From sle-updates at lists.suse.com Thu Aug 1 13:13:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Aug 2019 21:13:17 +0200 (CEST) Subject: SUSE-SU-2019:2036-1: important: Security update for java-1_8_0-openjdk Message-ID: <20190801191317.06347FDF5@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2036-1 Rating: important References: #1115375 #1141780 #1141782 #1141783 #1141784 #1141785 #1141786 #1141787 #1141789 Cross-References: CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-7317 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for java-1_8_0-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2842: Extended AES support (bsc#1141786). - CVE-2019-7317: Improve PNG support (bsc#1141780). - Certificate validation improvements Non-security issue fixed: - Fixed an issue where the installation failed when the manpages are not present (bsc#1115375) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2036=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2036=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2036=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2036=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2036=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2036=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2036=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2036=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2036=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2036=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2036=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2036=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2036=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2036=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2036=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2036=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2036=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2036=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_8_0-openjdk-1.8.0.222-27.35.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2 - SUSE OpenStack Cloud 8 (x86_64): java-1_8_0-openjdk-1.8.0.222-27.35.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2 - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-openjdk-1.8.0.222-27.35.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.222-27.35.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.222-27.35.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_8_0-openjdk-1.8.0.222-27.35.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.222-27.35.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.222-27.35.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.222-27.35.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-openjdk-1.8.0.222-27.35.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.222-27.35.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-openjdk-1.8.0.222-27.35.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.222-27.35.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): java-1_8_0-openjdk-1.8.0.222-27.35.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): java-1_8_0-openjdk-1.8.0.222-27.35.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2 - SUSE Enterprise Storage 5 (x86_64): java-1_8_0-openjdk-1.8.0.222-27.35.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2 - SUSE Enterprise Storage 4 (x86_64): java-1_8_0-openjdk-1.8.0.222-27.35.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2 - HPE Helion Openstack 8 (x86_64): java-1_8_0-openjdk-1.8.0.222-27.35.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2 References: https://www.suse.com/security/cve/CVE-2019-2745.html https://www.suse.com/security/cve/CVE-2019-2762.html https://www.suse.com/security/cve/CVE-2019-2766.html https://www.suse.com/security/cve/CVE-2019-2769.html https://www.suse.com/security/cve/CVE-2019-2786.html https://www.suse.com/security/cve/CVE-2019-2816.html https://www.suse.com/security/cve/CVE-2019-2842.html https://www.suse.com/security/cve/CVE-2019-7317.html https://bugzilla.suse.com/1115375 https://bugzilla.suse.com/1141780 https://bugzilla.suse.com/1141782 https://bugzilla.suse.com/1141783 https://bugzilla.suse.com/1141784 https://bugzilla.suse.com/1141785 https://bugzilla.suse.com/1141786 https://bugzilla.suse.com/1141787 https://bugzilla.suse.com/1141789 From sle-updates at lists.suse.com Thu Aug 1 13:14:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Aug 2019 21:14:54 +0200 (CEST) Subject: SUSE-SU-2019:2035-1: important: Security update for polkit Message-ID: <20190801191454.1DFFDFDF5@maintenance.suse.de> SUSE Security Update: Security update for polkit ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2035-1 Rating: important References: #1121826 Cross-References: CVE-2019-6133 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend (bsc#1121826). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2035=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2035=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2035=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2019-2035=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2035=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2035=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2035=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2035=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2035=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2035=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2035=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2035=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2035=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2035=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2035=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2035=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2035=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2035=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2035=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2035=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2035=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2035=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libpolkit0-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 - SUSE OpenStack Cloud 8 (x86_64): libpolkit0-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libpolkit0-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libpolkit0-32bit-0.113-5.18.1 libpolkit0-debuginfo-32bit-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libpolkit0-32bit-0.113-5.18.1 libpolkit0-debuginfo-32bit-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 polkit-devel-0.113-5.18.1 polkit-devel-debuginfo-0.113-5.