SUSE-SU-2018:1772-1: important: Security update for the Linux Kernel
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Thu Jun 21 10:09:15 MDT 2018
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:1772-1
Rating: important
References: #1012382 #1024718 #1031717 #1035432 #1041740
#1045330 #1056415 #1066223 #1068032 #1068054
#1068951 #1070404 #1073311 #1075428 #1076049
#1078583 #1079152 #1080542 #1080656 #1081500
#1081514 #1082153 #1082504 #1082979 #1085185
#1085308 #1086400 #1086716 #1087036 #1087086
#1088871 #1090435 #1090534 #1090734 #1090955
#1091594 #1094532 #1095042 #1095147 #1096037
#1096140 #1096214 #1096242 #1096281 #1096751
#1096982 #1097234 #1097356 #1098009 #1098012
#971975 #973378 #978907
Cross-References: CVE-2017-17741 CVE-2017-18241 CVE-2017-18249
CVE-2018-12233 CVE-2018-3665 CVE-2018-5848
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Live Patching 12-SP3
SUSE Linux Enterprise High Availability 12-SP3
SUSE Linux Enterprise Desktop 12-SP3
SUSE CaaS Platform ALL
______________________________________________________________________________
An update that solves 6 vulnerabilities and has 47 fixes is
now available.
Description:
The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.136 to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-5848: In the function wmi_set_ie(), the length validation code
did not handle unsigned integer overflow properly. As a result, a large
value of the 'ie_len' argument could have caused a buffer overflow
(bnc#1097356).
- CVE-2017-18249: The add_free_nid function did not properly track an
allocated nid, which allowed local users to cause a denial of service
(race condition) or possibly have unspecified other impact via
concurrent threads (bnc#1087036).
- CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and
AVX registers) between processes. These registers might contain
encryption keys when doing SSE accelerated AES enc/decryption
(bsc#1087086).
- CVE-2017-18241: Prevent a NULL pointer dereference by using a
noflush_merge
option that triggers a NULL value for a flush_cmd_control data structure
(bnc#1086400).
- CVE-2017-17741: The KVM implementation in the Linux kernel allowed
attackers to obtain potentially sensitive information from kernel
memory, aka a write_mmio stack-based out-of-bounds read (bnc#1073311).
- CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c, a memory
corruption bug in JFS can be triggered by calling setxattr twice with
two different extended attribute names on the same file. This
vulnerability can be triggered by an unprivileged user with the ability
to create files and execute programs. A kmalloc call is incorrect,
leading to slab-out-of-bounds in jfs_xattr (bnc#1097234).
The following non-security bugs were fixed:
- 8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
(bnc#1012382).
- ACPI: acpi_pad: Fix memory leak in power saving threads (bnc#1012382).
- ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
(bnc#1012382).
- ACPICA: Events: add a return on failure from acpi_hw_register_read
(bnc#1012382).
- ACPI: processor_perflib: Do not send _PPC change notification if not
ready (bnc#1012382).
- affs_lookup(): close a race with affs_remove_link() (bnc#1012382).
- af_key: Always verify length of provided sadb_key (bnc#1012382).
- aio: fix io_destroy(2) vs. lookup_ioctx() race (bnc#1012382).
- alsa: control: fix a redundant-copy issue (bnc#1012382).
- alsa: hda: Add Lenovo C50 All in one to the power_save blacklist
(bnc#1012382).
- alsa: hda - Use IS_REACHABLE() for dependency on input (bnc#1012382
bsc#1031717).
- alsa: timer: Call notifier in the same spinlock (bnc#1012382 bsc#973378).
- alsa: timer: Fix pause event notification (bnc#1012382 bsc#973378).
- alsa: usb: mixer: volume quirk for CM102-A+/102S+ (bnc#1012382).
- alsa: vmaster: Propagate slave error (bnc#1012382).
- arc: Fix malformed ARC_EMUL_UNALIGNED default (bnc#1012382).
- arm64: Add ARCH_WORKAROUND_2 probing (bsc#1085308).
- arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2
(bsc#1085308).
- arm64: Add 'ssbd' command-line option (bsc#1085308).
- arm64: Add this_cpu_ptr() assembler macro for use in entry.S
(bsc#1085308).
- arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bnc#1012382).
- arm64: alternatives: Add dynamic patching feature (bsc#1085308).
- arm64: assembler: introduce ldr_this_cpu (bsc#1085308).
- arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1
(bsc#1085308).
- arm64: do not call C code with el0's fp register (bsc#1085308).
- arm64: fix endianness annotation for
__apply_alternatives()/get_alt_insn() (bsc#1085308).
- arm64: introduce mov_q macro to move a constant into a 64-bit register
(bnc#1012382 bsc#1068032).
- arm64: lse: Add early clobbers to some input/output asm operands
(bnc#1012382).
- arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
(bnc#1012382).
- arm64: ssbd: Add global mitigation state accessor (bsc#1085308).
- arm64: ssbd: Add prctl interface for per-thread mitigation (bsc#1085308).
- arm64: ssbd: Introduce thread flag to control userspace mitigation
(bsc#1085308).
- arm64: ssbd: Restore mitigation status on CPU resume (bsc#1085308).
- arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation
(bsc#1085308).
- arm: 8748/1: mm: Define vdso_start, vdso_end as array (bnc#1012382).
- arm: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
(bnc#1012382).
- arm: 8770/1: kprobes: Prohibit probing on optimized_callback
(bnc#1012382).
- arm: 8771/1: kprobes: Prohibit kprobes on do_undefinstr (bnc#1012382).
- arm: 8772/1: kprobes: Prohibit kprobes on get_user functions
(bnc#1012382).
- arm/arm64: smccc: Add SMCCC-specific return codes (bsc#1085308).
