpc/ptrace: Fix enforcement of DAWR constraints (bnc#1012382). - powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG (bnc#1012382). - powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244). - procfs: add tunable for fd/fdinfo dentry retention (bsc#10866542). - qla2xxx: Fix NULL pointer derefrence for fcport search (bsc#1085657). - qla2xxx: Fix inconsistent DMA mem alloc/free (bsc#1085657). - qla2xxx: Fix kernel crash due to late workqueue allocation (bsc#1085657). - regulator: Do not return or expect -errno from of_map_mode() (bsc#1099042). - restore cond_resched() in shrink_dcache_parent() (bsc#1098599). - rmdir(),rename(): do shrink_dcache_parent() only on success (bsc#1100340). - s390/dasd: configurable IFCC handling (bsc#1097808). - s390: Correct register corruption in critical section cleanup (bnc#1012382). - sbitmap: check for valid bitmap in sbitmap_for_each (bsc#1090435). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). - scsi: ipr: Format HCAM overlay ID 0x41 (bsc#1097961). - scsi: ipr: new IOASC update (bsc#1097961). - scsi: lpfc: Change IO submit return to EBUSY if remote port is recovering (bsc#1092207). - scsi: lpfc: Driver NVME load fails when CPU cnt > WQ resource cnt (bsc#1092207). - scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1089525). - scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1095453). - scsi: lpfc: Fix MDS diagnostics failure (Rx lower than Tx) (bsc#1095453). - scsi: lpfc: Fix crash in blk_mq layer when executing modprobe -r lpfc (bsc#1095453). - scsi: lpfc: Fix port initialization failure (bsc#1095453). - scsi: lpfc: Fix up log messages and stats counters in IO submit code path (bsc#1092207). - scsi: lpfc: Handle new link fault code returned by adapter firmware (bsc#1092207). - scsi: lpfc: correct oversubscription of nvme io requests for an adapter (bsc#1095453). - scsi: lpfc: update driver version to 11.4.0.7-3 (bsc#1092207). - scsi: lpfc: update driver version to 11.4.0.7-4 (bsc#1095453). - scsi: qedi: Fix truncation of CHAP name and secret (bsc#1097931) - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails (bnc#1012382). - scsi: qla2xxx: Spinlock recursion in qla_target (bsc#1097501) - scsi: sg: mitigate read/write abuse (bsc#1101296). - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (bnc#1099713, LTC#168765). - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version (bnc#1012382). - signal/xtensa: Consistenly use SIGBUS in do_unaligned_user (bnc#1012382). - sort and rename various hyperv patches - spi: Fix scatterlist elements size in spi_map_buf (bnc#1012382). - staging: android: ion: Return an ERR_PTR in ion_map_kernel (bnc#1012382). - staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write() (bnc#1012382). - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust() (bnc#1012382). - tcp: verify the checksum of the first data segment in a new connection (bnc#1012382). - thinkpad_acpi: Add support for HKEY version 0x200 (bsc#1099810). - time: Make sure jiffies_to_msecs() preserves non-zero time periods (bnc#1012382). - tracing: Fix missing return symbol in function_graph output (bnc#1012382). - ubi: fastmap: Cancel work upon detach (bnc#1012382). - ubi: fastmap: Correctly handle interrupted erasures in EBA (bnc#1012382). - udf: Detect incorrect directory size (bnc#1012382). - usb: cdc_acm: Add quirk for Uniden UBC125 scanner (bnc#1012382). - usb: do not reset if a low-speed or full-speed device timed out (bnc#1012382). - usb: musb: fix remote wakeup racing with suspend (bnc#1012382). - video/fbdev/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() (bsc#1090888 bsc#1099966). - video: uvesafb: Fix integer overflow in allocation (bnc#1012382). - w1: mxc_w1: Enable clock before calling clk_get_rate() on it (bnc#1012382). - wait: add wait_event_killable_timeout() (bsc#1099792). - watchdog: da9063: Fix setting/changing timeout (bsc#1100843). - watchdog: da9063: Fix timeout handling during probe (bsc#1100843). - watchdog: da9063: Fix updating timeout value (bsc#1100843). - x86/cpu/amd: Derive L3 shared_cpu_map from cpu_llc_shared_mask (bsc#1094643). - x86/mce: Fix incorrect "Machine check from unknown source" message (bnc#1012382). - x86/mce: Improve error message when kernel cannot recover (git-fixes b2f9d678e28c). - x86/pti: do not report XenPV as vulnerable (bsc#1097551). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1012382). - xfrm6: avoid potential infinite loop in _decode_session6() (bnc#1012382). - xfrm: Ignore socket policies when rebuilding hash tables (bnc#1012382). - xfrm: skip policies marked as dead while rehashing (bnc#1012382). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1385=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1385=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1385=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1385=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1385=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1385=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): kernel-default-debuginfo-4.4.140-94.42.1 kernel-default-debugsource-4.4.140-94.42.1 kernel-default-extra-4.4.140-94.42.1 kernel-default-extra-debuginfo-4.4.140-94.42.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.140-94.42.1 kernel-obs-build-debugsource-4.4.140-94.42.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.140-94.42.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.140-94.42.1 kernel-default-base-4.4.140-94.42.1 kernel-default-base-debuginfo-4.4.140-94.42.1 kernel-default-debuginfo-4.4.140-94.42.1 kernel-default-debugsource-4.4.140-94.42.1 kernel-default-devel-4.4.140-94.42.1 kernel-syms-4.4.140-94.42.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.140-94.42.1 kernel-macros-4.4.140-94.42.1 kernel-source-4.4.140-94.42.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-man-4.4.140-94.42.1 - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_140-94_42-default-1-4.3.1 kgraft-patch-4_4_140-94_42-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.140-94.42.1 cluster-md-kmp-default-debuginfo-4.4.140-94.42.1 dlm-kmp-default-4.4.140-94.42.1 dlm-kmp-default-debuginfo-4.4.140-94.42.1 gfs2-kmp-default-4.4.140-94.42.1 gfs2-kmp-default-debuginfo-4.4.140-94.42.1 kernel-default-debuginfo-4.4.140-94.42.1 kernel-default-debugsource-4.4.140-94.42.1 ocfs2-kmp-default-4.4.140-94.42.1 ocfs2-kmp-default-debuginfo-4.4.140-94.42.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kernel-default-4.4.140-94.42.1 kernel-default-debuginfo-4.4.140-94.42.1 kernel-default-debugsource-4.4.140-94.42.1 kernel-default-devel-4.4.140-94.42.1 kernel-default-extra-4.4.140-94.42.1 kernel-default-extra-debuginfo-4.4.140-94.42.1 kernel-syms-4.4.140-94.42.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-devel-4.4.140-94.42.1 kernel-macros-4.4.140-94.42.1 kernel-source-4.4.140-94.42.1 - SUSE CaaS Platform ALL (x86_64): kernel-default-4.4.140-94.42.1 kernel-default-debuginfo-4.4.140-94.42.1 kernel-default-debugsource-4.4.140-94.42.1 - SUSE CaaS Platform 3.0 (x86_64): kernel-default-4.4.140-94.42.1 kernel-default-debuginfo-4.4.140-94.42.1 kernel-default-debugsource-4.4.140-94.42.1 References: https://www.suse.com/security/cve/CVE-2018-13053.html https://www.suse.com/security/cve/CVE-2018-13405.html https://www.suse.com/security/cve/CVE-2018-13406.html https://www.suse.com/security/cve/CVE-2018-9385.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1064232 https://bugzilla.suse.com/1075876 https://bugzilla.suse.com/1076110 https://bugzilla.suse.com/1085185 https://bugzilla.suse.com/1085657 https://bugzilla.suse.com/1089525 https://bugzilla.suse.com/1090435 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1092207 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1094248 https://bugzilla.suse.com/1094643 https://bugzilla.suse.com/1095453 https://bugzilla.suse.com/1096790 https://bugzilla.suse.com/1097034 https://bugzilla.suse.com/1097140 https://bugzilla.suse.com/1097492 https://bugzilla.suse.com/1097501 https://bugzilla.suse.com/1097551 https://bugzilla.suse.com/1097808 https://bugzilla.suse.com/1097931 https://bugzilla.suse.com/1097961 https://bugzilla.suse.com/1098016 https://bugzilla.suse.com/1098236 https://bugzilla.suse.com/1098425 https://bugzilla.suse.com/1098435 https://bugzilla.suse.com/1098527 https://bugzilla.suse.com/1098599 https://bugzilla.suse.com/1099042 https://bugzilla.suse.com/1099183 https://bugzilla.suse.com/1099279 https://bugzilla.suse.com/1099713 https://bugzilla.suse.com/1099732 https://bugzilla.suse.com/1099792 https://bugzilla.suse.com/1099810 https://bugzilla.suse.com/1099918 https://bugzilla.suse.com/1099924 https://bugzilla.suse.com/1099966 https://bugzilla.suse.com/1099993 https://bugzilla.suse.com/1100089 https://bugzilla.suse.com/1100340 https://bugzilla.suse.com/1100416 https://bugzilla.suse.com/1100418 https://bugzilla.suse.com/1100491 https://bugzilla.suse.com/1100843 https://bugzilla.suse.com/1101296 From sle-updates at lists.suse.com Wed Jul 25 07:11:38 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Jul 2018 15:11:38 +0200 (CEST) Subject: SUSE-SU-2018:2056-1: moderate: Security update for xen Message-ID: <20180725131138.8FBE8FD81@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2056-1 Rating: moderate References: #1027519 #1079730 #1095242 #1096224 #1097521 #1097522 #1098744 Cross-References: CVE-2018-11806 CVE-2018-12617 CVE-2018-12891 CVE-2018-12893 CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2018-12617: Fix integer overflow that causes segmentation fault in qmp_guest_file_read() with g_malloc() (bsc#1098744). - CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). - CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521). - CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522). Bug fixes: - bsc#1079730: Fix failed "write" lock. - bsc#1027519: Add upstream patches from January. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1389=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): xen-4.4.4_34-22.71.2 xen-debugsource-4.4.4_34-22.71.2 xen-doc-html-4.4.4_34-22.71.2 xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2 xen-kmp-default-debuginfo-4.4.4_34_k3.12.61_52.136-22.71.2 xen-libs-32bit-4.4.4_34-22.71.2 xen-libs-4.4.4_34-22.71.2 xen-libs-debuginfo-32bit-4.4.4_34-22.71.2 xen-libs-debuginfo-4.4.4_34-22.71.2 xen-tools-4.4.4_34-22.71.2 xen-tools-debuginfo-4.4.4_34-22.71.2 xen-tools-domU-4.4.4_34-22.71.2 xen-tools-domU-debuginfo-4.4.4_34-22.71.2 References: https://www.suse.com/security/cve/CVE-2018-11806.html https://www.suse.com/security/cve/CVE-2018-12617.html https://www.suse.com/security/cve/CVE-2018-12891.html https://www.suse.com/security/cve/CVE-2018-12893.html https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1079730 https://bugzilla.suse.com/1095242 https://bugzilla.suse.com/1096224 https://bugzilla.suse.com/1097521 https://bugzilla.suse.com/1097522 https://bugzilla.suse.com/1098744 From sle-updates at lists.suse.com Wed Jul 25 07:13:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Jul 2018 15:13:30 +0200 (CEST) Subject: SUSE-SU-2018:2058-1: Security update for nautilus Message-ID: <20180725131330.B02C4FD7E@maintenance.suse.de> SUSE Security Update: Security update for nautilus ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2058-1 Rating: low References: #1060031 Cross-References: CVE-2017-14604 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nautilus fixes the following issues: Security issue fixed: - CVE-2017-14604: Add a metadata::trusted metadata to the file once the user acknowledges the file as trusted, and also remove the "trusted" content in the desktop file (bsc#1060031). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1387=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1387=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1387=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1387=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libnautilus-extension1-32bit-3.20.3-23.3.14 libnautilus-extension1-debuginfo-32bit-3.20.3-23.3.14 nautilus-debugsource-3.20.3-23.3.14 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): nautilus-debuginfo-3.20.3-23.3.14 nautilus-debugsource-3.20.3-23.3.14 nautilus-devel-3.20.3-23.3.14 typelib-1_0-Nautilus-3_0-3.20.3-23.3.14 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-3.20.3-23.3.14 libnautilus-extension1-3.20.3-23.3.14 libnautilus-extension1-debuginfo-3.20.3-23.3.14 nautilus-3.20.3-23.3.14 nautilus-debuginfo-3.20.3-23.3.14 nautilus-debugsource-3.20.3-23.3.14 - SUSE Linux Enterprise Server 12-SP3 (noarch): nautilus-lang-3.20.3-23.3.14 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): nautilus-lang-3.20.3-23.3.14 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gnome-shell-search-provider-nautilus-3.20.3-23.3.14 libnautilus-extension1-3.20.3-23.3.14 libnautilus-extension1-32bit-3.20.3-23.3.14 libnautilus-extension1-debuginfo-3.20.3-23.3.14 libnautilus-extension1-debuginfo-32bit-3.20.3-23.3.14 nautilus-3.20.3-23.3.14 nautilus-debuginfo-3.20.3-23.3.14 nautilus-debugsource-3.20.3-23.3.14 References: https://www.suse.com/security/cve/CVE-2017-14604.html https://bugzilla.suse.com/1060031 From sle-updates at lists.suse.com Wed Jul 25 07:14:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Jul 2018 15:14:04 +0200 (CEST) Subject: SUSE-SU-2018:2059-1: moderate: Security update for xen Message-ID: <20180725131404.CBA9DFD81@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2059-1 Rating: moderate References: #1027519 #1087289 #1095242 #1096224 #1097521 #1097522 #1097523 Cross-References: CVE-2018-11806 CVE-2018-12891 CVE-2018-12892 CVE-2018-12893 CVE-2018-3665 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242). - CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521). - CVE-2018-12892: Fix libxl to honour the readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523). - CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). Bug fixes: - bsc#1027519: Add upstream patches from January. - bsc#1087289: Fix xen scheduler crash. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1388=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1388=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1388=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 x86_64): xen-debugsource-4.9.2_08-3.35.2 xen-devel-4.9.2_08-3.35.2 - SUSE Linux Enterprise Server 12-SP3 (x86_64): xen-4.9.2_08-3.35.2 xen-debugsource-4.9.2_08-3.35.2 xen-doc-html-4.9.2_08-3.35.2 xen-libs-32bit-4.9.2_08-3.35.2 xen-libs-4.9.2_08-3.35.2 xen-libs-debuginfo-32bit-4.9.2_08-3.35.2 xen-libs-debuginfo-4.9.2_08-3.35.2 xen-tools-4.9.2_08-3.35.2 xen-tools-debuginfo-4.9.2_08-3.35.2 xen-tools-domU-4.9.2_08-3.35.2 xen-tools-domU-debuginfo-4.9.2_08-3.35.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): xen-4.9.2_08-3.35.2 xen-debugsource-4.9.2_08-3.35.2 xen-libs-32bit-4.9.2_08-3.35.2 xen-libs-4.9.2_08-3.35.2 xen-libs-debuginfo-32bit-4.9.2_08-3.35.2 xen-libs-debuginfo-4.9.2_08-3.35.2 - SUSE CaaS Platform ALL (x86_64): xen-debugsource-4.9.2_08-3.35.2 xen-libs-4.9.2_08-3.35.2 xen-libs-debuginfo-4.9.2_08-3.35.2 xen-tools-domU-4.9.2_08-3.35.2 xen-tools-domU-debuginfo-4.9.2_08-3.35.2 References: https://www.suse.com/security/cve/CVE-2018-11806.html https://www.suse.com/security/cve/CVE-2018-12891.html https://www.suse.com/security/cve/CVE-2018-12892.html https://www.suse.com/security/cve/CVE-2018-12893.html https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1087289 https://bugzilla.suse.com/1095242 https://bugzilla.suse.com/1096224 https://bugzilla.suse.com/1097521 https://bugzilla.suse.com/1097522 https://bugzilla.suse.com/1097523 From sle-updates at lists.suse.com Wed Jul 25 10:07:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Jul 2018 18:07:52 +0200 (CEST) Subject: SUSE-RU-2018:2060-1: moderate: Recommended update for python-apache-libcloud Message-ID: <20180725160752.110DEFD81@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-apache-libcloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2060-1 Rating: moderate References: #1095608 Affected Products: SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-apache-libcloud fixes the following issues: - Fix path to certificates. (bsc#1095608) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2018-1390=1 Package List: - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): python-apache-libcloud-0.19.0-3.6.1 python3-apache-libcloud-0.19.0-3.6.1 References: https://bugzilla.suse.com/1095608 From sle-updates at lists.suse.com Thu Jul 26 04:11:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jul 2018 12:11:47 +0200 (CEST) Subject: SUSE-SU-2018:2062-1: important: Security update for the Linux Kernel Message-ID: <20180726101147.A5FC1FD81@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2062-1 Rating: important References: #1045538 #1047487 #1087086 #1090078 #1094244 #1094876 #1098408 #1099177 #1099598 #1099709 #1099966 #1100089 #1100091 #1101296 #780242 #784815 #786036 #790588 #795301 #902351 #909495 #923242 #925105 #936423 Cross-References: CVE-2014-3688 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has 23 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-3688: The SCTP implementation allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue (bsc#902351). The following non-security bugs were fixed: - ALSA: hda/ca0132: fix build failure when a local macro is defined (bsc#1045538). - ALSA: seq: Do not allow resizing pool in use (bsc#1045538). - Delete patches.fixes/0001-ipc-shm-Fix-shmat-mmap-nil-page-protection.patch (bsc# 1090078) - IB/mlx4: fix sprintf format warning (bnc#786036). - RDMA/mlx4: Discard unknown SQP work requests (bnc#786036). - USB: uss720: fix NULL-deref at probe (bnc#1047487). - bna: integer overflow bug in debugfs (bnc#780242). - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes (bug#923242). - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bug#909495). - fix a leak in /proc/schedstats (bsc#1094876). - ixgbe: Initialize 64-bit stats seqcounts (bnc#795301). - mm: fix the NULL mapping case in __isolate_lru_page() (git-fixes). - module/retpoline: Warn about missing retpoline in module (bnc#1099177). - net/mlx4_core: Fix error handling in mlx4_init_port_info (bnc#786036). - net/mlx4_en: Change default QoS settings (bnc#786036 ). - net/mlx4_en: Use __force to fix a sparse warning in TX datapath (bug#925105). - netxen: fix incorrect loop counter decrement (bnc#784815). - powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244). - s390/qdio: do not merge ERROR output buffers (bnc#1099709). - s390/qeth: do not dump control cmd twice (bnc#1099709). - s390/qeth: fix SETIP command handling (bnc#1099709). - s390/qeth: free netdevice when removing a card (bnc#1099709). - s390/qeth: lock read device while queueing next buffer (bnc#1099709). - s390/qeth: when thread completes, wake up all waiters (bnc#1099709). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). - scsi: sg: mitigate read/write abuse (bsc#1101296). - tg3: do not clear stats while tg3_close (bnc#790588). - video/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() (bnc#1099966). - vmxnet3: use correct flag to indicate LRO feature (bsc#936423). - x86-32/kaiser: Add CPL check for CR3 switch before iret (bsc#1098408). - x86-non-upstream-eager-fpu 32bit fix (bnc#1087086, bnc#1100091, bnc#1099598). - x86/cpu/bugs: Make retpoline module warning conditional (bnc#1099177). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-source-13702=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-source-13702=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-13702=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-13702=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-108.60.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-108.60.1 kernel-default-base-3.0.101-108.60.1 kernel-default-devel-3.0.101-108.60.1 kernel-source-3.0.101-108.60.1 kernel-syms-3.0.101-108.60.1 kernel-trace-3.0.101-108.60.1 kernel-trace-base-3.0.101-108.60.1 kernel-trace-devel-3.0.101-108.60.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-108.60.1 kernel-ec2-base-3.0.101-108.60.1 kernel-ec2-devel-3.0.101-108.60.1 kernel-xen-3.0.101-108.60.1 kernel-xen-base-3.0.101-108.60.1 kernel-xen-devel-3.0.101-108.60.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-108.60.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-108.60.1 kernel-bigmem-base-3.0.101-108.60.1 kernel-bigmem-devel-3.0.101-108.60.1 kernel-ppc64-3.0.101-108.60.1 kernel-ppc64-base-3.0.101-108.60.1 kernel-ppc64-devel-3.0.101-108.60.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-108.60.1 kernel-pae-base-3.0.101-108.60.1 kernel-pae-devel-3.0.101-108.60.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.60.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.60.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.60.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.60.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.60.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.60.1 kernel-default-debugsource-3.0.101-108.60.1 kernel-trace-debuginfo-3.0.101-108.60.1 kernel-trace-debugsource-3.0.101-108.60.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.60.1 kernel-trace-devel-debuginfo-3.0.101-108.60.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.60.1 kernel-ec2-debugsource-3.0.101-108.60.1 kernel-xen-debuginfo-3.0.101-108.60.1 kernel-xen-debugsource-3.0.101-108.60.1 kernel-xen-devel-debuginfo-3.0.101-108.60.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.60.1 kernel-bigmem-debugsource-3.0.101-108.60.1 kernel-ppc64-debuginfo-3.0.101-108.60.1 kernel-ppc64-debugsource-3.0.101-108.60.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.60.1 kernel-pae-debugsource-3.0.101-108.60.1 kernel-pae-devel-debuginfo-3.0.101-108.60.1 References: https://www.suse.com/security/cve/CVE-2014-3688.html https://bugzilla.suse.com/1045538 https://bugzilla.suse.com/1047487 https://bugzilla.suse.com/1087086 https://bugzilla.suse.com/1090078 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1094876 https://bugzilla.suse.com/1098408 https://bugzilla.suse.com/1099177 https://bugzilla.suse.com/1099598 https://bugzilla.suse.com/1099709 https://bugzilla.suse.com/1099966 https://bugzilla.suse.com/1100089 https://bugzilla.suse.com/1100091 https://bugzilla.suse.com/1101296 https://bugzilla.suse.com/780242 https://bugzilla.suse.com/784815 https://bugzilla.suse.com/786036 https://bugzilla.suse.com/790588 https://bugzilla.suse.com/795301 https://bugzilla.suse.com/902351 https://bugzilla.suse.com/909495 https://bugzilla.suse.com/923242 https://bugzilla.suse.com/925105 https://bugzilla.suse.com/936423 From sle-updates at lists.suse.com Thu Jul 26 07:07:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jul 2018 15:07:29 +0200 (CEST) Subject: SUSE-RU-2018:2063-1: important: Recommended update for yast2-core Message-ID: <20180726130729.ACEAAFDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2063-1 Rating: important References: #1099325 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-core fixes the following issues: - Fixed detection of aarch64 during an offline upgrade (bsc#1099325) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1392=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): yast2-core-4.0.3-3.3.1 yast2-core-debuginfo-4.0.3-3.3.1 yast2-core-debugsource-4.0.3-3.3.1 yast2-core-devel-4.0.3-3.3.1 References: https://bugzilla.suse.com/1099325 From sle-updates at lists.suse.com Thu Jul 26 13:07:38 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jul 2018 21:07:38 +0200 (CEST) Subject: SUSE-SU-2018:2064-1: important: Security update for libofx Message-ID: <20180726190738.99354FD38@maintenance.suse.de> SUSE Security Update: Security update for libofx ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2064-1 Rating: important References: #1058673 #1060437 #1061964 Cross-References: CVE-2017-14731 CVE-2017-2816 CVE-2017-2920 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libofx fixes the following issues: Security issues fixed: - CVE-2017-2816: Fix an exploitable buffer overflow vulnerability in the tag parsing functionality (bsc#1058673). - CVE-2017-2920: Fix a buffer overflow vulnerability in sanitize_proprietary_tags in lib/ofx_preproc.cpp (bsc#1061964). - CVE-2017-14731: Fix remote denial of service via a crafted file in ofx_proc_file in ofx_preproc.cpp (bsc#1060437). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1408=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1408=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1408=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libofx-0.9.9-3.7.1 libofx-debuginfo-0.9.9-3.7.1 libofx-debugsource-0.9.9-3.7.1 libofx6-0.9.9-3.7.1 libofx6-debuginfo-0.9.9-3.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libofx-0.9.9-3.7.1 libofx-debuginfo-0.9.9-3.7.1 libofx-debugsource-0.9.9-3.7.1 libofx-devel-0.9.9-3.7.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libofx-0.9.9-3.7.1 libofx-debuginfo-0.9.9-3.7.1 libofx-debugsource-0.9.9-3.7.1 libofx6-0.9.9-3.7.1 libofx6-debuginfo-0.9.9-3.7.1 References: https://www.suse.com/security/cve/CVE-2017-14731.html https://www.suse.com/security/cve/CVE-2017-2816.html https://www.suse.com/security/cve/CVE-2017-2920.html https://bugzilla.suse.com/1058673 https://bugzilla.suse.com/1060437 https://bugzilla.suse.com/1061964 From sle-updates at lists.suse.com Thu Jul 26 13:08:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jul 2018 21:08:27 +0200 (CEST) Subject: SUSE-SU-2018:2065-1: moderate: Security update for libsndfile Message-ID: <20180726190827.7D808FD35@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2065-1 Rating: moderate References: #1071767 #1071777 #1100167 Cross-References: CVE-2017-17456 CVE-2017-17457 CVE-2018-13139 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libsndfile fixes the following issues: Security issues fixed: - CVE-2018-13139: Fix a stack-based buffer overflow in psf_memset in common.c that allows remote attackers to cause a denial of service (bsc#1100167). - CVE-2017-17456: Prevent segmentation fault in the function d2alaw_array() that may have lead to a remote DoS (bsc#1071777) - CVE-2017-17457: Prevent segmentation fault in the function d2ulaw_array() that may have lead to a remote DoS, a different vulnerability than CVE-2017-14246 (bsc#1071767) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1405=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1405=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1405=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-36.13.1 libsndfile-devel-1.0.25-36.13.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-36.13.1 libsndfile1-1.0.25-36.13.1 libsndfile1-debuginfo-1.0.25-36.13.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libsndfile1-32bit-1.0.25-36.13.1 libsndfile1-debuginfo-32bit-1.0.25-36.13.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsndfile-debugsource-1.0.25-36.13.1 libsndfile1-1.0.25-36.13.1 libsndfile1-32bit-1.0.25-36.13.1 libsndfile1-debuginfo-1.0.25-36.13.1 libsndfile1-debuginfo-32bit-1.0.25-36.13.1 References: https://www.suse.com/security/cve/CVE-2017-17456.html https://www.suse.com/security/cve/CVE-2017-17457.html https://www.suse.com/security/cve/CVE-2018-13139.html https://bugzilla.suse.com/1071767 https://bugzilla.suse.com/1071777 https://bugzilla.suse.com/1100167 From sle-updates at lists.suse.com Thu Jul 26 13:09:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jul 2018 21:09:15 +0200 (CEST) Subject: SUSE-SU-2018:2066-1: moderate: Security update for util-linux Message-ID: <20180726190915.C2267FD35@maintenance.suse.de> SUSE Security Update: Security update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2066-1 Rating: moderate References: #1084300 Cross-References: CVE-2018-7738 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for util-linux fixes the following security issue: - CVE-2018-7738: Fix local vulnerability using embedded shell commands in a mountpoint name (bsc#1084300) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-1397=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1397=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): util-linux-systemd-debuginfo-2.31.1-9.3.1 util-linux-systemd-debugsource-2.31.1-9.3.1 uuidd-2.31.1-9.3.1 uuidd-debuginfo-2.31.1-9.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.31.1-9.3.1 libblkid-devel-static-2.31.1-9.3.1 libblkid1-2.31.1-9.3.1 libblkid1-debuginfo-2.31.1-9.3.1 libfdisk-devel-2.31.1-9.3.1 libfdisk1-2.31.1-9.3.1 libfdisk1-debuginfo-2.31.1-9.3.1 libmount-devel-2.31.1-9.3.1 libmount1-2.31.1-9.3.1 libmount1-debuginfo-2.31.1-9.3.1 libsmartcols-devel-2.31.1-9.3.1 libsmartcols1-2.31.1-9.3.1 libsmartcols1-debuginfo-2.31.1-9.3.1 libuuid-devel-2.31.1-9.3.1 libuuid-devel-static-2.31.1-9.3.1 libuuid1-2.31.1-9.3.1 libuuid1-debuginfo-2.31.1-9.3.1 util-linux-2.31.1-9.3.1 util-linux-debuginfo-2.31.1-9.3.1 util-linux-debugsource-2.31.1-9.3.1 util-linux-systemd-2.31.1-9.3.1 util-linux-systemd-debuginfo-2.31.1-9.3.1 util-linux-systemd-debugsource-2.31.1-9.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libblkid1-32bit-2.31.1-9.3.1 libblkid1-32bit-debuginfo-2.31.1-9.3.1 libmount1-32bit-2.31.1-9.3.1 libmount1-32bit-debuginfo-2.31.1-9.3.1 libuuid1-32bit-2.31.1-9.3.1 libuuid1-32bit-debuginfo-2.31.1-9.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): util-linux-lang-2.31.1-9.3.1 References: https://www.suse.com/security/cve/CVE-2018-7738.html https://bugzilla.suse.com/1084300 From sle-updates at lists.suse.com Thu Jul 26 13:09:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jul 2018 21:09:48 +0200 (CEST) Subject: SUSE-SU-2018:2067-1: moderate: Security update for exempi Message-ID: <20180726190948.7F129FD35@maintenance.suse.de> SUSE Security Update: Security update for exempi ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2067-1 Rating: moderate References: #1085295 #1085585 Cross-References: CVE-2017-18234 CVE-2018-7730 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for exempi fixes the following issues: Security issue fixed: - CVE-2018-7730: Fix heap-based buffer overflow in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp (bsc#1085295). - CVE-2017-18234: Fix use-after-free issue that allows remote attackers to cause a denial of service via a .pdf file (bsc#1085585). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-exempi-13705=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-exempi-13705=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-exempi-13705=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libexempi-devel-2.0.2-4.5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libexempi3-2.0.2-4.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): exempi-debuginfo-2.0.2-4.5.1 exempi-debugsource-2.0.2-4.5.1 References: https://www.suse.com/security/cve/CVE-2017-18234.html https://www.suse.com/security/cve/CVE-2018-7730.html https://bugzilla.suse.com/1085295 https://bugzilla.suse.com/1085585 From sle-updates at lists.suse.com Thu Jul 26 13:10:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jul 2018 21:10:28 +0200 (CEST) Subject: SUSE-SU-2018:2068-1: important: Security update for java-1_8_0-ibm Message-ID: <20180726191028.BB9B2FD35@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2068-1 Rating: important References: #1085449 #1093311 Cross-References: CVE-2018-1417 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2825 CVE-2018-2826 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: IBM Java was updated to version 8.0.5.15 [bsc#1093311, bsc#1085449] Security fixes: - CVE-2018-2826 CVE-2018-2825 CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 - Removed translations in the java-1_8_0-ibm-devel-32bit package as they conflict with those in java-1_8_0-ibm-devel. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-1398=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.15-3.3.4 java-1_8_0-ibm-devel-1.8.0_sr5.15-3.3.4 - SUSE Linux Enterprise Module for Legacy Software 15 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.15-3.3.4 java-1_8_0-ibm-plugin-1.8.0_sr5.15-3.3.4 References: https://www.suse.com/security/cve/CVE-2018-1417.html https://www.suse.com/security/cve/CVE-2018-2783.html https://www.suse.com/security/cve/CVE-2018-2790.html https://www.suse.com/security/cve/CVE-2018-2794.html https://www.suse.com/security/cve/CVE-2018-2795.html https://www.suse.com/security/cve/CVE-2018-2796.html https://www.suse.com/security/cve/CVE-2018-2797.html https://www.suse.com/security/cve/CVE-2018-2798.html https://www.suse.com/security/cve/CVE-2018-2799.html https://www.suse.com/security/cve/CVE-2018-2800.html https://www.suse.com/security/cve/CVE-2018-2814.html https://www.suse.com/security/cve/CVE-2018-2825.html https://www.suse.com/security/cve/CVE-2018-2826.html https://bugzilla.suse.com/1085449 https://bugzilla.suse.com/1093311 From sle-updates at lists.suse.com Thu Jul 26 13:11:10 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jul 2018 21:11:10 +0200 (CEST) Subject: SUSE-SU-2018:2069-1: moderate: Security update for xen Message-ID: <20180726191110.45C77FD38@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2069-1 Rating: moderate References: #1027519 #1079730 #1095242 #1096224 #1097521 #1097522 #1098744 Cross-References: CVE-2018-11806 CVE-2018-12617 CVE-2018-12891 CVE-2018-12893 CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2018-12617: Fix integer overflow that causes segmentation fault in qmp_guest_file_read() with g_malloc() (bsc#1098744). - CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). - CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521). - CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522). Bug fixes: - bsc#1079730: Fix failed "write" lock. - bsc#1027519: Add upstream patches from January. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1406=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1406=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): xen-4.5.5_24-22.52.3 xen-debugsource-4.5.5_24-22.52.3 xen-doc-html-4.5.5_24-22.52.3 xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3 xen-kmp-default-debuginfo-4.5.5_24_k3.12.74_60.64.96-22.52.3 xen-libs-32bit-4.5.5_24-22.52.3 xen-libs-4.5.5_24-22.52.3 xen-libs-debuginfo-32bit-4.5.5_24-22.52.3 xen-libs-debuginfo-4.5.5_24-22.52.3 xen-tools-4.5.5_24-22.52.3 xen-tools-debuginfo-4.5.5_24-22.52.3 xen-tools-domU-4.5.5_24-22.52.3 xen-tools-domU-debuginfo-4.5.5_24-22.52.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): xen-4.5.5_24-22.52.3 xen-debugsource-4.5.5_24-22.52.3 xen-doc-html-4.5.5_24-22.52.3 xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3 xen-kmp-default-debuginfo-4.5.5_24_k3.12.74_60.64.96-22.52.3 xen-libs-32bit-4.5.5_24-22.52.3 xen-libs-4.5.5_24-22.52.3 xen-libs-debuginfo-32bit-4.5.5_24-22.52.3 xen-libs-debuginfo-4.5.5_24-22.52.3 xen-tools-4.5.5_24-22.52.3 xen-tools-debuginfo-4.5.5_24-22.52.3 xen-tools-domU-4.5.5_24-22.52.3 xen-tools-domU-debuginfo-4.5.5_24-22.52.3 References: https://www.suse.com/security/cve/CVE-2018-11806.html https://www.suse.com/security/cve/CVE-2018-12617.html https://www.suse.com/security/cve/CVE-2018-12891.html https://www.suse.com/security/cve/CVE-2018-12893.html https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1079730 https://bugzilla.suse.com/1095242 https://bugzilla.suse.com/1096224 https://bugzilla.suse.com/1097521 https://bugzilla.suse.com/1097522 https://bugzilla.suse.com/1098744 From sle-updates at lists.suse.com Thu Jul 26 13:12:44 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jul 2018 21:12:44 +0200 (CEST) Subject: SUSE-SU-2018:2070-1: Security update for ntfs-3g Message-ID: <20180726191244.753D6FD35@maintenance.suse.de> SUSE Security Update: Security update for ntfs-3g ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2070-1 Rating: low References: #1022500 Cross-References: CVE-2017-0358 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ntfs-3g fixes the following issues: - CVE-2017-0358: Missing sanitization of the environment during a call to modprobe allowed local users to escalate fo root privilege (bsc#1022500) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ntfs-3g-13703=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ntfs-3g-13703=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntfs-3g-2011.4.12-0.9.3.1 ntfsprogs-2011.4.12-0.9.3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): ntfs-3g-devel-2011.4.12-0.9.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntfs-3g-debuginfo-2011.4.12-0.9.3.1 ntfs-3g-debugsource-2011.4.12-0.9.3.1 References: https://www.suse.com/security/cve/CVE-2017-0358.html https://bugzilla.suse.com/1022500 From sle-updates at lists.suse.com Thu Jul 26 13:13:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jul 2018 21:13:17 +0200 (CEST) Subject: SUSE-SU-2018:2071-1: moderate: Security update for util-linux Message-ID: <20180726191317.6146BFD35@maintenance.suse.de> SUSE Security Update: Security update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2071-1 Rating: moderate References: #1072947 #1078662 #1080740 #1084300 Cross-References: CVE-2018-7738 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for util-linux fixes the following issues: This non-security issue was fixed: - CVE-2018-7738: bash-completion/umount allowed local users to gain privileges by embedding shell commands in a mountpoint name, which was mishandled during a umount command by a different user (bsc#1084300). These non-security issues were fixed: - Fixed crash loop in lscpu (bsc#1072947). - Fixed possible segfault of umount -a - Fixed mount -a on NFS bind mounts (bsc#1080740). - Fixed lsblk on NVMe (bsc#1078662). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1400=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1400=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1400=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1400=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libuuid-devel-2.29.2-3.8.1 util-linux-debuginfo-2.29.2-3.8.1 util-linux-debugsource-2.29.2-3.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.29.2-3.8.1 libmount-devel-2.29.2-3.8.1 libsmartcols-devel-2.29.2-3.8.1 libuuid-devel-2.29.2-3.8.1 util-linux-debuginfo-2.29.2-3.8.1 util-linux-debugsource-2.29.2-3.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libblkid1-2.29.2-3.8.1 libblkid1-debuginfo-2.29.2-3.8.1 libfdisk1-2.29.2-3.8.1 libfdisk1-debuginfo-2.29.2-3.8.1 libmount1-2.29.2-3.8.1 libmount1-debuginfo-2.29.2-3.8.1 libsmartcols1-2.29.2-3.8.1 libsmartcols1-debuginfo-2.29.2-3.8.1 libuuid1-2.29.2-3.8.1 libuuid1-debuginfo-2.29.2-3.8.1 python-libmount-2.29.2-3.8.1 python-libmount-debuginfo-2.29.2-3.8.1 python-libmount-debugsource-2.29.2-3.8.1 util-linux-2.29.2-3.8.1 util-linux-debuginfo-2.29.2-3.8.1 util-linux-debugsource-2.29.2-3.8.1 util-linux-systemd-2.29.2-3.8.1 util-linux-systemd-debuginfo-2.29.2-3.8.1 util-linux-systemd-debugsource-2.29.2-3.8.1 uuidd-2.29.2-3.8.1 uuidd-debuginfo-2.29.2-3.8.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libblkid1-32bit-2.29.2-3.8.1 libblkid1-debuginfo-32bit-2.29.2-3.8.1 libmount1-32bit-2.29.2-3.8.1 libmount1-debuginfo-32bit-2.29.2-3.8.1 libuuid1-32bit-2.29.2-3.8.1 libuuid1-debuginfo-32bit-2.29.2-3.8.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): util-linux-lang-2.29.2-3.