- arm: dts: socfpga: fix GIC PPI warning (bnc#1012382).
- arm: OMAP1: clock: Fix debugfs_create_*() usage (bnc#1012382).
- arm: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
(bnc#1012382).
- arm: OMAP3: Fix prm wake interrupt for resume (bnc#1012382).
- arm: OMAP: Fix dmtimer init for omap1 (bnc#1012382).
- asm-generic: provide generic_pmdp_establish() (bnc#1012382).
- ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() (bnc#1012382
bsc#1031717).
- ASoC: Intel: sst: remove redundant variable dma_dev_name (bnc#1012382).
- ASoC: samsung: i2s: Ensure the RCLK rate is properly determined
(bnc#1012382).
- ASoC: topology: create TLV data for dapm widgets (bnc#1012382).
- ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
(bnc#1012382).
- audit: move calcs after alloc and check when logging set loginuid
(bnc#1012382).
- audit: return on memory error to avoid null pointer dereference
(bnc#1012382).
- autofs: change autofs4_expire_wait()/do_expire_wait() to take struct
path (bsc#1086716).
- autofs: change autofs4_wait() to take struct path (bsc#1086716).
- autofs: use path_has_submounts() to fix unreliable have_submount()
checks (bsc#1086716).
- autofs: use path_is_mountpoint() to fix unreliable d_mountpoint() checks
(bsc#1086716).
- batman-adv: fix header size check in batadv_dbg_arp() (bnc#1012382).
- batman-adv: fix multicast-via-unicast transmission with AP isolation
(bnc#1012382).
- batman-adv: fix packet checksum in receive path (bnc#1012382).
- batman-adv: fix packet loss for broadcasted DHCP packets to a server
(bnc#1012382).
- batman-adv: invalidate checksum on fragment reassembly (bnc#1012382).
- bcache: fix for allocator and register thread race (bnc#1012382).
- bcache: fix for data collapse after re-attaching an attached device
(bnc#1012382).
- bcache: fix kcrashes with fio in RAID5 backend dev (bnc#1012382).
- bcache: properly set task state in bch_writeback_thread() (bnc#1012382).
- bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
(bnc#1012382).
- bcache: return attach error when no cache set exist (bnc#1012382).
- block: cancel workqueue entries on blk_mq_freeze_queue() (bsc#1090435).
- Bluetooth: Apply QCA Rome patches for some ATH3012 models (bsc#1082504,
bsc#1095147).
- Bluetooth: btusb: Add device ID for RTL8822BE (bnc#1012382).
- Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB
(bnc#1012382).
- bnx2x: use the right constant (bnc#1012382).
- bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa() (bnc#1012382).
- bonding: do not allow rlb updates to invalid mac (bnc#1012382).
- bpf: fix selftests/bpf test_kmod.sh failure when
CONFIG_BPF_JIT_ALWAYS_ON=y (bnc#1012382).
- brcmfmac: Fix check for ISO3166 code (bnc#1012382).
- bridge: check iface upper dev when setting master via ioctl
(bnc#1012382).
- Btrfs: bail out on error during replay_dir_deletes (bnc#1012382).
- Btrfs: fix copy_items() return value when logging an inode (bnc#1012382).
- Btrfs: fix crash when trying to resume balance without the resume flag
(bnc#1012382).
- Btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers (bnc#1012382).
- Btrfs: fix NULL pointer dereference in log_dir_items (bnc#1012382).
- Btrfs: Fix out of bounds access in btrfs_search_slot (bnc#1012382).
- Btrfs: Fix possible softlock on single core machines (bnc#1012382).
- Btrfs: fix reading stale metadata blocks after degraded raid1 mounts
(bnc#1012382).
- Btrfs: fix scrub to repair raid6 corruption (bnc#1012382).
- Btrfs: fix xattr loss after power failure (bnc#1012382).
- Btrfs: send, fix issuing write op when processing hole in no data mode
(bnc#1012382).
- Btrfs: set plug for fsync (bnc#1012382).
- Btrfs: tests/qgroup: Fix wrong tree backref level (bnc#1012382).
- cdrom: do not call check_disk_change() inside cdrom_open() (bnc#1012382).
- ceph: delete unreachable code in ceph_check_caps() (bsc#1096214).
- ceph: fix race of queuing delayed caps (bsc#1096214).
- cfg80211: further limit wiphy names to 64 bytes (bnc#1012382 git-fixes).
- cfg80211: further limit wiphy names to 64 bytes (git-fixes).
- cfg80211: limit wiphy names to 128 bytes (bnc#1012382).
- cifs: silence compiler warnings showing up with gcc-8.0.0 (bnc#1012382
bsc#1090734).
- Clarify (and fix) MAX_LFS_FILESIZE macros (bnc#1012382).
- clk: Do not show the incorrect clock phase (bnc#1012382).
- clk: rockchip: Prevent calculating mmc phase if clock rate is zero
(bnc#1012382).
- clk: samsung: exynos3250: Fix PLL rates (bnc#1012382).
- clk: samsung: exynos5250: Fix PLL rates (bnc#1012382).
- clk: samsung: exynos5260: Fix PLL rates (bnc#1012382).
- clk: samsung: exynos5433: Fix PLL rates (bnc#1012382).
- clk: samsung: s3c2410: Fix PLL rates (bnc#1012382).
- clocksource/drivers/fsl_ftm_timer: Fix error return checking
(bnc#1012382).
- config: arm64: enable Spectre-v4 per-thread mitigation
- Correct the prefix in references tag in previous patches (bsc#1041740).
- cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
(bnc#1012382).
- cpufreq: CPPC: Initialize shared perf capabilities of CPUs (bnc#1012382).
- cpufreq: intel_pstate: Enable HWP by default (bnc#1012382).
- cpuidle: coupled: remove unused define cpuidle_coupled_lock
(bnc#1012382).
- crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss (bnc#1012382).
- crypto: vmx - Remove overly verbose printk from AES init routines
(bnc#1012382).
- dccp: do not free ccid2_hc_tx_sock struct in dccp_disconnect()
(bnc#1012382).
- dccp: fix tasklet usage (bnc#1012382).
- dlm: fix a clerical error when set SCTP_NODELAY (bsc#1091594).
- dlm: make sctp_connect_to_sock() return in specified time (bsc#1080542).
- dlm: remove O_NONBLOCK flag in sctp_connect_to_sock (bsc#1080542).
- dmaengine: ensure dmaengine helpers check valid callback (bnc#1012382).
- dmaengine: pl330: fix a race condition in case of threaded irqs
(bnc#1012382).
- dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 (bnc#1012382).
- dmaengine: usb-dmac: fix endless loop in usb_dmac_chan_terminate_all()
(bnc#1012382).
- dm thin: fix documentation relative to low water mark threshold
(bnc#1012382).
- do d_instantiate/unlock_new_inode combinations safely (bnc#1012382).
- dp83640: Ensure against premature access to PHY registers after reset
(bnc#1012382).
- drm/exynos: fix comparison to bitshift when dealing with a mask
(bnc#1012382).
- drm/i915: Disable LVDS on Radiant P845 (bnc#1012382).
- drm/rockchip: Respect page offset for PRIME mmap calls (bnc#1012382).
- drm: set FMODE_UNSIGNED_OFFSET for drm files (bnc#1012382).
- e1000e: allocate ring descriptors with dma_zalloc_coherent (bnc#1012382).
- e1000e: Fix check_for_link return value with autoneg off (bnc#1012382
bsc#1075428).
- efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32'
definition for mixed mode (bnc#1012382).
- enic: enable rq before updating rq descriptors (bnc#1012382).
- enic: set DMA mask to 47 bit (bnc#1012382).
- ext2: fix a block leak (bnc#1012382).
- fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in
sbusfb_ioctl_helper() (bnc#1012382).
- firewire-ohci: work around oversized DMA reads on JMicron controllers
(bnc#1012382).
- firmware: dmi: handle missing DMI data gracefully (bsc#1096037).
- firmware: dmi_scan: Fix handling of empty DMI strings (bnc#1012382).
- fix io_destroy()/aio_complete() race (bnc#1012382).
- Force log to disk before reading the AGF during a fstrim (bnc#1012382).
- fscache: Fix hanging wait on page discarded by writeback (bnc#1012382).
- fs/proc/proc_sysctl.c: fix potential page fault while unregistering
sysctl table (bnc#1012382).
- futex: futex_wake_op, do not fail on invalid op (git-fixes).
- futex: futex_wake_op, fix sign_extend32 sign bits (bnc#1012382).
- futex: Remove duplicated code and fix undefined behaviour (bnc#1012382).
- futex: Remove unnecessary warning from get_futex_key (bnc#1012382).
- gfs2: Fix fallocate chunk size (bnc#1012382).
- gianfar: Fix Rx byte accounting for ndev stats (bnc#1012382).
- gpio: No NULL owner (bnc#1012382).
- gpio: rcar: Add Runtime PM handling for interrupts (bnc#1012382).
- hfsplus: stop workqueue when fill_super() failed (bnc#1012382).
- HID: roccat: prevent an out of bounds read in
kovaplus_profile_activated() (bnc#1012382).
- hwmon: (nct6775) Fix writing pwmX_mode (bnc#1012382).
- hwmon: (pmbus/adm1275) Accept negative page register values
(bnc#1012382).
- hwmon: (pmbus/max8688) Accept negative page register values
(bnc#1012382).
- hwrng: stm32 - add reset during probe (bnc#1012382).
- hwtracing: stm: fix build error on some arches (bnc#1012382).
- i2c: mv64xxx: Apply errata delay only in standard mode (bnc#1012382).
- i2c: rcar: check master irqs before slave irqs (bnc#1012382).
- i2c: rcar: do not issue stop when HW does it automatically (bnc#1012382).
- i2c: rcar: init new messages in irq (bnc#1012382).
- i2c: rcar: make sure clocks are on when doing clock calculation
(bnc#1012382).
- i2c: rcar: refactor setup of a msg (bnc#1012382).
- i2c: rcar: remove spinlock (bnc#1012382).
- i2c: rcar: remove unused IOERROR state (bnc#1012382).
- i2c: rcar: revoke START request early (bnc#1012382).
- i2c: rcar: rework hw init (bnc#1012382).
- IB/ipoib: Fix for potential no-carrier state (bnc#1012382).
- iio:kfifo_buf: check for uint overflow (bnc#1012382).
- ima: Fallback to the builtin hash algorithm (bnc#1012382).
- ima: Fix Kconfig to select TPM 2.0 CRB interface (bnc#1012382).
- init: fix false positives in W+X checking (bsc#1096982).
- input: elan_i2c - add ELAN0612 (Lenovo v330 14IKB) ACPI ID (bnc#1012382).
- Input: elan_i2c_smbus - fix corrupted stack (bnc#1012382).
- input: goodix - add new ACPI id for GPD Win 2 touch screen (bnc#1012382).
- ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table
succeeds (bnc#1012382).
- ipc/shm: fix shmat() nil address after round-down when remapping
(bnc#1012382).
- ipmi/powernv: Fix error return code in ipmi_powernv_probe()
(bnc#1012382).
- ipmi_ssif: Fix kernel panic at msg_done_handler (bnc#1012382
bsc#1088871).
- ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg (bnc#1012382).
- ipv4: lock mtu in fnhe when received PMTU lower than
net.ipv4.route.min_pmtu (bnc#1012382).