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): util-linux-lang-2.29.2-3.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libblkid1-2.29.2-3.8.1 libblkid1-32bit-2.29.2-3.8.1 libblkid1-debuginfo-2.29.2-3.8.1 libblkid1-debuginfo-32bit-2.29.2-3.8.1 libfdisk1-2.29.2-3.8.1 libfdisk1-debuginfo-2.29.2-3.8.1 libmount1-2.29.2-3.8.1 libmount1-32bit-2.29.2-3.8.1 libmount1-debuginfo-2.29.2-3.8.1 libmount1-debuginfo-32bit-2.29.2-3.8.1 libsmartcols1-2.29.2-3.8.1 libsmartcols1-debuginfo-2.29.2-3.8.1 libuuid-devel-2.29.2-3.8.1 libuuid1-2.29.2-3.8.1 libuuid1-32bit-2.29.2-3.8.1 libuuid1-debuginfo-2.29.2-3.8.1 libuuid1-debuginfo-32bit-2.29.2-3.8.1 python-libmount-2.29.2-3.8.1 python-libmount-debuginfo-2.29.2-3.8.1 python-libmount-debugsource-2.29.2-3.8.1 util-linux-2.29.2-3.8.1 util-linux-debuginfo-2.29.2-3.8.1 util-linux-debugsource-2.29.2-3.8.1 util-linux-systemd-2.29.2-3.8.1 util-linux-systemd-debuginfo-2.29.2-3.8.1 util-linux-systemd-debugsource-2.29.2-3.8.1 uuidd-2.29.2-3.8.1 uuidd-debuginfo-2.29.2-3.8.1 - SUSE CaaS Platform ALL (x86_64): libblkid1-2.29.2-3.8.1 libblkid1-debuginfo-2.29.2-3.8.1 libfdisk1-2.29.2-3.8.1 libfdisk1-debuginfo-2.29.2-3.8.1 libmount1-2.29.2-3.8.1 libmount1-debuginfo-2.29.2-3.8.1 libsmartcols1-2.29.2-3.8.1 libsmartcols1-debuginfo-2.29.2-3.8.1 libuuid1-2.29.2-3.8.1 libuuid1-debuginfo-2.29.2-3.8.1 util-linux-2.29.2-3.8.1 util-linux-debuginfo-2.29.2-3.8.1 util-linux-debugsource-2.29.2-3.8.1 util-linux-systemd-2.29.2-3.8.1 util-linux-systemd-debuginfo-2.29.2-3.8.1 util-linux-systemd-debugsource-2.29.2-3.8.1 References: https://www.suse.com/security/cve/CVE-2018-7738.html https://bugzilla.suse.com/1072947 https://bugzilla.suse.com/1078662 https://bugzilla.suse.com/1080740 https://bugzilla.suse.com/1084300 From sle-updates at lists.suse.com Thu Jul 26 13:14:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jul 2018 21:14:16 +0200 (CEST) Subject: SUSE-SU-2018:2072-1: moderate: Security update for ovmf Message-ID: <20180726191416.45BE6FD35@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2072-1 Rating: moderate References: #1094289 Cross-References: CVE-2018-0739 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth (bsc#1094289). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-1399=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 x86_64): ovmf-2017+git1510945757.b2662641d5-5.3.6 ovmf-tools-2017+git1510945757.b2662641d5-5.3.6 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.3.6 qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.3.6 References: https://www.suse.com/security/cve/CVE-2018-0739.html https://bugzilla.suse.com/1094289 From sle-updates at lists.suse.com Thu Jul 26 13:14:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jul 2018 21:14:47 +0200 (CEST) Subject: SUSE-SU-2018:2073-1: moderate: Security update for rpm Message-ID: <20180726191447.A0C75FD35@maintenance.suse.de> SUSE Security Update: Security update for rpm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2073-1 Rating: moderate References: #1094735 #1095148 #943457 Cross-References: CVE-2017-7500 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for rpm fixes the following issues: This security vulnerability was fixed: - CVE-2017-7500: Fixed symlink attacks during RPM installation (bsc#943457) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1396=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1396=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.1-10.3.1 rpm-build-debuginfo-4.14.1-10.3.1 rpm-debuginfo-4.14.1-10.3.1 rpm-debugsource-4.14.1-10.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): python-rpm-debugsource-4.14.1-10.3.1 python2-rpm-4.14.1-10.3.1 python2-rpm-debuginfo-4.14.1-10.3.1 python3-rpm-4.14.1-10.3.1 python3-rpm-debuginfo-4.14.1-10.3.1 rpm-4.14.1-10.3.1 rpm-debuginfo-4.14.1-10.3.1 rpm-debugsource-4.14.1-10.3.1 rpm-devel-4.14.1-10.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): rpm-32bit-4.14.1-10.3.1 rpm-32bit-debuginfo-4.14.1-10.3.1 References: https://www.suse.com/security/cve/CVE-2017-7500.html https://bugzilla.suse.com/1094735 https://bugzilla.suse.com/1095148 https://bugzilla.suse.com/943457 From sle-updates at lists.suse.com Thu Jul 26 13:15:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jul 2018 21:15:42 +0200 (CEST) Subject: SUSE-SU-2018:2074-1: moderate: Security update for libsndfile Message-ID: <20180726191542.DD639FD35@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2074-1 Rating: moderate References: #1071767 #1071777 #1100167 Cross-References: CVE-2017-17456 CVE-2017-17457 CVE-2018-13139 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libsndfile fixes the following issues: Security issues fixed: - CVE-2018-13139: Fix a stack-based buffer overflow in psf_memset in common.c that allows remote attackers to cause a denial of service (bsc#1100167). - CVE-2017-17456: Prevent segmentation fault in the function d2alaw_array() that may have lead to a remote DoS (bsc#1071777) - CVE-2017-17457: Prevent segmentation fault in the function d2ulaw_array() that may have lead to a remote DoS, a different vulnerability than CVE-2017-14246 (bsc#1071767) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1404=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.28-5.5.1 libsndfile-devel-1.0.28-5.5.1 libsndfile1-1.0.28-5.5.1 libsndfile1-debuginfo-1.0.28-5.5.1 References: https://www.suse.com/security/cve/CVE-2017-17456.html https://www.suse.com/security/cve/CVE-2017-17457.html https://www.suse.com/security/cve/CVE-2018-13139.html https://bugzilla.suse.com/1071767 https://bugzilla.suse.com/1071777 https://bugzilla.suse.com/1100167 From sle-updates at lists.suse.com Thu Jul 26 13:16:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jul 2018 21:16:28 +0200 (CEST) Subject: SUSE-SU-2018:2075-1: moderate: Security update for webkit2gtk3 Message-ID: <20180726191628.8164EFD35@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2075-1 Rating: moderate References: #1095611 #1097693 Cross-References: CVE-2018-11646 CVE-2018-4190 CVE-2018-4199 CVE-2018-4218 CVE-2018-4222 CVE-2018-4232 CVE-2018-4233 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for webkit2gtk3 to version 2.20.3 fixes the following issues: These security issues were fixed: - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch (bsc#1097693). - CVE-2018-4199: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site (bsc#1097693) - CVE-2018-4218: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free (bsc#1097693) - CVE-2018-4222: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation (bsc#1097693) - CVE-2018-4232: An unspecified issue allowed remote attackers to overwrite cookies via a crafted web site (bsc#1097693) - CVE-2018-4233: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1097693) - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL mishandle an unset pageURL, leading to an application crash (bsc#1095611). These non-security issues were fixed: - Disable Gigacage if mmap fails to allocate in Linux. - Add user agent quirk for paypal website. - Fix a network process crash when trying to get cookies of about:blank page. - Fix UI process crash when closing the window under Wayland. - Fix several crashes and rendering issues. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1401=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1401=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.20.3-3.3.1 typelib-1_0-WebKit2-4_0-2.20.3-3.3.1 typelib-1_0-WebKit2WebExtension-4_0-2.20.3-3.3.1 webkit2gtk3-debugsource-2.20.3-3.3.1 webkit2gtk3-devel-2.20.3-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.20.3-3.3.1 libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-3.3.1 libwebkit2gtk-4_0-37-2.20.3-3.3.1 libwebkit2gtk-4_0-37-debuginfo-2.20.3-3.3.1 webkit2gtk-4_0-injected-bundles-2.20.3-3.3.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-3.3.1 webkit2gtk3-debugsource-2.20.3-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libwebkit2gtk3-lang-2.20.3-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-11646.html https://www.suse.com/security/cve/CVE-2018-4190.html https://www.suse.com/security/cve/CVE-2018-4199.html https://www.suse.com/security/cve/CVE-2018-4218.html https://www.suse.com/security/cve/CVE-2018-4222.html https://www.suse.com/security/cve/CVE-2018-4232.html https://www.suse.com/security/cve/CVE-2018-4233.html https://bugzilla.suse.com/1095611 https://bugzilla.suse.com/1097693 From sle-updates at lists.suse.com Thu Jul 26 13:17:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jul 2018 21:17:08 +0200 (CEST) Subject: SUSE-SU-2018:2076-1: important: Security update for microcode_ctl Message-ID: <20180726191708.A9F31FD35@maintenance.suse.de> SUSE Security Update: Security update for microcode_ctl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2076-1 Rating: important References: #1087082 #1087083 #1100147 Cross-References: CVE-2018-3639 CVE-2018-3640 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for microcode_ctl fixes the following issues: The Intel CPU Microcode bundle was updated to the 20180703 release For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083) More details can be found on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-D ata-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-microcode_ctl-13704=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-microcode_ctl-13704=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-microcode_ctl-13704=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): microcode_ctl-1.17-102.83.24.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): microcode_ctl-1.17-102.83.24.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): microcode_ctl-1.17-102.83.24.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-3640.html https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087083 https://bugzilla.suse.com/1100147 From sle-updates at lists.suse.com Fri Jul 27 04:10:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 12:10:58 +0200 (CEST) Subject: SUSE-RU-2018:2077-1: moderate: Recommended update for systemd Message-ID: <20180727101058.6DC18FD83@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2077-1 Rating: moderate References: #1039099 #1083158 #1088052 #1091265 #1093851 #1095096 #1095973 #1098569 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for systemd provides the following fixes: - systemctl: Mask always reports the same unit names when different unknown units are passed. (bsc#1095973) - systemctl: Check the existence of all units, not just the first one. - scsi_id: Fix the prefix for pre-SPC inquiry reply. (bsc#1039099) - device: Make sure to always retroactively start device dependencies. (bsc#1088052) - locale-util: On overlayfs FTW_MOUNT causes nftw(3) to not list *any* files. - Fix pattern to detect distribution. - install: The "user" and "global" scopes are equivalent for user presets. (bsc#1093851) - install: Search for preset files in /run (#7715) - install: Consider globally enabled units as "enabled" for the user. (bsc#1093851) - install: Consider non-Alias=/non-DefaultInstance= symlinks as "indirect" enablement. - install: Only consider names in Alias= as "enabling". - udev: Whitelist mlx4_core locally-administered MAC addresses in the persistent rule generator. (bsc#1083158) - man: Updated systemd-analyze blame description for service-units with Type=simple. (bsc#1091265) - fileio: Support writing atomic files with timestamp. - fileio.c: Fix incorrect mtime - Drop runtime dependency on dracut, otherwise systemd pulls in tools to generate the initrd even in container/chroot installations that don't have a kernel. For environments where initrd matters, dracut should be pulled via a pattern. (bsc#1098569) - An update broke booting with encrypted partitions on NVMe (bsc#1095096) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1409=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.7.1 libsystemd0-debuginfo-234-24.7.1 libudev-devel-234-24.7.1 libudev1-234-24.7.1 libudev1-debuginfo-234-24.7.1 systemd-234-24.7.1 systemd-container-234-24.7.1 systemd-container-debuginfo-234-24.7.1 systemd-coredump-234-24.7.1 systemd-coredump-debuginfo-234-24.7.1 systemd-debuginfo-234-24.7.1 systemd-debugsource-234-24.7.1 systemd-devel-234-24.7.1 systemd-sysvinit-234-24.7.1 udev-234-24.7.1 udev-debuginfo-234-24.7.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): systemd-bash-completion-234-24.7.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libsystemd0-32bit-234-24.7.1 libsystemd0-32bit-debuginfo-234-24.7.1 libudev1-32bit-234-24.7.1 libudev1-32bit-debuginfo-234-24.7.1 systemd-32bit-234-24.7.1 systemd-32bit-debuginfo-234-24.7.1 References: https://bugzilla.suse.com/1039099 https://bugzilla.suse.com/1083158 https://bugzilla.suse.com/1088052 https://bugzilla.suse.com/1091265 https://bugzilla.suse.com/1093851 https://bugzilla.suse.com/1095096 https://bugzilla.suse.com/1095973 https://bugzilla.suse.com/1098569 From sle-updates at lists.suse.com Fri Jul 27 04:15:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 12:15:16 +0200 (CEST) Subject: SUSE-RU-2018:2078-1: moderate: Recommended update for SAPHanaSR-ScaleOut Message-ID: <20180727101516.4B739FD86@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR-ScaleOut ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2078-1 Rating: moderate References: #1091988 #1092331 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SAPHanaSR-ScaleOut provides the following fixes: - Fix a problem that was causing SAPHanaSR-showAttr to fail opening an archived cib file. (bsc#1092331) - Make sure SAPHanaSR-monitor depends only on packages available in SLES. (bsc#1091988) - Move SAPHanaSR-showAttr, SAPHanaSR-monitor to /usr/sbin to match the file layout in SAPHanaSR-ScaleUp. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2018-1411=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): SAPHanaSR-ScaleOut-0.163.1-3.3.1 SAPHanaSR-ScaleOut-doc-0.163.1-3.3.1 References: https://bugzilla.suse.com/1091988 https://bugzilla.suse.com/1092331 From sle-updates at lists.suse.com Fri Jul 27 04:16:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 12:16:22 +0200 (CEST) Subject: SUSE-RU-2018:2079-1: moderate: Recommended update for SAPHanaSR Message-ID: <20180727101622.263E5FD86@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2079-1 Rating: moderate References: #1062267 #1091074 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SAPHanaSR provides the following fixes: - Remove show_SAPHanaSR_attributes. The user is advised to use SAPHanaSR-showAttr instead. (bsc#1091074) - SAPHanaTopology: Use a stricter match for system replication 'mode' in awk. - Adjust HAWK2 Wizards to run on both Python 2 and 3. (fate#323526) - SAPHanaSR wizard sets IPAddr2 agent's NIC to eth0. (bsc#1062267) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2018-1410=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): SAPHanaSR-0.152.22-3.3.1 SAPHanaSR-doc-0.152.22-3.3.1 References: https://bugzilla.suse.com/1062267 https://bugzilla.suse.com/1091074 From sle-updates at lists.suse.com Fri Jul 27 07:07:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 15:07:45 +0200 (CEST) Subject: SUSE-RU-2018:2080-1: moderate: Recommended update for lifecycle-data-sle-module-toolchain Message-ID: <20180727130745.5DDF0FD35@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-toolchain ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2080-1 Rating: moderate References: #1099853 Affected Products: SUSE Linux Enterprise Module for Toolchain 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-toolchain fixes the following issues: - Added the missed gcc6-info to the lifecycle expiration data from the Summer 2016 Refresh. (bsc#1099853) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Toolchain 12: zypper in -t patch SUSE-SLE-Module-Toolchain-12-2018-1412=1 Package List: - SUSE Linux Enterprise Module for Toolchain 12 (noarch): lifecycle-data-sle-module-toolchain-1-3.6.1 References: https://bugzilla.suse.com/1099853 From sle-updates at lists.suse.com Fri Jul 27 10:07:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 18:07:58 +0200 (CEST) Subject: SUSE-SU-2018:2081-1: important: Security update for xen Message-ID: <20180727160758.44B18FD83@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2081-1 Rating: important References: #1027519 #1087289 #1094725 #1095242 #1096224 #1097521 #1097522 #1097523 Cross-References: CVE-2018-11806 CVE-2018-12891 CVE-2018-12892 CVE-2018-12893 CVE-2018-3665 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has three fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2018-12891: Fix preemption checks bypass in x86 PV MM handling (XSA-264) (bsc#1097521). - CVE-2018-12892: Fix libxl failure to honour readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523). - CVE-2018-12893: Fix #DB exception safety check that could be triggered by a guest (XSA-265) (bsc#1097522). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). - CVE-2018-3665: Fix lazy FP Save/Restore (XSA-267) (bsc#1095242). Bug fixes: - bsc#1027519: Update to Xen 4.7.6 bug fix only release. - bsc#1087289: Xen BUG at sched_credit.c:1663. - bsc#1094725: `virsh blockresize` does not work with Xen qdisks. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1414=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1414=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1414=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1414=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): xen-4.7.6_02-43.36.1 xen-debugsource-4.7.6_02-43.36.1 xen-doc-html-4.7.6_02-43.36.1 xen-libs-32bit-4.7.6_02-43.36.1 xen-libs-4.7.6_02-43.36.1 xen-libs-debuginfo-32bit-4.7.6_02-43.36.1 xen-libs-debuginfo-4.7.6_02-43.36.1 xen-tools-4.7.6_02-43.36.1 xen-tools-debuginfo-4.7.6_02-43.36.1 xen-tools-domU-4.7.6_02-43.36.1 xen-tools-domU-debuginfo-4.7.6_02-43.36.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): xen-4.7.6_02-43.36.1 xen-debugsource-4.7.6_02-43.36.1 xen-doc-html-4.7.6_02-43.36.1 xen-libs-32bit-4.7.6_02-43.36.1 xen-libs-4.7.6_02-43.36.1 xen-libs-debuginfo-32bit-4.7.6_02-43.36.1 xen-libs-debuginfo-4.7.6_02-43.36.1 xen-tools-4.7.6_02-43.36.1 xen-tools-debuginfo-4.7.6_02-43.36.1 xen-tools-domU-4.7.6_02-43.36.1 xen-tools-domU-debuginfo-4.7.6_02-43.36.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): xen-4.7.6_02-43.36.1 xen-debugsource-4.7.6_02-43.36.1 xen-doc-html-4.7.6_02-43.36.1 xen-libs-32bit-4.7.6_02-43.36.1 xen-libs-4.7.6_02-43.36.1 xen-libs-debuginfo-32bit-4.7.6_02-43.36.1 xen-libs-debuginfo-4.7.6_02-43.36.1 xen-tools-4.7.6_02-43.36.1 xen-tools-debuginfo-4.7.6_02-43.36.1 xen-tools-domU-4.7.6_02-43.36.1 xen-tools-domU-debuginfo-4.7.6_02-43.36.1 - SUSE Enterprise Storage 4 (x86_64): xen-4.7.6_02-43.36.1 xen-debugsource-4.7.6_02-43.36.1 xen-doc-html-4.7.6_02-43.36.1 xen-libs-32bit-4.7.6_02-43.36.1 xen-libs-4.7.6_02-43.36.1 xen-libs-debuginfo-32bit-4.7.6_02-43.36.1 xen-libs-debuginfo-4.7.6_02-43.36.1 xen-tools-4.7.6_02-43.36.1 xen-tools-debuginfo-4.7.6_02-43.36.1 xen-tools-domU-4.7.6_02-43.36.1 xen-tools-domU-debuginfo-4.7.6_02-43.36.1 References: https://www.suse.com/security/cve/CVE-2018-11806.html https://www.suse.com/security/cve/CVE-2018-12891.html https://www.suse.com/security/cve/CVE-2018-12892.html https://www.suse.com/security/cve/CVE-2018-12893.html https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1087289 https://bugzilla.suse.com/1094725 https://bugzilla.suse.com/1095242 https://bugzilla.suse.com/1096224 https://bugzilla.suse.com/1097521 https://bugzilla.suse.com/1097522 https://bugzilla.suse.com/1097523 From sle-updates at lists.suse.com Fri Jul 27 10:14:00 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 18:14:00 +0200 (CEST) Subject: SUSE-SU-2018:2082-1: important: Security update for libvirt Message-ID: <20180727161400.4CB36FD84@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2082-1 Rating: important References: #1076500 #1079869 #1083625 #1092885 Cross-References: CVE-2017-5715 CVE-2018-1064 CVE-2018-3639 CVE-2018-5748 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libvirt fixes the following issues: Security issues fixed: - CVE-2017-5715: Fixes for speculative side channel attacks aka "SpectreAttack" (var2) (bsc#1079869). - CVE-2018-3639: Add support for 'ssbd' and 'virt-ssbd' CPUID feature bits to address V4 Speculative Store Bypass aka "Memory Disambiguation" (bsc#1092885). - CVE-2018-1064: Fix denial of service problem during reading from guest agent (bsc#1083625). - CVE-2018-5748: Fix resource exhaustion via qemuMonitorIORead() method (bsc#1076500). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1417=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1417=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libvirt-1.2.18.4-22.3.1 libvirt-client-1.2.18.4-22.3.1 libvirt-client-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-1.2.18.4-22.3.1 libvirt-daemon-config-network-1.2.18.4-22.3.1 libvirt-daemon-config-nwfilter-1.2.18.4-22.3.1 libvirt-daemon-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-driver-interface-1.2.18.4-22.3.1 libvirt-daemon-driver-interface-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-driver-lxc-1.2.18.4-22.3.1 libvirt-daemon-driver-lxc-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-driver-network-1.2.18.4-22.3.1 libvirt-daemon-driver-network-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-driver-nodedev-1.2.18.4-22.3.1 libvirt-daemon-driver-nodedev-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-driver-nwfilter-1.2.18.4-22.3.1 libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-driver-qemu-1.2.18.4-22.3.1 libvirt-daemon-driver-qemu-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-driver-secret-1.2.18.4-22.3.1 libvirt-daemon-driver-secret-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-driver-storage-1.2.18.4-22.3.1 libvirt-daemon-driver-storage-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-lxc-1.2.18.4-22.3.1 libvirt-daemon-qemu-1.2.18.4-22.3.1 libvirt-debugsource-1.2.18.4-22.3.1 libvirt-doc-1.2.18.4-22.3.1 libvirt-lock-sanlock-1.2.18.4-22.3.1 libvirt-lock-sanlock-debuginfo-1.2.18.4-22.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libvirt-daemon-driver-libxl-1.2.18.4-22.3.1 libvirt-daemon-driver-libxl-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-xen-1.2.18.4-22.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libvirt-1.2.18.4-22.3.1 libvirt-client-1.2.18.4-22.3.1 libvirt-client-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-1.2.18.4-22.3.1 libvirt-daemon-config-network-1.2.18.4-22.3.1 libvirt-daemon-config-nwfilter-1.2.18.4-22.3.1 libvirt-daemon-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-driver-interface-1.2.18.4-22.3.1 libvirt-daemon-driver-interface-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-driver-lxc-1.2.18.4-22.3.1 libvirt-daemon-driver-lxc-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-driver-network-1.2.18.4-22.3.1 libvirt-daemon-driver-network-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-driver-nodedev-1.2.18.4-22.3.1 libvirt-daemon-driver-nodedev-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-driver-nwfilter-1.2.18.4-22.3.1 libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-driver-qemu-1.2.18.4-22.3.1 libvirt-daemon-driver-qemu-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-driver-secret-1.2.18.4-22.3.1 libvirt-daemon-driver-secret-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-driver-storage-1.2.18.4-22.3.1 libvirt-daemon-driver-storage-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-lxc-1.2.18.4-22.3.1 libvirt-daemon-qemu-1.2.18.4-22.3.1 libvirt-debugsource-1.2.18.4-22.3.1 libvirt-doc-1.2.18.4-22.3.1 libvirt-lock-sanlock-1.2.18.4-22.3.1 libvirt-lock-sanlock-debuginfo-1.2.18.4-22.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): libvirt-daemon-driver-libxl-1.2.18.4-22.3.1 libvirt-daemon-driver-libxl-debuginfo-1.2.18.4-22.3.1 libvirt-daemon-xen-1.2.18.4-22.3.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2018-1064.html https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-5748.html https://bugzilla.suse.com/1076500 https://bugzilla.suse.com/1079869 https://bugzilla.suse.com/1083625 https://bugzilla.suse.com/1092885 From sle-updates at lists.suse.com Fri Jul 27 10:16:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 18:16:15 +0200 (CEST) Subject: SUSE-SU-2018:2083-1: important: Security update for java-10-openjdk Message-ID: <20180727161615.6641BFD83@maintenance.suse.de> SUSE Security Update: Security update for java-10-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2083-1 Rating: important References: #1096420 #1101645 #1101651 #1101655 #1101656 Cross-References: CVE-2018-2940 CVE-2018-2952 CVE-2018-2972 CVE-2018-2973 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for OpenJDK 10.0.2 fixes the following security issues: - CVE-2018-2940: the libraries sub-component contained an easily exploitable vulnerability that allowed attackers to compromise Java SE or Java SE Embedded over the network, potentially gaining unauthorized read access to data that's accessible to the server. [bsc#1101645] - CVE-2018-2952: the concurrency sub-component contained a difficult to exploit vulnerability that allowed attackers to compromise Java SE, Java SE Embedded, or JRockit over the network. This issue could have been abused to mount a partial denial-of-service attack on the server. [bsc#1101651] - CVE-2018-2972: the security sub-component contained a difficult to exploit vulnerability that allowed attackers to compromise Java SE over the network, potentially gaining unauthorized access to critical data or complete access to all Java SE accessible data. [bsc#1101655) - CVE-2018-2973: the JSSE sub-component contained a difficult to exploit vulnerability allowed attackers to compromise Java SE or Java SE Embedded over the network, potentially gaining the ability to create, delete or modify critical data or all Java SE, Java SE Embedded accessible data without authorization. [bsc#1101656] Furthemore, the following bugs were fixed: - Properly remove the existing alternative for java before reinstalling it. [bsc#1096420] - idlj was moved to the *-devel package. [bsc#1096420] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1419=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): java-10-openjdk-10.0.2.0-3.3.3 java-10-openjdk-debuginfo-10.0.2.0-3.3.3 java-10-openjdk-debugsource-10.0.2.0-3.3.3 java-10-openjdk-demo-10.0.2.0-3.3.3 java-10-openjdk-devel-10.0.2.0-3.3.3 java-10-openjdk-headless-10.0.2.0-3.3.3 References: https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2972.html https://www.suse.com/security/cve/CVE-2018-2973.html https://bugzilla.suse.com/1096420 https://bugzilla.suse.com/1101645 https://bugzilla.suse.com/1101651 https://bugzilla.suse.com/1101655 https://bugzilla.suse.com/1101656 From sle-updates at lists.suse.com Fri Jul 27 10:18:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 18:18:15 +0200 (CEST) Subject: SUSE-SU-2018:2084-1: important: Security update for mutt Message-ID: <20180727161815.D087BFD83@maintenance.suse.de> SUSE Security Update: Security update for mutt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2084-1 Rating: important References: #1061343 #1094717 #1101428 #1101566 #1101567 #1101568 #1101569 #1101570 #1101571 #1101573 #1101576 #1101577 #1101578 #1101581 #1101582 #1101583 #1101588 #1101589 #980830 #982129 #986534 Cross-References: CVE-2014-9116 CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14360 CVE-2018-14361 CVE-2018-14362 CVE-2018-14363 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 5 fixes is now available. Description: This update for mutt fixes the following issues: Security issues fixed: - bsc#1101428: Mutt 1.10.1 security release update. - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles ".." directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (bsc#1101566). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based buffer overflow because of incorrect sscanf usage (bsc#1101569). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails for messages data (bsc#1101568). Bug fixes: - mutt reports as neomutt and incorrect version (bsc#1094717) - No sidebar available in mutt 1.6.1 from Tumbleweed snapshot 20160517 (bsc#980830) - mutt-1.6.1 unusable when built with --enable-sidebar (bsc#982129) - (neo)mutt displaying times in Zulu time (bsc#1061343) - mutt unconditionally segfaults when displaying a message (bsc#986534) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1415=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1415=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): mutt-1.10.1-55.3.1 mutt-debuginfo-1.10.1-55.3.1 mutt-debugsource-1.10.1-55.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): mutt-1.10.1-55.3.1 mutt-debuginfo-1.10.1-55.3.1 mutt-debugsource-1.10.1-55.3.1 References: https://www.suse.com/security/cve/CVE-2014-9116.html https://www.suse.com/security/cve/CVE-2018-14349.html https://www.suse.com/security/cve/CVE-2018-14350.html https://www.suse.com/security/cve/CVE-2018-14351.html https://www.suse.com/security/cve/CVE-2018-14352.html https://www.suse.com/security/cve/CVE-2018-14353.html https://www.suse.com/security/cve/CVE-2018-14354.html https://www.suse.com/security/cve/CVE-2018-14355.html https://www.suse.com/security/cve/CVE-2018-14356.html https://www.suse.com/security/cve/CVE-2018-14357.html https://www.suse.com/security/cve/CVE-2018-14358.html https://www.suse.com/security/cve/CVE-2018-14359.html https://www.suse.com/security/cve/CVE-2018-14360.html https://www.suse.com/security/cve/CVE-2018-14361.html https://www.suse.com/security/cve/CVE-2018-14362.html https://www.suse.com/security/cve/CVE-2018-14363.html https://bugzilla.suse.com/1061343 https://bugzilla.suse.com/1094717 https://bugzilla.suse.com/1101428 https://bugzilla.suse.com/1101566 https://bugzilla.suse.com/1101567 https://bugzilla.suse.com/1101568 https://bugzilla.suse.com/1101569 https://bugzilla.suse.com/1101570 https://bugzilla.suse.com/1101571 https://bugzilla.suse.com/1101573 https://bugzilla.suse.com/1101576 https://bugzilla.suse.com/1101577 https://bugzilla.suse.com/1101578 https://bugzilla.suse.com/1101581 https://bugzilla.suse.com/1101582 https://bugzilla.suse.com/1101583 https://bugzilla.suse.com/1101588 https://bugzilla.suse.com/1101589 https://bugzilla.suse.com/980830 https://bugzilla.suse.com/982129 https://bugzilla.suse.com/986534 From sle-updates at lists.suse.com Fri Jul 27 10:34:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 18:34:57 +0200 (CEST) Subject: SUSE-SU-2018:2085-1: important: Security update for mutt Message-ID: <20180727163457.5A188FD83@maintenance.suse.de> SUSE Security Update: Security update for mutt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2085-1 Rating: important References: #1094717 #1101428 #1101566 #1101567 #1101568 #1101569 #1101570 #1101571 #1101573 #1101576 #1101577 #1101578 #1101581 #1101582 #1101583 #1101588 #1101589 Cross-References: CVE-2014-9116 CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14360 CVE-2018-14361 CVE-2018-14362 CVE-2018-14363 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has one errata is now available. Description: This update for mutt fixes the following issues: Security issues fixed: - bsc#1101428: Mutt 1.10.1 security release update. - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles ".." directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (bsc#1101566). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based buffer overflow because of incorrect sscanf usage (bsc#1101569). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails for messages data (bsc#1101568). Bug fixes: - mutt reports as neomutt and incorrect version (bsc#1094717) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1416=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): mutt-1.10.1-3.3.4 mutt-debuginfo-1.10.1-3.3.4 mutt-debugsource-1.10.1-3.3.4 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): mutt-doc-1.10.1-3.3.4 mutt-lang-1.10.1-3.3.4 References: https://www.suse.com/security/cve/CVE-2014-9116.html https://www.suse.com/security/cve/CVE-2018-14349.html https://www.suse.com/security/cve/CVE-2018-14350.html https://www.suse.com/security/cve/CVE-2018-14351.html https://www.suse.com/security/cve/CVE-2018-14352.html https://www.suse.com/security/cve/CVE-2018-14353.html https://www.suse.com/security/cve/CVE-2018-14354.html https://www.suse.com/security/cve/CVE-2018-14355.html https://www.suse.com/security/cve/CVE-2018-14356.html https://www.suse.com/security/cve/CVE-2018-14357.html https://www.suse.com/security/cve/CVE-2018-14358.html https://www.suse.com/security/cve/CVE-2018-14359.html https://www.suse.com/security/cve/CVE-2018-14360.html https://www.suse.com/security/cve/CVE-2018-14361.html https://www.suse.com/security/cve/CVE-2018-14362.html https://www.suse.com/security/cve/CVE-2018-14363.html https://bugzilla.suse.com/1094717 https://bugzilla.suse.com/1101428 https://bugzilla.suse.com/1101566 https://bugzilla.suse.com/1101567 https://bugzilla.suse.com/1101568 https://bugzilla.suse.com/1101569 https://bugzilla.suse.com/1101570 https://bugzilla.suse.com/1101571 https://bugzilla.suse.com/1101573 https://bugzilla.suse.com/1101576 https://bugzilla.suse.com/1101577 https://bugzilla.suse.com/1101578 https://bugzilla.suse.com/1101581 https://bugzilla.suse.com/1101582 https://bugzilla.suse.com/1101583 https://bugzilla.suse.com/1101588 https://bugzilla.suse.com/1101589 From sle-updates at lists.suse.com Fri Jul 27 10:52:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 18:52:27 +0200 (CEST) Subject: SUSE-SU-2018:2086-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1) Message-ID: <20180727165227.9351AFD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2086-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_57 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1443=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1443=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_57-default-10-2.1 kgraft-patch-3_12_74-60_64_57-xen-10-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_57-default-10-2.1 kgraft-patch-3_12_74-60_64_57-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 10:54:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 18:54:06 +0200 (CEST) Subject: SUSE-SU-2018:2087-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP1) Message-ID: <20180727165406.89ECAFD83@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2087-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_93 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1435=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1435=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_93-default-2-2.1 kgraft-patch-3_12_74-60_64_93-xen-2-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_93-default-2-2.1 kgraft-patch-3_12_74-60_64_93-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 10:56:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 18:56:50 +0200 (CEST) Subject: SUSE-SU-2018:2088-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1) Message-ID: <20180727165650.85E27FD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2088-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_54 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1445=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1445=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_54-default-10-2.1 kgraft-patch-3_12_74-60_64_54-xen-10-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_54-default-10-2.1 kgraft-patch-3_12_74-60_64_54-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 11:00:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 19:00:41 +0200 (CEST) Subject: SUSE-SU-2018:2089-1: moderate: Security update for libgcrypt Message-ID: <20180727170041.1E5CCFD84@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2089-1 Rating: moderate References: #1064455 #1090766 #1097410 Cross-References: CVE-2018-0495 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for libgcrypt fixes the following issues: The following security vulnerability was addressed: - CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures (bsc#1097410). The following other issues were fixed: - Extended the fipsdrv dsa-sign and dsa-verify commands with the --algo parameter for the FIPS testing of DSA SigVer and SigGen (bsc#1064455). - Ensure libgcrypt20-hmac and libgcrypt20 are installed in the correct order. (bsc#1090766) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1413=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1413=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1413=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1413=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.55.1 libgcrypt-devel-1.6.1-16.55.1 libgcrypt-devel-debuginfo-1.6.1-16.55.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.55.1 libgcrypt20-1.6.1-16.55.1 libgcrypt20-debuginfo-1.6.1-16.55.1 libgcrypt20-hmac-1.6.1-16.55.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libgcrypt20-32bit-1.6.1-16.55.1 libgcrypt20-debuginfo-32bit-1.6.1-16.55.1 libgcrypt20-hmac-32bit-1.6.1-16.55.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libgcrypt-debugsource-1.6.1-16.55.1 libgcrypt20-1.6.1-16.55.1 libgcrypt20-32bit-1.6.1-16.55.1 libgcrypt20-debuginfo-1.6.1-16.55.1 libgcrypt20-debuginfo-32bit-1.6.1-16.55.1 - SUSE CaaS Platform ALL (x86_64): libgcrypt-debugsource-1.6.1-16.55.1 libgcrypt20-1.6.1-16.55.1 libgcrypt20-debuginfo-1.6.1-16.55.