- ipv4: remove warning in ip_recv_error (bnc#1012382).
- ipv6: omit traffic class when calculating flow hash (bsc#1095042).
- irda: fix overly long udelay() (bnc#1012382).
- irqchip/gic-v3: Change pr_debug message to pr_devel (bnc#1012382).
- isdn: eicon: fix a missing-check bug (bnc#1012382).
- jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
(bnc#1012382 git-fixes).
- kabi: vfs: Restore dentry_operations->d_manage (bsc#1086716).
- kasan: fix memory hotplug during boot (bnc#1012382).
- Kbuild: change CC_OPTIMIZE_FOR_SIZE definition (bnc#1012382).
- kconfig: Avoid format overflow warning from GCC 8.1 (bnc#1012382).
- kconfig: Do not leak main menus during parsing (bnc#1012382).
- kconfig: Fix automatic menu creation mem leak (bnc#1012382).
- kconfig: Fix expr_free() E_NOT leak (bnc#1012382).
- kdb: make "mdr" command repeat (bnc#1012382).
- kernel: Fix memory leak on EP11 target list processing (bnc#1096751,
LTC#168596).
- kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE (bnc#1012382).
- kernel/sys.c: fix potential Spectre v1 issue (bnc#1012382).
- kvm: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
(bnc#1012382).
- kvm: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in
use (bnc#1012382).
- kvm: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory
backing (bnc#1012382).
- kvm: VMX: raise internal error for exception during invalid protected
mode state (bnc#1012382).
- kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl (bnc#1012382).
- kvm: x86: introduce linear_{read,write}_system (bnc#1012382).
- kvm: x86: pass kvm_vcpu to kvm_read_guest_virt and
kvm_write_guest_virt_system (bnc#1012382).
- kvm: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure
(bsc#1096242, bsc#1096281).
- kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor
access (bnc#1012382).
- l2tp: revert "l2tp: fix missing print session offset info" (bnc#1012382).
- libata: blacklist Micron 500IT SSD with MU01 firmware (bnc#1012382).
- libata: Blacklist some Sandisk SSDs for NCQ (bnc#1012382).
- llc: better deal with too small mtu (bnc#1012382).
- llc: properly handle dev_queue_xmit() return value (bnc#1012382).
- lockd: lost rollback of set_grace_period() in lockd_down_net()
(bnc#1012382 git-fixes).
- locking/qspinlock: Ensure node->count is updated before initialising
node (bnc#1012382).
- locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
(bnc#1012382).
- locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
(bnc#1012382).
- m68k: set dma and coherent masks for platform FEC ethernets
(bnc#1012382).
- mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
(bnc#1012382).
- md raid10: fix NULL deference in handle_write_completed() (bnc#1012382
bsc#1056415).
- md/raid1: fix NULL pointer dereference (bnc#1012382).
- md: raid5: avoid string overflow warning (bnc#1012382).
- media: cx23885: Override 888 ImpactVCBe crystal frequency (bnc#1012382).
- media: cx23885: Set subdev host data to clk_freq pointer (bnc#1012382).
- media: cx25821: prevent out-of-bounds read on array card (bnc#1012382
bsc#1031717).
- media: dmxdev: fix error code for invalid ioctls (bnc#1012382).
- media: em28xx: USB bulk packet size fix (bnc#1012382).
- media: s3c-camif: fix out-of-bounds array access (bnc#1012382
bsc#1031717).
- mmap: introduce sane default mmap limits (bnc#1012382).
- mmap: relax file size limit for regular files (bnc#1012382).
- mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
(bnc#1012382).
- mm: do not allow deferred pages with NEED_PER_CPU_KM (bnc#1012382).
- mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to
complete during a read (bnc#1012382 bnc#971975).
- mm: filemap: remove redundant code in do_read_cache_page (bnc#1012382
bnc#971975).
- mm: fix races between address_space dereference and free in
page_evicatable (bnc#1012382).
- mm: fix the NULL mapping case in __isolate_lru_page() (bnc#1012382).
- mm/kmemleak.c: wait for scan completion before disabling free
(bnc#1012382).
- mm/ksm: fix interaction with THP (bnc#1012382).
- mm/mempolicy: add nodes_empty check in SYSC_migrate_pages (bnc#1012382).
- mm/mempolicy.c: avoid use uninitialized preferred_node (bnc#1012382).
- mm/mempolicy: fix the check of nodemask from user (bnc#1012382).
- mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
(bsc#1079152, VM Functionality).
- mm: pin address_space before dereferencing it while isolating an LRU
page (bnc#1012382 bnc#1081500).
- net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bnc#1012382).
- netdev-FAQ: clarify DaveM's position for stable backports (bnc#1012382).
- net: ethernet: sun: niu set correct packet size in skb (bnc#1012382).
- netfilter: ebtables: convert BUG_ONs to WARN_ONs (bnc#1012382).
- net: Fix untag for vlan packets without ethernet header (bnc#1012382).
- net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
(bnc#1012382).
- netlabel: If PF_INET6, check sk_buff ip header version (bnc#1012382).
- net: metrics: add proper netlink validation (bnc#1012382).
- net/mlx4_en: Verify coalescing parameters are in range (bnc#1012382).
- net/mlx4: Fix irq-unsafe spinlock usage (bnc#1012382).
- net/mlx5: Protect from command bit overflow (bnc#1012382).
- net: mvneta: fix enable of all initialized RXQs (bnc#1012382).
- net/packet: refine check for priv area size (bnc#1012382).
- net: phy: broadcom: Fix bcm_write_exp() (bnc#1012382).
- net: qmi_wwan: add BroadMobi BM806U 2020:2033 (bnc#1012382).
- net_sched: fq: take care of throttled flows before reuse (bnc#1012382).
- net: support compat 64-bit time in {s,g}etsockopt (bnc#1012382).
- net/tcp/illinois: replace broken algorithm reference link (bnc#1012382).
- net: test tailroom before appending to linear skb (bnc#1012382).
- net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 (bnc#1012382).
- net: usb: cdc_mbim: add flag FLAG_SEND_ZLP (bnc#1012382).
- net/usb/qmi_wwan.c: Add USB id for lt4120 modem (bnc#1012382).
- nfc: llcp: Limit size of SDP URI (bnc#1012382).
- nfs: Do not convert nfs_idmap_cache_timeout to jiffies (bnc#1012382
git-fixes).
- nfsv4: always set NFS_LOCK_LOST when a lock is lost (bnc#1012382
bsc#1068951).
- ntb_transport: Fix bug with max_mw_size parameter (bnc#1012382).
- nvme-pci: Fix nvme queue cleanup if IRQ setup fails (bnc#1012382).
- ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
(bnc#1012382).
- ocfs2/dlm: do not handle migrate lockres if already in shutdown
(bnc#1012382).
- ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
(bnc#1012382).
- ocfs2: return error when we attempt to access a dirty bh in jbd2
(bnc#1012382 bsc#1070404).
- openvswitch: Do not swap table in nlattr_set() after OVS_ATTR_NESTED is
found (bnc#1012382).
- packet: fix reserve calculation (bnc#1012382 git-fixes).
- packet: fix reserve calculation (git-fixes).
- packet: in packet_snd start writing at link layer allocation
(bnc#1012382).
- parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
(bnc#1012382).
- pci: Add function 1 DMA alias quirk for Marvell 88SE9220 (bnc#1012382).
- pci: Add function 1 DMA alias quirk for Marvell 9128 (bnc#1012382).
- pci: Restore config space on runtime resume despite being unbound
(bnc#1012382).
- perf callchain: Fix attr.sample_max_stack setting (bnc#1012382).
- perf/cgroup: Fix child event counting bug (bnc#1012382).
- perf/core: Fix perf_output_read_group() (bnc#1012382).
- perf report: Fix memory corruption in --branch-history mode
--branch-history (bnc#1012382).
- perf tests: Use arch__compare_symbol_names to compare symbols
(bnc#1012382).
- pipe: cap initial pipe capacity according to pipe-max-size limit
(bnc#1012382 bsc#1045330).
- powerpc/64s: Clear PCR on boot (bnc#1012382).
- powerpc: Add missing prototype for arch_irq_work_raise() (bnc#1012382).
- powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access (bnc#1012382).
- powerpc: Do not preempt_disable() in show_cpuinfo() (bnc#1012382
bsc#1066223).
- powerpc/mpic: Check if cpu_possible() in mpic_physmask() (bnc#1012382).
- powerpc/numa: Ensure nodes initialized for hotplug (bnc#1012382
bsc#1081514).
- powerpc/numa: Use ibm,max-associativity-domains to discover possible
nodes (bnc#1012382 bsc#1081514).
- powerpc/perf: Fix kernel address leak via sampling registers
(bnc#1012382).
- powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
(bnc#1012382).
- powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
(bnc#1012382).
- powerpc/powernv: panic() on OPAL lower than V3 (bnc#1012382).
- powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL
(bnc#1012382).
- powerpc/powernv: Remove OPALv2 firmware define and references
(bnc#1012382).
- proc: fix /proc/*/map_files lookup (bnc#1012382).
- procfs: fix pthread cross-thread naming if !PR_DUMPABLE (bnc#1012382).
- proc: meminfo: estimate available memory more conservatively
(bnc#1012382).
- proc read mm's {arg,env}_{start,end} with mmap semaphore taken
(bnc#1012382).
- qed: Fix mask for physical address in ILT entry (bnc#1012382).
- qla2xxx: Mask off Scope bits in retry delay (bsc#1068054).
- qmi_wwan: do not steal interfaces from class drivers (bnc#1012382).
- r8152: fix tx packets accounting (bnc#1012382).
- r8169: fix powering up RTL8168h (bnc#1012382).
- RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
(bnc#1012382).
- RDMA/ucma: Correct option size check using optlen (bnc#1012382).
- RDS: IB: Fix null pointer issue (bnc#1012382).
- Refreshed contents of patches (bsc#1085185)
- regulator: of: Add a missing 'of_node_put()' in an error handling path
of 'of_regulator_match()' (bnc#1012382).
- regulatory: add NUL to request alpha2 (bnc#1012382).
- Revert "arm: dts: imx6qdl-wandboard: Fix audio channel swap"
(bnc#1012382).
- Revert "ima: limit file hash setting by user to fix and log modes"
(bnc#1012382).
- Revert "ipc/shm: Fix shmat mmap nil-page protection" (bnc#1012382).
- Revert "regulatory: add NUL to request alpha2" (kabi).
- Revert "vti4: Do not override MTU passed on link creation via IFLA_MTU"
(bnc#1012382).
- rtc: hctosys: Ensure system time does not overflow time_t (bnc#1012382).
- rtc: snvs: Fix usage of snvs_rtc_enable (bnc#1012382).
- rtc: tx4939: avoid unintended sign extension on a 24 bit shift
(bnc#1012382).
- rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c
(bnc#1012382).
- rtnetlink: validate attributes in do_setlink() (bnc#1012382).
- s390: add assembler macros for CPU alternatives (bnc#1012382).
- s390/cio: clear timer when terminating driver I/O (bnc#1012382).
- s390/cio: fix return code after missing interrupt (bnc#1012382).
- s390/cpum_sf: ensure sample frequency of perf event attributes is
non-zero (LTC#168035 bnc#1012382 bnc#1094532).
- s390: extend expoline to BC instructions (bnc#1012382).