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libgcrypt-debugsource-1.6.1-16.55.1 libgcrypt20-1.6.1-16.55.1 libgcrypt20-debuginfo-1.6.1-16.55.1 References: https://www.suse.com/security/cve/CVE-2018-0495.html https://bugzilla.suse.com/1064455 https://bugzilla.suse.com/1090766 https://bugzilla.suse.com/1097410 From sle-updates at lists.suse.com Fri Jul 27 11:04:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 19:04:15 +0200 (CEST) Subject: SUSE-SU-2018:2090-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 12) Message-ID: <20180727170415.7383CFD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 34 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2090-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_128 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1426=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_128-default-3-2.1 kgraft-patch-3_12_61-52_128-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 11:05:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 19:05:14 +0200 (CEST) Subject: SUSE-SU-2018:2091-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP2) Message-ID: <20180727170514.3C600FD83@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2091-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.74-92_35 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1448=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1448=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_74-92_35-default-11-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_74-92_35-default-11-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 11:06:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 19:06:15 +0200 (CEST) Subject: SUSE-SU-2018:2092-1: important: Security update for the Linux Kernel Message-ID: <20180727170615.3257EFD83@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2092-1 Rating: important References: #1046303 #1046305 #1046306 #1046307 #1046540 #1046542 #1046543 #1048129 #1050242 #1050252 #1050529 #1050536 #1050538 #1050545 #1050549 #1050662 #1051510 #1052766 #1055968 #1056427 #1056643 #1056651 #1056653 #1056657 #1056658 #1056662 #1056686 #1056787 #1058115 #1058513 #1058659 #1058717 #1060463 #1061024 #1061840 #1062897 #1064802 #1065600 #1066110 #1066129 #1068032 #1068054 #1071218 #1071995 #1072829 #1072856 #1073513 #1073765 #1073960 #1074562 #1074578 #1074701 #1074741 #1074873 #1074919 #1075006 #1075007 #1075262 #1075419 #1075748 #1075876 #1076049 #1076115 #1076372 #1076830 #1077338 #1078248 #1078353 #1079152 #1079747 #1080039 #1080542 #1081599 #1082485 #1082504 #1082869 #1082962 #1083647 #1083900 #1084001 #1084570 #1085308 #1085539 #1085626 #1085933 #1085936 #1085937 #1085938 #1085939 #1085941 #1086282 #1086283 #1086286 #1086288 #1086319 #1086323 #1086400 #1086652 #1086739 #1087078 #1087082 #1087084 #1087092 #1087205 #1087210 #1087213 #1087214 #1087284 #1087405 #1087458 #1087939 #1087978 #1088354 #1088690 #1088704 #1088722 #1088796 #1088804 #1088821 #1088866 #1089115 #1089268 #1089467 #1089608 #1089663 #1089664 #1089667 #1089669 #1089752 #1089753 #1089878 #1090150 #1090457 #1090605 #1090643 #1090646 #1090658 #1090734 #1090888 #1090953 #1091158 #1091171 #1091424 #1091594 #1091666 #1091678 #1091686 #1091781 #1091782 #1091815 #1091860 #1091960 #1092100 #1092472 #1092710 #1092772 #1092888 #1092904 #1092975 #1093023 #1093027 #1093035 #1093118 #1093148 #1093158 #1093184 #1093205 #1093273 #1093290 #1093604 #1093641 #1093649 #1093653 #1093655 #1093657 #1093663 #1093721 #1093728 #1093904 #1093990 #1094244 #1094356 #1094420 #1094541 #1094575 #1094751 #1094825 #1094840 #1094912 #1094978 #1095042 #1095094 #1095115 #1095155 #1095265 #1095321 #1095337 #1095467 #1095573 #1095735 #1095893 #1096065 #1096480 #1096529 #1096696 #1096705 #1096728 #1096753 #1096790 #1096793 #1097034 #1097105 #1097234 #1097356 #1097373 #1097439 #1097465 #1097468 #1097470 #1097471 #1097472 #1097551 #1097780 #1097796 #1097800 #1097941 #1097961 #1098016 #1098043 #1098050 #1098174 #1098176 #1098236 #1098401 #1098425 #1098435 #1098599 #1098626 #1098706 #1098983 #1098995 #1099029 #1099041 #1099109 #1099142 #1099183 #1099715 #1099792 #1099918 #1099924 #1099966 #1100132 #1100209 #1100340 #1100362 #1100382 #1100394 #1100416 #1100418 #1100491 #1100602 #1100633 #1100843 #1101296 #1101315 #1101324 #971975 #975772 Cross-References: CVE-2017-5715 CVE-2017-5753 CVE-2018-1000200 CVE-2018-1000204 CVE-2018-10087 CVE-2018-10124 CVE-2018-1092 CVE-2018-1093 CVE-2018-1094 CVE-2018-1118 CVE-2018-1120 CVE-2018-1130 CVE-2018-12233 CVE-2018-13053 CVE-2018-13405 CVE-2018-13406 CVE-2018-3639 CVE-2018-5803 CVE-2018-5848 CVE-2018-7492 CVE-2018-8781 CVE-2018-9385 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 22 vulnerabilities and has 246 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following new feature was added: - NVDIMM memory error notification (ACPI 6.2) The following security bugs were fixed: - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function could have result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1100418) - CVE-2018-13053: The alarm_timer_nsleep function had an integer overflow via a large relative timeout because ktime_add_safe was not used (bnc#1099924) - CVE-2018-9385: Prevent overread of the "driver_override" buffer (bsc#1100491) - CVE-2018-13405: The inode_init_owner function allowed local users to create files with an unintended group ownership allowing attackers to escalate privileges by making a plain file executable and SGID (bnc#1100416) - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bsc#1068032) - CVE-2018-1118: Linux kernel vhost did not properly initialize memory in messages passed between virtual guests and the host operating system. This could have allowed local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file (bsc#1092472) - CVE-2018-12233: A memory corruption bug in JFS could have been triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability could be triggered by an unprivileged user with the ability to create files and execute programs (bsc#1097234) - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356) - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728) - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads the addresses of all prior memory writes are known may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1087082) - CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker could have caused utilities from psutils or procps (such as ps, w) to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bsc#1093158) - CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007) - CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012) - 1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (bsc#1087095) - CVE-2018-1000200: Prevent NULL pointer dereference which could have resulted in an out of memory (OOM) killing of large mlocked processes (bsc#1090150) - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904) - CVE-2018-5803: Prevent error in the "_sctp_make_chunk()" function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900) - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962) - CVE-2018-8781: The udl_fb_mmap function had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090643) - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752) - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608) - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1068032) The following non-security bugs were fixed: - Fix copy_in_user() declaration (bsc#1052766). - 1wire: family module autoload fails because of upper/lower case mismatch (bsc#1051510). - 8021q: fix a memory leak for VLAN 0 device (networking-stable-18_01_12). - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() (networking-stable-18_05_15). - 8139too: revisit napi_complete_done() usage (networking-stable-17_10_09). - 9p/trans_virtio: discard zero-length reply (bsc#1052766). - ACPI / APEI: Replace ioremap_page_range() with fixmap (bsc#1051510). - ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices (bsc#1051510). - ACPI / NUMA: ia64: Parse all entries of SRAT memory affinity table (bnc#1088796). - ACPI / bus: Do not call _STA on battery devices with unmet dependencies (bsc#1051510). - ACPI / button: make module loadable when booted in non-ACPI mode (bsc#1051510). - ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() (bsc#1051510). - ACPI / scan: Initialize watchdog before PNP (bsc#1073960). - ACPI / scan: Send change uevent with offine environmental data (bsc#1082485). - ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs (bsc#1051510). - ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E (bsc#1051510). - ACPI / video: Default lcd_only to true on Win8-ready and newer machines (bsc#1051510). - ACPI / video: Only default only_lcd to true on Win8-ready _desktops_ (bsc#1051510). - ACPI / watchdog: Prefer iTCO_wdt on Lenovo Z50-70 (bsc#1051510). - ACPI / watchdog: properly initialize resources (bsc#1051510). - ACPI: EC: Fix debugfs_create_*() usage (bsc#1051510). - ACPI: acpi_pad: Fix memory leak in power saving threads (bsc#1051510). - ACPI: processor_perflib: Do not send _PPC change notification if not ready (bsc#1051510). - ACPI: sysfs: Make ACPI GPE mask kernel parameter cover all GPEs (bsc#1051510). - ACPICA: ACPI 6.0A: Changes to the NFIT ACPI table (bsc#1091424). - ACPICA: Events: add a return on failure from acpi_hw_register_read (bsc#1051510). - ACPICA: Fix memory leak on unusual memory leak (bsc#1051510). - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (bsc#1051510). - ALSA: aloop: Add missing cable lock to ctl API callbacks (bsc#1051510). - ALSA: aloop: Mark paused device as inactive (bsc#1051510). - ALSA: asihpi: Hardening for potential Spectre v1 (bsc#1051510). - ALSA: caiaq: Add yet more sanity checks for invalid EPs (bsc#1051510). - ALSA: control: Hardening for potential Spectre v1 (bsc#1051510). - ALSA: control: fix a redundant-copy issue (bsc#1051510). - ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr (bsc#1051510). - ALSA: dice: fix OUI for TC group (bsc#1051510). - ALSA: dice: fix error path to destroy initialized stream data (bsc#1051510). - ALSA: dice: fix kernel NULL pointer dereference due to invalid calculation for array index (bsc#1051510). - ALSA: emu10k1: Fix kABI breakage (bsc#1093027). - ALSA: emu10k1: add a IOMMU workaround (bsc#1093027). - ALSA: emu10k1: add optional debug printouts with DMA addresses (bsc#1093027). - ALSA: emu10k1: make sure synth DMA pages are allocated with DMA functions (bsc#1093027). - ALSA: emu10k1: remove reserved_page (bsc#1093027). - ALSA: emu10k1: use dma_set_mask_and_coherent() (bsc#1093027). - ALSA: hda - Fix incorrect usage of IS_REACHABLE() (bsc#1051510). - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() (bsc#1051510). - ALSA: hda - New VIA controller suppor no-snoop path (bsc#1051510). - ALSA: hda - Skip jack and others for non-existing PCM streams (bsc#1051510). - ALSA: hda/ca0132 - use ARRAY_SIZE (bsc#1051510). - ALSA: hda/ca0132: Add DSP Volume set and New mixers for SBZ + R3Di (bsc#1096696). - ALSA: hda/ca0132: Add PCI region2 iomap for SBZ (bsc#1096696). - ALSA: hda/ca0132: Add dsp setup + gpio functions for r3di (bsc#1096696). - ALSA: hda/ca0132: Add extra exit functions for R3Di and SBZ (bsc#1096696). - ALSA: hda/ca0132: Add new control changes for SBZ + R3Di (bsc#1096696). - ALSA: hda/ca0132: Add pincfg for SBZ + R3Di, add fp hp auto-detect (bsc#1096696). - ALSA: hda/ca0132: Delete pointless assignments to struct auto_pin_cfg fields (bsc#1051510). - ALSA: hda/ca0132: Delete redundant UNSOL event requests (bsc#1051510). - ALSA: hda/ca0132: Do not test for QUIRK_NONE (bsc#1051510). - ALSA: hda/ca0132: Fix DMic data rate for Alienware M17x R4 (bsc#1051510). - ALSA: hda/ca0132: R3Di and SBZ quirk entires + alt firmware loading (bsc#1096696). - ALSA: hda/ca0132: Restore PCM Analog Mic-In2 (bsc#1051510). - ALSA: hda/ca0132: Restore behavior of QUIRK_ALIENWARE (bsc#1051510). - ALSA: hda/ca0132: add alt_select_in/out for R3Di + SBZ (bsc#1096696). - ALSA: hda/ca0132: add ca0132_alt_set_vipsource (bsc#1096696). - ALSA: hda/ca0132: add dsp setup related commands for the sbz (bsc#1096696). - ALSA: hda/ca0132: add extra init functions for r3di + sbz (bsc#1096696). - ALSA: hda/ca0132: add the ability to set src_id on scp commands (bsc#1096696). - ALSA: hda/ca0132: constify parameter table for effects (bsc#1096696). - ALSA: hda/ca0132: constify read-only members of string array (bsc#1096696). - ALSA: hda/ca0132: constify templates for control element set (bsc#1096696). - ALSA: hda/ca0132: fix array_size.cocci warnings (bsc#1096696). - ALSA: hda/ca0132: fix build failure when a local macro is defined (bsc#1051510). - ALSA: hda/ca0132: make array ca0132_alt_chmaps static (bsc#1051510). - ALSA: hda/ca0132: merge strings just for printk (bsc#1096696). - ALSA: hda/ca0132: update core functions for sbz + r3di (bsc#1096696). - ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation (bsc#1092975). - ALSA: hda/conexant - Add hp-mic-fix model string (bsc#1092975). - ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 (bsc#1051510). - ALSA: hda/realtek - Add shutup hint (bsc#1051510). - ALSA: hda/realtek - Add some fixes for ALC233 (bsc#1051510). - ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup (bsc#1051510). - ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs (bsc#1051510). - ALSA: hda/realtek - Fix pop noise on Lenovo P50 and co (bsc#1051510). - ALSA: hda/realtek - Fix the problem of two front mics on more machines (bsc#1051510). - ALSA: hda/realtek - Fixup for HP x360 laptops with BandO speakers (bsc#1096705). - ALSA: hda/realtek - Fixup mute led on HP Spectre x360 (bsc#1096705). - ALSA: hda/realtek - Refactor alc269_fixup_hp_mute_led_mic*() (bsc#1096705). - ALSA: hda/realtek - Update ALC255 depop optimize (bsc#1051510). - ALSA: hda/realtek - adjust the location of one mic (bsc#1051510). - ALSA: hda/realtek - change the location for one of two front mics (bsc#1051510). - ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags (bsc#1051510). - ALSA: hda: Add ASRock H81M-HDS to the power_save blacklist (bsc#1051510). - ALSA: hda: Add Clevo W35xSS_370SS to the power_save blacklist (bsc#1051510). - ALSA: hda: Add Gigabyte P55A-UD3 and Z87-D3HP to the power_save blacklist (bsc#1051510). - ALSA: hda: Add Icelake PCI ID (bsc#1051510). - ALSA: hda: Add Intel NUC5i7RY to the power_save blacklist (bsc#1051510). - ALSA: hda: Add Intel NUC7i3BNB to the power_save blacklist (bsc#1051510). - ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist (bsc#1051510). - ALSA: hda: Hardening for potential Spectre v1 (bsc#1051510). - ALSA: hda: add dock and led support for HP EliteBook 830 G5 (bsc#1051510). - ALSA: hda: add dock and led support for HP ProBook 640 G4 (bsc#1051510). - ALSA: hdspm: Hardening for potential Spectre v1 (bsc#1051510). - ALSA: hiface: Add sanity checks for invalid EPs (bsc#1051510). - ALSA: line6: Add yet more sanity checks for invalid EPs (bsc#1051510). - ALSA: line6: Use correct endpoint type for midi output (bsc#1051510). - ALSA: line6: add support for POD HD DESKTOP (bsc#1051510). - ALSA: line6: add support for POD HD500X (bsc#1051510). - ALSA: line6: remove unnecessary initialization to PODHD500X (bsc#1051510). - ALSA: opl3: Hardening for potential Spectre v1 (bsc#1051510). - ALSA: pcm: Avoid potential races between OSS ioctls and read/write (bsc#1051510). - ALSA: pcm: Check PCM state at xfern compat ioctl (bsc#1051510). - ALSA: pcm: Fix UAF at PCM release via PCM timer access (bsc#1051510). - ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation (bsc#1051510). - ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls (bsc#1051510). - ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams (bsc#1051510). - ALSA: pcm: potential uninitialized return values (bsc#1051510). - ALSA: rawmidi: Fix missing input substream checks in compat ioctls (bsc#1051510). - ALSA: rme9652: Hardening for potential Spectre v1 (bsc#1051510). - ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl (bsc#1051510). - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() (bsc#1051510). - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device (bsc#1051510). - ALSA: seq: oss: Hardening for potential Spectre v1 (bsc#1051510). - ALSA: timer: Fix UBSAN warning at SNDRV_TIMER_IOCTL_NEXT_DEVICE ioctl (bsc#1051510). - ALSA: timer: Fix pause event notification (bsc#1051510). - ALSA: usb-audio: Add "Keep Interface" control (bsc#1089467). - ALSA: usb-audio: Add a quirk for Nura's first gen headset (bsc#1051510). - ALSA: usb-audio: Add keep_iface flag (bsc#1089467). - ALSA: usb-audio: Add native DSD support for Luxman DA-06 (bsc#1051510). - ALSA: usb-audio: Add native DSD support for Mytek DACs (bsc#1051510). - ALSA: usb-audio: Add native DSD support for TEAC UD-301 (bsc#1051510). - ALSA: usb-audio: Add sample rate quirk for Plantronics C310/C520-M (bsc#1051510). - ALSA: usb-audio: Add sample rate quirk for Plantronics P610 (bsc#1051510). - ALSA: usb-audio: Add sanity checks for invalid EPs (bsc#1051510). - ALSA: usb-audio: Allow to override the longname string (bsc#1091678). - ALSA: usb-audio: Apply vendor ID matching for sample rate quirk (bsc#1051510). - ALSA: usb-audio: Avoid superfluous usb_set_interface() calls (bsc#1089467). - ALSA: usb-audio: Change the semantics of the enable option (bsc#1051510). - ALSA: usb-audio: Disable the quirk for Nura headset (bsc#1051510). - ALSA: usb-audio: FIX native DSD support for TEAC UD-501 DAC (bsc#1051510). - ALSA: usb-audio: Generic DSD detection for XMOS-based implementations (bsc#1051510). - ALSA: usb-audio: Give proper vendor/product name for Dell WD15 Dock (bsc#1091678). - ALSA: usb-audio: Initialize Dell Dock playback volumes (bsc#1089467). - ALSA: usb-audio: Integrate native DSD support for ITF-USB based DACs (bsc#1051510). - ALSA: usb-audio: Remove explicitly listed Mytek devices (bsc#1051510). - ALSA: usb-audio: Skip broken EU on Dell dock USB-audio (bsc#1090658). - ALSA: usb-audio: Support changing input on Sound Blaster E1 (bsc#1051510). - ALSA: usb-audio: add boot quirk for Axe-Fx III (bsc#1051510). - ALSA: usb-audio: add more quirks for DSD interfaces (bsc#1051510). - ALSA: usb-audio: simplify set_sync_ep_implicit_fb_quirk (bsc#1051510). - ALSA: usb: mixer: volume quirk for CM102-A+/102S+ (bsc#1051510). - ALSA: usx2y: Add sanity checks for invalid EPs (bsc#1051510). - ALSA: usx2y: Fix invalid stream URBs (bsc#1051510). - ALSA: vmaster: Propagate slave error (bsc#1051510). - ASoC: Intel: Skylake: Disable clock gating during firmware and library download (bsc#1051510). - ASoC: Intel: cht_bsw_rt5645: Analog Mic support (bsc#1051510). - ASoC: Intel: sst: remove redundant variable dma_dev_name (bsc#1051510). - ASoC: adau17x1: Handling of DSP_RUN register during fw setup (bsc#1051510). - ASoC: cirrus: i2s: Fix LRCLK configuration (bsc#1051510). - ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup (bsc#1051510). - ASoC: cs35l35: Add use_single_rw to regmap config (bsc#1051510). - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it (bsc#1051510). - ASoC: fsl_esai: Fix divisor calculation failure at lower ratio (bsc#1051510). - ASoC: hdmi-codec: Fix module unloading caused kernel crash (bsc#1051510). - ASoC: hdmi-codec: fix spelling mistake: "deteced" -> "detected" (bsc#1051510). - ASoC: hdmi-codec: remove multi detection support (bsc#1051510). - ASoC: omap: Remove OMAP_MUX dependency from Nokia N810 audio support (bsc#1051510). - ASoC: rockchip: Fix dai_name for HDMI codec (bsc#1051510). - ASoC: rockchip: rk3288-hdmi-analog: Select needed codecs (bsc#1051510). - ASoC: rsnd: mark PM functions __maybe_unused (bsc#1051510). - ASoC: rt5514: Add the missing register in the readable table (bsc#1051510). - ASoC: samsung: i2s: Ensure the RCLK rate is properly determined (bsc#1051510). - ASoC: samsung: odroid: Drop requirement of clocks in the sound node (bsc#1051510). - ASoC: samsung: odroid: Fix 32000 sample rate handling (bsc#1051510). - ASoC: samsung: odroid: Fix EPLL frequency values (bsc#1051510). - ASoC: ssm2602: Replace reg_default_raw with reg_default (bsc#1051510). - ASoC: topology: Check widget kcontrols before deref (bsc#1051510). - ASoC: topology: Check widget kcontrols before deref (bsc#1051510). - ASoC: topology: Fix bugs of freeing soc topology (bsc#1051510). - ASoC: topology: Fix kcontrol name string handling (bsc#1051510). - ASoC: topology: create TLV data for dapm widgets (bsc#1051510). - ASoC: topology: fix some tiny memory leaks (bsc#1051510). - Bluetooth: Add a new 04ca:3015 QCA_ROME device (bsc#1051510). - Bluetooth: Apply QCA Rome patches for some ATH3012 models (bsc#1082504). - Bluetooth: Fix missing encryption refresh on Security Request (bsc#1051510). - Bluetooth: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for BTUSB_QCA_ROME (bsc#1051510). - Bluetooth: btrtl: Fix a error code in rtl_load_config() (bsc#1051510). - Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table (bsc#1051510). - Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB (bsc#1051510). - Bluetooth: btusb: Add device ID for RTL8822BE (bsc#1051510). - Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome chipsets (bsc#1051510). - Bluetooth: btusb: add ID for LiteOn 04ca:3016 (bsc#1051510). - Bluetooth: hci_bcm: Add 6 new ACPI HIDs (bsc#1051510). - Bluetooth: hci_bcm: Add active_low irq polarity quirk for Asus T100CHI (bsc#1051510). - Bluetooth: hci_bcm: Add support for BCM2E72 (bsc#1051510). - Bluetooth: hci_bcm: Add support for MINIX Z83-4 based devices (bsc#1051510). - Bluetooth: hci_bcm: Fix setting of irq trigger type (bsc#1051510). - Bluetooth: hci_bcm: Handle empty packet after firmware loading (bsc#1051510). - Bluetooth: hci_bcm: Make bcm_request_irq fail if no IRQ resource (bsc#1051510). - Bluetooth: hci_bcm: Remove DMI quirk for the MINIX Z83-4 (bsc#1051510). - Bluetooth: hci_bcm: Treat Interrupt ACPI resources as always being active-low (bsc#1051510). - Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader (bsc#1051510). - Btrfs: fix copy_items() return value when logging an inode (bsc#1097105). - Btrfs: fix xattr loss after power failure (bsc#1097105). - Btrfs: use btrfs_op instead of bio_op in __btrfs_map_block (bsc#1099918). - Correct bug reference in the patch (bnc#1095155) - Delete patches.arch/powerpc64-ftrace-Use-the-generic-version-of-ftrace_r.patch (bsc#1088804). - Downgrade printk level for MMC SDHCI host version error (bsc#1097941). - Fix kABI breakage due to acpi_ec gpe field change (bsc#1051510). - Fix kABI breakage due to snd_usb_audio_quirk profile_name addition (bsc#1091678). - Fix kABI breakage due to sound/timer.h inclusion (bsc#1051510). - Fix kABI breakage for iwl_fw_runtime_ops change (bsc#1051510). - Fix kABI breakage for iwlwifi (bsc#1051510). - Fix kABI breakage of iio_buffer (bsc#1051510). - Fix kABI incompatibility by snd_pcm_oss_runtime.rw_ref addition (bsc#1051510). - Fix the build error in adau17x1 soc driver (bsc#1051510) - Fix the build of da9063_wdt module (bsc#1100843) Backport the missing prerequisite commit, move the previous fixes into the sorted section and refresh. - GFS2: Take inode off order_write list when setting jdata flag (bsc#1052766). - HID: add backlight level quirk for Asus ROG laptops (bsc#1101324). - HID: cp2112: fix broken gpio_direction_input callback (bsc#1051510). - HID: debug: check length before copy_to_user() (bsc#1051510). - HID: hiddev: fix potential Spectre v1 (bsc#1051510). - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device (bsc#1051510). - HID: i2c-hid: Fix "incomplete report" noise (bsc#1051510). - HID: i2c-hid: fix size check and type usage (bsc#1051510). - HID: intel-ish-hid: Enable Gemini Lake ish driver (bsc#1073765,). - HID: intel-ish-hid: use put_device() instead of kfree() (bsc#1051510). - HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation (bsc#1051510). - HID: lenovo: Add support for IBM/Lenovo Scrollpoint mice (bsc#1051510). - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() (bsc#1051510). - HID: wacom: Add support for One by Wacom (CTL-472 / CTL-672) (bsc#1100633). - HID: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large (bsc#1051510). - HID: wacom: Correct touch maximum XY of 2nd-gen Intuos (bsc#1051510). - HID: wacom: EKR: ensure devres groups at higher indexes are released (bsc#1051510). - HID: wacom: Fix reporting of touch toggle (WACOM_HID_WD_MUTE_DEVICE) events (bsc#1051510). - HID: wacom: Release device resource data obtained by devres_alloc() (bsc#1051510). - HID: wacom: bluetooth: send exit report for recent Bluetooth devices (bsc#1051510). - IB/Hfi1: Read CCE Revision register to verify the device is responsive (bsc#1096793). - IB/core: Generate GID change event regardless of RoCE GID table property (bsc#1046306). - IB/core: Refer to RoCE port property instead of GID table property (bsc#1046306). - IB/cq: Do not force IB_POLL_DIRECT poll context for ib_process_cq_direct (bsc#1046306). - IB/hfi1 Use correct type for num_user_context (bsc#1096793). - IB/hfi1: Add a safe wrapper for _rcd_get_by_index (bsc#1096793). - IB/hfi1: Add tx_opcode_stats like the opcode_stats (bsc#1096793). - IB/hfi1: Complete check for locally terminated smp (bsc#1096793). - IB/hfi1: Compute BTH only for RDMA_WRITE_LAST/SEND_LAST packet (bsc#1096793). - IB/hfi1: Convert PortXmitWait/PortVLXmitWait counters to flit times (bsc#1096793). - IB/hfi1: Create common functions for affinity CPU mask operations (bsc#1096793). - IB/hfi1: Do not allocate PIO send contexts for VNIC (bsc#1096793). - IB/hfi1: Do not modify num_user_contexts module parameter (bsc#1096793). - IB/hfi1: Do not override given pcie_pset value (bsc#1096793). - IB/hfi1: Ensure VL index is within bounds (bsc#1096793). - IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used (bsc#1060463). - IB/hfi1: Fix a wrapping test to insure the correct timeout (bsc#1096793). - IB/hfi1: Fix for early release of sdma context (bsc#1096793). - IB/hfi1: Fix handling of FECN marked multicast packet (bsc#1060463). - IB/hfi1: Fix loss of BECN with AHG (bsc#1096793). - IB/hfi1: Fix memory leak in exception path in get_irq_affinity() (bsc#1096793). - IB/hfi1: Fix serdes loopback set-up (bsc#1096793). - IB/hfi1: Handle initial value of 0 for CCTI setting (bsc#1096793). - IB/hfi1: Inline common calculation (bsc#1096793). - IB/hfi1: Insure int mask for in-kernel receive contexts is clear (bsc#1096793). - IB/hfi1: Look up ibport using a pointer in receive path (bsc#1096793). - IB/hfi1: Optimize kthread pointer locking when queuing CQ entries (bsc#1096793). - IB/hfi1: Optimize packet type comparison using 9B and bypass code paths (bsc#1096793). - IB/hfi1: Prevent LNI hang when LCB can't obtain lanes (bsc#1096793). - IB/hfi1: Prohibit invalid Init to Armed state transition (bsc#1096793). - IB/hfi1: Race condition between user notification and driver state (bsc#1096793). - IB/hfi1: Re-order IRQ cleanup to address driver cleanup race (bsc#1060463). - IB/hfi1: Refactor assign_ctxt() IOCTL (bsc#1096793). - IB/hfi1: Refactor get_base_info (bsc#1096793). - IB/hfi1: Refactor get_ctxt_info (bsc#1096793). - IB/hfi1: Refactor get_user() IOCTLs (bsc#1096793). - IB/hfi1: Refactor hfi_user_exp_rcv_clear() IOCTLs (bsc#1096793). - IB/hfi1: Refactor hfi_user_exp_rcv_invalid() IOCTLs (bsc#1096793). - IB/hfi1: Refactor hfi_user_exp_rcv_setup() IOCTL (bsc#1096793). - IB/hfi1: Remove unused hfi1_cpulist variables (bsc#1096793). - IB/hfi1: Reorder incorrect send context disable (bsc#1096793). - IB/hfi1: Return correct value for device state (bsc#1096793). - IB/hfi1: Send 'reboot' as planned down remote reason (bsc#1096793). - IB/hfi1: Set port number for errorinfo MAD response (bsc#1096793). - IB/hfi1: Show fault stats in both TX and RX directions (bsc#1096793). - IB/hfi1: Update HFI to use the latest PCI API (bsc#1096793). - IB/hfi1: Use after free race condition in send context error path (bsc#1096793). - IB/hfi1: Validate PKEY for incoming GSI MAD packets (bsc#1096793). - IB/ipoib: Avoid memory leak if the SA returns a different DGID (bsc#1046307). - IB/ipoib: Change number of TX wqe to 64 (bsc#1096793). - IB/ipoib: Fix for notify send CQ failure messages (bsc#1096793). - IB/ipoib: Fix for potential no-carrier state (bsc#1046307). - IB/ipoib: Get rid of the tx_outstanding variable in all modes (bsc#1096793). - IB/ipoib: Use NAPI in UD/TX flows (bsc#1096793). - IB/mlx4: Fix integer overflow when calculating optimal MTT size (bsc#1071218). - IB/mlx4: Move mlx4_uverbs_ex_query_device_resp to include/uapi/ (bsc#1071218). - IB/mlx5: Enable ECN capable bits for UD RoCE v2 QPs (bsc#1046305). - IB/mlx5: Respect new UMR capabilities (bsc#1093205). - IB/mlx5: Set the default active rate and width to QDR and 4X (bsc#1046305). - IB/mlx5: Use unlimited rate when static rate is not supported (bsc#1046305). - IB/mlx5:: pr_err() and mlx5_ib_dbg() strings should end with newlines (bsc#1093205). - IB/rdmavt: Add trace for RNRNAK timer (bsc#1096793). - IB/rdmavt: Allocate CQ memory on the correct node (bsc#1058717). - IB/rdmavt: No need to cancel RNRNAK retry timer when it is running (bsc#1096793). - IB/rdmavt: Use correct numa node for SRQ allocation (bsc#1096793). - IB/srp: Fix completion vector assignment algorithm (bsc#1046306). - IB/srp: Fix srp_abort() (bsc#1046306). - IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write() (bsc#1046306). - IB/uverbs: Fix validating mandatory attributes (bsc#1046306). - IB/{hfi1, qib}: Add handling of kernel restart (bsc#1096793). - IB/{hfi1, rdmavt}: Fix memory leak in hfi1_alloc_devdata() upon failure (bsc#1096793). - IB/{rdmavt,hfi1}: Change hrtimer add to use pinned version (bsc#1096793). - Input: ALPS - fix TrackStick detection on Thinkpad L570 and Latitude 7370 (bsc#1051510). - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro (bsc#1051510). - Input: atmel_mxt_ts - fix the firmware update (bsc#1051510). - Input: elan_i2c - add ELAN0612 (Lenovo v330 14IKB) ACPI ID (bsc#1051510). - Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID (bsc#1051510). - Input: elan_i2c_smbus - fix corrupted stack (bsc#1051510). - Input: elan_i2c_smbus - fix more potential stack buffer overflows (bsc#1051510). - Input: elantech - enable middle button of touchpads on ThinkPad P52 (bsc#1051510). - Input: elantech - fix V4 report decoding for module with middle key (bsc#1051510). - Input: goodix - add new ACPI id for GPD Win 2 touch screen (bsc#1051510). - Input: goodix - disable IRQs while suspended (bsc#1051510). - Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list (bsc#1051510). - Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad (bsc#1051510). - Input: leds - fix out of bound access (bsc#1051510). - Input: synaptics - Lenovo Carbon X1 Gen5 (2017) devices should use RMI (bsc#1051510). - Input: synaptics - Lenovo Thinkpad X1 Carbon G5 (2017) with Elantech trackpoints should use RMI (bsc#1051510). - Input: synaptics - add Intertouch support on X1 Carbon 6th and X280 (bsc#1051510). - Input: synaptics - add Lenovo 80 series ids to SMBus (bsc#1051510). - Input: synaptics - reset the ABS_X/Y fuzz after initializing MT axes (bsc#1051510). - Input: synaptics-rmi4 - fix an unchecked out of memory error path (bsc#1051510). - Input: synaptics: Add intertouch blacklist for Thinkpad Helix (bsc#1090457). - Input: xpad - add GPD Win 2 Controller USB IDs (bsc#1051510). - Input: xpad - fix GPD Win 2 controller name (bsc#1051510). - Input: xpad - sync supported devices with 360Controller (bsc#1051510). - Input: xpad - sync supported devices with XBCD (bsc#1051510). - KABI protect struct nd_region (). - KABI: hide ftrace_enabled in paca (bsc#1088804). - KEYS: DNS: limit the length of option strings (networking-stable-18_04_26). - KEYS: Use individual pages in big_key for crypto buffers (bsc#1051510). - KVM: MMU: consider host cache mode in MMIO page check (bsc#1087213). - KVM: PPC: Book3S HV: Fix ppc_breakpoint_available compile error (bsc#1061840). - KVM: PPC: Book3S HV: Handle migration with POWER9 disabled DAWR (bsc#1061840). - KVM: PPC: Book3S HV: Return error from h_set_dabr() on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Return error from h_set_mode(SET_DAWR) on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: trace_tlbie must not be called in realmode (bsc#1061840). - MD: Free bioset when md_run fails (bsc#1093023). - Move upstreamed ideapad-laptop patch to sorted section (bsc#1093035) - NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 (bsc#1090888). - NFC: fix device-allocation error return (bsc#1051510). - NFC: llcp: Limit size of SDP URI (bsc#1051510). - NFC: pn533: do not send USB data off of the stack (bsc#1051510). - NFS: Revert "NFS: Move the flock open mode check into nfs_flock()" (bsc#1098983). - NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..") (git-fixes). - PCI/ASPM: Add L1 Substates definitions (bsc#1051510). - PCI/ASPM: Calculate LTR_L1.2_THRESHOLD from device characteristics (bsc#1051510). - PCI/DPC: Do not enable DPC if AER control is not allowed by the BIOS (bsc#1093184). - PCI/PME: Handle invalid data when reading Root Status (bsc#1051510). - PCI: Add ACS quirk for Intel 300 series (bsc#1051510). - PCI: Add ACS quirk for Intel 7th and 8th Gen mobile (bsc#1051510). - PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L (bsc#1051510). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 (bsc#1051510). - PCI: Add function 1 DMA alias quirk for Marvell 9128 (bsc#1051510). - PCI: Create SR-IOV virtfn/physfn links before attaching driver (bsc#1051510). - PCI: Detach driver before procfs and sysfs teardown on device remove (bsc#1051510). - PCI: Mark Broadcom HT1100 and HT2000 Root Port Extended Tags as broken (bsc#1051510). - PCI: Remove messages about reassigning resources (bsc#1051510). - PCI: Restore config space on runtime resume despite being unbound (bsc#1051510). - PCI: aardvark: Fix PCIe Max Read Request Size setting (bsc#1051510). - PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf() (bsc#1051510). - PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf() (bsc#1051510). - PCI: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq mode (bsc#1051510). - PCI: designware-ep: Fix find_first_zero_bit() usage (bsc#1051510). - PCI: hv: Fix a __local_bh_enable_ip warning in hv_compose_msi_msg() (bnc#1094541). - PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume (bsc#1051510). - PCI: shpchp: Enable bridge bus mastering if MSI is enabled (bsc#1051510). - PM / OPP: Add missing of_node_put(np) (bsc#1051510). - PM / OPP: Call notifier without holding opp_table->lock (bsc#1051510). - PM / OPP: Move error message to debug level (bsc#1051510). - PM / devfreq: Fix potential NULL pointer dereference in governor_store (bsc#1051510). - PM / s2idle: Clear the events_check_enabled flag (bsc#1051510). - PM / wakeirq: Fix unbalanced IRQ enable for wakeirq (bsc#1051510). - PM: docs: Drop an excess character from devices.rst (bsc#1051510). - Pass x86 as architecture on x86_64 and i386 (bsc#1093118). - Preliminary series sort - RDMA/bnxt_re: Fix broken RoCE driver due to recent L2 driver changes (bsc#1086283). - RDMA/bnxt_re: Remove redundant bnxt_qplib_disable_nq() call (bsc#1086283). - RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access (bsc#1046306). - RDMA/core: Reduce poll batch for direct cq polling (bsc#1046306). - RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint (bsc#1084001). - RDMA/mlx4: Fix uABI structure layouts for 32/64 compat (bsc#1071218). - RDMA/mlx5: Fix crash while accessing garbage pointer and freed memory (bsc#1046305). - RDMA/mlx5: Protect from NULL pointer derefence (bsc#1046305). - RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS (bsc#1058513). - RDMA/rxe: Fix an out-of-bounds read (bsc#1050662). - RDMA/ucma: Allow resolving address w/o specifying source address (bsc#1046306). - RDMA/ucma: Introduce safer rdma_addr_size() variants (bsc#1046306). - RDMAVT: Fix synchronization around percpu_ref (bsc#1058717). - RDS: Check cmsg_len before dereferencing CMSG_DATA (networking-stable-17_12_31). - README.BRANCH: add Takashi as co-maintainer - Re-sort some patches to match SLE15 - Refresh patches.suse/btrfs-use-kvzalloc-to-allocate-btrfs_fs_info.patch - Fixed References (bsc#1062897). - Remove the old fallback for iTCO/WDAT conflict (bsc#1073960) Now the upstream fix is included, so let's rip off the old trickery. - Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" (bsc#1051510). - Revert "Remove patces for bug 1087405 due to regression" This reverts commit f91a2ea5192d9e933c41600da5d1543155df381c. - Revert "ath10k: send (re)assoc peer command when NSS changed" (bsc#1051510). - Revert "drm/i915/edp: Allow alternate fixed mode for eDP if available." (bsc#1093604). - Revert "kernel-binary: do not package extract-cert when not signing modules" This reverts commit 10a8bc496a553b8069d490a8ae7508bdb19f58d9. - Revert "rt2800: use TXOP_BACKOFF for probe frames" (bsc#1051510). - Revert "scsi: core: return BLK_STS_OK for DID_OK in __scsi_error_from_host_byte()" (bsc#1099918). - Sort series.conf - USB: Accept bulk endpoints with 1024-byte maxpacket (bsc#1092888). - USB: serial: pl2303: new device id for Chilitag (bsc#1087092). - USB: serial: simple: add Motorola Tetra driver (bsc#1087092). - USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw (bsc#1090888). - Update patches.fixes/vti-fix-use-after-free-in-vti_tunnel_xmit-vti6_tnl_x.patch (bsc#1076830 networking-stable-17_10_09). - Update patches.suse/ceph-quota-add-counter-for-snaprealms-with-quota.patch (bsc#1089115). - Update patches.suse/ceph-quota-add-initial-infrastructure-to-support-cephfs-quotas .patch (bsc#1089115). - Update patches.suse/ceph-quota-cache-inode-pointer-in-ceph_snap_realm.patch (bsc#1089115). - Update patches.suse/ceph-quota-don-t-allow-cross-quota-renames.patch (bsc#1089115). - Update patches.suse/ceph-quota-support-for-ceph-quota-max_bytes.patch (bsc#1089115). - Update patches.suse/ceph-quota-support-for-ceph-quota-max_files.patch (bsc#1089115). - Update patches.suse/ceph-quota-update-mds-when-max_bytes-is-approaching.patch (bsc#1089115). - Update for above change patches.drivers/0003-md-cluster-Suspend-writes-in-RAID10-if-within-range.pa tch (bsc#1093023). - Update patches.suse/ceph-don-t-check-quota-for-snap-inode.patch (bsc#1089115). - Update patches.suse/ceph-fix-root-quota-realm-check.patch (bsc#1089115). - X.509: fix BUG_ON() when hash algorithm is unsupported (bsc#1051510). - X.509: fix NULL dereference when restricting key with unsupported_sig (bsc#1051510). - X.509: fix comparisons of ->pkey_algo (bsc#1051510). - X.509: reject invalid BIT STRING for subjectPublicKey (bsc#1051510). - acpi, nfit: quiet invalid block-aperture-region warnings (bsc#1091781). - acpi, nfit: rework NVDIMM leaf method detection (bsc#1091782). - acpi: Add helper for deactivating memory region (bsc#1100132). - acpi: nfit: Add support for detect platform CPU cache flush on power loss (bsc#1091424). - acpi: nfit: add persistent memory control flag for nd_region (bsc#1091424). - adding missing rcu_read_unlock in ipxip6_rcv (networking-stable-17_12_31). - af_netlink: ensure that NLMSG_DONE never fails in dumps (networking-stable-17_11_20). - afs: Connect up the CB.ProbeUuid (bsc#1052766). - afs: Fix missing error handling in afs_write_end() (bsc#1052766). - amd-xgbe: Add pre/post auto-negotiation phy hooks (networking-stable-18_04_26). - amd-xgbe: Improve KR auto-negotiation and training (networking-stable-18_04_26). - amd-xgbe: Only use the SFP supported transceiver signals (networking-stable-18_04_26). - amd-xgbe: Restore PCI interrupt enablement setting on resume (networking-stable-18_03_07). - apparmor: fix dangling symlinks to policy rawdata after replacement (bsc#1095893). - apparmor: fix display of .ns_name for containers (bsc#1095893). - apparmor: fix logging of the existence test for signals (bsc#1095893). - apparmor: fix memory leak on buffer on error exit path (bsc#1095893). - arch/*: Kconfig: fix documentation for NMI watchdog (bsc#1099918). - arm/arm64: smccc: Add SMCCC-specific return codes (bsc#1085308). - arm64: Add 'ssbd' command-line option (bsc#1085308). - arm64: Add ARCH_WORKAROUND_2 probing (bsc#1085308). - arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2 (bsc#1085308). - arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1 (bsc#1085308). - arm64: alternatives: Add dynamic patching feature (bsc#1085308). - arm64: fix endianness annotation for __apply_alternatives()/get_alt_insn() (bsc#1085308). - arm64: ssbd: Add global mitigation state accessor (bsc#1085308). - arm64: ssbd: Add prctl interface for per-thread mitigation (bsc#1085308). - arm64: ssbd: Introduce thread flag to control userspace mitigation (bsc#1085308). - arm64: ssbd: Restore mitigation status on CPU resume (bsc#1085308). - arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation (bsc#1085308). - arp: fix arp_filter on l3slave devices (networking-stable-18_04_10). - ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) (bsc#1051510). - ath10k: correct target assert problem due to CE5 stuck (bsc#1051510). - ath10k: search all IEs for variant before falling back (bsc#1051510). - ath9k: fix crash in spectral scan (bsc#1051510). - auxdisplay: fix broken menu (bsc#1051510). - auxdisplay: img-ascii-lcd: Only build on archs that have IOMEM (bsc#1051510). - auxdisplay: img-ascii-lcd: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510). - backlight: as3711_bl: Fix Device Tree node lookup (bsc#1051510). - backlight: max8925_bl: Fix Device Tree node lookup (bsc#1051510). - backlight: tdo24m: Fix the SPI CS between transfers (bsc#1051510). - backlight: tps65217_bl: Fix Device Tree node lookup (bsc#1051510). - bcache: Add __printf annotation to __bch_check_keys() (bsc#1093023). - bcache: Annotate switch fall-through (bsc#1093023). - bcache: Fix a compiler warning in bcache_device_init() (bsc#1093023). - bcache: Fix indentation (bsc#1093023). - bcache: Fix kernel-doc warnings (bsc#1093023). - bcache: Fix, improve efficiency of closure_sync() (bsc#1093023). - bcache: Reduce the number of sparse complaints about lock imbalances (bsc#1093023). - bcache: Remove an unused variable (bsc#1093023). - bcache: Suppress more warnings about set-but-not-used variables (bsc#1093023). - bcache: Use PTR_ERR_OR_ZERO() (bsc#1093023). - bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1093023). - bcache: add backing_request_endio() for bi_end_io (bsc#1093023). - bcache: add io_disable to struct cached_dev (bsc#1093023). - bcache: add journal statistic (bsc#1093023). - bcache: add stop_when_cache_set_failed option to backing device (bsc#1093023). - bcache: add wait_for_kthread_stop() in bch_allocator_thread() (bsc#1093023). - bcache: allow quick writeback when backing idle (bsc#1093023). - bcache: closures: move control bits one bit right (bsc#1093023). - bcache: comment on direct access to bvec table (bsc#1093023). - bcache: correct flash only vols (check all uuids) (bsc#1093023). - bcache: count backing device I/O error for writeback I/O (bsc#1093023). - bcache: fix cached_dev->count usage for bch_cache_set_error() (bsc#1093023). - bcache: fix error return value in memory shrink (bsc#1093023). - bcache: fix for allocator and register thread race (bsc#1093023). - bcache: fix for data collapse after re-attaching an attached device (bsc#1093023). - bcache: fix high CPU occupancy during journal (bsc#1093023). - bcache: fix inaccurate io state for detached bcache devices (bsc#1093023). - bcache: fix incorrect sysfs output value of strip size (bsc#1093023). - bcache: fix kcrashes with fio in RAID5 backend dev (bsc#1093023). - bcache: fix misleading error message in bch_count_io_errors() (bsc#1093023). - bcache: fix unmatched generic_end_io_acct() and generic_start_io_acct() (bsc#1093023). - bcache: fix using of loop variable in memory shrink (bsc#1093023). - bcache: fix writeback target calc on large devices (bsc#1093023). - bcache: fix wrong return value in bch_debug_init() (bsc#1093023). - bcache: mark closure_sync() __sched (bsc#1093023). - bcache: move closure debug file into debug directory (bsc#1093023). - bcache: properly set task state in bch_writeback_thread() (bsc#1093023). - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set (bsc#1093023). - bcache: reduce cache_set devices iteration by devices_max_used (bsc#1093023). - bcache: ret IOERR when read meets metadata error (bsc#1093023). - bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n (bsc#1093023). - bcache: return attach error when no cache set exist (bsc#1093023). - bcache: segregate flash only volume write streams (bsc#1093023). - bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1093023). - bcache: set dc->io_disable to true in conditional_stop_bcache_device() (bsc#1093023). - bcache: set error_limit correctly (bsc#1093023). - bcache: set writeback_rate_update_seconds in range [1, 60] seconds (bsc#1093023). - bcache: stop dc->writeback_rate_update properly (bsc#1093023). - bcache: stop writeback thread after detaching (bsc#1093023). - bcache: store disk name in struct cache and struct cached_dev (bsc#1093023). - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set (bsc#1093023). - bcache: writeback: properly order backing device IO (bsc#1093023). - bdi: Fix oops in wb_workfn() (bsc#1052766). - bdi: wake up concurrent wb_shutdown() callers (bsc#1052766). - be2net: Fix HW stall issue in Lancer (bsc#1086288). - be2net: Fix error detection logic for BE3 (bsc#1050252). - be2net: Handle transmit completion errors in Lancer (bsc#1086288). - bfq-iosched: ensure to clear bic/bfqq pointers when preparing request (bsc#1052766). - bfq: Re-enable auto-loading when built as a module (bsc#1099918). - bio-integrity: move the bio integrity profile check earlier in bio_integrity_prep (bsc#1093023). - bitmap: fix memset optimization on big-endian systems (bsc#1051510). - bitops: Introduce assign_bit() (bsc#1093023). - blacklist.conf: blacklist further commits not needed (bsc#1085933, bsc#1085938, bsc#1085939) - blacklist.conf: blacklist tools specific change bsc#1085941 - blk-mq-debugfs: fix device sched directory for default scheduler (bsc#1099918). - blk-mq: do not keep offline CPUs mapped to hctx 0 (bsc#1099918). - blk-mq: make sure hctx->next_cpu is set correctly (bsc#1099918). - blk-mq: make sure that correct hctx->next_cpu is set (bsc#1099918). - blk-mq: reinit q->tag_set_list entry only after grace period (bsc#1099918). - blk-mq: simplify queue mapping and schedule with each possisble CPU (bsc#1099918). - block, bfq: add missing invocations of bfqg_stats_update_io_add/remove (bsc#1099918). - block, bfq: fix occurrences of request finish method's old name (bsc#1099918). - block, bfq: put async queues for root bfq groups too (bsc#1052766). - block/loop: fix deadlock after loop_set_status (bsc#1052766). - block/swim: Remove extra put_disk() call from error path (bsc#1099918). - block: Add comment to submit_bio_wait() (bsc#1093023). - block: Fix __bio_integrity_endio() documentation (bsc#1099918). - block: Fix cloning of requests with a special payload (bsc#1099918). - block: Set BIO_TRACE_COMPLETION on new bio during split (bsc#1052766). - block: cope with WRITE ZEROES failing in blkdev_issue_zeroout() (bsc#1099918). - block: factor out __blkdev_issue_zero_pages() (bsc#1099918). - block: sed-opal: Fix a couple off by one bugs (bsc#1099918). - bnx2x: Collect the device debug information during Tx timeout (bsc#1086323). - bnx2x: Deprecate pci_get_bus_and_slot() (bsc#1086323). - bnx2x: Replace doorbell barrier() with wmb() (bsc#1086323). - bnx2x: Use NETIF_F_GRO_HW (bsc#1086323). - bnx2x: Use pci_ari_enabled() instead of local copy (bsc#1086323). - bnx2x: fix slowpath null crash (bsc#1086323). - bnx2x: fix spelling mistake: "registeration" -> "registration" (bsc#1086323). - bnx2x: use the right constant (bsc#1086323). - bnxt_en: Add BCM5745X NPAR device IDs (bsc#1086282). - bnxt_en: Add IRQ remapping logic (bsc#1086282). - bnxt_en: Add TC to hardware QoS queue mapping logic (bsc#1086282). - bnxt_en: Add ULP calls to stop and restart IRQs (bsc#1086282). - bnxt_en: Add cache line size setting to optimize performance (bsc#1086282). - bnxt_en: Add extended port statistics support (bsc#1086282). - bnxt_en: Add support for ndo_set_vf_trust (bsc#1086282). - bnxt_en: Add the new firmware API to query hardware resources (bsc#1086282). - bnxt_en: Adjust default rings for multi-port NICs (bsc#1086282). - bnxt_en: Always forward VF MAC address to the PF (bsc#1086282). - bnxt_en: Change IRQ assignment for RDMA driver (bsc#1086282). - bnxt_en: Check max_tx_scheduler_inputs value from firmware (bsc#1086282). - bnxt_en: Check the lengths of encapsulated firmware responses (bsc#1086282). - bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only (bsc#1086282). - bnxt_en: Display function level rx/tx_discard_pkts via ethtool (bsc#1086282). - bnxt_en: Do not allow VF to read EEPROM (bsc#1086282). - bnxt_en: Do not reserve rings on VF when min rings were not provisioned by PF (bsc#1086282). - bnxt_en: Do not set firmware time from VF driver on older firmware (bsc#1086282). - bnxt_en: Eliminate duplicate barriers on weakly-ordered archs (bsc#1086282). - bnxt_en: Expand bnxt_check_rings() to check all resources (bsc#1086282). - bnxt_en: Fix NULL pointer dereference at bnxt_free_irq() (bsc#1086282). - bnxt_en: Fix ethtool -x crash when device is down (bsc#1086282). - bnxt_en: Fix firmware message delay loop regression (bsc#1086282). - bnxt_en: Fix regressions when setting up MQPRIO TX rings (bsc#1086282). - bnxt_en: Fix vnic accounting in the bnxt_check_rings() path (bsc#1086282). - bnxt_en: Forward VF MAC address to the PF (bsc#1086282). - bnxt_en: Ignore src port field in decap filter nodes (bsc#1050242). - bnxt_en: Implement new method for the PF to assign SRIOV resources (bsc#1086282). - bnxt_en: Implement new method to reserve rings (bsc#1086282). - bnxt_en: Improve resource accounting for SRIOV (bsc#1086282). - bnxt_en: Improve ring allocation logic (bsc#1086282). - bnxt_en: Improve valid bit checking in firmware response message (bsc#1086282). - bnxt_en: Include additional hardware port statistics in ethtool -S (bsc#1086282). - bnxt_en: Increase RING_IDLE minimum threshold to 50 (bsc#1086282). - bnxt_en: Need to include RDMA rings in bnxt_check_rings() (bsc#1086282). - bnxt_en: Pass complete VLAN TCI to the stack (bsc#1086282). - bnxt_en: Read phy eeprom A2h address only when optical diagnostics is supported (bsc#1086282). - bnxt_en: Refactor bnxt_close_nic() (bsc#1086282). - bnxt_en: Refactor bnxt_need_reserve_rings() (bsc#1086282). - bnxt_en: Refactor hardware resource data structures (bsc#1086282). - bnxt_en: Refactor the functions to reserve hardware rings (bsc#1086282). - bnxt_en: Remap TC to hardware queues when configuring PFC (bsc#1086282). - bnxt_en: Reserve RSS and L2 contexts for VF (bsc#1086282). - bnxt_en: Reserve completion rings and MSIX for bnxt_re RDMA driver (bsc#1086282). - bnxt_en: Reserve resources for RFS (bsc#1086282). - bnxt_en: Reserve rings at driver open if none was reserved at probe time (bsc#1086282). - bnxt_en: Reserve rings in bnxt_set_channels() if device is down (bsc#1086282). - bnxt_en: Restore MSIX after disabling SRIOV (bsc#1086282). - bnxt_en: Set initial default RX and TX ring numbers the same in combined mode (bsc#1086282). - bnxt_en: Simplify ring alloc/free error messages (bsc#1086282). - bnxt_en: Support max-mtu with VF-reps (bsc#1086282). - bnxt_en: Update firmware interface to 1.9.0 (bsc#1086282). - bnxt_en: Update firmware interface to 1.9.1.15 (bsc#1086282). - bnxt_en: Use a dedicated VNIC mode for RDMA (bsc#1086282). - bnxt_en: close and open NIC, only when the interface is in running state (bsc#1086282). - bnxt_en: do not allow wildcard matches for L2 flows (bsc#1050242). - bnxt_en: export a common switchdev PARENT_ID for all reps of an adapter (bsc#1086282). - bnxt_en: fix clear flags in ethtool reset handling (bsc#1050242). - bnxt_en: reduce timeout on initial HWRM calls (bsc#1086282). - bonding: discard lowest hash bit for 802.3ad layer3+4 (networking-stable-17_11_20). - bonding: do not set slave_dev npinfo before slave_enable_netpoll in bond_enslave (networking-stable-18_04_26). - bonding: fix the err path for dev hwaddr sync in bond_enslave (networking-stable-18_04_10). - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave (networking-stable-18_04_10). - bonding: process the err returned by dev_set_allmulti properly in bond_enslave (networking-stable-18_04_10). - bonding: send learning packets for vlans on slave (networking-stable-18_05_15). - bpf, ppc64: fix out of bounds access in tail call (bsc#1083647). - bpf, x64: fix memleak when not converging after image (bsc#1083647). - bpf: add schedule points in percpu arrays management (bsc#1083647). - bpf: fix bpf_skb_adjust_net/bpf_skb_proto_xlat to deal with gso sctp skbs (bsc#1076830). - bpf: fix mlock precharge on arraymaps (bsc#1083647). - bpf: make bnxt compatible w/ bpf_xdp_adjust_tail (bsc#1086282). - bpf: properly enforce index mask to prevent out-of-bounds speculation (bsc#1098425). - brcmfmac: Fix check for ISO3166 code (bsc#1051510). - brd: fix overflow in __brd_direct_access (bsc#1052766). - bridge: check iface upper dev when setting master via ioctl (networking-stable-18_05_15). - Btrfs: Take trans lock before access running trans in check_delayed_ref (bsc#1097105). - Btrfs: return error value if create_io_em failed in cow_file_range (bsc#1097105). - can: af_can: can_pernet_init(): add missing error handling for kzalloc returning NULL (bsc#1051510). - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once (bsc#1051510). - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once (bsc#1051510). - can: c_can: do not indicate triple sampling support for D_CAN (bsc#1051510). - can: cc770: Fix queue stall and dropped RTR reply (bsc#1051510). - can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack (bsc#1051510). - can: cc770: Fix use after free in cc770_tx_interrupt() (bsc#1051510). - can: ems_usb: cancel urb on -EPIPE and -EPROTO (bsc#1051510). - can: esd_usb2: Fix can_dlc value for received RTR, frames (bsc#1051510). - can: esd_usb2: cancel urb on -EPIPE and -EPROTO (bsc#1051510). - can: flex_can: Correct the checking for frame length in flexcan_start_xmit() (bsc#1051510). - can: flexcan: fix VF610 state transition issue (bsc#1051510). - can: flexcan: fix i.MX28 state transition issue (bsc#1051510). - can: flexcan: fix i.MX6 state transition issue (bsc#1051510). - can: flexcan: fix p1010 state transition issue (bsc#1051510). - can: flexcan: fix state transition regression (bsc#1051510). - can: flexcan: implement error passive state quirk (bsc#1051510). - can: flexcan: rename legacy error state quirk (bsc#1051510). - can: gs_usb: fix busy loop if no more TX context is available (bsc#1051510). - can: gs_usb: fix return value of the "set_bittiming" callback (bsc#1051510). - can: hi311x: Acquire SPI lock on ->do_get_berr_counter (bsc#1051510). - can: hi311x: Work around TX complete interrupt erratum (bsc#1051510). - can: ifi: Check core revision upon probe (bsc#1051510). - can: ifi: Fix transmitter delay calculation (bsc#1051510). - can: ifi: Repair the error handling (bsc#1051510). - can: kvaser_usb: Correct return value in printout (bsc#1051510). - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() (bsc#1051510). - can: kvaser_usb: Ignore CMD_FLUSH_QUEUE_REPLY messages (bsc#1051510). - can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() (bsc#1051510). - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO (bsc#1051510). - can: kvaser_usb: free buf in error paths (bsc#1051510). - can: kvaser_usb: ratelimit errors if incomplete messages are received (bsc#1051510). - can: mcba_usb: cancel urb on -EPROTO (bsc#1051510). - can: mcba_usb: fix device disconnect bug (bsc#1051510). - can: peak/pci: fix potential bug when probe() fails (bsc#1051510). - can: peak/pcie_fd: fix echo_skb is occupied! bug (bsc#1051510). - can: peak/pcie_fd: fix potential bug in restarting tx queue (bsc#1051510). - can: peak/pcie_fd: remove useless code when interface starts (bsc#1051510). - can: peak: Add support for new PCIe/M2 CAN FD interfaces (bsc#1051510). - can: peak: fix potential bug in packet fragmentation (bsc#1051510). - can: sun4i: fix loopback mode (bsc#1051510). - can: sun4i: handle overrun in RX FIFO (bsc#1051510). - can: ti_hecc: Fix napi poll return value for repoll (bsc#1051510). - can: usb_8dev: cancel urb on -EPIPE and -EPROTO (bsc#1051510). - can: vxcan: improve handling of missing peer name attribute (bsc#1051510). - cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN (networking-stable-18_04_13). - cdrom: information leak in cdrom_ioctl_media_changed() (bsc#1051510). - ceph: adding protection for showing cap reservation info (bsc#1089115). - ceph: always update atime/mtime/ctime for new inode (bsc#1089115). - ceph: change variable name to follow common rule (bsc#1089115). - ceph: check if mds create snaprealm when setting quota (bsc#1089115). - ceph: do not wait on writeback when there is no more dirty pages (bsc#1089115). - ceph: filter out used flags when printing unused open flags (bsc#1089115). - ceph: fix alignment of rasize (bsc#1098236). - ceph: fix dentry leak in splice_dentry() (bsc#1098236). - ceph: fix invalid point dereference for error case in mdsc destroy (bsc#1089115). - ceph: fix rsize/wsize capping in ceph_direct_read_write() (bsc#1089115). - ceph: fix st_nlink stat for directories (bsc#1093904). - ceph: fix use-after-free in ceph_statfs() (bsc#1098236). - ceph: fix wrong check for the case of updating link count (bsc#1098236). - ceph: keep consistent semantic in fscache related option combination (bsc#1089115). - ceph: mark the cap cache as unreclaimable (bsc#1089115). - ceph: optimize mds session register (bsc#1089115). - ceph: optimize memory usage (bsc#1089115). - ceph: optimizing cap allocation (bsc#1089115). - ceph: optimizing cap reservation (bsc#1089115). - ceph: prevent i_version from going back (bsc#1098236). - ceph: quota: report root dir quota usage in statfs (bsc#1089115). - ceph: release unreserved caps if having enough available caps (bsc#1089115). - ceph: return proper bool type to caller instead of pointer (bsc#1089115). - ceph: support file lock on directory (bsc#1098236). - ceph: use seq_show_option for string type options (bsc#1089115). - cfg80211: clear wep keys after disconnection (bsc#1051510). - cfg80211: further limit wiphy names to 64 bytes (bsc#1051510). - cfg80211: limit wiphy names to 128 bytes (bsc#1051510). - cgroup: Fix deadlock in cpu hotplug path (Git-fixes). - cgroup: Reinit cgroup_taskset structure before cgroup_migrate_execute() returns (Git-fixes). - cifs: Check for timeout on Negotiate stage (bsc#1091171). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734). - config: arm64: enable Spectre-v4 per-thread mitigation - coresight: Fix disabling of CoreSight TPIU (bsc#1051510). - cpufreq: intel_pstate: Add HWP boost utility and sched util hooks (bsc#1066110). - cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0 (bsc#1051510). - cpufreq: intel_pstate: HWP boost performance on IO wakeup (bsc#1066110). - cpufreq: intel_pstate: New sysfs entry to control HWP boost (bsc#1066110). - cpufreq: intel_pstate: enable boost for Skylake Xeon (bsc#1066110). - cpufreq: schedutil: Avoid using invalid next_freq (git-fixes). - cpuidle: fix broadcast control when broadcast can not be entered (Git-fixes). - cros_ec: fix nul-termination for firmware build info (bsc#1051510). - crypto: AF_ALG - remove SGL terminator indicator when chaining (bsc#1051510). - crypto: aes-generic - build with -Os on gcc-7+ (bsc#1051510). - crypto: aes-generic - fix aes-generic regression on powerpc (bsc#1051510). - crypto: af_alg - fix possible uninit-value in alg_bind() (bsc#1051510). - crypto: ahash - Fix early termination in hash walk (bsc#1051510). - crypto: arm,arm64 - Fix random regeneration of S_shipped (bsc#1051510). - crypto: atmel-aes - fix the keys zeroing on errors (bsc#1051510). - crypto: caam - Fix null dereference at error path (bsc#1051510). - crypto: caam - fix DMA mapping dir for generated IV (bsc#1051510). - crypto: caam - fix IV DMA mapping and updating (bsc#1051510). - crypto: caam - fix incorrect define (bsc#1051510). - crypto: caam - strip input zeros from RSA input buffer (bsc#1051510). - crypto: caam/qi - fix IV DMA mapping and updating (bsc#1051510). - crypto: caam/qi - fix IV DMA mapping and updating (bsc#1051510). - crypto: ccp - Fix sparse, use plain integer as NULL pointer (git-fixes 200664d5237f). - crypto: drbg - set freed buffers to NULL (bsc#1051510). - crypto: lrw - Free rctx->ext with kzfree (bsc#1051510). - crypto: omap-sham - fix memleak (bsc#1051510). - crypto: qat - remove unused and redundant pointer vf_info (bsc#1051510). - crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss (bsc#1051510). - crypto: vmx - Remove overly verbose printk from AES XTS init (bsc#1051510). - crypto: vmx - Remove overly verbose printk from AES init routines (bsc#1051510). - crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one (bsc#1051510). - cxgb4: Correct ntuple mask validation for hash filters (bsc#1064802 bsc#1066129). - cxgb4: fix error return code in adap_init0() (bsc#1064802 bsc#1066129). - cxgb4: fix offset in collecting TX rate limit info (bsc#1073513). - cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages (bsc#1046542). - dax, dm: allow device-mapper to operate without dax support (bsc#1093023). - dax: check for QUEUE_FLAG_DAX in bdev_dax_supported() (bsc#1101315). - dccp: do not restart ccid2_hc_tx_rto_expire() if sk in closed state (networking-stable-18_01_28). - dccp: fix tasklet usage (networking-stable-18_05_15). - delayacct: Account blkio completion on the correct task (bsc#1052766). - dell_rbu: make firmware payload memory uncachable (bsc#1087978). - device-dax: allow MAP_SYNC to succeed (bsc#1052766). - devlink: Remove redundant free on error path (networking-stable-18_03_28). - direct-io: Prevent NULL pointer access in submit_page_section (bsc#1052766). - disable patches.drivers/s390-qeth-use-Read-device-to-query-hypervisor-for-MA.patch Backport of mainline commit b7493e91c11a ("s390/qeth: use Read device to query hypervisor for MAC") changes assigned MAC address (and breaks networking) on one of our machines and it's not clear which address is actually correct (bsc#1094575). - dlm: fix a clerical error when set SCTP_NODELAY (bsc#1091594). - dlm: make sctp_connect_to_sock() return in specified time (bsc#1080542). - dlm: remove O_NONBLOCK flag in sctp_connect_to_sock (bsc#1080542). - dm btree: fix serious bug in btree_split_beneath() (bsc#1093023). - dm bufio: add missed destroys of client mutex (bsc#1093023). - dm bufio: check result of register_shrinker() (bsc#1093023). - dm bufio: delete outdated comment (bsc#1093023). - dm bufio: do not embed a bio in the dm_buffer structure (bsc#1093023). - dm bufio: eliminate unnecessary labels in dm_bufio_client_create() (bsc#1093023). - dm bufio: fix buffer alignment (bsc#1093023). - dm bufio: fix integer overflow when limiting maximum cache size (bsc#1093023). - dm bufio: fix shrinker scans when (nr_to_scan lower than retain_target) (bsc#1093023). - dm bufio: get rid of slab cache name allocations (bsc#1093023). - dm bufio: move dm-bufio.h to include/linux/ (bsc#1093023). - dm bufio: relax alignment constraint on slab cache (bsc#1093023). - dm bufio: remove code that merges slab caches (bsc#1093023). - dm bufio: reorder fields in dm_buffer structure (bsc#1093023). - dm bufio: support non-power-of-two block sizes (bsc#1093023). - dm bufio: use REQ_OP_READ and REQ_OP_WRITE (bsc#1093023). - dm bufio: use slab cache for dm_buffer structure allocations (bsc#1093023). - dm cache background tracker: limit amount of background work that may be issued at once (bsc#1093023). - dm cache policy smq: allocate cache blocks in order (bsc#1093023). - dm cache policy smq: change max background work from 10240 to 4096 blocks (bsc#1093023). - dm cache policy smq: handle races with queuing background_work (bsc#1093023). - dm cache policy smq: take origin idle status into account when queuing writebacks (bsc#1093023). - dm cache: convert dm_cache_metadata.ref_count from atomic_t to refcount_t (bsc#1093023). - dm cache: fix race condition in the writeback mode overwrite_bio optimisation (bsc#1093023). - dm cache: lift common migration preparation code to alloc_migration() (bsc#1093023). - dm cache: pass cache structure to mode functions (bsc#1093023). - dm cache: remove all obsolete writethrough-specific code (bsc#1093023). - dm cache: remove usused deferred_cells member from struct cache (bsc#1093023). - dm cache: simplify get_per_bio_data() by removing data_size argument (bsc#1093023). - dm cache: submit writethrough writes in parallel to origin and cache (bsc#1093023). - dm crypt: allow unaligned bv_offset (bsc#1093023). - dm crypt: fix crash by adding missing check for auth key size (bsc#1093023). - dm crypt: fix error return code in crypt_ctr() (bsc#1093023). - dm crypt: fix memory leak in crypt_ctr_cipher_old() (bsc#1093023). - dm crypt: limit the number of allocated pages (bsc#1093023). - dm crypt: reject sector_size feature if device length is not aligned to it (bsc#1093023). - dm crypt: remove BIOSET_NEED_RESCUER flag (bsc#1093023). - dm crypt: wipe kernel key copy after IV initialization (bsc#1093023). - dm flakey: check for null arg_name in parse_features() (bsc#1093023). - dm integrity: allow unaligned bv_offset (bsc#1093023). - dm integrity: count and display checksum failures (bsc#1093023). - dm integrity: do not check integrity for failed read operations (bsc#1093023). - dm integrity: do not store cipher request on the stack (bsc#1093023). - dm integrity: fail early if required HMAC key is not available (bsc#1093023). - dm integrity: make blk_integrity_profile structure const (bsc#1093023). - dm integrity: optimize writing dm-bufio buffers that are partially changed (bsc#1093023). - dm integrity: use init_completion instead of COMPLETION_INITIALIZER_ONSTACK (bsc#1093023). - dm integrity: use kvfree for kvmalloc'd memory (bsc#1099918). - dm io: remove BIOSET_NEED_RESCUER flag from bios bioset (bsc#1093023). - dm ioctl: constify ioctl lookup table (bsc#1093023). - dm log writes: add support for DAX (bsc#1093023). - dm log writes: add support for inline data buffers (bsc#1093023). - dm log writes: do not use all the cpu while waiting to log blocks (bsc#1093023). - dm log writes: fix >512b sectorsize support (bsc#1093023). - dm log writes: fix max length used for kstrndup (bsc#1093023). - dm log writes: record metadata flag for better flags record (bsc#1093023). - dm mpath: fix bio-based multipath queue_if_no_path handling (bsc#1099918). - dm raid: add component device size checks to avoid runtime failure (bsc#1093023). - dm raid: avoid passing array_in_sync variable to raid_status() callees (bsc#1093023). - dm raid: bump target version to reflect numerous fixes (bsc#1093023). - dm raid: consume sizes after md_finish_reshape() completes changing them (bsc#1093023). - dm raid: correct resizing state relative to reshape space in ctr (bsc#1093023). - dm raid: display a consistent copy of the MD status via raid_status() (bsc#1093023). - dm raid: do not use 'const' in function return (bsc#1099918). - dm raid: ensure 'a' chars during reshape (bsc#1093023). - dm raid: fix deadlock caused by premature md_stop_writes() (bsc#1093023). - dm raid: fix incorrect status output at the end of a "recover" process (bsc#1093023). - dm raid: fix incorrect sync_ratio when degraded (bsc#1093023). - dm raid: fix nosync status (bsc#1093023). - dm raid: fix panic when attempting to force a raid to sync (bsc#1093023). - dm raid: fix parse_raid_params() variable range issue (bsc#1093023). - dm raid: fix raid set size revalidation (bsc#1093023). - dm raid: fix raid_resume() to keep raid set frozen as needed (bsc#1093023). - dm raid: fix rs_get_progress() synchronization state/ratio (bsc#1093023). - dm raid: make raid_sets symbol static (bsc#1093023). - dm raid: simplify rs_get_progress() (bsc#1093023). - dm raid: small cleanup and remove unsed "struct raid_set" member (bsc#1093023). - dm raid: stop keeping raid set frozen altogether (bsc#1093023). - dm raid: use rs_is_raid*() (bsc#1093023). - dm raid: validate current raid sets redundancy (bsc#1093023). - dm rq: do not update rq partially in each ending bio (bsc#1093023). - dm rq: make dm-sq requeuing behavior consistent with dm-mq behavior (bsc#1093023). - dm space map metadata: use ARRAY_SIZE (bsc#1093023). - dm stripe: get rid of a Variable Length Array (VLA) (bsc#1093023). - dm table: fix regression from improper dm_dev_internal.count refcount_t conversion (bsc#1093023). - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 (bsc#1093023). - dm thin: fix trailing semicolon in __remap_and_issue_shared_cell (bsc#1093023). - dm zoned: avoid triggering reclaim from inside dmz_map() (bsc#1099918). - dm zoned: ignore last smaller runt zone (bsc#1093023). - dm-crypt: do not clear bvec->bv_page in crypt_free_buffer_pages() (bsc#1093023). - dm-crypt: do not mess with BIP_BLOCK_INTEGRITY (bsc#1093023). - dm-raid: fix a race condition in request handling (bsc#1093023). - dm: backfill missing calls to mutex_destroy() (bsc#1093023). - dm: clear all discard attributes in queue_limits when discards are disabled (bsc#1093023). - dm: convert DM printk macros to pr level macros (bsc#1099918). - dm: convert dm_dev_internal.count from atomic_t to refcount_t (bsc#1093023). - dm: convert table_device.count from atomic_t to refcount_t (bsc#1093023). - dm: correctly handle chained bios in dec_pending() (bsc#1093023). - dm: discard support requires all targets in a table support discards (bsc#1093023). - dm: do not set 'discards_supported' in targets that do not need it (bsc#1093023). - dm: ensure bio submission follows a depth-first tree walk (bsc#1093023). - dm: ensure bio-based DM's bioset and io_pool support targets' maximum IOs (bsc#1093023). - dm: fix __send_changing_extent_only() to send first bio and chain remainder (bsc#1093023). - dm: fix comment above dm_accept_partial_bio (bsc#1093023). - dm: fix printk() rate limiting code (bsc#1099918). - dm: fix various targets to dm_register_target after module __init resources created (bsc#1093023). - dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE (bsc#1093023). - dm: move dm_table_destroy() to same header as dm_table_create() (bsc#1093023). - dm: remove BIOSET_NEED_RESCUER based dm_offload infrastructure (bsc#1093023). - dm: remove stale comment blocks (bsc#1093023). - dm: remove unused 'num_write_bios' target interface (bsc#1093023). - dm: remove unused macro DM_MOD_NAME_SIZE (bsc#1093023). - dm: rename 'bio' member of dm_io structure to 'orig_bio' (bsc#1093023). - dm: safely allocate multiple bioset bios (bsc#1093023). - dm: set QUEUE_FLAG_DAX accordingly in dm_table_set_restrictions() (bsc#1093023). - dm: simplify start of block stats accounting for bio-based (bsc#1093023). - dm: small cleanup in dm_get_md() (bsc#1093023). - dm: use bio_split() when splitting out the already processed bio (bsc#1099918). - dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved (bsc#1051510). - dmaengine: at_xdmac: fix rare residue corruption (bsc#1051510). - dmaengine: dmatest: fix container_of member in dmatest_callback (bsc#1051510). - dmaengine: dmatest: move callback wait queue to thread context (bsc#1051510). - dmaengine: dmatest: warn user when dma test times out (bsc#1051510). - dmaengine: edma: Align the memcpy acnt array size with the transfer (bsc#1051510). - dmaengine: ioat: Fix error handling path (bsc#1051510). - dmaengine: jz4740: disable/unprepare clk if probe fails (bsc#1051510). - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type (bsc#1051510). - dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 (bsc#1051510). - dmaengine: ti-dma-crossbar: Fix possible race condition with dma_inuse (bsc#1051510). - docs: disable KASLR when debugging kernel (bsc#1051510). - dpaa_eth: increment the RX dropped counter when needed (networking-stable-18_03_28). - dpaa_eth: remove duplicate increment of the tx_errors counter (networking-stable-18_03_28). - dpaa_eth: remove duplicate initialization (networking-stable-18_03_28). - drbd: Fix drbd_request_prepare() discard handling (bsc#1099918). - driver core: Do not ignore class_dir_create_and_add() failure (bsc#1051510). - driver core: Move device_links_purge() after bus_remove_device() (bsc#1099918). - drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4 (bsc#1046306). - drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4 (bsc#1046306). - drivers: net: bnx2x: use setup_timer() helper (bsc#1086323). - drm/amd/powerplay: Fix enum mismatch (bsc#1051510). - drm/amdgpu/sdma: fix mask in emit_pipeline_sync (bsc#1051510). - drm/amdgpu/si: implement get/set pcie_lanes asic callback (bsc#1051510). - drm/amdgpu: Add APU support in vi_set_uvd_clocks (bsc#1051510). - drm/amdgpu: Add APU support in vi_set_vce_clocks (bsc#1051510). - drm/amdgpu: Add an ATPX quirk for hybrid laptop (bsc#1051510). - drm/amdgpu: Fix PCIe lane width calculation (bsc#1051510). - drm/amdgpu: Fix always_valid bos multiple LRU insertions (bsc#1051510). - drm/amdgpu: Fix deadlock on runtime suspend (bsc#1051510). - drm/amdgpu: Use kvmalloc_array for allocating VRAM manager nodes array (bsc#1051510). - drm/amdgpu: adjust timeout for ib_ring_tests(v2) (bsc#1051510). - drm/amdgpu: disable GFX ring and disable PQ wptr in hw_fini (bsc#1051510). - drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders (bsc#1051510). - drm/amdkfd: fix clock counter retrieval for node without GPU (bsc#1051510). - drm/armada: fix leak of crtc structure (bsc#1051510). - drm/ast: Fixed 1280x800 Display Issue (bsc#1051510). - drm/atmel-hlcdc: check stride values in the first plane (bsc#1051510). - drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear() (bsc#1051510). - drm/atomic: Clean private obj old_state/new_state in drm_atomic_state_default_clear() (bsc#1051510). - drm/bridge: analogix dp: Fix runtime PM state in get_modes() callback (bsc#1051510). - drm/bridge: tc358767: do no fail on hi-res displays (bsc#1051510). - drm/bridge: tc358767: filter out too high modes (bsc#1051510). - drm/bridge: tc358767: fix 1-lane behavior (bsc#1051510). - drm/bridge: tc358767: fix AUXDATAn registers access (bsc#1051510). - drm/bridge: tc358767: fix DP0_MISC register set (bsc#1051510). - drm/bridge: tc358767: fix timing calculations (bsc#1051510). - drm/bridge: vga-dac: Fix edid memory leak (bsc#1051510). - drm/dumb-buffers: Integer overflow in drm_mode_create_ioctl() (bsc#1051510). - drm/exynos/dsi: mask frame-done interrupt (bsc#1051510). - drm/exynos: Allow DRM_EXYNOS on s5pv210 (bsc#1051510). - drm/exynos: Fix default value for zpos plane property (bsc#1051510). - drm/exynos: fix comparison to bitshift when dealing with a mask (bsc#1051510). - drm/exynos: g2d: use monotonic timestamps (bsc#1051510). - drm/fsl-dcu: enable IRQ before drm_atomic_helper_resume() (bsc#1051510). - drm/hisilicon: Ensure LDI regs are properly configured (bsc#1051510). - drm/i915/audio: Fix audio detection issue on GLK (bsc#1051510). - drm/i915/audio: set minimum CD clock to twice the BCLK (bsc#1095265). - drm/i915/bios: filter out invalid DDC pins from VBT child devices (bsc#1051510). - drm/i915/execlists: Use rmb() to order CSB reads (bsc#1051510). - drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk (bsc#1051510). - drm/i915/glk: Add MODULE_FIRMWARE for Geminilake (bsc#1095265). - drm/i915/gvt: fix memory leak of a cmd_entry struct on error exit path (bsc#1051510). - drm/i915/gvt: throw error on unhandled vfio ioctls (bsc#1051510). - drm/i915/lvds: Move acpi lid notification registration to registration phase (bsc#1051510). - drm/i915/psr: Chase psr.enabled only under the psr.lock (bsc#1051510). - drm/i915/userptr: reject zero user_size (bsc#1051510). - drm/i915: Adjust eDP's logical vco in a reliable place (bsc#1095265). - drm/i915: Apply batch location restrictions before pinning (bsc#1051510). - drm/i915: Call i915_perf_fini() on init_hw error unwind (bsc#1051510). - drm/i915: Disable LVDS on Radiant P845 (bsc#1051510). - drm/i915: Do no use kfree() to free a kmem_cache_alloc() return value (bsc#1051510). - drm/i915: Do not request a bug report for unsafe module parameters (bsc#1051510). - drm/i915: Enable display WA#1183 from its correct spot (bsc#1051510). - drm/i915: Enable provoking vertex fix on Gen9 systems (bsc#1051510). - drm/i915: Fix LSPCON TMDS output buffer enabling from low-power state (bsc#1051510). - drm/i915: Fix context ban and hang accounting for client (bsc#1051510). - drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log (bsc#1051510). - drm/i915: Remove stale asserts from i915_gem_find_active_request() (bsc#1051510). - drm/i915: Remove stale asserts from i915_gem_find_active_request() (bsc#1051510). - drm/i915: Remove unbannable context spam from reset (bsc#1051510). - drm/i915: Restore planes after load detection (bsc#1051510). - drm/i915: Restore planes after load detection (bsc#1051510). - drm/i915: Try GGTT mmapping whole object as partial (bsc#1051510). - drm/imx: move arming of the vblank event to atomic_flush (bsc#1051510). - drm/meson: Fix an un-handled error path in 'meson_drv_bind_master()' (bsc#1051510). - drm/meson: Fix some error handling paths in 'meson_drv_bind_master()' (bsc#1051510). - drm/meson: fix vsync buffer update (bsc#1051510). - drm/msm/dsi: use correct enum in dsi_get_cmd_fmt (bsc#1051510). - drm/msm: Fix possible null dereference on failure of get_pages() (bsc#1051510). - drm/msm: do not deref error pointer in the msm_fbdev_create error path (bsc#1100209). - drm/msm: fix leak in failed get_pages (bsc#1051510). - drm/nouveau/bar/gf100: add config option to limit BAR2 to 16MiB (bsc#1095094). - drm/nouveau/bios/iccsense: rails for power sensors have a mask of 0xf8 for version 0x10 (bsc#1095094). - drm/nouveau/bios/init: add a new devinit script interpreter entry-point (bsc#1095094). - drm/nouveau/bios/init: add or/link args separate from output path (bsc#1095094). - drm/nouveau/bios/init: bump script offset to 32-bits (bsc#1095094). - drm/nouveau/bios/init: remove internal use of nvbios_init.bios (bsc#1095094). - drm/nouveau/bios/init: rename 'crtc' to 'head' (bsc#1095094). - drm/nouveau/bios/init: rename nvbios_init() to nvbios_devinit() (bsc#1095094). - drm/nouveau/bios/volt: Parse min and max for Version 0x40 (bsc#1095094). - drm/nouveau/bios: Demote missing fp table message to NV_DEBUG (bsc#1095094). - drm/nouveau/bl: fix backlight regression (bsc#1095094). - drm/nouveau/devinit: use new devinit script interpreter entry-point (bsc#1095094). - drm/nouveau/disp/dp: determine a failsafe link training rate (bsc#1095094). - drm/nouveau/disp/dp: determine link bandwidth requirements from head state (bsc#1095094). - drm/nouveau/disp/dp: no need for lt_state except during manual link training (bsc#1095094). - drm/nouveau/disp/dp: only check for re-train when the link is active (bsc#1095094). - drm/nouveau/disp/dp: remove DP_PWR method (bsc#1095094). - drm/nouveau/disp/dp: store current link configuration in nvkm_ior (bsc#1095094). - drm/nouveau/disp/dp: train link only when actively displaying an image (bsc#1095094). - drm/nouveau/disp/dp: use cached link configuration when checking link status (bsc#1095094). - drm/nouveau/disp/dp: use new devinit script interpreter entry-point (bsc#1095094). - drm/nouveau/disp/g84-: Extend NVKM HDMI power control method to set InfoFrames (bsc#1095094). - drm/nouveau/disp/g84-: port OR HDMI control to nvkm_ior (bsc#1095094). - drm/nouveau/disp/g84-gt200: Use supplied HDMI InfoFrames (bsc#1095094). - drm/nouveau/disp/g94-: port OR DP drive setting control to nvkm_ior (bsc#1095094). - drm/nouveau/disp/g94-: port OR DP lane mapping to nvkm_ior (bsc#1095094). - drm/nouveau/disp/g94-: port OR DP link power control to nvkm_ior (bsc#1095094). - drm/nouveau/disp/g94-: port OR DP link setup to nvkm_ior (bsc#1095094). - drm/nouveau/disp/g94-: port OR DP training pattern control to nvkm_ior (bsc#1095094). - drm/nouveau/disp/gf119-: avoid creating non-existent heads (bsc#1095094). - drm/nouveau/disp/gf119-: port OR DP VCPI control to nvkm_ior (bsc#1095094). - drm/nouveau/disp/gf119: Use supplied HDMI InfoFrames (bsc#1095094). - drm/nouveau/disp/gf119: add missing drive vfunc ptr (bsc#1095094). - drm/nouveau/disp/gk104-: Use supplied HDMI InfoFrames (bsc#1095094). - drm/nouveau/disp/gm200-: allow non-identity mapping of SOR != macro links (bsc#1095094). - drm/nouveau/disp/gt215-: port HDA ELD controls to nvkm_ior (bsc#1095094). - drm/nouveau/disp/gt215: Use supplied HDMI InfoFrames (bsc#1095094). - drm/nouveau/disp/nv04: avoid creation of output paths (bsc#1095094). - drm/nouveau/disp/nv50-: avoid creating ORs that are not present on HW (bsc#1095094). - drm/nouveau/disp/nv50-: execute supervisor on its own workqueue (bsc#1095094). - drm/nouveau/disp/nv50-: fetch head/OR state at beginning of supervisor (bsc#1095094). - drm/nouveau/disp/nv50-: implement a common supervisor 1.0 (bsc#1095094). - drm/nouveau/disp/nv50-: implement a common supervisor 2.0 (bsc#1095094). - drm/nouveau/disp/nv50-: implement a common supervisor 2.1 (bsc#1095094). - drm/nouveau/disp/nv50-: implement a common supervisor 2.2 (bsc#1095094). - drm/nouveau/disp/nv50-: implement a common supervisor 3.0 (bsc#1095094). - drm/nouveau/disp/nv50-: port OR manual sink detection to nvkm_ior (bsc#1095094). - drm/nouveau/disp/nv50-: port OR power state control to nvkm_ior (bsc#1095094). - drm/nouveau/disp/nv50-gt21x: remove workaround for dp->tmds hotplug issues (bsc#1095094). - drm/nouveau/disp: Add mechanism to convert HDMI InfoFrames to hardware format (bsc#1095094). - drm/nouveau/disp: Silence DCB warnings (bsc#1095094). - drm/nouveau/disp: add tv encoders to output resource mapping (bsc#1095094). - drm/nouveau/disp: common implementation of scanoutpos method in nvkm_head (bsc#1095094). - drm/nouveau/disp: delay output path / connector construction until oneinit() (bsc#1095094). - drm/nouveau/disp: fork off some new hw-specific implementations (bsc#1095094). - drm/nouveau/disp: identity-map display paths to output resources (bsc#1095094). - drm/nouveau/disp: introduce acquire/release display path methods (bsc#1095094). - drm/nouveau/disp: introduce input/output resource abstraction (bsc#1095094). - drm/nouveau/disp: introduce object to track per-head functions/state (bsc#1095094). - drm/nouveau/disp: move vblank_{get,put} methods into nvkm_head (bsc#1095094). - drm/nouveau/disp: remove hw-specific customisation of output paths (bsc#1095094). - drm/nouveau/disp: rename nvkm_output to nvkm_outp (bsc#1095094). - drm/nouveau/disp: rename nvkm_output_dp to nvkm_dp (bsc#1095094). - drm/nouveau/disp: s/nvkm_connector/nvkm_conn/ (bsc#1095094). - drm/nouveau/disp: shuffle functions around (bsc#1095094). - drm/nouveau/falcon: use a more reasonable msgqueue timeout value (bsc#1095094). - drm/nouveau/fb/gf100-: zero mmu debug buffers (bsc#1095094). - drm/nouveau/fb/ram/nv40-: use new devinit script interpreter entry-point (bsc#1095094). - drm/nouveau/fbcon: fix oops without fbdev emulation (bsc#1094751). - drm/nouveau/hwmon: Add config for all sensors and their settings (bsc#1095094). - drm/nouveau/hwmon: Add nouveau_hwmon_ops structure with .is_visible/.read_string (bsc#1095094). - drm/nouveau/hwmon: Change permissions to numeric (bsc#1095094). - drm/nouveau/hwmon: Remove old code, add .write/.read operations (bsc#1095094). - drm/nouveau/hwmon: expose the auto_point and pwm_min/max attrs (bsc#1095094). - drm/nouveau/kms/nv04-nv40: improve overlay error detection, fix pitch setting (bsc#1095094). - drm/nouveau/kms/nv04-nv40: prevent undisplayable framebuffers from creation (bsc#1095094). - drm/nouveau/kms/nv04-nv4x: fix exposed format list (bsc#1095094). - drm/nouveau/kms/nv04: use new devinit script interpreter entry-point (bsc#1095094). - drm/nouveau/kms/nv10-nv40: add NV21 support to overlay (bsc#1095094). - drm/nouveau/mc/gf100: add pmu to reset mask (bsc#1095094). - drm/nouveau/mpeg: print more debug info when rejecting dma objects (bsc#1095094). - drm/nouveau/pmu/fuc: do not use movw directly anymore (bsc#1051510). - drm/nouveau/pmu/gt215-: abstract detection of whether reset is needed (bsc#1095094). - drm/nouveau/pmu/gt215: fix reset (bsc#1095094). - drm/nouveau/tegra: Do not leave GPU in reset (bsc#1095094). - drm/nouveau/tegra: Skip manual unpowergating when not necessary (bsc#1095094). - drm/nouveau/therm/gm200: Added (bsc#1095094). - drm/nouveau/therm: fix spelling mistake on array thresolds (bsc#1095094). - drm/nouveau/tmr: remove nvkm_timer_alarm_cancel() (bsc#1095094). - drm/nouveau: Clean up nv50_head_atomic_check_mode() and fix blankus calculation (bsc#1095094). - drm/nouveau: Convert nouveau to use new iterator macros, v2 (bsc#1095094). - drm/nouveau: Drop drm_vblank_cleanup (bsc#1095094). - drm/nouveau: Enable stereoscopic 3D output over HDMI (bsc#1095094). - drm/nouveau: Fix deadlock in nv50_mstm_register_connector() (bsc#1051510). - drm/nouveau: Fix deadlock on runtime suspend (bsc#1051510). - drm/nouveau: Fix merge commit (bsc#1095094). - drm/nouveau: Handle drm_atomic_helper_swap_state failure (bsc#1095094). - drm/nouveau: Handle frame-packing mode geometry and timing effects (bsc#1095094). - drm/nouveau: Pass mode-dependent AVI and Vendor HDMI InfoFrames to NVKM (bsc#1095094). - drm/nouveau: Skip vga_fini on non-PCI device (bsc#1095094). - drm/nouveau: Use the drm_driver.dumb_destroy default (bsc#1095094). - drm/nouveau: silence suspend/resume debugging messages (bsc#1095094). - drm/nouveau: use drm_for_each_connector_iter() (bsc#1095094). - drm/omap: DMM: Check for DMM readiness after successful transaction commit (bsc#1051510). - drm/omap: fix possible NULL ref issue in tiler_reserve_2d (bsc#1051510). - drm/omap: fix uninitialized ret variable (bsc#1051510). - drm/omap: handle alloc failures in omap_connector (bsc#1051510). - drm/omap: silence unititialized variable warning (bsc#1051510). - drm/panel: simple: Fix the bus format for the Ontat panel (bsc#1051510). - drm/psr: Fix missed entry in PSR setup time table (bsc#1051510). - drm/qxl: Call qxl_bo_unref outside atomic context (bsc#1051510). - drm/radeon: Fix PCIe lane width calculation (bsc#1051510). - drm/radeon: Fix deadlock on runtime suspend (bsc#1051510). - drm/radeon: add PX quirk for Asus K73TK (bsc#1051510). - drm/radeon: make MacBook Pro d3_delay quirk more generic (bsc#1051510). - drm/rockchip: Clear all interrupts before requesting the IRQ (bsc#1051510). - drm/rockchip: Respect page offset for PRIME mmap calls (bsc#1051510). - drm/rockchip: dw-mipi-dsi: fix possible un-balanced runtime PM enable (bsc#1051510). - drm/sun4i: Fix dclk_set_phase (bsc#1051510). - drm/sun4i: Fix error path handling (bsc#1051510). - drm/tegra: Shutdown on driver unbind (bsc#1051510). - drm/tilcdc: ensure nonatomic iowrite64 is not used (bsc#1051510). - drm/vc4: Fix memory leak during BO teardown (bsc#1051510). - drm/vc4: Fix scaling of uni-planar formats (bsc#1051510). - drm/virtio: fix vq wait_event condition (bsc#1051510). - drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros (bsc#1051510). - drm/vmwgfx: Fix a buffer object leak (bsc#1051510). - drm/vmwgfx: Set dmabuf_size when vmw_dmabuf_init is successful (bsc#1051510). - drm/vmwgfx: Unpin the screen object backup buffer when not used (bsc#1051510). - drm: Allow determining if current task is output poll worker (bsc#1051510). - drm: Match sysfs name in link removal to link creation (bsc#1051510). - drm: bridge: dw-hdmi: Fix overflow workaround for Amlogic Meson GX SoCs (bsc#1051510). - drm: nouveau: remove dead code and pointless local lut storage (bsc#1095094). - drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen2 (bsc#1051510). - drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen3 (bsc#1051510). - drm: set FMODE_UNSIGNED_OFFSET for drm files (bsc#1051510). - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes (bsc#1075876). - eCryptfs: do not pass up plaintext names when using filename encryption (bsc#1052766). - earlycon: Use a pointer table to fix __earlycon_table stride (bsc#1099918). - efi/esrt: Use memunmap() instead of kfree() to free the remapping (bsc#1051510). - emulex/benet: Constify *be_misconfig_evt_port_state (bsc#1086288). - ethernet/broadcom: Use zeroing memory allocator than allocator/memset (bsc#1086282). - ethernet: Use octal not symbolic permissions (bsc#1086288). - ethtool: do not print warning for applications using legacy API (networking-stable-18_01_12). - etnaviv: fix gem object list corruption (bsc#1051510). - etnaviv: fix submit error path (bsc#1051510). - ext4: add bounds checking to ext4_xattr_find_entry() (bsc#1052766). - ext4: do not update checksum of new initialized bitmaps (bsc#1052766). - ext4: eliminate sleep from shutdown ioctl (bsc#1052766). - ext4: fix hole length detection in ext4_ind_map_blocks() (bsc#1090953). - ext4: fix offset overflow on 32-bit archs in ext4_iomap_begin() (bsc#1079747). - ext4: fix unsupported feature message formatting (bsc#1098435). - ext4: move call to ext4_error() into ext4_xattr_check_block() (bsc#1052766). - ext4: pass -ESHUTDOWN code to jbd2 layer (bsc#1052766). - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS (bsc#1052766). - ext4: protect i_disksize update by i_data_sem in direct write path (bsc#1052766). - ext4: set h_journal if there is a failure starting a reserved handle (bsc#1052766). - ext4: shutdown should not prevent get_write_access (bsc#1052766). - extcon: intel-cht-wc: Set direction and drv flags for V5 boost GPIO (bsc#1051510). - f2fs: avoid hungtask when GC encrypted block if io_bits is set (bsc#1052766). - f2fs: expose some sectors to user in inline data or dentry case (bsc#1052766). - f2fs: fix a panic caused by NULL flush_cmd_control (bsc#1086400). - f2fs: fix heap mode to reset it back (bsc#1052766). - f2fs: fix to clear CP_TRIMMED_FLAG (bsc#1052766). - f2fs: fix to wake up all sleeping flusher (bsc#1099918). - fanotify: fix logic of events on child (bsc#1052766). - fbdev: controlfb: Add missing modes to fix out of bounds access (bsc#1051510). - fealnx: Fix building error on MIPS (networking-stable-17_11_20). - fib_semantics: Do not match route with mismatching tclassid (networking-stable-18_03_07). - firewire-ohci: work around oversized DMA reads on JMicron controllers (bsc#1051510). - firmware: add helper to unregister pm ops (bsc#1085937). - firmware: always enable the reboot notifier (bsc#1085937). - firmware: dmi_scan: Fix UUID length safety check (bsc#1051510). - firmware: dmi_scan: Fix handling of empty DMI strings (bsc#1051510). - firmware: fix capturing errors on fw_cache_init() on early init (bsc#1085937). - firmware: fix checking for return values for fw_add_devm_name() (bsc#1051510). - firmware: fix detecting error on register_reboot_notifier() (bsc#1085936). - firmware: move kill_requests_without_uevent() up above (bsc#1085937). - firmware: provide helpers for registering the syfs loader (bsc#1085937). - firmware: share fw fallback killing on reboot/suspend (bsc#1085937). - flow_dissector: properly cap thoff field (networking-stable-18_01_28). - fs/aio: Add explicit RCU grace period when freeing kioctx (bsc#1088722). - fs/aio: Use RCU accessors for kioctx_table->table[] (bsc#1088722). - fs/binfmt_misc.c: do not allow offset overflow (bsc#1099142). - fs/fat/inode.c: fix sb_rdonly() change (bsc#1052766). - fs/reiserfs/journal.c: add missing resierfs_warning() arg (bsc#1052766). - fsnotify: Fix fsnotify_mark_connector race (bsc#1052766). - fsnotify: Hide kABI changes in fsnotify_mark_connector (bsc#1052766). - ftrace: Fix selftest goto location on error (bsc#1099918). - fuse: fix READDIRPLUS skipping an entry (bsc#1088690). - geneve: Fix function matching VNI and tunnel ID on big-endian (bsc#1051510). - geneve: fix fill_info when link down (bsc#1051510). - gfs2: Fix debugfs glocks dump (bsc#1052766). - gpio: No NULL owner (bsc#1051510). - gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE (bsc#1051510). - gpio: davinci: Assign first bank regs for unbanked case (bsc#1051510). - gpio: fix "gpio-line-names" property retrieval (bsc#1051510). - gpio: fix aspeed_gpio unmask irq (bsc#1051510). - gpio: fix error path in lineevent_create (bsc#1051510). - gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510). - gpio: label descriptors using the device name (bsc#1051510). - gpio: stmpe: i2c transfer are forbiden in atomic context (bsc#1051510). - gpioib: do not free unrequested descriptors (bsc#1051510). - gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle (bsc#1051510). - gpu: ipu-v3: prg: avoid possible array underflow (bsc#1051510). - gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle (bsc#1051510). - hdlc_ppp: carrier detect ok, do not turn off negotiation (networking-stable-18_03_07). - hv_netvsc: Fix a network regression after ifdown/ifup (bsc#1094420). - hwmon: (ina2xx) Fix access to uninitialized mutex (bsc#1051510). - hwmon: (ina2xx) Make calibration register value fixed (bsc#1051510). - hwmon: (jc42) optionally try to disable the SMBUS timeout (bsc#1051510). - hwmon: (nct6775) Fix writing pwmX_mode (bsc#1051510). - hwmon: (pmbus/adm1275) Accept negative page register values (bsc#1051510). - hwmon: (pmbus/max8688) Accept negative page register values (bsc#1051510). - hwtracing: stm: fix build error on some arches (bsc#1051510). - i2c: designware: fix poll-after-enable regression (bsc#1051510). - i2c: i801: Restore configuration at shutdown (bsc#1051510). - i2c: i801: Save register SMBSLVCMD value only once (bsc#1051510). - i2c: ismt: Separate I2C block read from SMBus block read (bsc#1051510). - i2c: mv64xxx: Apply errata delay only in standard mode (bsc#1051510). - i2c: pmcmsp: fix error return from master_xfer (bsc#1051510). - i2c: pmcmsp: return message count on master_xfer success (bsc#1051510). - i2c: viperboard: return message count on master_xfer success (bsc#1051510). - i40e: Close client on suspend and restore client MSIx on resume (bsc#1088821). - i40e: Do not allow use more TC queue pairs than MSI-X vectors exist (bsc#1094978). - i40e: Fix attach VF to VM issue (bsc#1056658 bsc#1056662). - i40e: Fix the number of queues available to be mapped for use (bsc#1094978). - i40e: program fragmented IPv4 filter input set (bsc#1056658 bsc#1056662). - i40evf: Do not schedule reset_task when device is being removed (bsc#1056658 bsc#1056662). - i40evf: do not rely on netif_running() outside rtnl_lock() (bsc#1056658 bsc#1056662). - i40evf: ignore link up if not running (bsc#1056658 bsc#1056662). - i40iw: Zero-out consumer key on allocate stag for FMR (bsc#1058659). - ibmvnic: Check CRQ command return codes (bsc#1094840). - ibmvnic: Create separate initialization routine for resets (bsc#1094840). - ibmvnic: Fix non-fatal firmware error reset (bsc#1093990). - ibmvnic: Fix partial success login retries (bsc#1094840). - ibmvnic: Fix statistics buffers memory leak (bsc#1093990). - ibmvnic: Free coherent DMA memory if FW map failed (bsc#1093990). - ibmvnic: Handle error case when setting link state (bsc#1094840). - ibmvnic: Introduce active CRQ state (bsc#1094840). - ibmvnic: Introduce hard reset recovery (bsc#1094840). - ibmvnic: Mark NAPI flag as disabled when released (bsc#1094840). - ibmvnic: Only do H_EOI for mobility events (bsc#1094356). - ibmvnic: Return error code if init interrupted by transport event (bsc#1094840). - ibmvnic: Set resetting state at earliest possible point (bsc#1094840). - ide: Make ide_cdrom_prep_fs() initialize the sense buffer pointer (bsc#1099918). - ide: ide-atapi: fix compile error with defining macro DEBUG (bsc#1099918). - ide:ide-cd: fix kernel panic resulting from missing scsi_req_init (bsc#1099918). - idr: fix invalid ptr dereference on item delete (bsc#1051510). - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() (networking-stable-18_03_28). - igb: Allow to remove administratively set MAC on VFs (bsc#1056651). - igb: Clear TXSTMP when ptp_tx_work() is timeout (bsc#1056651). - igb: Fix a test with HWTSTAMP_TX_ON (bsc#1056651 bsc#1056643). - iio: ABI: Fix name of timestamp sysfs file (bsc#1051510). - iio: ad7793: Fix the serial interface reset (bsc#1051510). - iio: ad7793: implement IIO_CHAN_INFO_SAMP_FREQ (bsc#1051510). - iio: ad_sigma_delta: Implement a dedicated reset function (bsc#1051510). - iio: adc/accel: Fix up module licenses (bsc#1051510). - iio: adc: cpcap: fix incorrect validation (bsc#1051510). - iio: adc: mcp320x: Fix oops on module unload (bsc#1051510). - iio: adc: mcp320x: Fix readout of negative voltages (bsc#1051510). - iio: adc: meson-saradc: fix the bit_idx of the adc_en clock (bsc#1051510). - iio: adc: stm32: fix scan of multiple channels with DMA (bsc#1051510). - iio: adc: ti-ads1015: add 10% to conversion wait time (bsc#1051510). - iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path of 'twl4030_madc_probe()' (bsc#1051510). - iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()' (bsc#1051510). - iio: adis_lib: Initialize trigger before requesting interrupt (bsc#1051510). - iio: buffer: check if a buffer has been set up when poll is called (bsc#1051510). - iio: buffer: fix the function signature to match implementation (bsc#1051510). - iio: core: Return error for failed read_reg (bsc#1051510). - iio: fix kernel-doc build errors (bsc#1051510). - iio: health: max30102: Add power enable parameter to get_temp function (bsc#1051510). - iio: health: max30102: Temperature should be in milli Celsius (bsc#1051510). - iio: imu: st_lsm6dsx: fix endianness in st_lsm6dsx_read_oneshot() (bsc#1051510). - iio: st_pressure: st_accel: Initialise sensor platform data properly (bsc#1051510). - iio: st_pressure: st_accel: pass correct platform data to init (bsc#1051510). - iio: trigger: stm32-timer: fix get/set down count direction (bsc#1051510). - iio: trigger: stm32-timer: fix get/set down count direction (bsc#1051510). - iio: trigger: stm32-timer: preset shouldn't be buffered (bsc#1051510). - iio:buffer: make length types match kfifo types (bsc#1051510). - iio:kfifo_buf: check for uint overflow (bsc#1051510). - ima: Fallback to the builtin hash algorithm (bsc#1091686). - infiniband: drop unknown function from core_priv.h (bsc#1046306). - init: fix false positives in W+X checking (bsc#1093721). - initial support (display-only) for GP108 (bsc#1095094). - intel_th: Use correct device when freeing buffers (bsc#1051510). - iommu/amd: Take into account that alloc_dev_data() may return NULL (bsc#975772). - iommu/vt-d: Clear pasid table entry when memory unbound (bsc#1087214). - iommu/vt-d: Fix race condition in add_unmap() (bsc#1096790, bsc#1097034). - iov_iter: fix memory leak in pipe_get_pages_alloc() (bsc#1092710). - iov_iter: fix return type of __pipe_get_pages() (bsc#1092710). - ip6_gre: better validate user provided tunnel names (networking-stable-18_04_10). - ip6_gre: fix device features for ioctl setup (networking-stable-17_12_31). - ip6_gre: init dev->mtu and dev->hard_header_len correctly (networking-stable-18_01_28). - ip6_gre: ip6gre_tap device should keep dst (networking-stable-17_10_09). - ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err (networking-stable-17_11_14). - ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header (networking-stable-17_10_09). - ip6_tunnel: better validate user provided tunnel names (networking-stable-18_04_10). - ip6_tunnel: disable dst caching if tunnel is dual-stack (networking-stable-18_01_12). - ip6_tunnel: do not allow loading ip6_tunnel if ipv6 is disabled in cmdline (networking-stable-17_10_09). - ip6_vti: adjust vti mtu according to mtu of lower device (bsc#1082869). - ip6mr: fix stale iterator (networking-stable-18_02_06). - ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds (git-fixes). - ip_gre: fix IFLA_MTU ignored on NEWLINK (bsc#1076830). - ip_tunnel: better validate user provided tunnel names (networking-stable-18_04_10). - ipip: only increase err_count for some certain type icmp in ipip_err (networking-stable-17_11_14). - ipv4: Fix use-after-free when flushing FIB tables (networking-stable-17_12_31). - ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY (networking-stable-18_01_28). - ipv4: fix fnhe usage by non-cached routes (networking-stable-18_05_15). - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg (networking-stable-18_05_15). - ipv4: igmp: guard against silly MTU values (bsc#1082869). - ipv6 sit: work around bogus gcc-8 -Wrestrict warning (networking-stable-18_03_07). - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL (git-fixes). - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy (networking-stable-18_04_26). - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() (networking-stable-18_03_28). - ipv6: fix udpv6 sendmsg crash caused by too small MTU (networking-stable-18_01_28). - ipv6: flowlabel: do not leave opt->tot_len with garbage (networking-stable-17_11_14). - ipv6: mcast: better catch silly mtu values (networking-stable-17_12_31). - ipv6: old_dport should be a __be16 in __ip6_datagram_connect() (networking-stable-18_03_28). - ipv6: omit traffic class when calculating flow hash (bsc#1095042). - ipv6: sit: better validate user provided tunnel names (networking-stable-18_04_10). - ipv6: sr: fix NULL pointer dereference in seg6_do_srh_encap()- v4 pkts (git-fixes). - ipv6: sr: fix NULL pointer dereference when setting encap source address (networking-stable-18_03_28). - ipv6: sr: fix TLVs not being copied using setsockopt (networking-stable-18_01_12). - ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state (networking-stable-18_03_28). - ipv6: sr: fix seg6 encap performances with TSO enabled (networking-stable-18_04_10). - ipv6: the entire IPv6 header chain must fit the first fragment (networking-stable-18_04_10). - irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis (bsc#1098401). - isdn: eicon: fix a missing-check bug (bsc#1051510). - iw_cxgb4: Atomically flush per QP HW CQEs (bsc#1046543). - iw_cxgb4: Fix an error handling path in 'c4iw_get_dma_mr()' (bsc#1064802 bsc#1066129). - iw_cxgb4: print mapped ports correctly (bsc#1046543). - iwlmvm: tdls: Check TDLS channel switch support (bsc#1051510). - iwlwifi: add a bunch of new 9000 PCI IDs (1051510). - iwlwifi: add shared clock PHY config flag for some devices (bsc#1051510). - iwlwifi: avoid collecting firmware dump if not loaded (bsc#1051510). - iwlwifi: fix non_shared_ant for 9000 devices (bsc#1051510). - iwlwifi: fw: harden page loading code (bsc#1051510). - iwlwifi: mvm: Correctly set IGTK for AP (bsc#1051510). - iwlwifi: mvm: Correctly set the tid for mcast queue (bsc#1051510). - iwlwifi: mvm: Direct multicast frames to the correct station (bsc#1051510). - iwlwifi: mvm: Fix channel switch for count 0 and 1 (bsc#1051510). - iwlwifi: mvm: Increase session protection time after CS (bsc#1051510). - iwlwifi: mvm: always init rs with 20mhz bandwidth rates (bsc#1051510). - iwlwifi: mvm: clear tx queue id when unreserving aggregation queue (bsc#1051510). - iwlwifi: mvm: do not warn in queue sync on RF-kill (bsc#1051510). - iwlwifi: mvm: fix "failed to remove key" message (bsc#1051510). - iwlwifi: mvm: fix IBSS for devices that support station type API (bsc#1051510). - iwlwifi: mvm: fix TSO with highly fragmented SKBs (bsc#1051510). - iwlwifi: mvm: fix TX of CCMP 256 (bsc#1051510). - iwlwifi: mvm: fix array out of bounds reference (bsc#1051510). - iwlwifi: mvm: fix assert 0x2B00 on older FWs (bsc#1051510). - iwlwifi: mvm: fix error checking for multi/broadcast sta (bsc#1051510). - iwlwifi: mvm: fix race in queue notification wait (bsc#1051510). - iwlwifi: mvm: fix security bug in PN checking (bsc#1051510). - iwlwifi: mvm: honor the max_amsdu_subframes limit (bsc#1051510). - iwlwifi: mvm: make sure internal station has a valid id (bsc#1051510). - iwlwifi: mvm: remove DQA non-STA client mode special case (bsc#1051510). - iwlwifi: mvm: set the correct tid when we flush the MCAST sta (bsc#1051510). - iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs (bsc#1051510). - ixgbe: do not set RXDCTL.RLPML for 82599 (bsc#1056657). - ixgbe: prevent ptp_rx_hang from running when in FILTER_ALL mode (bsc#1056657 bsc#1056653). - jbd2: if the journal is aborted then do not allow update of the log tail (bsc#1052766). - jffs2_kill_sb(): deal with failed allocations (bsc#1052766). - kABI: protect ife_tlv_meta_decode (kabi). - kABI: protect struct cstate (kabi). - kABI: protect struct ipv6_pinfo (kabi). - kABI: protect tap_create_cdev (kabi). - kabi protect struct acpi_nfit_desc (bsc#1091424). - kabi/severities: Ignore kABI incompatibility for meson drm The symbols are used only between meson modules, so mostly internal. - kabi/severities: Ignore removed bugs.c symbols The second wave of SSBD patches drops those symbols and we can ignore them from kABI because nothing external should use them - they were exported only for kvm. - kabi/severities: add 'drivers/md/bcache/* PASS' for above change. - kabi/severities: add nvdimm internal symbols to kabi ignore list - kabi: add struct bpf_map back (References: bsc#1098425). - kcm: lock lower socket in kcm_attach (networking-stable-18_03_28). - kconfig: Avoid format overflow warning from GCC 8.1 (bsc#1051510). - kconfig: Do not leak main menus during parsing (bsc#1051510). - kconfig: Fix automatic menu creation mem leak (bsc#1051510). - kconfig: Fix expr_free() E_NOT leak (bsc#1051510). - kernel-binary: also default klp_symbols to 0 here. - kernel-binary: pass ARCH= to kernel build Recent kernel does not save CONFIG_64BIT so it has to be specified by arch. - kernel-binary: pass MAKE_ARGS to install script as well. - kernel-{binary,docs}.spec sort dependencies. - kernel/acct.c: fix the acct->needcheck check in check_free_space() (Git-fixes). - kernel/async.c: revert "async: simplify lowest_in_progress()" (Git-fixes). - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE (bsc#1051510). - kernel/relay.c: revert "kernel/relay.c: fix potential memory leak" (Git-fixes). - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals (Git-fixes). - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL (Git-fixes). - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal() (Git-fixes). - kexec: export PG_swapbacked to VMCOREINFO (bsc#1088354). - kexec_file: do not add extra alignment to efi memmap (bsc#1089268). - klp_symbols: make --klp-symbols argument semantic sane It selects build of klp symbols and defaults to off - kmod: fix wait on recursive loop (bsc#1099792). - kmod: reduce atomic operations on kmod_concurrent and simplify (bsc#1099792). - kmod: throttle kmod thread limit (bsc#1099792). - kobject: do not use WARN for registration failures (bsc#1051510). - kvm: Introduce nopvspin kernel parameter (bsc#1056427). - kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183). - l2tp: check sockaddr length in pppol2tp_connect() (networking-stable-18_04_26). - l2tp: do not accept arbitrary sockets (bsc#1076830). - lan78xx: Crash in lan78xx_writ_reg (Workqueue: events lan78xx_deferred_multicast_write) (networking-stable-18_04_10). - leds: pm8058: Silence pointer to integer size warning (bsc#1051510). - lib/kobject: Join string literals back (bsc#1051510). - lib/string_helpers: Add missed declaration of struct task_struct (bsc#1099918). - lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly (bsc#1051510). - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs (bsc#1051510). - libata: Blacklist some Sandisk SSDs for NCQ (bsc#1051510). - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk (bsc#1051510). - libata: blacklist Micron 500IT SSD with MU01 firmware (bsc#1051510). - libata: zpodd: make arrays cdb static, reduces object code size (bsc#1051510). - libata: zpodd: small read overflow in eject_tray() (bsc#1051510). - libceph, ceph: change permission for readonly debugfs entries (bsc#1089115). - libceph: adding missing message types to ceph_msg_type_name() (bsc#1089115). - libceph: fix misjudgement of maximum monitor number (bsc#1089115). - libceph: reschedule a tick in finish_hunting() (bsc#1089115). - libceph: un-backoff on tick when we have a authenticated session (bsc#1089115). - libceph: validate con->state at the top of try_write() (bsc#1089115). - libnvdimm, btt: add a couple of missing kernel-doc lines (bsc#1087210). - libnvdimm, btt: clean up warning and error messages (bsc#1087205). - libnvdimm, btt: fix format string warnings (bsc#1087205). - libnvdimm, dimm: handle EACCES failures from label reads (). - libnvdimm, label: change min label storage size per UEFI 2.7 (bsc#1091666). - libnvdimm, namespace: use a safe lookup for dimm device name (bsc#1095321). - libnvdimm, nfit: fix persistence domain reporting (bsc#1091424). - libnvdimm, pmem: Add sysfs notifications to badblocks (). - libnvdimm, pmem: Do not flush power-fail protected CPU caches (bsc#1091424). - libnvdimm, pmem: Unconditionally deep flush on *sync (bsc#1091424). - libnvdimm, region, pmem: fix 'badblocks' sysfs_get_dirent() reference lifetime (). - libnvdimm, region: hide persistence_domain when unknown (bsc#1091424). - libnvdimm: expose platform persistence attribute for nd_region (bsc#1091424). - libnvdimm: re-enable deep flush for pmem devices via fsync() (bsc#1091424). - llc: better deal with too small mtu (networking-stable-18_05_15). - llc: fix NULL pointer deref for SOCK_ZAPPED (networking-stable-18_04_26). - llc: hold llc_sap before release_sock() (networking-stable-18_04_26). - lock_parent() needs to recheck if dentry got __dentry_kill'ed under it (bsc#1052766). - locking/atomics, dm-integrity: Convert ACCESS_ONCE() to READ_ONCE()/WRITE_ONCE() (bsc#1093023). - locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE() (bsc#1093023). - locking/qspinlock: Ensure node is initialised before updating prev->next (bsc#1050549). - locking/qspinlock: Ensure node->count is updated before initialising node (bsc#1050549). - locking: Remove smp_read_barrier_depends() from queued_spin_lock_slowpath() (bsc#1050549). - loop: handle short DIO reads (bsc#1052766). - lsm: fix smack_inode_removexattr and xattr_getsecurity memleak (bsc#1051510). - mac80211: Adjust SAE authentication timeout (bsc#1051510). - mac80211: Do not disconnect on invalid operating class (bsc#1051510). - mac80211: Fix condition validating WMM IE (bsc#1051510). - mac80211: Fix sending ADDBA response for an ongoing session (bsc#1051510). - mac80211: Fix setting TX power on monitor interfaces (bsc#1051510). - mac80211: drop frames with unexpected DS bits from fast-rx to slow path (bsc#1051510). - mac80211: mesh: fix wrong mesh TTL offset calculation (bsc#1051510). - mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 (bsc#1051510). - mac80211: use timeout from the AddBA response instead of the request (bsc#1051510). - macros.kernel-source: Fix building non-x86 KMPs - macros.kernel-source: define linux_arch for KMPs (boo#1098050). CONFIG_64BIT is no longer defined so KMP spec files need to include %{?linux_make_arch} in any make call to build modules or descent into the kernel directory for any reason. - macros.kernel-source: ignore errors when using make to print kernel release There is no way to handle the errors anyway and including the error into package version does not give good results. - macvlan: filter out unsupported feature flags (networking-stable-18_03_28). - macvlan: fix memory hole in macvlan_dev (bsc#1099918). - macvlan: remove unused fields in struct macvlan_dev (bsc#1099918). - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush sequence (bsc#1051510). - mailbox: bcm-flexrm-mailbox: Fix mask used in CMPL_START_ADDR_VALUE() (bsc#1051510). - mailbox: mailbox-test: do not rely on rx_buffer content to signal data ready (bsc#1051510). - mbcache: initialize entry->e_referenced in mb_cache_entry_create() (bsc#1052766). - md-cluster: choose correct label when clustered layout is not supported (bsc#1093023). - md-cluster: do not update recovery_offset for faulty device (bsc#1093023). - md-cluster: make function cluster_check_sync_size static (bsc#1093023). - md-multipath: Use seq_putc() in multipath_status() (bsc#1093023). - md/bitmap: clear BITMAP_WRITE_ERROR bit before writing it to sb (bsc#1093023). - md/bitmap: copy correct data for bitmap super (bsc#1093023). - md/bitmap: revert a patch (bsc#1093023). - md/r5cache: call mddev_lock/unlock() in r5c_journal_mode_show (bsc#1093023). - md/r5cache: fix io_unit handling in r5l_log_endio() (bsc#1093023). - md/r5cache: move mddev_lock() out of r5c_journal_mode_set() (bsc#1093023). - md/r5cache: print more info of log recovery (bsc#1093023). - md/raid0: attach correct cgroup info in bio (bsc#1093023). - md/raid1,raid10: silence warning about wait-within-wait (bsc#1093023). - md/raid1/10: add missed blk plug (bsc#1093023). - md/raid1: Fix trailing semicolon (bsc#1093023). - md/raid1: exit sync request if MD_RECOVERY_INTR is set (bsc#1093023). - md/raid1: fix NULL pointer dereference (bsc#1093023). - md/raid5: cap worker count (bsc#1093023). - md/raid5: correct degraded calculation in raid5_error (bsc#1093023). - md/raid5: simplify uninitialization of shrinker (bsc#1093023). - md: Delete gendisk before cleaning up the request queue (bsc#1093023). - md: allow metadata update while suspending (bsc#1093023). - md: always hold reconfig_mutex when calling mddev_suspend() (bsc#1093023). - md: be cautious about using ->curr_resync_completed for ->recovery_offset (bsc#1093023). - md: do not call bitmap_create() while array is quiesced (bsc#1093023). - md: do not check MD_SB_CHANGE_CLEAN in md_allow_write (bsc#1093023). - md: document lifetime of internal rdev pointer (bsc#1093023). - md: fix a potential deadlock of raid5/raid10 reshape (bsc#1093023). - md: fix a race condition for flush request handling (bsc#1093023). - md: fix deadlock error in recent patch (bsc#1093023). - md: fix two problems with setting the "re-add" device state (bsc#1098176). - md: forbid a RAID5 from having both a bitmap and a journal (bsc#1093023). - md: free unused memory after bitmap resize (bsc#1093023). - md: limit mdstat resync progress to max_sectors (bsc#1093023). - md: move suspend_hi/lo handling into core md code (bsc#1093023). - md: only allow remove_and_add_spares when no sync_thread running (bsc#1093023). - md: raid10: remove VLAIS (bsc#1093023). - md: raid10: remove a couple of redundant variables and initializations (bsc#1093023). - md: raid5: avoid string overflow warning (bsc#1093023). - md: release allocated bitset sync_set (bsc#1093023). - md: remove redundant variable q (bsc#1093023). - md: remove special meaning of ->quiesce(.., 2) (bsc#1093023). - md: rename some drivers/md/ files to have an "md-" prefix (bsc#1093023). - md: replace seq_release_private with seq_release (bsc#1093023). - md: separate request handling (bsc#1093023). - md: use TASK_IDLE instead of blocking signals (bsc#1093023). - md: use lockdep_assert_held (bsc#1093023). - md: use mddev_suspend/resume instead of ->quiesce() (bsc#1093023). - media: atomisp_fops.c: disable atomisp_compat_ioctl32 (bsc#1051510). - media: au0828: add VIDEO_V4L2 dependency (bsc#1051510). - media: cx231xx: Add support for AverMedia DVD EZMaker 7 (bsc#1051510). - media: cx23885: Override 888 ImpactVCBe crystal frequency (bsc#1051510). - media: cx23885: Set subdev host data to clk_freq pointer (bsc#1051510). - media: dmxdev: fix error code for invalid ioctls (bsc#1051510). - media: dvb_frontend: fix locking issues at dvb_frontend_get_event() (bsc#1051510). - media: em28xx: Add Hauppauge SoloHD/DualHD bulk models (bsc#1051510). - media: em28xx: USB bulk packet size fix (bsc#1051510). - media: lgdt3306a: Fix a double kfree on i2c device remove (bsc#1051510). - media: lgdt3306a: Fix module count mismatch on usb unplug (bsc#1051510). - media: smiapp: fix timeout checking in smiapp_read_nvm (bsc#1099918). - media: uvcvideo: Support realtek's UVC 1.5 device (bsc#1099109). - media: v4l2-compat-ioctl32: do not oops on overlay (bsc#1051510). - media: v4l2-compat-ioctl32: prevent go past max size (bsc#1051510). - media: videobuf2-core: do not go out of the buffer range (bsc#1051510). - media: vivid: check if the cec_adapter is valid (bsc#1051510). - mei: me: add cannon point device ids (). - mei: me: add cannon point device ids for 4th device (). - mei: remove dev_err message on an unsupported ioctl (bsc#1051510). - mfd: cros ec: spi: Do not send first message too soon (bsc#1051510). - mfd: intel-lpss: Fix Intel Cannon Lake LPSS I2C input clock (bsc#1051510). - mfd: intel-lpss: Program REMAP register in PIO mode (bsc#1051510). - mkspec: only build docs for default variant kernel. - mlxsw: spectrum: Disable MAC learning for ovs port (networking-stable-17_12_31). - mlxsw: spectrum: Forbid linking to devices that have uppers FIX (stable-fixes). - mlxsw: spectrum: Prevent mirred-related crash on removal (networking-stable-17_10_09). - mlxsw: spectrum: Relax sanity checks during enslavement (networking-stable-18_01_12). - mlxsw: spectrum_buffers: Set a minimum quota for CPU port traffic (networking-stable-18_03_28). - mlxsw: spectrum_router: Do not log an error on missing neighbor (networking-stable-18_01_28). - mlxsw: spectrum_router: Fix NULL pointer deref (networking-stable-18_01_12). - mlxsw: spectrum_router: Fix error path in mlxsw_sp_vr_create (networking-stable-18_03_07). - mlxsw: spectrum_router: Simplify a piece of code (networking-stable-18_01_12). - mlxsw: spectrum_switchdev: Check success of FDB add operation (networking-stable-18_03_07). - mm, oom_reaper: skip mm structs with mmu notifiers (bsc#1099918). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - mm, percpu: add support for __GFP_NOWARN flag (bsc#1089753). - mm, slab: reschedule cache_reap() on the same CPU (VM Functionality, bsc#1097796). - mm, swap: fix false error message in __swp_swapcount() (VM Functionality, bsc#1098043). - mm, swap: fix race between swap count continuation operations (VM Functionality, bsc#1097373). mm, swap: fix race between swap count continuation operations - KABI fix (VM Functionality, bsc#1097373). - mm, thp: do not cause memcg oom for thp (bnc#1089663). - mm/fadvise: discard partial page if endbyte is also EOF (bsc#1052766). - mm/filemap.c: fix NULL pointer in page_cache_tree_insert() (bsc#1052766). - mm/huge_memory.c: __split_huge_page() use atomic ClearPageDirty() (VM Functionality, bsc#1097800). - mm/khugepaged.c: convert VM_BUG_ON() to collapse fail (VM Functionality, bsc#1097468). - mm/ksm.c: fix inconsistent accounting of zero pages (VM Functionality, bsc#1097780). - mm/mempolicy.c: avoid use uninitialized preferred_node (VM Functionality, bsc#1097465). - mm/page_owner: fix recursion bug after changing skip entries (VM Functionality, bsc#1097472). - mm/pkeys, powerpc, x86: Provide an empty vma_pkey() in linux/pkeys.h (bsc#1078248). - mm/pkeys, x86, powerpc: Display pkey in smaps if arch supports pkeys (bsc#1078248). - mm/pkeys: Add an empty arch_pkeys_enabled() (bsc#1078248). - mm/pkeys: Remove include of asm/mmu_context.h from pkeys.h (bsc#1078248). - mm/shmem: do not wait for lock_page() in shmem_unused_huge_shrink() (bnc#1089667). - mm/thp: do not wait for lock_page() in deferred_split_scan() (VM Functionality, bsc#1097470). - mm: Fix memory size alignment in devm_memremap_pages_release() (VM Functionality, bsc#1097439). - mm: fix device-dax pud write-faults triggered by get_user_pages() (bsc#1052766). - mm: fix the NULL mapping case in __isolate_lru_page() (bnc#971975 VM -- git fixes). - mmc: dw_mmc: exynos: fix the suspend/resume issue for exynos5433 (bsc#1051510). - mmc: jz4740: Fix race condition in IRQ mask update (bsc#1051510). - mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus (bsc#1051510). - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register (bsc#1051510). - mmc: sdhci-iproc: remove hard coded mmc cap 1.8v (bsc#1051510). - mmc: sdhci-pci: Fix voltage switch for some Intel host controllers (bsc#1051510). - mmc: sdhci-pci: Only do AMD tuning for HS200 (bsc#1051510). - mq-deadline: Enable auto-loading when built as module (bsc#1099918). - mremap: Remove LATENCY_LIMIT from mremap to reduce the number of TLB shootdowns (bnc#1095115). - mtd: cmdlinepart: Update comment for introduction of OFFSET_CONTINUOUS (bsc#1099918). - mtd: jedec_probe: Fix crash in jedec_read_mfr() (bsc#1099918). - mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0 (bsc#1099918). - mtd: partitions: add helper for deleting partition (bsc#1099918). - mtd: partitions: remove sysfs files when deleting all master's partitions (bsc#1099918). - mtd: ubi: wl: Fix error return code in ubi_wl_init() (bsc#1051510). - mwifiex: pcie: tighten a check in mwifiex_pcie_process_event_ready() (bsc#1051510). - n_tty: Access echo_* variables carefully (bsc#1051510). - n_tty: Fix stall at n_tty_receive_char_special() (bsc#1051510). - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) (bnc#1094825). - nbd: do not start req until after the dead connection logic (bsc#1099918). - nbd: fix -ERESTARTSYS handling (bsc#1099918). - nbd: fix nbd device deletion (bsc#1099918). - nbd: fix return value in error handling path (bsc#1099918). - nbd: wait uninterruptible for the dead timeout (bsc#1099918). - net sched actions: fix refcnt leak in skbmod (networking-stable-18_05_15). - net sched actions: return explicit error when tunnel_key mode is not specified (bsc#1056787). - net/ipv6: Fix route leaking between VRFs (networking-stable-18_04_10). - net/ipv6: Increment OUTxxx counters after netfilter hook (networking-stable-18_04_10). - net/iucv: Free memory obtained by kzalloc (networking-stable-18_03_28). - net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()' (networking-stable-18_05_15). - net/mlx4_en: Verify coalescing parameters are in range (networking-stable-18_05_15). - net/mlx5: E-Switch, Include VF RDMA stats in vport statistics (networking-stable-18_05_15). - net/mlx5: Eliminate query xsrq dead code (bsc#1046303). - net/mlx5: Fix build break when CONFIG_SMP=n (bsc#1046303). - net/mlx5: Fix mlx5_get_vector_affinity function (bsc#1046303). - net/mlx5e: Allow offloading ipv4 header re-write for icmp (bsc#1046303). - net/mlx5e: Do not reset Receive Queue params on every type change (bsc#1046303). - net/mlx5e: Err if asked to offload TC match on frag being first (networking-stable-18_05_15). - net/mlx5e: Fixed sleeping inside atomic context (bsc#1046303). - net/mlx5e: Remove unused define MLX5_MPWRQ_STRIDES_PER_PAGE (bsc#1046303). - net/mlx5e: TX, Use correct counter in dma_map error flow (networking-stable-18_05_15). - net/sched: cls_u32: fix cls_u32 on filter replace (networking-stable-18_03_07). - net/sched: fix NULL dereference in the error path of tcf_bpf_init() (bsc#1056787). - net/sched: fix NULL dereference in the error path of tunnel_key_init() (bsc#1056787). - net/sched: fix NULL dereference on the error path of tcf_skbmod_init() (bsc#1056787). - net/sctp: Always set scope_id in sctp_inet6_skb_msgname (networking-stable-17_11_20). - net/unix: do not show information about sockets from other namespaces (networking-stable-17_11_14). - net/usb/qmi_wwan.c: Add USB id for lt4120 modem (bsc#1087092). - net: Allow neigh contructor functions ability to modify the primary_key (networking-stable-18_01_28). - net: Fix hlist corruptions in inet_evict_bucket() (networking-stable-18_03_28). - net: Only honor ifindex in IP_PKTINFO if non-0 (networking-stable-18_03_28). - net: Set sk_prot_creator when cloning sockets to the right proto (networking-stable-17_10_09). - net: af_packet: fix race in PACKET_{R|T}X_RING (networking-stable-18_04_26). - net: bonding: Fix transmit load balancing in balance-alb mode if specified by sysfs (networking-stable-17_10_09). - net: bonding: fix tlb_dynamic_lb default value (networking-stable-17_10_09). - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks (networking-stable-17_12_31). - net: bridge: fix returning of vlan range op errors (networking-stable-17_11_14). - net: core: fix module type in sock_diag_bind (networking-stable-18_01_12). - net: dsa: bcm_sf2: Clear IDDQ_GLOBAL_PWR bit for PHY (networking-stable-17_12_31). - net: dsa: check master device before put (networking-stable-17_11_14). - net: dsa: mv88e6xxx: lock mutex when freeing IRQs (networking-stable-17_10_09). - net: emac: Fix napi poll list corruption (networking-stable-17_10_09). - net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred (networking-stable-18_03_28). - net: ethernet: sun: niu set correct packet size in skb (networking-stable-18_05_15). - net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface (networking-stable-18_03_28). - net: ethernet: ti: cpsw: fix net watchdog timeout (networking-stable-18_03_07). - net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode (networking-stable-18_05_15). - net: ethernet: ti: cpsw: fix tx vlan priority mapping (networking-stable-18_04_26). - net: ethtool: Add missing kernel doc for FEC parameters (bsc#1046540). - net: fec: Fix unbalanced PM runtime calls (networking-stable-18_03_28). - net: fec: defer probe if regulator is not ready (networking-stable-18_01_12). - net: fec: free/restore resource in related probe error pathes (networking-stable-18_01_12). - net: fec: restore dev_id in the cases of probe error (networking-stable-18_01_12). - net: fec: unmap the xmit buffer that are not transferred by DMA (networking-stable-17_12_31). - net: fix deadlock while clearing neighbor proxy table (networking-stable-18_04_26). - net: fix possible out-of-bound read in skb_network_protocol() (networking-stable-18_04_10). - net: fool proof dev_valid_name() (networking-stable-18_04_10). - net: igmp: Use correct source address on IGMPv3 reports (networking-stable-17_12_31). - net: igmp: add a missing rcu locking section (git-fixes). - net: igmp: fix source address check for IGMPv3 reports (git-fixes). - net: ipv4: avoid unused variable warning for sysctl (git-fixes). - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 (networking-stable-18_03_07). - net: ipv6: keep sk status consistent after datagram connect failure (networking-stable-18_03_28). - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case (networking-stable-17_12_31). - net: phy: Fix mask value write on gmii2rgmii converter speed register (networking-stable-17_10_09). - net: phy: Tell caller result of phy_change() (networking-stable-18_03_28). - net: phy: fix phy_start to consider PHY_IGNORE_INTERRUPT (networking-stable-18_03_07). - net: phy: marvell: Limit 88m1101 autoneg errata to 88E1145 as well (networking-stable-17_12_31). - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround (networking-stable-17_12_31). - net: qcom/emac: specify the correct size when mapping a DMA buffer (networking-stable-17_10_09). - net: qdisc_pkt_len_init() should be more robust (networking-stable-18_01_28). - net: qlge: use memmove instead of skb_copy_to_linear_data (bsc#1050529 bsc#1086319). - net: realtek: r8169: implement set_link_ksettings() (networking-stable-17_12_12). - net: reevalulate autoflowlabel setting after sysctl setting (networking-stable-17_12_31). - net: remove hlist_nulls_add_tail_rcu() (networking-stable-17_12_12). - net: sched: fix error path in tcf_proto_create() when modules are not configured (networking-stable-18_05_15). - net: sched: ife: check on metadata length (networking-stable-18_04_26). - net: sched: ife: handle malformed tlv length (networking-stable-18_04_26). - net: sched: ife: signal not finding metaid (networking-stable-18_04_26). - net: sched: report if filter is too large to dump (networking-stable-18_03_07). - net: stmmac: enable EEE in MII, GMII or RGMII only (networking-stable-18_01_12). - net: support compat 64-bit time in {s,g}etsockopt (networking-stable-18_05_15). - net: systemport: Correct IPG length settings (networking-stable-17_11_20). - net: systemport: Rewrite __bcm_sysport_tx_reclaim() (networking-stable-18_03_28). - net: tcp: close sock if net namespace is exiting (networking-stable-18_01_28). - net: validate attribute sizes in neigh_dump_table() (networking-stable-18_04_26). - net: vrf: Add support for sends to local broadcast address (networking-stable-18_01_28). - net_sched: fq: take care of throttled flows before reuse (networking-stable-18_05_15). - netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed (networking-stable-17_11_20). - netfilter: use skb_to_full_sk in ip6_route_me_harder (bsc#1076830). - netlink: avoid a double skb free in genlmsg_mcast() (git-fixes). - netlink: do not proceed if dump's start() errs (networking-stable-17_10_09). - netlink: do not set cb_running if dump's start() errs (networking-stable-17_11_14). - netlink: ensure to loop over all netns in genlmsg_multicast_allns() (networking-stable-18_03_07). - netlink: extack needs to be reset each time through loop (networking-stable-18_01_28). - netlink: make sure nladdr has correct size in netlink_connect() (networking-stable-18_04_10). - netlink: put module reference if dump start fails (git-fixes). - netlink: reset extack earlier in netlink_rcv_skb (networking-stable-18_01_28). - nfit-test: Add platform cap support from ACPI 6.2a to test (bsc#1091424). - nfit: skip region registration for incomplete control regions (bsc#1091666). - nfp: use full 40 bits of the NSP buffer address (bsc#1055968). - nl80211: relax ht operation checks for mesh (bsc#1051510). - nubus: Avoid array underflow and overflow (bsc#1099918). - nubus: Fix up header split (bsc#1099918). - nvme-fabrics: allow duplicate connections to the discovery controller (bsc#1098706). - nvme-fabrics: allow internal passthrough command on deleting controllers (bsc#1098706). - nvme-fabrics: centralize discovery controller defaults (bsc#1098706). - nvme-fabrics: fix and refine state checks in __nvmf_check_ready (bsc#1098706). - nvme-fabrics: handle the admin-only case properly in nvmf_check_ready (bsc#1098706). - nvme-fabrics: refactor queue ready check (bsc#1098706). - nvme-fabrics: remove unnecessary controller subnqn validation (bsc#1098706). - nvme-fc: change controllers first connect to use reconnect path (bsc#1098706). - nvme-fc: fix nulling of queue data on reconnect (bsc#1098706). - nvme-fc: release io queues to allow fast fail (bsc#1098706). - nvme-fc: remove reinit_request routine (bsc#1098706). - nvme-fc: remove setting DNR on exception conditions (bsc#1098706). - nvme-multipath: fix sysfs dangerously created links (bsc#1096529). - nvme-rdma: Fix command completion race at error recovery (bsc#1099041). - nvme-rdma: correctly check for target keyed sgl support (bsc#1099041). - nvme-rdma: do not override opts->queue_size (bsc#1099041). - nvme-rdma: fix error flow during mapping request data (bsc#1099041). - nvme-rdma: fix possible double free condition when failing to create a controller (bsc#1099041). - nvme/multipath: Fix multipath disabled naming collisions (bsc#1098706). - nvme: Set integrity flag for user passthrough commands (bsc#1098706). - nvme: Skip checking heads without namespaces (bsc#1098706). - nvme: Use admin command effects for admin commands (bsc#1098706). - nvme: add quirk to force medium priority for SQ creation (). - nvme: allow duplicate controller if prior controller being deleted (bsc#1098706). - nvme: check return value of init_srcu_struct function (bsc#1098706). - nvme: do not send keep-alives to the discovery controller (). - nvme: expand nvmf_check_if_ready checks (bsc#1098706). - nvme: fix NULL pointer dereference in nvme_init_subsystem (bsc#1098706). - nvme: fix extended data LBA supported setting (). - nvme: fix lockdep warning in nvme_mpath_clear_current_path (). - nvme: fix potential memory leak in option parsing (bsc#1098706). - nvme: move init of keep_alive work item to controller initialization (bsc#1098706). - nvme: target: fix buffer overflow (). - nvmet-fc: increase LS buffer count per fc port (bsc#1098706). - nvmet: fix space padding in serial number (). - nvmet: switch loopback target state to connecting when resetting (bsc#1098706). - objtool, perf: Fix GCC 8 -Wrestrict error (Fix gcc 8 restrict error). - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute (bsc#1052766). - ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1052766). - ocfs2/dlm: wait for dlm recovery done when migrating all lock resources (bsc#1052766). - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid (bsc#1052766). - of: overlay: validate offset from property fixups (bsc#1051510). - of: platform: stop accessing invalid dev in of_platform_device_destroy (bsc#1051510). - of: unittest: for strings, account for trailing \0 in property length field (bsc#1051510). - omapdrm: panel: fix compatible vendor string for td028ttec1 (bsc#1051510). - openvswitch: Do not swap table in nlattr_set() after OVS_ATTR_NESTED is found (networking-stable-18_05_15). - ovl: Put upperdentry if ovl_check_origin() fails (bsc#1088704). - ovl: Return -ENOMEM if an allocation fails ovl_lookup() (bsc#1096065). - ovl: fix failure to fsync lower dir (bsc#108871). - ovl: fix lookup with middle layer opaque dir and absolute path redirects (bsc#1090605). - p54: do not unregister leds when they are not initialized (bsc#1051510). - parport_pc: Add support for WCH CH382L PCI-E single parallel port card (bsc#1051510). - partitions/msdos: Unable to mount UFS 44bsd partitions (bsc#1051510). - pinctrl/amd: Fix build dependency on pinmux code (bsc#1051510). - pinctrl/amd: save pin registers over suspend/resume (bsc#1051510). - pinctrl: adi2: Fix Kconfig build problem (bsc#1051510). - pinctrl: armada-37xx: Fix direction_output() callback behavior (bsc#1051510). - pinctrl: artpec6: dt: add missing pin group uart5nocts (bsc#1051510). - pinctrl: baytrail: Enable glitch filter for GPIOs used as interrupts (bsc#1051510). - pinctrl: denverton: Fix UART2 RTS pin mode (bsc#1051510). - pinctrl: pxa: pxa2xx: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510). - pinctrl: rockchip: enable clock when reading pin direction register (bsc#1051510). - pinctrl: samsung: Fix NULL pointer exception on external interrupts on S3C24xx (bsc#1051510). - pinctrl: samsung: Fix invalid register offset used for Exynos5433 external interrupts (bsc#1051510). - pinctrl: sh-pfc: r8a7795-es1: Fix MOD_SEL1 bit[25:24] to 0x3 when using STP_ISEN_1_D (bsc#1051510). - pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group (bsc#1051510). - pinctrl: sunxi: Fix A64 UART mux value (bsc#1051510). - pinctrl: sunxi: Fix A80 interrupt pin bank (bsc#1051510). - pinctrl: sx150x: Add a static gpio/pinctrl pin range mapping (bsc#1051510). - pinctrl: sx150x: Register pinctrl before adding the gpiochip (bsc#1051510). - pinctrl: sx150x: Unregister the pinctrl on release (bsc#1051510). - pipe: fix off-by-one error when checking buffer limits (bsc#1051510). - pktcdvd: Fix a recently introduced NULL pointer dereference (bsc#1099918). - pktcdvd: Fix pkt_setup_dev() error path (bsc#1099918). - platform/chrome: Use proper protocol transfer function (bsc#1051510). - platform/chrome: cros_ec_lpc: remove redundant pointer request (bsc#1051510). - platform/x86: asus-wireless: Fix NULL pointer dereference (bsc#1051510). - platform/x86: asus-wmi: Fix NULL pointer dereference (bsc#1051510). - platform/x86: fujitsu-laptop: Support Lifebook U7x7 hotkeys (bsc#1087284). - platform/x86: ideapad-laptop: Add MIIX 720-12IKB to no_hw_rfkill (bsc#1093035). - platform/x86: ideapad-laptop: Apply no_hw_rfkill to Y20-15IKBM, too (bsc#1098626). - platform/x86: thinkpad_acpi: suppress warning about palm detection (bsc#1051510). - power: supply: ab8500_charger: Bail out in case of error in 'ab8500_charger_init_hw_registers()' (bsc#1051510). - power: supply: ab8500_charger: Fix an error handling path (bsc#1051510). - power: supply: axp288_charger: Properly stop work on probe-error / remove (bsc#1051510). - powerpc/64s/idle: avoid sync for KVM state when waking from idle (bsc#1061840). - powerpc/64s: Fix mce accounting for powernv (bsc#1094244). - powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772). - powerpc/fadump: exclude memory holes while reserving memory in second kernel (bsc#1092772). - powerpc/kvm: Fix guest boot failure on Power9 since DAWR changes (bsc#1061840). - powerpc/kvm: Fix lockups when running KVM guests on Power8 (bsc#1061840). - powerpc/livepatch: Fix KABI breaker in stacktrace.c (bsc#1071995 bsc#1072856 bsc#1087458 bsc#1089664 bsc#1089669). - powerpc/livepatch: Fix build error with kprobes disabled (bsc#1071995). - powerpc/mm: Fix thread_pkey_regs_init() (bsc#1078248, git-fixes). - powerpc/perf: Add blacklisted events for Power9 DD2.1 (bsc1056686). - powerpc/perf: Add blacklisted events for Power9 DD2.2 (bsc1056686). - powerpc/perf: Fix kernel address leak via sampling registers (bsc1056686). - powerpc/perf: Infrastructure to support addition of blacklisted events (bsc1056686). - powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer (bsc1056686). - powerpc/perf: Prevent kernel address leak via perf_get_data_addr() (bsc1056686). - powerpc/perf: fix bug references. - powerpc/pkeys: Detach execute_only key on !PROT_EXEC (bsc#1078248, git-fixes). - powerpc/pkeys: Drop private VM_PKEY definitions (bsc#1078248). - powerpc/ptrace: Fix enforcement of DAWR constraints (bsc#1099918). - powerpc/xmon: Also setup debugger hooks when single-stepping (bsc#1072829). - powerpc64/ftrace: Add a field in paca to disable ftrace in unsafe code paths (bsc#1088804). - powerpc64/ftrace: Add helpers to hard disable ftrace (bsc#1088804). - powerpc64/ftrace: Delay enabling ftrace on secondary cpus (bsc#1088804). - powerpc64/ftrace: Disable ftrace during hotplug (bsc#1088804). - powerpc64/ftrace: Disable ftrace during kvm guest entry/exit (bsc#1088804). - powerpc64/ftrace: Rearrange #ifdef sections in ftrace.h (bsc#1088804). - powerpc64/ftrace: Use the generic version of ftrace_replace_code() (bsc#1088804). - powerpc64/kexec: Hard disable ftrace before switching to the new kernel (bsc#1088804). - powerpc64/module: Tighten detection of mcount call sites with -mprofile-kernel (bsc#1088804). - powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244). - ppp: avoid loop in xmit recursion detection code (networking-stable-18_03_28). - ppp: fix race in ppp device destruction (networking-stable-17_11_14). - ppp: prevent unregistered channels from connecting to PPP units (networking-stable-18_03_07). - ppp: unlock all_ppp_mutex before registering device (networking-stable-18_01_28). - pppoe: check sockaddr length in pppoe_connect() (networking-stable-18_04_26). - pppoe: take ->needed_headroom of lower device into account on xmit (networking-stable-18_01_28). - pptp: remove a buggy dst release in pptp_connect() (networking-stable-18_04_10). - printk: fix possible reuse of va_list variable (bsc#1100602). - procfs: add tunable for fd/fdinfo dentry retention (bsc#1086652). - ptr_ring: add barriers (networking-stable-17_12_31). - pty: cancel pty slave port buf's work in tty_release (bsc#1051510). - pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume (bsc#1051510). - pwm: rcar: Fix a condition to prevent mismatch value setting to duty (bsc#1051510). - pwm: stmpe: Fix wrong register offset for hwpwm=2 case (bsc#1051510). - qed: Fix l2 initializations over iWARP personality (bsc#1050536 bsc#1050545). - qed: Fix non TCP packets should be dropped on iWARP ll2 connection (bsc#1050545). - qed: Free RoCE ILT Memory on rmmod qedr (bsc#1050536 bsc#1050545). - qed: Use after free in qed_rdma_free() (bsc#1050536 bsc#1050545). - qede: Fix gfp flags sent to rdma event node allocation (bsc#1050538 bsc#1050545). - qede: Fix qedr link update (bsc#1050538 bsc#1050545). - qla2xxx: Mask off Scope bits in retry delay (bsc#1068054). - qmi_wwan: Add missing skb_reset_mac_header-call (networking-stable-17_11_20). - qmi_wwan: Add support for Quectel EP06 (networking-stable-18_02_06). - qmi_wwan: do not steal interfaces from class drivers (bsc#1092888). - r8169: fix powering up RTL8168h (bsc#1051510). - r8169: fix setting driver_data after register_netdev (bsc#1051510). - radeon: hide pointless #warning when compile testing (bsc#1051510). - radix tree test suite: add item_delete_rcu() (bsc#1095467). - radix tree test suite: fix compilation issue (bsc#1095467). - radix tree test suite: fix mapshift build target (bsc#1095467). - radix tree test suite: multi-order iteration race (bsc#1095467). - radix tree: fix multi-order iteration race (bsc#1095467). - raid10: check bio in r10buf_pool_free to void NULL pointer dereference (bsc#1098174). - raid1: copy write hint from master bio to behind bio (bsc#1093023). - raid1: prevent freeze_array/wait_all_barriers deadlock (bsc#1093023). - raid1: remove obsolete code in raid1_write_request (bsc#1093023). - raid5-ppl: PPL support for disks with write-back cache enabled (bsc#1093023). - raid5-ppl: fix handling flush requests (bsc#1093023). - raid5: Set R5_Expanded on parity devices as well as data (bsc#1093023). - raid5: remove raid5_build_block (bsc#1093023). - raid: remove tile specific raid6 implementation (bsc#1093023). - random: crng_reseed() should lock the crng instance that it is modifying (bsc#1051510). - random: use a different mixing algorithm for add_device_randomness() (bsc#1051510). - random: use a tighter cap in credit_entropy_bits_safe() (bsc#1051510). - rbd: use GFP_NOIO for parent stat and data requests (bsc#1093728). - rds: Incorrect reference counting in TCP socket creation (bsc#1076830). - rds: MP-RDS may use an invalid c_path (networking-stable-18_04_13). - rds: do not leak kernel memory to user land (networking-stable-18_05_15). - regulator: Do not return or expect -errno from of_map_mode() (bsc#1099029). - regulator: cpcap: Fix standby mode (bsc#1051510). - regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()' (bsc#1091960). - regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' (bsc#1051510). - resource: fix integer overflow at reallocation (bsc#1086739). - restore cond_resched() in shrink_dcache_parent() (bsc#1098599). - rfkill: gpio: fix memory leak in probe error path (bsc#1051510). - rhashtable: Fix rhlist duplicates insertion (bsc#1051510). - rmdir(),rename(): do shrink_dcache_parent() only on success (bsc#1100340). - rocker: fix possible null pointer dereference in rocker_router_fib_event_work (networking-stable-18_02_06). - route: check sysctl_fib_multipath_use_neigh earlier than hash (networking-stable-18_04_10). - rpm/config.sh: Fixup BUGZILLA_PRODUCT variable - rpm/kernel-docs.spec.in: Fix and cleanup for 4.13 doc build (bsc#1048129) The whole DocBook stuff has been deleted. The PDF build still non-working thus the sub-packaging disabled so far. - rpm/kernel-source.changes.old: Add pre-SLE15 history (bsc#1098995). - rpm/modules.fips include module list from dracut - rt2x00: do not pause queue unconditionally on error path (bsc#1051510). - rtc-opal: Fix handling of firmware error codes, prevent busy loops (bsc#1051510). - rtc: hctosys: Ensure system time does not overflow time_t (bsc#1051510). - rtc: pcf8563: fix output clock rate (bsc#1051510). - rtc: pl031: make interrupt optional (bsc#1051510). - rtc: snvs: Fix usage of snvs_rtc_enable (bsc#1051510). - rtc: tx4939: avoid unintended sign extension on a 24 bit shift (bsc#1051510). - rtl8187: Fix NULL pointer dereference in priv->conf_mutex (bsc#1051510). - rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c (bsc#1051510). - rxrpc: Fix send in rxrpc_send_data_packet() (networking-stable-18_03_07). - s390/archrandom: Reconsider s390 arch random implementation (bnc#1096753, LTC#168037). - s390/archrandom: Rework arch random implementation (bnc#1096753, LTC#168037). - s390/cio: update chpid descriptor after resource accessibility event (bnc#1093148, LTC#167307). - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero (bnc#1096753, LTC#168037). - s390/dasd: fix IO error for newly defined devices (bnc#1093148, LTC#167307). - s390/qdio: do not merge ERROR output buffers (bsc#1099715). - s390/qdio: fix access to uninitialized qdio_q fields (bnc#1096753, LTC#168037). - s390/qeth: do not dump control cmd twice (bsc#1099715). - s390/qeth: fix IPA command submission race (networking-stable-18_03_07). - s390/qeth: fix IPA command submission race (bsc#1099715). - s390/qeth: fix MAC address update sequence (bnc#1093148, LTC#167307). - s390/qeth: fix overestimated count of buffer elements (bsc#1099715). - s390/qeth: fix overestimated count of buffer elements (networking-stable-18_03_07). - s390/qeth: free netdevice when removing a card (networking-stable-18_03_28). - s390/qeth: free netdevice when removing a card (bsc#1099715). - s390/qeth: lock read device while queueing next buffer (bsc#1099715). - s390/qeth: lock read device while queueing next buffer (networking-stable-18_03_28). - s390/qeth: translate SETVLAN/DELVLAN errors (bnc#1093148, LTC#167307). - s390/qeth: use Read device to query hypervisor for MAC (bsc#1061024). - s390/qeth: when thread completes, wake up all waiters (bsc#1099715). - s390/qeth: when thread completes, wake up all waiters (networking-stable-18_03_28). - s390/uprobes: implement arch_uretprobe_is_alive() (bnc#1093148, LTC#167307). - s390/zcrypt: Fix CCA and EP11 CPRB processing failure memory leak (bnc#1096753, LTC#168037). - sch_netem: fix skb leak in netem_enqueue() (networking-stable-18_03_28). - sched/numa: Stagger NUMA balancing scan periods for new threads (Automatic NUMA Balancing ()). - sched: Make resched_cpu() unconditional (Git-fixes). - sched: Stop resched_cpu() from sending IPIs to offline CPUs (Git-fixes). - sched: Stop switched_to_rt() from sending IPIs to offline CPUs (Git-fixes). - scripts/git_sort/git_sort.py: - scripts/git_sort/git_sort.py: add Viro's vfs git - scsi: core: return BLK_STS_OK for DID_OK in __scsi_error_from_host_byte() (bsc#1099918). - scsi: ipr: Format HCAM overlay ID 0x41 (bsc#1097961). - scsi: ipr: new IOASC update (bsc#1097961). - scsi: lpfc: Add per io channel NVME IO statistics (bsc#1088866). - scsi: lpfc: Change IO submit return to EBUSY if remote port is recovering (bsc#1088866). - scsi: lpfc: Comment cleanup regarding Broadcom copyright header (bsc#1088866). - scsi: lpfc: Correct fw download error message (bsc#1088866). - scsi: lpfc: Correct missing remoteport registration during link bounces (bsc#1088866). - scsi: lpfc: Correct target queue depth application changes (bsc#1088866). - scsi: lpfc: Driver NVME load fails when CPU cnt > WQ resource cnt (bsc#1088866). - scsi: lpfc: Enhance log messages when reporting CQE errors (bsc#1088866). - scsi: lpfc: Enlarge nvmet asynchronous receive buffer counts (bsc#1088866). - scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1093290). - scsi: lpfc: Fix Abort request WQ selection (bsc#1088866). - scsi: lpfc: Fix MDS diagnostics failure (Rx andlt; Tx) (bsc#1088866). - scsi: lpfc: Fix NULL pointer access in lpfc_nvme_info_show (bsc#1088866). - scsi: lpfc: Fix NULL pointer reference when resetting adapter (bsc#1088866). - scsi: lpfc: Fix crash in blk_mq layer when executing modprobe -r lpfc (bsc#1088866). - scsi: lpfc: Fix driver not recovering NVME rports during target link faults (bsc#1088866). - scsi: lpfc: Fix lingering lpfc_wq resource after driver unload (bsc#1088866). - scsi: lpfc: Fix multiple PRLI completion error path (bsc#1088866). - scsi: lpfc: Fix nvme remoteport registration race conditions (bsc#1088866). - scsi: lpfc: Fix port initialization failure (bsc#1093290). - scsi: lpfc: Fix up log messages and stats counters in IO submit code path (bsc#1088866). - scsi: lpfc: Handle new link fault code returned by adapter firmware (bsc#1088866). - scsi: lpfc: correct oversubscription of nvme io requests for an adapter (bsc#1088866). - scsi: lpfc: enhance LE data structure copies to hardware (bsc#1088866). - scsi: lpfc: fix spelling mistakes: "mabilbox" and "maibox" (bsc#1088866). - scsi: lpfc: update driver version to 12.0.0.2 (bsc#1088866). - scsi: lpfc: update driver version to 12.0.0.3 (bsc#1088866). - scsi: lpfc: update driver version to 12.0.0.4 (bsc#1088866). - scsi: qla2xxx: Add FC-NVMe abort processing (bsc#1084570). - scsi: qla2xxx: Add changes for devloss timeout in driver (bsc#1084570). - scsi: qla2xxx: Cleanup code to improve FC-NVMe error handling (bsc#1084570). - scsi: qla2xxx: Delete session for nport id change (bsc#1077338). - scsi: qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan (bsc#1084570). - scsi: qla2xxx: Fix FC-NVMe IO abort during driver reset (bsc#1084570). - scsi: qla2xxx: Fix n2n_ae flag to prevent dev_loss on PDB change (bsc#1084570). - scsi: qla2xxx: Fix retry for PRLI RJT with reason of BUSY (bsc#1084570). - scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe failure (bsc#1077338). - scsi: qla2xxx: Remove nvme_done_list (bsc#1084570). - scsi: qla2xxx: Remove unneeded message and minor cleanup for FC-NVMe (bsc#1084570). - scsi: qla2xxx: Restore ZIO threshold setting (bsc#1084570). - scsi: qla2xxx: Return busy if rport going away (bsc#1084570). - scsi: qla2xxx: Set IIDMA and fcport state before qla_nvme_register_remote() (bsc#1084570). - scsi: qla2xxx: Update driver version to 10.00.00.06-k (bsc#1084570). - scsi: raid_class: Add 'JBOD' RAID level (bsc#1093023). - scsi: sg: mitigate read/write abuse (bsc#1101296). - scsi: target: fix crash with iscsi target and dvd (bsc#1099918). - sctp: delay the authentication for the duplicated cookie-echo chunk (networking-stable-18_05_15). - sctp: do not check port in sctp_inet6_cmp_addr (networking-stable-18_04_26). - sctp: do not leak kernel memory to user space (networking-stable-18_04_10). - sctp: do not retransmit upon FragNeeded if PMTU discovery is disabled (networking-stable-18_01_12). - sctp: fix dst refcnt leak in sctp_v6_get_dst() (networking-stable-18_03_07). - sctp: fix the handling of ICMP Frag Needed for too small MTUs (networking-stable-18_01_12). - sctp: fix the issue that the cookie-ack with auth can't get processed (networking-stable-18_05_15). - sctp: full support for ipv6 ip_nonlocal_bind and IP_FREEBIND (networking-stable-17_11_14). - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr (git-fixes). - sctp: potential read out of bounds in sctp_ulpevent_type_enabled() (networking-stable-17_10_09). - sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg (networking-stable-18_05_15). - sctp: reset owner sk for data chunks on out queues when migrating a sock (networking-stable-17_11_14). - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 (networking-stable-18_04_10). - sctp: use right member as the param of list_for_each_entry (git-fixes). - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d (networking-stable-18_05_15). - sdhci: Advertise 2.0v supply on SDIO host controller (bsc#1051510). - selinux: KASAN: slab-out-of-bounds in xattr_getsecurity (bsc#1051510). - selinux: ensure the context is NUL terminated in security_context_to_sid_core() (bsc#1051510). - selinux: skip bounded transition processing if the policy isn't loaded (bsc#1051510). - serdev: fix memleak on module unload (bsc#1051510). - serdev: fix receive_buf return value when no callback (bsc#1051510). - serdev: fix registration of second slave (bsc#1051510). - serdev: ttyport: add missing open() error handling (bsc#1051510). - serdev: ttyport: add missing receive_buf sanity checks (bsc#1051510). - serdev: ttyport: enforce tty-driver open() requirement (bsc#1051510). - serdev: ttyport: fix NULL-deref on hangup (bsc#1051510). - serdev: ttyport: fix tty locking in close (bsc#1051510). - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X (bsc#1051510). - serial: 8250: omap: Fix idling of clocks for unused uarts (bsc#1051510). - serial: 8250_dw: Disable clock on error (bsc#1051510). - serial: 8250_fintek: Fix finding base_port with activated SuperIO (bsc#1051510). - serial: 8250_pci: Add Brainboxes UC-260 4 port serial device (bsc#1051510). - serial: altera: ensure port->regshift is honored consistently (bsc#1051510). - serial: arc_uart: Fix out-of-bounds access through DT alias (bsc#1051510). - serial: core: mark port as initialized in autoconfig (bsc#1051510). - serial: fsl_lpuart: Fix out-of-bounds access through DT alias (bsc#1051510). - serial: imx: Fix out-of-bounds access through serial port index (bsc#1051510). - serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS (bsc#1051510). - serial: mxs-auart: Fix out-of-bounds access through serial port index (bsc#1051510). - serial: omap: Fix EFR write on RTS deassertion (bsc#1051510). - serial: samsung: Fix out-of-bounds access through serial port index (bsc#1051510). - serial: samsung: fix maxburst parameter for DMA transactions (bsc#1051510). - serial: sh-sci: Fix out-of-bounds access through DT alias (bsc#1051510). - serial: sh-sci: Stop using printk format %pCr (bsc#1051510). - serial: sh-sci: prevent lockup on full TTY buffers (bsc#1051510). - serial: xuartps: Fix out-of-bounds access through DT alias (bsc#1051510). - sget(): handle failures of register_shrinker() (bsc#1052766). - sh_eth: fix SH7757 GEther initialization (networking-stable-18_01_12). - sh_eth: fix TSU resource handling (networking-stable-18_01_12). - skbuff: Fix not waking applications when errors are enqueued (networking-stable-18_03_28). - sky2: Increase D3 delay to sky2 stops working after suspend (bsc#1051510). - slip: Check if rstate is initialized before uncompressing (networking-stable-18_04_13). - sock: free skb in skb_complete_tx_timestamp on error (networking-stable-17_12_31). - soreuseport: fix mem leak in reuseport_add_sock() (networking-stable-18_02_06). - spi: Fix scatterlist elements size in spi_map_buf (bsc#1051510). - spi: a3700: Fix clk prescaling for coefficient over 15 (bsc#1051510). - spi: a3700: Return correct value on timeout detection (bsc#1051510). - spi: armada-3700: Fix failing commands with quad-SPI (bsc#1051510). - spi: atmel: fixed spin_lock usage inside atmel_spi_remove (bsc#1051510). - spi: atmel: init FIFOs before spi enable (bsc#1051510). - spi: bcm-qspi: Fix use after free in bcm_qspi_probe() in error path (bsc#1051510). - spi: imx: do not access registers while clocks disabled (bsc#1051510). - spi: sh-msiof: Fix DMA transfer size check (bsc#1051510). - spi: spi-axi: fix potential use-after-free after deregistration (bsc#1051510). - spi: sun4i: disable clocks in the remove function (bsc#1051510). - spi: sun6i: disable/unprepare clocks on remove (bsc#1051510). - spi: xilinx: Detect stall with Unknown commands (bsc#1051510). - srcu: Provide ordering for CPU not involved in grace period (bsc#1052766). - staging: bcm2835-audio: Release resources on module_exit() (bsc#1051510). - staging: comedi: fix comedi_nsamples_left (bsc#1051510). - staging: comedi: ni_mio_common: ack ai fifo error interrupts (bsc#1051510). - staging: iio: ad5933: switch buffer mode to software (bsc#1051510). - staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma from stack (bsc#1051510). - staging: iio: adc: ad7192: fix external frequency setting (bsc#1051510). - staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr (bsc#1051510). - staging: vchiq_2835_arm: Fix NULL ptr dereference in free_pagelist (bsc#1051510). - staging: wilc1000: Fix bssid buffer offset in Txq (bsc#1051510). - stm class: Fix a use-after-free (bsc#1051510). - stm class: Use vmalloc for the master map (bsc#1051510). - stmmac: reset last TSO segment size after device open (networking-stable-17_12_12). - strparser: Do not call mod_delayed_work with a timeout of LONG_MAX (networking-stable-18_04_26). - strparser: Fix incorrect strp->need_bytes value (networking-stable-18_04_26). - strparser: Fix sign of err codes (networking-stable-18_04_10). - sunrpc: remove incorrect HMAC request initialization (bsc#1051510). - supported.conf: Remove external flag from iwlwifi modules (bsc#1093273) - supported.conf: fix folder of the driver module - swap: divide-by-zero when zero length swap file on ssd (bsc#1051510). - swiotlb: suppress warning when __GFP_NOWARN is set (bsc#1051510). - tap: reference to KVA of an unloaded module causes kernel panic (networking-stable-17_11_14). - target: transport should handle st FM/EOM/ILI reads (bsc#1081599). - tcp: do not read out-of-bounds opsize (networking-stable-18_04_26). - tcp: fix data delivery rate (networking-stable-17_10_09). - tcp: ignore Fast Open on repair mode (networking-stable-18_05_15). - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets (networking-stable-18_04_26). - tcp: release sk_frag.page in tcp_disconnect (networking-stable-18_02_06). - tcp: revert F-RTO extension to detect more spurious timeouts (networking-stable-18_03_07). - tcp: revert F-RTO middle-box workaround (bsc#1076830). - tcp_bbr: fix to zero idle_restart only upon S/ACKed data (networking-stable-18_05_15). - tcp_bbr: record "full bw reached" decision in new full_bw_reached bit (networking-stable-17_12_31). - tcp_bbr: reset full pipe detection on loss recovery undo (networking-stable-17_12_31). - tcp_bbr: reset long-term bandwidth sampling on loss recovery undo (networking-stable-17_12_31). - tcp_nv: fix division by zero in tcpnv_acked() (networking-stable-17_11_20). - team: Fix double free in error path (networking-stable-18_03_28). - team: avoid adding twice the same option to the event list (networking-stable-18_04_26). - team: fix netconsole setup over team (networking-stable-18_04_26). - team: move dev_mc_sync after master_upper_dev_link in team_port_add (networking-stable-18_04_10). - tee: check shm references are consistent in offset/size (bsc#1051510). - tee: shm: fix use-after-free via temporarily dropped reference (bsc#1051510). - test_firmware: fix missing unlock on error in config_num_requests_store() (bsc#1051510). - test_firmware: fix setting old custom fw path back on exit (bsc#1051510). - test_firmware: fix setting old custom fw path back on exit, second try (bsc#1051510). - tg3: APE heartbeat changes (bsc#1086286). - tg3: Add Macronix NVRAM support (bsc#1086286). - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent() (bsc#1086286). - tg3: prevent scheduling while atomic splat (bsc#1086286). - thermal/drivers/step_wise: Fix temperature regulation misbehavior (bsc#1051510). - thermal: bcm2835: Stop using printk format %pCr (bsc#1051510). - thermal: enable broadcom menu for arm64 bcm2835 (bsc#1095573). - thermal: exynos: Propagate error value from tmu_read() (bsc#1051510). - thermal: exynos: Reading temperature makes sense only when TMU is turned