- s390/ftrace: use expoline for indirect branches (bnc#1012382).
- s390/kernel: use expoline for indirect branches (bnc#1012382).
- s390/lib: use expoline for indirect branches (bnc#1012382).
- s390: move expoline assembler macros to a header (bnc#1012382).
- s390: move spectre sysfs attribute code (bnc#1012382).
- s390/qdio: do not release memory in qdio_setup_irq() (bnc#1012382).
- s390/qdio: fix access to uninitialized qdio_q fields (LTC#168037
bnc#1012382 bnc#1094532).
- s390: remove indirect branch from do_softirq_own_stack (bnc#1012382).
- s390: use expoline thunks in the BPF JIT (bnc#1012382).
- sched/rt: Fix rq->clock_update_flags lower than RQCF_ACT_SKIP warning
(bnc#1012382).
- scripts/git-pre-commit:
- scsi: aacraid: fix shutdown crash when init fails (bnc#1012382).
- scsi: aacraid: Insure command thread is not recursively stopped
(bnc#1012382).
- scsi: bnx2fc: Fix check in SCSI completion handler for timed out request
(bnc#1012382).
- scsi: fas216: fix sense buffer initialization (bnc#1012382 bsc#1082979).
- scsi: libsas: defer ata device eh commands to libata (bnc#1012382).
- scsi: lpfc: Fix frequency of Release WQE CQEs (bnc#1012382).
- scsi: lpfc: Fix issue_lip if link is disabled (bnc#1012382 bsc#1080656).
- scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing
(bnc#1012382 bsc#1080656).
- scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM
(bnc#1012382 bsc#1078583).
- scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
(bnc#1012382).
- scsi: qla2xxx: Avoid triggering undefined behavior in
qla2x00_mbx_completion() (bnc#1012382).
- scsi: qla4xxx: skip error recovery in case of register disconnect
(bnc#1012382).
- scsi: scsi_transport_srp: Fix shost to rport translation (bnc#1012382).
- scsi: sd: Keep disk read-only when re-reading partition (bnc#1012382).
- scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (bnc#1012382).
- scsi: storvsc: Increase cmd_per_lun for higher speed devices
(bnc#1012382).
- scsi: sym53c8xx_2: iterator underflow in sym_getsync() (bnc#1012382).
- scsi: ufs: Enable quirk to ignore sending WRITE_SAME command
(bnc#1012382).
- scsi: zfcp: fix infinite iteration on ERP ready list (LTC#168038
bnc#1012382 bnc#1094532).
- sctp: delay the authentication for the duplicated cookie-echo chunk
(bnc#1012382).
- sctp: fix the issue that the cookie-ack with auth can't get processed
(bnc#1012382).
- sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
(bnc#1012382).
- sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
(bnc#1012382).
- selftests: ftrace: Add a testcase for probepoint (bnc#1012382).
- selftests: ftrace: Add a testcase for string type with kprobe_event
(bnc#1012382).
- selftests: ftrace: Add probe event argument syntax testcase
(bnc#1012382).
- selftests: memfd: add config fragment for fuse (bnc#1012382).
- selftests/net: fixes psock_fanout eBPF test case (bnc#1012382).
- selftests/powerpc: Skip the subpage_prot tests if the syscall is
unavailable (bnc#1012382).
- selftests: Print the test we're running to /dev/kmsg (bnc#1012382).
- selinux: KASAN: slab-out-of-bounds in xattr_getsecurity (bnc#1012382).
- serial: arc_uart: Fix out-of-bounds access through DT alias
(bnc#1012382).
- serial: fsl_lpuart: Fix out-of-bounds access through DT alias
(bnc#1012382).
- serial: imx: Fix out-of-bounds access through serial port index
(bnc#1012382).
- serial: mxs-auart: Fix out-of-bounds access through serial port index
(bnc#1012382).
- serial: samsung: fix maxburst parameter for DMA transactions
(bnc#1012382).
- serial: samsung: Fix out-of-bounds access through serial port index
(bnc#1012382).
- serial: xuartps: Fix out-of-bounds access through DT alias (bnc#1012382).
- sh: fix debug trap failure to process signals before return to user
(bnc#1012382).
- sh: New gcc support (bnc#1012382).
- signals: avoid unnecessary taking of sighand->siglock (bnc#1012382
bnc#978907).
- sit: fix IFLA_MTU ignored on NEWLINK (bnc#1012382).
- smsc75xx: fix smsc75xx_set_features() (bnc#1012382).
- sock_diag: fix use-after-free read in __sk_free (bnc#1012382).
- sparc64: Fix build warnings with gcc 7 (bnc#1012382).
- sparc64: Make atomic_xchg() an inline function rather than a macro
(bnc#1012382).
- spi: pxa2xx: Allow 64-bit DMA (bnc#1012382).
- sr: get/drop reference to device in revalidate and check_events
(bnc#1012382).
- staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr
(bnc#1012382).
- stm class: Use vmalloc for the master map (bnc#1012382).
- sunvnet: does not support GSO for sctp (bnc#1012382).
- swap: divide-by-zero when zero length swap file on ssd (bnc#1012382
bsc#1082153).
- tcp: avoid integer overflows in tcp_rcv_space_adjust() (bnc#1012382).
- tcp: ignore Fast Open on repair mode (bnc#1012382).
- tcp: purge write queue in tcp_connect_init() (bnc#1012382).
- team: use netdev_features_t instead of u32 (bnc#1012382).
- test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches
(git-fixes).
- tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent()
(bnc#1012382).
- tick/broadcast: Use for_each_cpu() specially on UP kernels (bnc#1012382).
- time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting (bnc#1012382).
- tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
(bnc#1012382).
- tools lib traceevent: Fix get_field_str() for dynamic strings
(bnc#1012382).
- tools lib traceevent: Simplify pointer print logic and fix %pF
(bnc#1012382).
- tools/thermal: tmon: fix for segfault (bnc#1012382).
- tpm: do not suspend/resume if power stays on (bnc#1012382).
- tpm: self test failure should not cause suspend to fail (bnc#1012382).
- tracing: Fix crash when freeing instances with event triggers
(bnc#1012382).
- tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes
into account (bnc#1012382).
- tracing/x86/xen: Remove zero data size trace events
trace_xen_mmu_flush_tlb{_all} (bnc#1012382).
- udf: Provide saner default for invalid uid / gid (bnc#1012382).
- usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() (bnc#1012382).
- usb: dwc2: Fix interval type issue (bnc#1012382).
- usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields (bnc#1012382).
- usb: gadget: composite: fix incorrect handling of OS desc requests
(bnc#1012382).
- usb: gadget: ffs: Execute copy_to_user() with USER_DS set (bnc#1012382).
- usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS
(bnc#1012382).
- usb: gadget: fsl_udc_core: fix ep valid checks (bnc#1012382).
- usb: gadget: f_uac2: fix bFirstInterface in composite gadget
(bnc#1012382).
- usb: gadget: udc: change comparison to bitshift when dealing with a mask
(bnc#1012382).
- usbip: usbip_host: delete device from busid_table after rebind
(bnc#1012382).
- usbip: usbip_host: fix bad unlock balance during stub_probe()
(bnc#1012382).
- usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
(bnc#1012382).
- usbip: usbip_host: refine probe and disconnect debug msgs to be useful
(bnc#1012382).
- usbip: usbip_host: run rebind from exit when module is removed
(bnc#1012382).
- usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
(bnc#1012382).
- usb: musb: fix enumeration after resume (bnc#1012382).
- USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM
(bnc#1012382).
- USB: serial: cp210x: use tcflag_t to fix incompatible pointer type
(bnc#1012382).
- vfs: add path_has_submounts() (bsc#1086716).
- vfs: add path_is_mountpoint() helper (bsc#1086716).
- vfs: change d_manage() to take a struct path (bsc#1086716).
- virtio-gpu: fix ioctl and expose the fixed status to userspace
(bnc#1012382).
- virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
(bnc#1012382).
- vmscan: do not force-scan file lru if its absolute size is small
(bnc#1012382).
- vmw_balloon: fixing double free when batching mode is off (bnc#1012382).
- vti4: Do not count header length twice on tunnel setup (bnc#1012382).
- vti4: Do not override MTU passed on link creation via IFLA_MTU
(bnc#1012382).
- watchdog: f71808e_wdt: Fix magic close handling (bnc#1012382).
- watchdog: sp5100_tco: Fix watchdog disable bit (bnc#1012382).
- workqueue: use put_device() instead of kfree() (bnc#1012382).
- x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic'
specified (bnc#1012382).
- x86/boot: Fix early command-line parsing when partial word matches
(bsc#1096140).
- x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1068032).
- x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being
disabled (bsc#1096140).
- x86/cpufeature: Remove unused and seldomly used cpu_has_xx macros
(bnc#1012382).
- x86/crypto, x86/fpu: Remove X86_FEATURE_EAGER_FPU #ifdef from the crc32c
code (bnc#1012382).
- x86/devicetree: Fix device IRQ settings in DT (bnc#1012382).
- x86/devicetree: Initialize device tree before using it (bnc#1012382).
- x86: ENABLE_IBRS is sometimes called early during boot while it should
not. Let's drop the uoptimization for now. Fixes bsc#1098009 and
bsc#1098012
- x86/fpu: Disable AVX when eagerfpu is off (bnc#1012382).
- x86/fpu: Hard-disable lazy FPU mode (bnc#1012382).
- x86/fpu: Revert ("x86/fpu: Disable AVX when eagerfpu is off")
(bnc#1012382).
- x86/kexec: Avoid double free_page() upon do_kexec_load() failure
(bnc#1012382).
- x86/pgtable: Do not set huge PUD/PMD on non-leaf entries (bnc#1012382).
- x86/pkeys: Do not special case protection key 0 (1041740).
- x86/pkeys: Override pkey when moving away from PROT_EXEC (1041740).
- x86/power: Fix swsusp_arch_resume prototype (bnc#1012382).
- x86: Remove unused function cpu_has_ht_siblings() (bnc#1012382).
- x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly
across CPU hotplug operations (bnc#1012382).
- xen/acpi: off by one in read_acpi_id() (bnc#1012382).
- xen/grant-table: Use put_page instead of free_page (bnc#1012382).
- xen-netfront: Fix race between device setup and open (bnc#1012382).
- xen/netfront: raise max number of slots in xennet_get_responses()
(bnc#1076049).
- xen/pirq: fix error path cleanup when binding MSIs (bnc#1012382).
- xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
(bnc#1012382).
- xen: xenbus: use put_device() instead of kfree() (bnc#1012382).
- xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (bnc#1012382).
- xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955,
bsc#1090534).
- xfs: detect agfl count corruption and reset agfl (bnc#1012382
bsc#1090534 bsc#1090955).
- xfs: detect agfl count corruption and reset agfl (bsc#1090955,
bsc#1090534).
- xfs: do not log/recover swapext extent owner changes for deleted inodes
(bsc#1090955).
- xfs: remove racy hasattr check from attr ops (bnc#1012382 bsc#1035432).
- xhci: Fix USB3 NULL pointer dereference at logical disconnect
(git-fixes).
- xhci: Fix use-after-free in xhci_free_virt_device (git-fixes).
- xhci: zero usb device slot_id member when disabling and freeing a xhci
slot (bnc#1012382).
- zorro: Set up z->dev.dma_mask for the DMA API (bnc#1012382).