on (bsc#1051510). - thermal: imx: Fix race condition in imx_thermal_probe() (bsc#1051510). - thermal: int3400_thermal: fix error handling in int3400_thermal_probe() (bsc#1051510). - thermal: int3403_thermal: Fix NULL pointer deref on module load / probe (bsc#1051510). - thermal: power_allocator: fix one race condition issue for thermal_instances list (bsc#1051510). - thunderbolt: Prevent crash when ICM firmware is not running (bsc#1090888). - thunderbolt: Resume control channel after hibernation image is created (bsc#1051510). - thunderbolt: Serialize PCIe tunnel creation with PCI rescan (bsc#1090888). - thunderbolt: Wait a bit longer for ICM to authenticate the active NVM (bsc#1090888). - timekeeping: Eliminate the stale declaration of ktime_get_raw_and_real_ts64() (bsc#1099918). - timers: Invoke timer_start_debug() where it makes sense (Git-fixes). - timers: Reinitialize per cpu bases on hotplug (Git-fixes). - timers: Unconditionally check deferrable base (Git-fixes). - timers: Use deferrable base independent of base::nohz_active (Git-fixes). - tipc: add policy for TIPC_NLA_NET_ADDR (networking-stable-18_04_26). - tipc: fix a memory leak in tipc_nl_node_get_link() (networking-stable-18_01_28). - tipc: fix hanging poll() for stream sockets (networking-stable-17_12_31). - tipc: fix memory leak in tipc_accept_from_sock() (networking-stable-17_12_12). - tools headers: Restore READ_ONCE() C++ compatibility (bsc#1093023). - tools/lib/subcmd/pager.c: do not alias select() params (Fix gcc 8 restrict error). - tracing/uprobe_event: Fix strncpy corner case (bsc#1099918). - tracing: Fix converting enum's from the map in trace_event_eval_update() (bsc#1099918). - tracing: Fix missing tab for hwlat_detector print format (bsc#1099918). - tracing: Kconfig text fixes for CONFIG_HWLAT_TRACER (bsc#1099918). - tracing: Make the snapshot trigger work with instances (bsc#1099918). - tracing: probeevent: Fix to support minus offset from symbol (bsc#1099918). - tty fix oops when rmmod 8250 (bsc#1051510). - tty/serial: atmel: add new version check for usart (bsc#1051510). - tty/serial: atmel: use port->name as name in request_irq() (bsc#1051510). - tty: Avoid possible error pointer dereference at tty_ldisc_restore() (bsc#1051510). - tty: Do not call panic() at tty_ldisc_init() (bsc#1051510). - tty: Use __GFP_NOFAIL for tty_ldisc_get() (bsc#1051510). - tty: fix __tty_insert_flip_char regression (bsc#1051510). - tty: fix tty_ldisc_receive_buf() documentation (bsc#1051510). - tty: improve tty_insert_flip_char() fast path (bsc#1051510). - tty: improve tty_insert_flip_char() slow path (bsc#1051510). - tty: make n_tty_read() always abort if hangup is in progress (bsc#1051510). - tty: n_gsm: Allow ADM response in addition to UA for control dlci (bsc#1051510). - tty: n_gsm: Fix DLCI handling for ADM mode if debug and 2 is not set (bsc#1051510). - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode (bsc#1051510). - tty: pl011: Avoid spuriously stuck-off interrupts (bsc#1051510). - tty: vt: fix up tabstops properly (bsc#1051510). - tun/tap: sanitize TUNSETSNDBUF input (networking-stable-17_11_14). - tun: allow positive return values on dev_get_valid_name() call (networking-stable-17_11_14). - tun: bail out from tun_get_user() if the skb is empty (networking-stable-17_10_09). - tun: call dev_get_valid_name() before register_netdevice() (networking-stable-17_11_14). - ubi: Fix error for write access (bsc#1051510). - ubi: Fix race condition between ubi volume creation and udev (bsc#1051510). - ubi: Reject MLC NAND (bsc#1051510). - ubi: block: Fix locking for idr_alloc/idr_remove (bsc#1051510). - ubi: fastmap: Cancel work upon detach (bsc#1051510). - ubi: fastmap: Cancel work upon detach (bsc#1051510). - ubi: fastmap: Do not flush fastmap work on detach (bsc#1051510). - ubi: fastmap: Erase outdated anchor PEBs during attach (bsc#1051510). - ubifs: Check ubifs_wbuf_sync() return code (bsc#1052766). - ubifs: free the encrypted symlink target (bsc#1052766). - udf: Avoid overflow when session starts at large offset (bsc#1052766). - udf: Fix leak of UTF-16 surrogates into encoded strings (bsc#1052766). - usb: core: Add quirk for HP v222w 16GB Mini (bsc#1090888). - usb: quirks: add control message delay for 1b1c:1b20 (bsc#1087092). - usb: typec: ucsi: Fix for incorrect status data issue (bsc#1100132). - usb: typec: ucsi: Increase command completion timeout value (bsc#1090888). - usb: typec: ucsi: acpi: Workaround for cache mode issue (bsc#1100132). - usb: xhci: Disable slot even when virt-dev is null (bsc#1085539). - usb: xhci: Fix potential memory leak in xhci_disable_slot() (bsc#1085539). - usb: xhci: Make some static functions global (). - usbip: usbip_host: delete device from busid_table after rebind (bsc#1096480). - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors (bsc#1096480). - usbip: usbip_host: fix bad unlock balance during stub_probe() (bsc#1096480). - usbip: usbip_host: fix to hold parent lock for device_attach() calls (bsc#1096480). - usbip: usbip_host: run rebind from exit when module is removed (bsc#1096480). - usbip: vudc: fix null pointer dereference on udc->lock (bsc#1087092). - userns: Do not fail follow_automount based on s_user_ns (bsc#1099918). - vfb: fix video mode and line_length being set when loaded (bsc#1100362). - vfio: Use get_user_pages_longterm correctly (bsc#1095337). - vfio: disable filesystem-dax page pinning (bsc#1095337). - vfio: platform: Fix reset module leak in error path (bsc#1099918). - vhost: Fix vhost_copy_to_user() (networking-stable-18_04_13). - vhost: correctly remove wait queue during poll failure (networking-stable-18_04_10). - vhost: fix vhost_vq_access_ok() log check (networking-stable-18_04_13). - vhost: validate log when IOTLB is enabled (networking-stable-18_04_10). - vhost_net: add missing lock nesting notation (networking-stable-18_04_10). - vhost_net: stop device during reset owner (networking-stable-18_02_06). - video/fbdev/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() (bsc#1090888 bsc#1099966). - video/hdmi: Allow "empty" HDMI infoframes (bsc#1051510). - video: fbdev/mmp: add MODULE_LICENSE (bsc#1051510). - video: fbdev: atmel_lcdfb: fix display-timings lookup (bsc#1051510). - video: fbdev: aty: do not leak uninitialized padding in clk to userspace (bsc#1051510). - video: fbdev: au1200fb: Release some resources if a memory allocation fails (bsc#1051510). - video: fbdev: au1200fb: Return an error code if a memory allocation fails (bsc#1051510). - virtio-gpu: fix ioctl and expose the fixed status to userspace (bsc#1100382). - virtio: add ability to iterate over vqs (bsc#1051510). - virtio: release virtio index when fail to device_register (bsc#1051510). - virtio_console: do not tie bufs to a vq (bsc#1051510). - virtio_console: drop custom control queue cleanup (bsc#1051510). - virtio_console: free buffers after reset (bsc#1051510). - virtio_console: move removal code (bsc#1051510). - virtio_console: reset on out of memory (bsc#1051510). - virtio_net: fix adding vids on big-endian (networking-stable-18_04_26). - virtio_net: split out ctrl buffer (networking-stable-18_04_26). - virtio_ring: fix num_free handling in error case (bsc#1051510). - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi (networking-stable-18_04_26). - vlan: also check phy_driver ts_info for vlan's real device (networking-stable-18_04_10). - vlan: fix a use-after-free in vlan_device_event() (networking-stable-17_11_20). - vmw_balloon: fix inflation with batching (bsc#1051510). - vmw_balloon: fixing double free when batching mode is off (bsc#1051510). - vmxnet3: avoid xmit reset due to a race in vmxnet3 (bsc#1091860). - vmxnet3: fix incorrect dereference when rxvlan is disabled (bsc#1091860). - vmxnet3: increase default rx ring sizes (bsc#1091860). - vmxnet3: repair memory leak (bsc#1051510). - vmxnet3: set the DMA mask before the first DMA map operation (bsc#1091860). - vmxnet3: use DMA memory barriers where required (bsc#1091860). - vmxnet3: use correct flag to indicate LRO feature (bsc#1091860). - vrf: Fix use after free and double free in vrf_finish_output (networking-stable-18_04_10). - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend (bsc#1051510). - vt: change SGR 21 to follow the standards (bsc#1051510). - vt: prevent leaking uninitialized data to userspace via /dev/vcs* (bsc#1051510). - vti6: Change minimum MTU to IPV4_MIN_MTU, vti6 can carry IPv4 too (bsc#1082869). - vti6: Fix dev->max_mtu setting (bsc#1082869). - vti6: Keep set MTU on link creation or change, validate it (bsc#1082869). - vti6: Properly adjust vti6 MTU from MTU of lower device (bsc#1082869). - vti6: better validate user provided tunnel names (networking-stable-18_04_10). - vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit (bsc#1076830). - vxlan: fix the issue that neigh proxy blocks all icmpv6 packets (networking-stable-17_11_20). - w1: mxc_w1: Enable clock before calling clk_get_rate() on it (bsc#1051510). - wait: add wait_event_killable_timeout() (bsc#1099792). - watchdog: da9063: Fix setting/changing timeout (bsc#1100843). - watchdog: da9063: Fix timeout handling during probe (bsc#1100843). - watchdog: da9063: Fix updating timeout value (bsc#1100843). - watchdog: f71808e_wdt: Fix WD_EN register read (bsc#1051510). - watchdog: f71808e_wdt: Fix magic close handling (bsc#1051510). - watchdog: sp5100_tco: Fix watchdog disable bit (bsc#1051510). - wcn36xx: Fix dynamic power saving (bsc#1051510). - wcn36xx: Introduce mutual exclusion of fw configuration (bsc#1051510). - wl1251: check return from call to wl1251_acx_arp_ip_filter (bsc#1051510). - workqueue: Allow retrieval of current task's work struct (bsc#1051510). - workqueue: use put_device() instead of kfree() (bsc#1051510). - x86,sched: Allow topologies where NUMA nodes share an LLC (bsc#1091158). - x86/cpu_entry_area: Map also trace_idt_table (bsc#1089878). - x86/intel_rdt: Add command line parameter to control L2_CDP (). - x86/intel_rdt: Add two new resources for L2 Code and Data Prioritization (CDP) (). - x86/intel_rdt: Enable L2 CDP in MSR IA32_L2_QOS_CFG (). - x86/intel_rdt: Enumerate L2 Code and Data Prioritization (CDP) feature (). - x86/mm: add a function to check if a pfn is UC/UC-/WC (bsc#1087213). - x86/pkeys: Add arch_pkeys_enabled() (bsc#1078248). - x86/pkeys: Move vma_pkey() into asm/pkeys.h (bsc#1078248). - x86/pti: do not report XenPV as vulnerable (bsc#1097551). - x86/setup: Do not reserve a crash kernel region if booted on Xen PV (bsc#1085626). - x86/stacktrace: Clarify the reliable success paths (bnc#1058115). - x86/stacktrace: Do not fail for ORC with regs on stack (bnc#1058115). - x86/stacktrace: Do not unwind after user regs (bnc#1058115). - x86/stacktrace: Enable HAVE_RELIABLE_STACKTRACE for the ORC unwinder (bnc#1058115). - x86/stacktrace: Remove STACKTRACE_DUMP_ONCE (bnc#1058115). - x86/tsc: Future-proof native_calibrate_tsc() (bsc#1074873). - x86/unwind/orc: Detect the end of the stack (bnc#1058115). - xen/acpi: off by one in read_acpi_id() (bnc#1065600). - xen/netfront: raise max number of slots in xennet_get_responses() (bnc#1076049). - xen: do not print error message in case of missing Xenstore entry (bnc#1065600). - xhci: Add port status decoder for tracing purposes (). - xhci: Fix USB ports for Dell Inspiron 5775 (bsc#1090888). - xhci: add definitions for all port link states (). - xhci: add port speed ID to portsc tracing (). - xhci: add port status tracing (). - xhci: fix endpoint context tracer output (bsc#1087092). - xhci: workaround for AMD Promontory disabled ports wakeup (bsc#1087092). - xhci: zero usb device slot_id member when disabling and freeing a xhci slot (bsc#1090888). - xprtrdma: Fix list corruption / DMAR errors during MR recovery (git-fixes). - xprtrdma: Return -ENOBUFS when no pages are available (git-fixes). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-1420=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-1420=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-1420=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1420=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1420=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-1420=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-25.3.1 kernel-default-debugsource-4.12.14-25.3.1 kernel-default-extra-4.12.14-25.3.1 kernel-default-extra-debuginfo-4.12.14-25.3.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-25.3.1 kernel-default-debugsource-4.12.14-25.3.1 kernel-default-livepatch-4.12.14-25.3.1 kernel-livepatch-4_12_14-25_3-default-1-1.3.1 kernel-livepatch-4_12_14-25_3-default-debuginfo-1-1.3.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-25.3.1 kernel-default-debugsource-4.12.14-25.3.1 reiserfs-kmp-default-4.12.14-25.3.1 reiserfs-kmp-default-debuginfo-4.12.14-25.3.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-25.3.1 kernel-obs-build-debugsource-4.12.14-25.3.1 kernel-syms-4.12.14-25.3.1 kernel-vanilla-base-4.12.14-25.3.1 kernel-vanilla-base-debuginfo-4.12.14-25.3.1 kernel-vanilla-debuginfo-4.12.14-25.3.1 kernel-vanilla-debugsource-4.12.14-25.3.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-25.3.1 kernel-source-4.12.14-25.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-25.3.1 kernel-default-debuginfo-4.12.14-25.3.1 kernel-default-debugsource-4.12.14-25.3.1 kernel-default-devel-4.12.14-25.3.1 kernel-default-devel-debuginfo-4.12.14-25.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-25.3.1 kernel-macros-4.12.14-25.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-25.3.1 kernel-zfcpdump-4.12.14-25.3.1 kernel-zfcpdump-debuginfo-4.12.14-25.3.1 kernel-zfcpdump-debugsource-4.12.14-25.3.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-25.3.1 cluster-md-kmp-default-debuginfo-4.12.14-25.3.1 dlm-kmp-default-4.12.14-25.3.1 dlm-kmp-default-debuginfo-4.12.14-25.3.1 gfs2-kmp-default-4.12.14-25.3.1 gfs2-kmp-default-debuginfo-4.12.14-25.3.1 kernel-default-debuginfo-4.12.14-25.3.1 kernel-default-debugsource-4.12.14-25.3.1 ocfs2-kmp-default-4.12.14-25.3.1 ocfs2-kmp-default-debuginfo-4.12.14-25.3.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2018-1000200.html https://www.suse.com/security/cve/CVE-2018-1000204.html https://www.suse.com/security/cve/CVE-2018-10087.html https://www.suse.com/security/cve/CVE-2018-10124.html https://www.suse.com/security/cve/CVE-2018-1092.html https://www.suse.com/security/cve/CVE-2018-1093.html https://www.suse.com/security/cve/CVE-2018-1094.html https://www.suse.com/security/cve/CVE-2018-1118.html https://www.suse.com/security/cve/CVE-2018-1120.html https://www.suse.com/security/cve/CVE-2018-1130.html https://www.suse.com/security/cve/CVE-2018-12233.html https://www.suse.com/security/cve/CVE-2018-13053.html https://www.suse.com/security/cve/CVE-2018-13405.html https://www.suse.com/security/cve/CVE-2018-13406.html https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-5803.html https://www.suse.com/security/cve/CVE-2018-5848.html https://www.suse.com/security/cve/CVE-2018-7492.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-9385.html https://bugzilla.suse.com/1046303 https://bugzilla.suse.com/1046305 https://bugzilla.suse.com/1046306 https://bugzilla.suse.com/1046307 https://bugzilla.suse.com/1046540 https://bugzilla.suse.com/1046542 https://bugzilla.suse.com/1046543 https://bugzilla.suse.com/1048129 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050252 https://bugzilla.suse.com/1050529 https://bugzilla.suse.com/1050536 https://bugzilla.suse.com/1050538 https://bugzilla.suse.com/1050545 https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1050662 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1052766 https://bugzilla.suse.com/1055968 https://bugzilla.suse.com/1056427 https://bugzilla.suse.com/1056643 https://bugzilla.suse.com/1056651 https://bugzilla.suse.com/1056653 https://bugzilla.suse.com/1056657 https://bugzilla.suse.com/1056658 https://bugzilla.suse.com/1056662 https://bugzilla.suse.com/1056686 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1058513 https://bugzilla.suse.com/1058659 https://bugzilla.suse.com/1058717 https://bugzilla.suse.com/1060463 https://bugzilla.suse.com/1061024 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1062897 https://bugzilla.suse.com/1064802 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1066110 https://bugzilla.suse.com/1066129 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068054 https://bugzilla.suse.com/1071218 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1072829 https://bugzilla.suse.com/1072856 https://bugzilla.suse.com/1073513 https://bugzilla.suse.com/1073765 https://bugzilla.suse.com/1073960 https://bugzilla.suse.com/1074562 https://bugzilla.suse.com/1074578 https://bugzilla.suse.com/1074701 https://bugzilla.suse.com/1074741 https://bugzilla.suse.com/1074873 https://bugzilla.suse.com/1074919 https://bugzilla.suse.com/1075006 https://bugzilla.suse.com/1075007 https://bugzilla.suse.com/1075262 https://bugzilla.suse.com/1075419 https://bugzilla.suse.com/1075748 https://bugzilla.suse.com/1075876 https://bugzilla.suse.com/1076049 https://bugzilla.suse.com/1076115 https://bugzilla.suse.com/1076372 https://bugzilla.suse.com/1076830 https://bugzilla.suse.com/1077338 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1078353 https://bugzilla.suse.com/1079152 https://bugzilla.suse.com/1079747 https://bugzilla.suse.com/1080039 https://bugzilla.suse.com/1080542 https://bugzilla.suse.com/1081599 https://bugzilla.suse.com/1082485 https://bugzilla.suse.com/1082504 https://bugzilla.suse.com/1082869 https://bugzilla.suse.com/1082962 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1083900 https://bugzilla.suse.com/1084001 https://bugzilla.suse.com/1084570 https://bugzilla.suse.com/1085308 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1085626 https://bugzilla.suse.com/1085933 https://bugzilla.suse.com/1085936 https://bugzilla.suse.com/1085937 https://bugzilla.suse.com/1085938 https://bugzilla.suse.com/1085939 https://bugzilla.suse.com/1085941 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1086283 https://bugzilla.suse.com/1086286 https://bugzilla.suse.com/1086288 https://bugzilla.suse.com/1086319 https://bugzilla.suse.com/1086323 https://bugzilla.suse.com/1086400 https://bugzilla.suse.com/1086652 https://bugzilla.suse.com/1086739 https://bugzilla.suse.com/1087078 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087084 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1087205 https://bugzilla.suse.com/1087210 https://bugzilla.suse.com/1087213 https://bugzilla.suse.com/1087214 https://bugzilla.suse.com/1087284 https://bugzilla.suse.com/1087405 https://bugzilla.suse.com/1087458 https://bugzilla.suse.com/1087939 https://bugzilla.suse.com/1087978 https://bugzilla.suse.com/1088354 https://bugzilla.suse.com/1088690 https://bugzilla.suse.com/1088704 https://bugzilla.suse.com/1088722 https://bugzilla.suse.com/1088796 https://bugzilla.suse.com/1088804 https://bugzilla.suse.com/1088821 https://bugzilla.suse.com/1088866 https://bugzilla.suse.com/1089115 https://bugzilla.suse.com/1089268 https://bugzilla.suse.com/1089467 https://bugzilla.suse.com/1089608 https://bugzilla.suse.com/1089663 https://bugzilla.suse.com/1089664 https://bugzilla.suse.com/1089667 https://bugzilla.suse.com/1089669 https://bugzilla.suse.com/1089752 https://bugzilla.suse.com/1089753 https://bugzilla.suse.com/1089878 https://bugzilla.suse.com/1090150 https://bugzilla.suse.com/1090457 https://bugzilla.suse.com/1090605 https://bugzilla.suse.com/1090643 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090658 https://bugzilla.suse.com/1090734 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1090953 https://bugzilla.suse.com/1091158 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1091424 https://bugzilla.suse.com/1091594 https://bugzilla.suse.com/1091666 https://bugzilla.suse.com/1091678 https://bugzilla.suse.com/1091686 https://bugzilla.suse.com/1091781 https://bugzilla.suse.com/1091782 https://bugzilla.suse.com/1091815 https://bugzilla.suse.com/1091860 https://bugzilla.suse.com/1091960 https://bugzilla.suse.com/1092100 https://bugzilla.suse.com/1092472 https://bugzilla.suse.com/1092710 https://bugzilla.suse.com/1092772 https://bugzilla.suse.com/1092888 https://bugzilla.suse.com/1092904 https://bugzilla.suse.com/1092975 https://bugzilla.suse.com/1093023 https://bugzilla.suse.com/1093027 https://bugzilla.suse.com/1093035 https://bugzilla.suse.com/1093118 https://bugzilla.suse.com/1093148 https://bugzilla.suse.com/1093158 https://bugzilla.suse.com/1093184 https://bugzilla.suse.com/1093205 https://bugzilla.suse.com/1093273 https://bugzilla.suse.com/1093290 https://bugzilla.suse.com/1093604 https://bugzilla.suse.com/1093641 https://bugzilla.suse.com/1093649 https://bugzilla.suse.com/1093653 https://bugzilla.suse.com/1093655 https://bugzilla.suse.com/1093657 https://bugzilla.suse.com/1093663 https://bugzilla.suse.com/1093721 https://bugzilla.suse.com/1093728 https://bugzilla.suse.com/1093904 https://bugzilla.suse.com/1093990 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1094356 https://bugzilla.suse.com/1094420 https://bugzilla.suse.com/1094541 https://bugzilla.suse.com/1094575 https://bugzilla.suse.com/1094751 https://bugzilla.suse.com/1094825 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1094912 https://bugzilla.suse.com/1094978 https://bugzilla.suse.com/1095042 https://bugzilla.suse.com/1095094 https://bugzilla.suse.com/1095115 https://bugzilla.suse.com/1095155 https://bugzilla.suse.com/1095265 https://bugzilla.suse.com/1095321 https://bugzilla.suse.com/1095337 https://bugzilla.suse.com/1095467 https://bugzilla.suse.com/1095573 https://bugzilla.suse.com/1095735 https://bugzilla.suse.com/1095893 https://bugzilla.suse.com/1096065 https://bugzilla.suse.com/1096480 https://bugzilla.suse.com/1096529 https://bugzilla.suse.com/1096696 https://bugzilla.suse.com/1096705 https://bugzilla.suse.com/1096728 https://bugzilla.suse.com/1096753 https://bugzilla.suse.com/1096790 https://bugzilla.suse.com/1096793 https://bugzilla.suse.com/1097034 https://bugzilla.suse.com/1097105 https://bugzilla.suse.com/1097234 https://bugzilla.suse.com/1097356 https://bugzilla.suse.com/1097373 https://bugzilla.suse.com/1097439 https://bugzilla.suse.com/1097465 https://bugzilla.suse.com/1097468 https://bugzilla.suse.com/1097470 https://bugzilla.suse.com/1097471 https://bugzilla.suse.com/1097472 https://bugzilla.suse.com/1097551 https://bugzilla.suse.com/1097780 https://bugzilla.suse.com/1097796 https://bugzilla.suse.com/1097800 https://bugzilla.suse.com/1097941 https://bugzilla.suse.com/1097961 https://bugzilla.suse.com/1098016 https://bugzilla.suse.com/1098043 https://bugzilla.suse.com/1098050 https://bugzilla.suse.com/1098174 https://bugzilla.suse.com/1098176 https://bugzilla.suse.com/1098236 https://bugzilla.suse.com/1098401 https://bugzilla.suse.com/1098425 https://bugzilla.suse.com/1098435 https://bugzilla.suse.com/1098599 https://bugzilla.suse.com/1098626 https://bugzilla.suse.com/1098706 https://bugzilla.suse.com/1098983 https://bugzilla.suse.com/1098995 https://bugzilla.suse.com/1099029 https://bugzilla.suse.com/1099041 https://bugzilla.suse.com/1099109 https://bugzilla.suse.com/1099142 https://bugzilla.suse.com/1099183 https://bugzilla.suse.com/1099715 https://bugzilla.suse.com/1099792 https://bugzilla.suse.com/1099918 https://bugzilla.suse.com/1099924 https://bugzilla.suse.com/1099966 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1100209 https://bugzilla.suse.com/1100340 https://bugzilla.suse.com/1100362 https://bugzilla.suse.com/1100382 https://bugzilla.suse.com/1100394 https://bugzilla.suse.com/1100416 https://bugzilla.suse.com/1100418 https://bugzilla.suse.com/1100491 https://bugzilla.suse.com/1100602 https://bugzilla.suse.com/1100633 https://bugzilla.suse.com/1100843 https://bugzilla.suse.com/1101296 https://bugzilla.suse.com/1101315 https://bugzilla.suse.com/1101324 https://bugzilla.suse.com/971975 https://bugzilla.suse.com/975772 From sle-updates at lists.suse.com Fri Jul 27 14:28:40 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:28:40 +0200 (CEST) Subject: SUSE-SU-2018:2093-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP1) Message-ID: <20180727202840.1A242FD35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2093-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_85 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1437=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1437=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_85-default-5-2.1 kgraft-patch-3_12_74-60_64_85-xen-5-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_85-default-5-2.1 kgraft-patch-3_12_74-60_64_85-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:32:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:32:22 +0200 (CEST) Subject: SUSE-SU-2018:2094-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 12) Message-ID: <20180727203222.6C8B8FD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2094-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_92 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1429=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_92-default-9-2.1 kgraft-patch-3_12_61-52_92-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:34:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:34:05 +0200 (CEST) Subject: SUSE-SU-2018:2095-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12) Message-ID: <20180727203405.280EAFD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2095-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_119 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1421=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_119-default-6-2.1 kgraft-patch-3_12_61-52_119-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:34:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:34:47 +0200 (CEST) Subject: SUSE-SU-2018:2096-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12) Message-ID: <20180727203447.C2219FD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2096-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_122 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1424=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_122-default-6-2.1 kgraft-patch-3_12_61-52_122-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:35:26 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:35:26 +0200 (CEST) Subject: SUSE-SU-2018:2097-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP1) Message-ID: <20180727203526.69B98FD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2097-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_69 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1439=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1439=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_69-default-5-2.1 kgraft-patch-3_12_74-60_64_69-xen-5-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_69-default-5-2.1 kgraft-patch-3_12_74-60_64_69-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:36:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:36:06 +0200 (CEST) Subject: SUSE-SU-2018:2098-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 12) Message-ID: <20180727203606.D4E49FD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2098-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_106 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1433=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_106-default-7-2.1 kgraft-patch-3_12_61-52_106-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:38:18 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:38:18 +0200 (CEST) Subject: SUSE-SU-2018:2100-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP1) Message-ID: <20180727203818.3E0AEFD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2100-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_51 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1444=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1444=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_51-default-10-2.1 kgraft-patch-3_12_74-60_64_51-xen-10-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_51-default-10-2.1 kgraft-patch-3_12_74-60_64_51-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:42:03 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:42:03 +0200 (CEST) Subject: SUSE-SU-2018:2101-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 12) Message-ID: <20180727204203.A8C14FD81@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2101-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_111 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1422=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_111-default-6-2.1 kgraft-patch-3_12_61-52_111-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:42:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:42:59 +0200 (CEST) Subject: SUSE-SU-2018:2102-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12) Message-ID: <20180727204259.AB357FD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2102-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_89 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1428=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_89-default-10-2.1 kgraft-patch-3_12_61-52_89-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:43:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:43:49 +0200 (CEST) Subject: SUSE-SU-2018:2103-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP1) Message-ID: <20180727204349.6319DFD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2103-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_63 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1441=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1441=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_63-default-7-2.1 kgraft-patch-3_12_74-60_64_63-xen-7-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_63-default-7-2.1 kgraft-patch-3_12_74-60_64_63-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:48:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:48:07 +0200 (CEST) Subject: SUSE-SU-2018:2104-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP1) Message-ID: <20180727204807.25A2DFD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2104-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_66 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1440=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1440=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_66-default-6-2.1 kgraft-patch-3_12_74-60_64_66-xen-6-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_66-default-6-2.1 kgraft-patch-3_12_74-60_64_66-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:49:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:49:42 +0200 (CEST) Subject: SUSE-SU-2018:2105-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 12) Message-ID: <20180727204942.7B9E1FD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2105-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_83 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1430=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_83-default-10-2.1 kgraft-patch-3_12_61-52_83-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:50:54 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:50:54 +0200 (CEST) Subject: SUSE-SU-2018:2106-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP1) Message-ID: <20180727205054.2032EFD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2106-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_88 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1436=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1436=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_88-default-3-2.1 kgraft-patch-3_12_74-60_64_88-xen-3-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_88-default-3-2.1 kgraft-patch-3_12_74-60_64_88-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:52:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:52:01 +0200 (CEST) Subject: SUSE-SU-2018:2107-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 12) Message-ID: <20180727205201.257D2FD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 33 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2107-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_125 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1423=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_125-default-5-2.1 kgraft-patch-3_12_61-52_125-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:53:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:53:53 +0200 (CEST) Subject: SUSE-SU-2018:2108-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12) Message-ID: <20180727205353.9307CFD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2108-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_101 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1432=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_101-default-7-2.1 kgraft-patch-3_12_61-52_101-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:54:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:54:56 +0200 (CEST) Subject: SUSE-SU-2018:2109-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP1) Message-ID: <20180727205456.739C6FD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2109-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_82 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1438=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1438=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_82-default-5-2.1 kgraft-patch-3_12_74-60_64_82-xen-5-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_82-default-5-2.1 kgraft-patch-3_12_74-60_64_82-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:55:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:55:47 +0200 (CEST) Subject: SUSE-SU-2018:2110-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP1) Message-ID: <20180727205547.797A7FD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2110-1 Rating: important References: #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.74-60_64_96 fixes one issue. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1434=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1434=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_96-default-2-2.1 kgraft-patch-3_12_74-60_64_96-xen-2-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_96-default-2-2.1 kgraft-patch-3_12_74-60_64_96-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:56:46 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:56:46 +0200 (CEST) Subject: SUSE-SU-2018:2111-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 12) Message-ID: <20180727205646.43EDBFD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 36 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2111-1 Rating: important References: #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.61-52_136 fixes one issue. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1427=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_136-default-2-2.1 kgraft-patch-3_12_61-52_136-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:57:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:57:17 +0200 (CEST) Subject: SUSE-SU-2018:2112-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2) Message-ID: <20180727205717.AA742FD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2112-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.74-92_38 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1447=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1447=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_74-92_38-default-10-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_74-92_38-default-10-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:58:40 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:58:40 +0200 (CEST) Subject: SUSE-SU-2018:2113-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP1) Message-ID: <20180727205840.F0C20FD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2113-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_60 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1442=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1442=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_60-default-9-2.1 kgraft-patch-3_12_74-60_64_60-xen-9-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_60-default-9-2.1 kgraft-patch-3_12_74-60_64_60-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 14:59:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 22:59:43 +0200 (CEST) Subject: SUSE-SU-2018:2114-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 12) Message-ID: <20180727205943.636CBFD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 35 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2114-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_133 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1425=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_133-default-2-2.1 kgraft-patch-3_12_61-52_133-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Fri Jul 27 15:00:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jul 2018 23:00:31 +0200 (CEST) Subject: SUSE-SU-2018:2115-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12) Message-ID: <20180727210031.6226FFD7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2115-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_86 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1431=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_86-default-10-2.1 kgraft-patch-3_12_61-52_86-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-updates at lists.suse.com Mon Jul 30 07:07:32 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Jul 2018 15:07:32 +0200 (CEST) Subject: SUSE-RU-2018:2136-1: Recommended update for grub Message-ID: <20180730130732.C9C27FD7E@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2136-1 Rating: low References: #1020714 #1045024 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub provides the following fixes: - Add support to SHA2 crypt grub passwords. (bsc#1020714, fate#322419) - Add workarounds for some problematic Dell BIOSes. (bsc#1045024) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-grub-13707=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-grub-13707=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): grub-0.97-172.3.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): grub-debuginfo-0.97-172.3.2 References: https://bugzilla.suse.com/1020714 https://bugzilla.suse.com/1045024 From sle-updates at lists.suse.com Mon Jul 30 07:08:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Jul 2018 15:08:15 +0200 (CEST) Subject: SUSE-RU-2018:2137-1: moderate: Recommended update for release-notes-sles Message-ID: <20180730130815.BC912FD35@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2137-1 Rating: moderate References: #1080368 #1085628 #1089319 #1089586 #1090199 #1097236 #1098864 #1101177 #353876 Affected Products: SUSE Linux Enterprise Server 15 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: An update for the release notes of SUSE Linux Enterprise Server 15: (bsc#1101177) - Updated template text - Updated product description - Update aarch64 kernel limits - Updated release notes from FATE - New notes: - Device driver ibmvnic (FATE#323285) - NIS supports IPv6 (FATE#324353) - Advanced Systems Management Module has been removed (FATE#324614) - Migrating from SLES 12 to SLES 15 when the HPC Module is registered (FATE#325666) - Package insserv-compat has been added to SAP Application Server Base Pattern (FATE#325727) - Raspberry Pi using device tree from firmware (FATE#325780) - The user space X drivers cirrus/mga/ast have been removed (FATE#325795, bsc#1089319) - Using thunderbolt devices (FATE#325796, bsc#1090199) - Updated btrfs subvolume layout (FATE#325797, bsc#1085628) - su command does not preserve the value of PATH (FATE#325802, bsc#353876) - Changed notes: - NFS Tuning (FATE#322786, bsc#1097236) [Correct parameter that needs to be used] - Intel* Omni-Path architecture (OPA) Host Software (FATE#323041, bsc#1080368) [Correct URL] - xinetd and yast2-inetd have been removed (FATE#323373, bsc#1089586) [Add note about only_from] - Removed packages (FATE#323783) [Added cirrus/mga/ast driver information] - Searching packages across all SLE modules (FATE#325452, bsc#1098864) [Wording fixes] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 15: zypper in -t patch SUSE-SLE-Product-SLES-15-2018-1451=1 Package List: - SUSE Linux Enterprise Server 15 (noarch): release-notes-sles-15.0.20180713-3.4.6 References: https://bugzilla.suse.com/1080368 https://bugzilla.suse.com/1085628 https://bugzilla.suse.com/1089319 https://bugzilla.suse.com/1089586 https://bugzilla.suse.com/1090199 https://bugzilla.suse.com/1097236 https://bugzilla.suse.com/1098864 https://bugzilla.suse.com/1101177 https://bugzilla.suse.com/353876 From sle-updates at lists.suse.com Mon Jul 30 07:10:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Jul 2018 15:10:27 +0200 (CEST) Subject: SUSE-RU-2018:2140-1: Recommended update for pam Message-ID: <20180730131027.135F3FD35@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2140-1 Rating: low References: #1096282 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pam provides the following fix: - Added /etc/security/limits.d to the pam package. (bsc#1096282) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1450=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1450=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1450=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1450=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): pam-debuginfo-1.1.8-24.6.1 pam-debugsource-1.1.8-24.6.1 pam-devel-1.1.8-24.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): pam-1.1.8-24.6.1 pam-debuginfo-1.1.8-24.6.1 pam-debugsource-1.1.8-24.6.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): pam-32bit-1.1.8-24.6.1 pam-debuginfo-32bit-1.1.8-24.6.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): pam-doc-1.1.8-24.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): pam-1.1.8-24.6.1 pam-32bit-1.1.8-24.6.1 pam-debuginfo-1.1.8-24.6.1 pam-debuginfo-32bit-1.1.8-24.6.1 pam-debugsource-1.1.8-24.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): pam-doc-1.1.8-24.6.1 - SUSE CaaS Platform ALL (x86_64): pam-1.1.8-24.6.1 pam-debuginfo-1.1.8-24.6.1 pam-debugsource-1.1.8-24.6.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): pam-1.1.8-24.6.1 pam-debuginfo-1.1.8-24.6.1 pam-debugsource-1.1.8-24.6.1 References: https://bugzilla.suse.com/1096282 From sle-updates at lists.suse.com Mon Jul 30 16:07:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Jul 2018 00:07:34 +0200 (CEST) Subject: SUSE-SU-2018:2141-1: important: Security update for libvirt Message-ID: <20180730220734.8B335FD7E@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2141-1 Rating: important References: #1076500 #1079869 #1083625 #1092885 #854343 #897352 #954872 #956298 #964465 #968483 #980558 #987527 Cross-References: CVE-2016-5008 CVE-2017-5715 CVE-2018-1064 CVE-2018-3639 CVE-2018-5748 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 7 fixes is now available. Description: This update for libvirt fixes the following issues: Security issues fixed: - CVE-2018-3639: Add support for 'ssbd' and 'virt-ssbd' CPUID feature bits to address V4 Speculative Store Bypass aka "Memory Disambiguation" (bsc#1092885). - CVE-2018-1064: Fix denial of service problem during reading from guest agent (bsc#1083625). - CVE-2018-5748: Fix resource exhaustion via qemuMonitorIORead() method (bsc#1076500). - CVE-2016-5008: Fix that an empty VNC password disables authentication (bsc#987527). - CVE-2017-5715: Fix speculative side channel attacks aka "SpectreAttack" (var2) (bsc#1079869). Bug fixes: - bsc#980558: Fix NUMA node memory allocation. - bsc#968483: Restart daemons in %posttrans after connection drivers. - bsc#897352: Systemd fails to ignore LSB services. - bsc#956298: virsh domxml-to-native causes segfault of libvirtd. - bsc#964465: libvirtd.service causes systemd warning about xencommons service. - bsc#954872: Script block-dmmd not working as expected. - bsc#854343: libvirt installation run inappropriate systemd restart. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1455=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libvirt-1.2.5-27.13.1 libvirt-client-1.2.5-27.13.1 libvirt-client-debuginfo-1.2.5-27.13.1 libvirt-daemon-1.2.5-27.13.1 libvirt-daemon-config-network-1.2.5-27.13.1 libvirt-daemon-config-nwfilter-1.2.5-27.13.1 libvirt-daemon-debuginfo-1.2.5-27.13.1 libvirt-daemon-driver-interface-1.2.5-27.13.1 libvirt-daemon-driver-interface-debuginfo-1.2.5-27.13.1 libvirt-daemon-driver-lxc-1.2.5-27.13.1 libvirt-daemon-driver-lxc-debuginfo-1.2.5-27.13.1 libvirt-daemon-driver-network-1.2.5-27.13.1 libvirt-daemon-driver-network-debuginfo-1.2.5-27.13.1 libvirt-daemon-driver-nodedev-1.2.5-27.13.1 libvirt-daemon-driver-nodedev-debuginfo-1.2.5-27.13.1 libvirt-daemon-driver-nwfilter-1.2.5-27.13.1 libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-27.13.1 libvirt-daemon-driver-qemu-1.2.5-27.13.1 libvirt-daemon-driver-qemu-debuginfo-1.2.5-27.13.1 libvirt-daemon-driver-secret-1.2.5-27.13.1 libvirt-daemon-driver-secret-debuginfo-1.2.5-27.13.1 libvirt-daemon-driver-storage-1.2.5-27.13.1 libvirt-daemon-driver-storage-debuginfo-1.2.5-27.13.1 libvirt-daemon-lxc-1.2.5-27.13.1 libvirt-daemon-qemu-1.2.5-27.13.1 libvirt-debugsource-1.2.5-27.13.1 libvirt-doc-1.2.5-27.13.1 libvirt-lock-sanlock-1.2.5-27.13.1 libvirt-lock-sanlock-debuginfo-1.2.5-27.13.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): libvirt-daemon-driver-libxl-1.2.5-27.13.1 libvirt-daemon-driver-libxl-debuginfo-1.2.5-27.13.1 libvirt-daemon-xen-1.2.5-27.13.1 References: https://www.suse.com/security/cve/CVE-2016-5008.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2018-1064.html https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-5748.html https://bugzilla.suse.com/1076500 https://bugzilla.suse.com/1079869 https://bugzilla.suse.com/1083625 https://bugzilla.suse.com/1092885 https://bugzilla.suse.com/854343 https://bugzilla.suse.com/897352 https://bugzilla.suse.com/954872 https://bugzilla.suse.com/956298 https://bugzilla.suse.com/964465 https://bugzilla.suse.com/968483 https://bugzilla.suse.com/980558 https://bugzilla.suse.com/987527 From sle-updates at lists.suse.com Mon Jul 30 16:10:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Jul 2018 00:10:14 +0200 (CEST) Subject: SUSE-SU-2018:2142-1: moderate: Security update for libcgroup1 Message-ID: <20180730221014.3F780FD35@maintenance.suse.de> SUSE Security Update: Security update for libcgroup1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2142-1 Rating: moderate References: #1100365 Cross-References: CVE-2018-14348 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcgroup1 fixes the following issues: Security issue fixed: - CVE-2018-14348: Fix daemon that creates /var/log/cgred with mode 0666 (bsc#1100365). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libcgroup1-13708=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libcgroup1-13708=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libcgroup1-13708=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcgroup-devel-0.41.rc1-7.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libcgroup1-0.41.rc1-7.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcgroup1-0.41.rc1-7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcgroup1-debuginfo-0.41.rc1-7.1 libcgroup1-debugsource-0.41.rc1-7.1 References: https://www.suse.com/security/cve/CVE-2018-14348.html https://bugzilla.suse.com/1100365 From sle-updates at lists.suse.com Mon Jul 30 16:10:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Jul 2018 00:10:45 +0200 (CEST) Subject: SUSE-SU-2018:2143-1: moderate: Security update for libcgroup Message-ID: <20180730221045.D57E6FD35@maintenance.suse.de> SUSE Security Update: Security update for libcgroup ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2143-1 Rating: moderate References: #1100365 Cross-References: CVE-2018-14348 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcgroup fixes the following issues: Security issue fixed: - CVE-2018-14348: Fix daemon that creates /var/log/cgred with mode 0666 (bsc#1100365). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1453=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1453=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1453=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libcgroup-debugsource-0.41.rc1-10.3.1 libcgroup-devel-0.41.rc1-10.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libcgroup-debugsource-0.41.rc1-10.3.1 libcgroup-tools-0.41.rc1-10.3.1 libcgroup-tools-debuginfo-0.41.rc1-10.3.1 libcgroup1-0.41.rc1-10.3.1 libcgroup1-debuginfo-0.41.rc1-10.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libcgroup-debugsource-0.41.rc1-10.3.1 libcgroup1-0.41.rc1-10.3.1 libcgroup1-debuginfo-0.41.rc1-10.3.1 References: https://www.suse.com/security/cve/CVE-2018-14348.html https://bugzilla.suse.com/1100365 From sle-updates at lists.suse.com Mon Jul 30 16:11:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Jul 2018 00:11:15 +0200 (CEST) Subject: SUSE-SU-2018:2144-1: moderate: Security update for sssd Message-ID: <20180730221115.67A70FD35@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2144-1 Rating: moderate References: #1098163 #1098377 Cross-References: CVE-2018-10852 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sssd fixes the following security issue: - CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users (bsc#1098377). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1456=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-3.3.1 libipa_hbac0-1.16.1-3.3.1 libipa_hbac0-debuginfo-1.16.1-3.3.1 libsss_certmap-devel-1.16.1-3.3.1 libsss_certmap0-1.16.1-3.3.1 libsss_certmap0-debuginfo-1.16.1-3.3.1 libsss_idmap-devel-1.16.1-3.3.1 libsss_idmap0-1.16.1-3.3.1 libsss_idmap0-debuginfo-1.16.1-3.3.1 libsss_nss_idmap-devel-1.16.1-3.3.1 libsss_nss_idmap0-1.16.1-3.3.1 libsss_nss_idmap0-debuginfo-1.16.1-3.3.1 libsss_simpleifp-devel-1.16.1-3.3.1 libsss_simpleifp0-1.16.1-3.3.1 libsss_simpleifp0-debuginfo-1.16.1-3.3.1 python3-sssd-config-1.16.1-3.3.1 python3-sssd-config-debuginfo-1.16.1-3.3.1 sssd-1.16.1-3.3.1 sssd-ad-1.16.1-3.3.1 sssd-ad-debuginfo-1.16.1-3.3.1 sssd-debuginfo-1.16.1-3.3.1 sssd-debugsource-1.16.1-3.3.1 sssd-ipa-1.16.1-3.3.1 sssd-ipa-debuginfo-1.16.1-3.3.1 sssd-krb5-1.16.1-3.3.1 sssd-krb5-common-1.16.1-3.3.1 sssd-krb5-common-debuginfo-1.16.1-3.3.1 sssd-krb5-debuginfo-1.16.1-3.3.1 sssd-ldap-1.16.1-3.3.1 sssd-ldap-debuginfo-1.16.1-3.3.1 sssd-proxy-1.16.1-3.3.1 sssd-proxy-debuginfo-1.16.1-3.3.1 sssd-tools-1.16.1-3.3.1 sssd-tools-debuginfo-1.16.1-3.3.1 sssd-wbclient-1.16.1-3.3.1 sssd-wbclient-debuginfo-1.16.1-3.3.1 sssd-wbclient-devel-1.16.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): sssd-32bit-1.16.1-3.3.1 sssd-32bit-debuginfo-1.16.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-10852.html https://bugzilla.suse.com/1098163 https://bugzilla.suse.com/1098377 From sle-updates at lists.suse.com Mon Jul 30 16:11:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Jul 2018 00:11:52 +0200 (CEST) Subject: SUSE-SU-2018:2145-1: moderate: Security update for gdk-pixbuf Message-ID: <20180730221152.74853FD35@maintenance.suse.de> SUSE Security Update: Security update for gdk-pixbuf ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2145-1 Rating: moderate References: #1053417 Cross-References: CVE-2015-4491 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gdk-pixbuf fixes the following issues: Security issue fixed: - CVE-2015-4491: Fix integer multiplication overflow that allows for DoS or potentially RCE (bsc#1053417). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1452=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1452=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1452=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gdk-pixbuf-debugsource-2.34.0-19.14.2 gdk-pixbuf-devel-2.34.0-19.14.2 gdk-pixbuf-devel-debuginfo-2.34.0-19.14.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gdk-pixbuf-debugsource-2.34.0-19.14.2 gdk-pixbuf-query-loaders-2.34.0-19.14.2 gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.14.2 libgdk_pixbuf-2_0-0-2.34.0-19.14.2 libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.14.2 typelib-1_0-GdkPixbuf-2_0-2.34.0-19.14.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): gdk-pixbuf-query-loaders-32bit-2.34.0-19.14.2 gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.14.2 libgdk_pixbuf-2_0-0-32bit-2.34.0-19.14.2 libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.14.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): gdk-pixbuf-lang-2.34.0-19.14.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gdk-pixbuf-debugsource-2.34.0-19.14.2 gdk-pixbuf-query-loaders-2.34.0-19.14.2 gdk-pixbuf-query-loaders-32bit-2.34.0-19.14.2 gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.14.2 gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.14.2 libgdk_pixbuf-2_0-0-2.34.0-19.14.2 libgdk_pixbuf-2_0-0-32bit-2.34.0-19.14.2 libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.14.2 libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.14.2 typelib-1_0-GdkPixbuf-2_0-2.34.0-19.14.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gdk-pixbuf-lang-2.34.0-19.14.2 References: https://www.suse.com/security/cve/CVE-2015-4491.html https://bugzilla.suse.com/1053417 From sle-updates at lists.suse.com Tue Jul 31 07:07:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Jul 2018 15:07:29 +0200 (CEST) Subject: SUSE-RU-2018:2146-1: moderate: Recommended update for ses-manual_en Message-ID: <20180731130729.0C6A1FD41@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-manual_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2146-1 Rating: moderate References: #1095743 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ses-manual_en contains the following changes: - RBD snapshots in openAttic (fate#325642) - HA setup for Ceph Admin node (fate#325622) - documentation missing which Pools can be erasure coded (bsc#1095743, fate#322006) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-1457=1 Package List: - SUSE Enterprise Storage 5 (noarch): ses-admin_en-pdf-5-22.3.1 ses-manual_en-5-22.3.1 References: https://bugzilla.suse.com/1095743 From sle-updates at lists.suse.com Tue Jul 31 10:07:32 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Jul 2018 18:07:32 +0200 (CEST) Subject: SUSE-RU-2018:2147-1: Recommended update for libseccomp Message-ID: <20180731160732.10A00FD41@maintenance.suse.de> SUSE Recommended Update: Recommended update for libseccomp ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2147-1 Rating: low References: #1019900 #1099151 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This updates libseccomp to version 2.3.1 to allow seccomp confinement support in the docker engine. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1461=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1461=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1461=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libseccomp-debugsource-2.3.1-7.3.1 libseccomp2-2.3.1-7.3.1 libseccomp2-debuginfo-2.3.1-7.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libseccomp-debugsource-2.3.1-7.3.1 libseccomp2-2.3.1-7.3.1 libseccomp2-debuginfo-2.3.1-7.3.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libseccomp-debugsource-2.3.1-7.3.1 libseccomp2-2.3.1-7.3.1 libseccomp2-debuginfo-2.3.1-7.3.1 References: https://bugzilla.suse.com/1019900 https://bugzilla.suse.com/1099151 From sle-updates at lists.suse.com Tue Jul 31 10:08:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Jul 2018 18:08:13 +0200 (CEST) Subject: SUSE-RU-2018:2148-1: moderate: Recommended update for lapack Message-ID: <20180731160813.B6252FD35@maintenance.suse.de> SUSE Recommended Update: Recommended update for lapack ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2148-1 Rating: moderate References: #1087426 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lapack fixes the following issues: - Build tmglib and fold contents into existing liblapack{.a,.so.3}. (bsc#1087426) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1458=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1458=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): lapack-debugsource-3.5.0-4.3.17 liblapacke3-3.5.0-4.3.17 liblapacke3-debuginfo-3.5.0-4.3.17 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): blas-devel-3.5.0-4.3.17 lapack-debugsource-3.5.0-4.3.17 lapack-devel-3.5.0-4.3.17 libblas3-3.5.0-4.3.17 libblas3-debuginfo-3.5.0-4.3.17 liblapack3-3.5.0-4.3.17 liblapack3-debuginfo-3.5.0-4.3.17 References: https://bugzilla.suse.com/1087426 From sle-updates at lists.suse.com Tue Jul 31 10:08:46 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Jul 2018 18:08:46 +0200 (CEST) Subject: SUSE-RU-2018:2149-1: moderate: Recommended update for yast2 Message-ID: <20180731160846.D29FEFD35@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2149-1 Rating: moderate References: #1098919 #1099691 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2 fixes the following issues: - Network: Prevent from crashing when trying to delete some ip aliases from the original devices. (bsc#1098919) - Added additional searchkeys to desktop file. (fate#321043) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1459=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): yast2-4.0.79-3.3.1 References: https://bugzilla.suse.com/1098919 https://bugzilla.suse.com/1099691 From sle-updates at lists.suse.com Tue Jul 31 10:09:25 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Jul 2018 18:09:25 +0200 (CEST) Subject: SUSE-SU-2018:2150-1: important: Security update for the Linux Kernel Message-ID: <20180731160925.3A17CFD35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2150-1 Rating: important References: #1012382 #1068032 #1074562 #1074578 #1074701 #1075006 #1075419 #1075748 #1075876 #1080039 #1085185 #1085657 #1087084 #1087939 #1089525 #1090435 #1090888 #1091171 #1092207 #1094244 #1094248 #1094643 #1095453 #1096790 #1097034 #1097140 #1097492 #1097501 #1097551 #1097808 #1097931 #1097961 #1098016 #1098236 #1098425 #1098435 #1098527 #1099042 #1099183 #1099279 #1099713 #1099732 #1099810 #1099918 #1099924 #1099966 #1099993 #1100089 #1100340 #1100416 #1100418 #1100491 Cross-References: CVE-2017-5753 CVE-2018-13053 CVE-2018-13405 CVE-2018-13406 CVE-2018-9385 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 47 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 RT kernel was updated to 4.4.139 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13053: The alarm_timer_nsleep function had an integer overflow via a large relative timeout because ktime_add_safe was not used (bnc#1099924) - CVE-2018-9385: Prevent overread of the "driver_override" buffer (bsc#1100491) - CVE-2018-13405: The inode_init_owner function allowed local users to create files with an unintended group ownership allowing attackers to escalate privileges by making a plain file executable and SGID (bnc#1100416) - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function could have result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1100418) - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bsc#1068032) The following non-security bugs were fixed: - 1wire: family module autoload fails because of upper/lower case mismatch (bnc#1012382). - ALSA: hda - Clean up ALC299 init code (bsc#1099810). - ALSA: hda - Enable power_save_node for CX20722 (bsc#1099810). - ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines (bsc#1099810). - ALSA: hda - Fix incorrect usage of IS_REACHABLE() (bsc#1099810). - ALSA: hda - Fix pincfg at resume on Lenovo T470 dock (bsc#1099810). - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() (bnc#1012382). - ALSA: hda - Use acpi_dev_present() (bsc#1099810). - ALSA: hda - add a new condition to check if it is thinkpad (bsc#1099810). - ALSA: hda - silence uninitialized variable warning in activate_amp_in() (bsc#1099810). - ALSA: hda/patch_sigmatel: Add AmigaOne X1000 pinconfigs (bsc#1099810). - ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 (bsc#1099810). - ALSA: hda/realtek - Add headset mode support for Dell laptop (bsc#1099810). - ALSA: hda/realtek - Add support headset mode for DELL WYSE (bsc#1099810). - ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup (bsc#1099810). - ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform (bsc#1099810). - ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs (bsc#1099810). - ALSA: hda/realtek - Fix Dell headset Mic can't record (bsc#1099810). - ALSA: hda/realtek - Fix pop noise on Lenovo P50 and co (bsc#1099810). - ALSA: hda/realtek - Fix the problem of two front mics on more machines (bsc#1099810). - ALSA: hda/realtek - Fixup for HP x360 laptops with B and O speakers (bsc#1099810). - ALSA: hda/realtek - Fixup mute led on HP Spectre x360 (bsc#1099810). - ALSA: hda/realtek - Make dock sound work on ThinkPad L570 (bsc#1099810). - ALSA: hda/realtek - Refactor alc269_fixup_hp_mute_led_mic*() (bsc#1099810). - ALSA: hda/realtek - Reorder ALC269 ASUS quirk entries (bsc#1099810). - ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289 (bsc#1099810). - ALSA: hda/realtek - Update ALC255 depop optimize (bsc#1099810). - ALSA: hda/realtek - adjust the location of one mic (bsc#1099810). - ALSA: hda/realtek - change the location for one of two front mics (bsc#1099810). - ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags (bsc#1099810). - ALSA: hda/realtek - update ALC215 depop optimize (bsc#1099810). - ALSA: hda/realtek - update ALC225 depop optimize (bsc#1099810). - ALSA: hda/realtek: Fix mic and headset jack sense on Asus X705UD (bsc#1099810). - ALSA: hda/realtek: Limit mic boost on T480 (bsc#1099810). - ALSA: hda: Fix forget to free resource in error handling code path in hda_codec_driver_probe (bsc#1099810). - ALSA: hda: add dock and led support for HP EliteBook 830 G5 (bsc#1099810). - ALSA: hda: add dock and led support for HP ProBook 640 G4 (bsc#1099810). - ALSA: hda: fix some klockwork scan warnings (bsc#1099810). - ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size (bnc#1012382). - ASoC: cirrus: i2s: Fix LRCLK configuration (bnc#1012382). - ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup (bnc#1012382). - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it (bnc#1012382). - Bluetooth: Fix connection if directed advertising and privacy is used (bnc#1012382). - Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader (bnc#1012382). - Btrfs: fix clone vs chattr NODATASUM race (bnc#1012382). - Btrfs: fix unexpected cow in run_delalloc_nocow (bnc#1012382). - Btrfs: make raid6 rebuild retry more (bnc#1012382). - Btrfs: scrub: Do not use inode pages for device replace (bnc#1012382). - Correct the arguments to verbose() (bsc#1098425) - Hang/soft lockup in d_invalidate with simultaneous calls (bsc#1094248, bsc at 1097140). - IB/qib: Fix DMA api warning with debug kernel (bnc#1012382). - Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID (bnc#1012382). - Input: elan_i2c_smbus - fix more potential stack buffer overflows (bnc#1012382). - Input: elantech - enable middle button of touchpads on ThinkPad P52 (bnc#1012382). - Input: elantech - fix V4 report decoding for module with middle key (bnc#1012382). - MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum (bnc#1012382). - MIPS: io: Add barrier after register read in inX() (bnc#1012382). - NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message (bnc#1012382). - PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume (bnc#1012382). - RDMA/mlx4: Discard unknown SQP work requests (bnc#1012382). - Refresh with upstream commit:62290a5c194b since the typo fix has been merged in upstream. (bsc#1085185) - Revert "Btrfs: fix scrub to repair raid6 corruption" (bnc#1012382). - Revert "kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183)." This turned out to be superfluous for 4.4.x kernels. - Revert "scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1089525)." This reverts commit b054499f7615e2ffa7571ac0d05c7d5c9a8c0327. - UBIFS: Fix potential integer overflow in allocation (bnc#1012382). - Update patches.fixes/nvme-expand-nvmf_check_if_ready-checks.patch (bsc#1098527). - atm: zatm: fix memcmp casting (bnc#1012382). - backlight: as3711_bl: Fix Device Tree node lookup (bnc#1012382). - backlight: max8925_bl: Fix Device Tree node lookup (bnc#1012382). - backlight: tps65217_bl: Fix Device Tree node lookup (bnc#1012382). - block: Fix transfer when chunk sectors exceeds max (bnc#1012382). - bonding: re-evaluate force_primary when the primary slave name changes (bnc#1012382). - bpf: properly enforce index mask to prevent out-of-bounds speculation (bsc#1098425). - branch-check: fix long->int truncation when profiling branches (bnc#1012382). - cdc_ncm: avoid padding beyond end of skb (bnc#1012382). - ceph: fix dentry leak in splice_dentry() (bsc#1098236). - ceph: fix use-after-free in ceph_statfs() (bsc#1098236). - ceph: fix wrong check for the case of updating link count (bsc#1098236). - ceph: prevent i_version from going back (bsc#1098236). - ceph: support file lock on directory (bsc#1098236). - cifs: Check for timeout on Negotiate stage (bsc#1091171). - cpufreq: Fix new policy initialization during limits updates via sysfs (bnc#1012382). - cpuidle: powernv: Fix promotion from snooze if next state disabled (bnc#1012382). - dm thin: handle running out of data space vs concurrent discard (bnc#1012382). - dm: convert DM printk macros to pr_level macros (bsc#1099918). - dm: fix printk() rate limiting code (bsc#1099918). - driver core: Do not ignore class_dir_create_and_add() failure (bnc#1012382). - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes (bsc#1075876). - ext4: fix fencepost error in check for inode count overflow during resize (bnc#1012382). - ext4: fix unsupported feature message formatting (bsc#1098435). - ext4: update mtime in ext4_punch_hole even if no blocks are released (bnc#1012382). - fs/binfmt_misc.c: do not allow offset overflow (bsc#1099279). - fuse: atomic_o_trunc should truncate pagecache (bnc#1012382). - fuse: do not keep dead fuse_conn at fuse_fill_super() (bnc#1012382). - fuse: fix control dir setup and teardown (bnc#1012382). - hv_netvsc: avoid repeated updates of packet filter (bsc#1097492). - hv_netvsc: defer queue selection to VF (bsc#1097492). - hv_netvsc: enable multicast if necessary (bsc#1097492). - hv_netvsc: filter multicast/broadcast (bsc#1097492). - hv_netvsc: fix filter flags (bsc#1097492). - hv_netvsc: fix locking during VF setup (bsc#1097492). - hv_netvsc: fix locking for rx_mode (bsc#1097492). - hv_netvsc: propagate rx filters to VF (bsc#1097492). - iio:buffer: make length types match kfifo types (bnc#1012382). - iommu/vt-d: Fix race condition in add_unmap() (bsc#1096790, bsc#1097034). - ipmi:bt: Set the timeout before doing a capabilities check (bnc#1012382). - ipvs: fix buffer overflow with sync daemon and service (bnc#1012382). - iwlmvm: tdls: Check TDLS channel switch support (bsc#1099810). - iwlwifi: fix non_shared_ant for 9000 devices (bsc#1099810). - kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183). - lib/vsprintf: Remove atomic-unsafe support for %pCr (bnc#1012382). - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk (bnc#1012382). - libata: zpodd: make arrays cdb static, reduces object code size (bnc#1012382). - libata: zpodd: small read overflow in eject_tray() (bnc#1012382). - linvdimm, pmem: Preserve read-only setting for pmem devices (bnc#1012382). - m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() (bnc#1012382). - mac80211: Fix condition validating WMM IE (bsc#1099810,bsc#1099732). - media: cx231xx: Add support for AverMedia DVD EZMaker 7 (bnc#1012382). - media: dvb_frontend: fix locking issues at dvb_frontend_get_event() (bnc#1012382). - media: smiapp: fix timeout checking in smiapp_read_nvm (bsc#1099918). - media: v4l2-compat-ioctl32: prevent go past max size (bnc#1012382). - mfd: intel-lpss: Program REMAP register in PIO mode (bnc#1012382). - mips: ftrace: fix static function graph tracing (bnc#1012382). - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bnc#1012382). - mtd: cfi_cmdset_0002: Change write buffer to check correct value (bnc#1012382). - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bnc#1012382). - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bnc#1012382). - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bnc#1012382). - mtd: cmdlinepart: Update comment for introduction of OFFSET_CONTINUOUS (bsc#1099918). - mtd: partitions: add helper for deleting partition (bsc#1099918). - mtd: partitions: remove sysfs files when deleting all master's partitions (bsc#1099918). - net/sonic: Use dma_mapping_error() (bnc#1012382). - net: qmi_wwan: Add Netgear Aircard 779S (bnc#1012382). - netfilter: ebtables: handle string from userspace with care (bnc#1012382). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (bnc#1012382). - nvme-fabrics: allow duplicate connections to the discovery controller (bsc#1098527). - nvme-fabrics: allow internal passthrough command on deleting controllers (bsc#1098527). - nvme-fabrics: centralize discovery controller defaults (bsc#1098527). - nvme-fabrics: fix and refine state checks in __nvmf_check_ready (bsc#1098527). - nvme-fabrics: refactor queue ready check (bsc#1098527). - nvme-fc: change controllers first connect to use reconnect path (bsc#1098527). - nvme-fc: fix nulling of queue data on reconnect (bsc#1098527). - nvme-fc: remove reinit_request routine (bsc#1098527). - nvme-fc: remove setting DNR on exception conditions (bsc#1098527). - nvme: allow duplicate controller if prior controller being deleted (bsc#1098527). - nvme: move init of keep_alive work item to controller initialization (bsc#1098527). - nvme: reimplement nvmf_check_if_ready() to avoid kabi breakage (bsc#1098527). - nvmet-fc: increase LS buffer count per fc port (bsc#1098527). - nvmet: switch loopback target state to connecting when resetting (bsc#1098527). - of: unittest: for strings, account for trailing \0 in property length field (bnc#1012382). - ovl: fix random return value on mount (bsc#1099993). - ovl: fix uid/gid when creating over whiteout (bsc#1099993). - ovl: override creds with the ones from the superblock mounter (bsc#1099993). - perf intel-pt: Fix "Unexpected indirect branch" error (bnc#1012382). - perf intel-pt: Fix MTC timing after overflow (bnc#1012382). - perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP (bnc#1012382). - perf intel-pt: Fix packet decoding of CYC packets (bnc#1012382). - perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING (bnc#1012382). - perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 (bnc#1012382). - platform/x86: thinkpad_acpi: Adding new hotkey ID for Lenovo thinkpad (bsc#1099810). - powerpc/64s: Exception macro for stack frame and initial register save (bsc#1094244). - powerpc/64s: Fix mce accounting for powernv (bsc#1094244). - powerpc/fadump: Unregister fadump on kexec down path (bnc#1012382). - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bnc#1012382). - powerpc/ptrace: Fix enforcement of DAWR constraints (bnc#1012382). - powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG (bnc#1012382). - powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244). - procfs: add tunable for fd/fdinfo dentry retention (bsc#10866542). - qla2xxx: Fix NULL pointer derefrence for fcport search (bsc#1085657). - qla2xxx: Fix inconsistent DMA mem alloc/free (bsc#1085657). - qla2xxx: Fix kernel crash due to late workqueue allocation (bsc#1085657). - regulator: Do not return or expect -errno from of_map_mode() (bsc#1099042). - rmdir(),rename(): do shrink_dcache_parent() only on success (bsc#1100340). - s390/dasd: configurable IFCC handling (bsc#1097808). - sbitmap: check for valid bitmap in sbitmap_for_each (bsc#1090435). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). - scsi: ipr: Format HCAM overlay ID 0x41 (bsc#1097961). - scsi: ipr: new IOASC update (bsc#1097961). - scsi: lpfc: Change IO submit return to EBUSY if remote port is recovering (bsc#1092207). - scsi: lpfc: Driver NVME load fails when CPU cnt > WQ resource cnt (bsc#1092207). - scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1089525). - scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1095453). - scsi: lpfc: Fix MDS diagnostics failure (Rx lower than Tx) (bsc#1095453). - scsi: lpfc: Fix crash in blk_mq layer when executing modprobe -r lpfc (bsc#1095453). - scsi: lpfc: Fix port initialization failure (bsc#1095453). - scsi: lpfc: Fix up log messages and stats counters in IO submit code path (bsc#1092207). - scsi: lpfc: Handle new link fault code returned by adapter firmware (bsc#1092207). - scsi: lpfc: correct oversubscription of nvme io requests for an adapter (bsc#1095453). - scsi: lpfc: update driver version to 11.4.0.7-3 (bsc#1092207). - scsi: lpfc: update driver version to 11.4.0.7-4 (bsc#1095453). - scsi: qedi: Fix truncation of CHAP name and secret (bsc#1097931) - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails (bnc#1012382). - scsi: qla2xxx: Spinlock recursion in qla_target (bsc#1097501) - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (bnc#1099713, LTC#168765). - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version (bnc#1012382). - signal/xtensa: Consistenly use SIGBUS in do_unaligned_user (bnc#1012382). - sort and rename various hyperv patches - spi: Fix scatterlist elements size in spi_map_buf (bnc#1012382). - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust() (bnc#1012382). - tcp: verify the checksum of the first data segment in a new connection (bnc#1012382). - thinkpad_acpi: Add support for HKEY version 0x200 (bsc#1099810). - time: Make sure jiffies_to_msecs() preserves non-zero time periods (bnc#1012382). - ubi: fastmap: Cancel work upon detach (bnc#1012382). - udf: Detect incorrect directory size (bnc#1012382). - usb: do not reset if a low-speed or full-speed device timed out (bnc#1012382). - usb: musb: fix remote wakeup racing with suspend (bnc#1012382). - video/fbdev/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() (bsc#1090888 bsc#1099966). - video: uvesafb: Fix integer overflow in allocation (bnc#1012382). - w1: mxc_w1: Enable clock before calling clk_get_rate() on it (bnc#1012382). - x86/cpu/amd: Derive L3 shared_cpu_map from cpu_llc_shared_mask (bsc#1094643). - x86/mce: Improve error message when kernel cannot recover (git-fixes b2f9d678e28c). - x86/pti: do not report XenPV as vulnerable (bsc#1097551). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1012382). - xfrm6: avoid potential infinite loop in _decode_session6() (bnc#1012382). - xfrm: Ignore socket policies when rebuilding hash tables (bnc#1012382). - xfrm: skip policies marked as dead while rehashing (bnc#1012382). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP3: zypper in -t patch SUSE-SLE-RT-12-SP3-2018-1460=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP3 (x86_64): cluster-md-kmp-rt-4.4.139-3.17.1 cluster-md-kmp-rt-debuginfo-4.4.139-3.17.1 dlm-kmp-rt-4.4.139-3.17.1 dlm-kmp-rt-debuginfo-4.4.139-3.17.1 gfs2-kmp-rt-4.4.139-3.17.1 gfs2-kmp-rt-debuginfo-4.4.139-3.17.1 kernel-rt-4.4.139-3.17.1 kernel-rt-base-4.4.139-3.17.1 kernel-rt-base-debuginfo-4.4.139-3.17.1 kernel-rt-debuginfo-4.4.139-3.17.1 kernel-rt-debugsource-4.4.139-3.17.1 kernel-rt-devel-4.4.139-3.17.1 kernel-rt_debug-debuginfo-4.4.139-3.17.1 kernel-rt_debug-debugsource-4.4.139-3.17.1 kernel-rt_debug-devel-4.4.139-3.17.1 kernel-rt_debug-devel-debuginfo-4.4.139-3.17.1 kernel-syms-rt-4.4.139-3.17.1 ocfs2-kmp-rt-4.4.139-3.17.1 ocfs2-kmp-rt-debuginfo-4.4.139-3.17.1 - SUSE Linux Enterprise Real Time Extension 12-SP3 (noarch): kernel-devel-rt-4.4.139-3.17.1 kernel-source-rt-4.4.139-3.17.1 References: https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2018-13053.html https://www.suse.com/security/cve/CVE-2018-13405.html https://www.suse.com/security/cve/CVE-2018-13406.html https://www.suse.com/security/cve/CVE-2018-9385.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1074562 https://bugzilla.suse.com/1074578 https://bugzilla.suse.com/1074701 https://bugzilla.suse.com/1075006 https://bugzilla.suse.com/1075419 https://bugzilla.suse.com/1075748 https://bugzilla.suse.com/1075876 https://bugzilla.suse.com/1080039 https://bugzilla.suse.com/1085185 https://bugzilla.suse.com/1085657 https://bugzilla.suse.com/1087084 https://bugzilla.suse.com/1087939 https://bugzilla.suse.com/1089525 https://bugzilla.suse.com/1090435 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1092207 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1094248 https://bugzilla.suse.com/1094643 https://bugzilla.suse.com/1095453 https://bugzilla.suse.com/1096790 https://bugzilla.suse.com/1097034 https://bugzilla.suse.com/1097140 https://bugzilla.suse.com/1097492 https://bugzilla.suse.com/1097501 https://bugzilla.suse.com/1097551 https://bugzilla.suse.com/1097808 https://bugzilla.suse.com/1097931 https://bugzilla.suse.com/1097961 https://bugzilla.suse.com/1098016 https://bugzilla.suse.com/1098236 https://bugzilla.suse.com/1098425 https://bugzilla.suse.com/1098435 https://bugzilla.suse.com/1098527 https://bugzilla.suse.com/1099042 https://bugzilla.suse.com/1099183 https://bugzilla.suse.com/1099279 https://bugzilla.suse.com/1099713 https://bugzilla.suse.com/1099732 https://bugzilla.suse.com/1099810 https://bugzilla.suse.com/1099918 https://bugzilla.suse.com/1099924 https://bugzilla.suse.com/1099966 https://bugzilla.suse.com/1099993 https://bugzilla.suse.com/1100089 https://bugzilla.suse.com/1100340 https://bugzilla.suse.com/1100416 https://bugzilla.suse.com/1100418 https://bugzilla.suse.com/1100491 From sle-updates at lists.suse.com Tue Jul 31 10:18:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Jul 2018 18:18:58 +0200 (CEST) Subject: SUSE-RU-2018:2151-1: moderate: Recommended update for python-gcemetadata Message-ID: <20180731161858.E1E2AFD41@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-gcemetadata ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2151-1 Rating: moderate References: #1097505 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-gcemetadata fixes the following issues: - Support instances with multiple Nics. (bsc#1097505) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-1463=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-gcemetadata-0.3.3-5.6.1 References: https://bugzilla.suse.com/1097505