- xfs: fix incorrect log_flushed on fsync (bnc#1012382).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP3:
zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1199=1
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1199=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1199=1
- SUSE Linux Enterprise Live Patching 12-SP3:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1199=1
- SUSE Linux Enterprise High Availability 12-SP3:
zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1199=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1199=1
- SUSE CaaS Platform ALL:
To install this update, use the SUSE CaaS Platform Velum dashboard.
It will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64):
kernel-default-debuginfo-4.4.138-94.39.1
kernel-default-debugsource-4.4.138-94.39.1
kernel-default-extra-4.4.138-94.39.1
kernel-default-extra-debuginfo-4.4.138-94.39.1
- SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-4.4.138-94.39.1
kernel-obs-build-debugsource-4.4.138-94.39.1
- SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch):
kernel-docs-4.4.138-94.39.1
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-4.4.138-94.39.1
kernel-default-base-4.4.138-94.39.1
kernel-default-base-debuginfo-4.4.138-94.39.1
kernel-default-debuginfo-4.4.138-94.39.1
kernel-default-debugsource-4.4.138-94.39.1
kernel-default-devel-4.4.138-94.39.1
kernel-syms-4.4.138-94.39.1
- SUSE Linux Enterprise Server 12-SP3 (noarch):
kernel-devel-4.4.138-94.39.1
kernel-macros-4.4.138-94.39.1
kernel-source-4.4.138-94.39.1
- SUSE Linux Enterprise Server 12-SP3 (s390x):
kernel-default-man-4.4.138-94.39.1
- SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64):
kgraft-patch-4_4_138-94_39-default-1-4.5.1
kgraft-patch-4_4_138-94_39-default-debuginfo-1-4.5.1
- SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.4.138-94.39.1
cluster-md-kmp-default-debuginfo-4.4.138-94.39.1
dlm-kmp-default-4.4.138-94.39.1
dlm-kmp-default-debuginfo-4.4.138-94.39.1
gfs2-kmp-default-4.4.138-94.39.1
gfs2-kmp-default-debuginfo-4.4.138-94.39.1
kernel-default-debuginfo-4.4.138-94.39.1
kernel-default-debugsource-4.4.138-94.39.1
ocfs2-kmp-default-4.4.138-94.39.1
ocfs2-kmp-default-debuginfo-4.4.138-94.39.1
- SUSE Linux Enterprise Desktop 12-SP3 (noarch):
kernel-devel-4.4.138-94.39.1
kernel-macros-4.4.138-94.39.1
kernel-source-4.4.138-94.39.1
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
kernel-default-4.4.138-94.39.1
kernel-default-debuginfo-4.4.138-94.39.1
kernel-default-debugsource-4.4.138-94.39.1
kernel-default-devel-4.4.138-94.39.1
kernel-default-extra-4.4.138-94.39.1
kernel-default-extra-debuginfo-4.4.138-94.39.1
kernel-syms-4.4.138-94.39.1
- SUSE CaaS Platform ALL (x86_64):
kernel-default-4.4.138-94.39.1
kernel-default-debuginfo-4.4.138-94.39.1
kernel-default-debugsource-4.4.138-94.39.1
References:
https://www.suse.com/security/cve/CVE-2017-17741.html
https://www.suse.com/security/cve/CVE-2017-18241.html
https://www.suse.com/security/cve/CVE-2017-18249.html
https://www.suse.com/security/cve/CVE-2018-12233.html
https://www.suse.com/security/cve/CVE-2018-3665.html
https://www.suse.com/security/cve/CVE-2018-5848.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1024718
https://bugzilla.suse.com/1031717
https://bugzilla.suse.com/1035432
https://bugzilla.suse.com/1041740
https://bugzilla.suse.com/1045330
https://bugzilla.suse.com/1056415
https://bugzilla.suse.com/1066223
https://bugzilla.suse.com/1068032
https://bugzilla.suse.com/1068054
https://bugzilla.suse.com/1068951
https://bugzilla.suse.com/1070404
https://bugzilla.suse.com/1073311
https://bugzilla.suse.com/1075428
https://bugzilla.suse.com/1076049
https://bugzilla.suse.com/1078583
https://bugzilla.suse.com/1079152
https://bugzilla.suse.com/1080542
https://bugzilla.suse.com/1080656
https://bugzilla.suse.com/1081500
https://bugzilla.suse.com/1081514
https://bugzilla.suse.com/1082153
https://bugzilla.suse.com/1082504
https://bugzilla.suse.com/1082979
https://bugzilla.suse.com/1085185
https://bugzilla.suse.com/1085308
https://bugzilla.suse.com/1086400
https://bugzilla.suse.com/1086716
https://bugzilla.suse.com/1087036
https://bugzilla.suse.com/1087086
https://bugzilla.suse.com/1088871
https://bugzilla.suse.com/1090435
https://bugzilla.suse.com/1090534
https://bugzilla.suse.com/1090734
https://bugzilla.suse.com/1090955
https://bugzilla.suse.com/1091594
https://bugzilla.suse.com/1094532
https://bugzilla.suse.com/1095042
https://bugzilla.suse.com/1095147
https://bugzilla.suse.com/1096037
https://bugzilla.suse.com/1096140
https://bugzilla.suse.com/1096214
https://bugzilla.suse.com/1096242
https://bugzilla.suse.com/1096281
https://bugzilla.suse.com/1096751
https://bugzilla.suse.com/1096982
https://bugzilla.suse.com/1097234
https://bugzilla.suse.com/1097356
https://bugzilla.suse.com/1098009
https://bugzilla.suse.com/1098012
https://bugzilla.suse.com/971975
https://bugzilla.suse.com/973378
https://bugzilla.suse.com/978907
More information about the sle-updates
mailing list