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 polkit-devel-0.113-5.18.1 polkit-devel-debuginfo-0.113-5.18.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libpolkit0-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libpolkit0-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libpolkit0-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpolkit0-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libpolkit0-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libpolkit0-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libpolkit0-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libpolkit0-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpolkit0-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libpolkit0-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): libpolkit0-0.113-5.18.1 libpolkit0-32bit-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 libpolkit0-debuginfo-32bit-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpolkit0-0.113-5.18.1 libpolkit0-32bit-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 libpolkit0-debuginfo-32bit-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 - SUSE Enterprise Storage 5 (x86_64): libpolkit0-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 - SUSE Enterprise Storage 4 (x86_64): libpolkit0-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 - HPE Helion Openstack 8 (x86_64): libpolkit0-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 References: https://www.suse.com/security/cve/CVE-2019-6133.html https://bugzilla.suse.com/1121826 From sle-updates at lists.suse.com Thu Aug 1 13:18:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Aug 2019 21:18:23 +0200 (CEST) Subject: SUSE-SU-2019:2034-1: moderate: Security update for python-Django1 Message-ID: <20190801191823.26783FDF5@maintenance.suse.de> SUSE Security Update: Security update for python-Django1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2034-1 Rating: moderate References: #1136468 Cross-References: CVE-2019-12308 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Django1 fixes the following issues: - CVE-2019-12308: Fixed an improper validatation of the clickable "Current URL" link in AdminURLFieldWidget which could have allowed attackers to perform XSS attacks (bsc#1136468). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2034=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2034=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-Django1-1.11.20-3.6.1 - SUSE OpenStack Cloud 9 (noarch): python-Django1-1.11.20-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-12308.html https://bugzilla.suse.com/1136468 From sle-updates at lists.suse.com Fri Aug 2 04:10:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Aug 2019 12:10:36 +0200 (CEST) Subject: SUSE-RU-2019:2039-1: moderate: Recommended update for transfig Message-ID: <20190802101036.A4A39FDF5@maintenance.suse.de> SUSE Recommended Update: Recommended update for transfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2039-1 Rating: moderate References: #1136882 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for transfig fixes the following issues: - Fix export to PDF, PNG from. (bsc#1136882) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-2039=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-2039=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): transfig-3.2.6a-4.6.1 transfig-debuginfo-3.2.6a-4.6.1 transfig-debugsource-3.2.6a-4.6.1 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): transfig-3.2.6a-4.6.1 transfig-debuginfo-3.2.6a-4.6.1 transfig-debugsource-3.2.6a-4.6.1 References: https://bugzilla.suse.com/1136882 From sle-updates at lists.suse.com Fri Aug 2 04:11:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Aug 2019 12:11:24 +0200 (CEST) Subject: SUSE-RU-2019:2037-1: moderate: Recommended update for yast2-storage-ng Message-ID: <20190802101124.10B83FDF5@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2037-1 Rating: moderate References: #1136272 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-storage-ng fixes the following issues: - AutoYaST: Fixed typo in filesystem type NFS that caused a crash. (bsc#1136272) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2037=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-storage-ng-4.1.85-3.6.1 References: https://bugzilla.suse.com/1136272 From sle-updates at lists.suse.com Fri Aug 2 04:12:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Aug 2019 12:12:11 +0200 (CEST) Subject: SUSE-RU-2019:2040-1: moderate: Recommended update for openssl-ibmca Message-ID: <20190802101211.47FFEFDF5@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-ibmca ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2040-1 Rating: moderate References: #1138517 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-ibmca fixes the following issues: - An Apache HTTP Server was set up with mod_ssl and the openssl ibmca engine using libica and a CEX6A card. Whenever a worker process is cleaned up a segmentation fault occurs. (bsc#1138517) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2040=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (s390x): openssl-ibmca-2.0.2-7.3.1 openssl-ibmca-debuginfo-2.0.2-7.3.1 openssl-ibmca-debugsource-2.0.2-7.3.1 References: https://bugzilla.suse.com/1138517 From sle-updates at lists.suse.com Fri Aug 2 04:12:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Aug 2019 12:12:56 +0200 (CEST) Subject: SUSE-RU-2019:14137-1: moderate: Recommended update for timezone Message-ID: <20190802101256.10B42FDF5@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14137-1 Rating: moderate References: #1140016 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-timezone-14137=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-timezone-14137=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-timezone-14137=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-timezone-14137=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): timezone-2019b-0.52.26.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): timezone-java-2019b-0.52.26.3 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): timezone-java-2019b-0.52.26.3 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): timezone-2019b-0.52.26.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): timezone-debuginfo-2019b-0.52.26.2 timezone-debugsource-2019b-0.52.26.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): timezone-debuginfo-2019b-0.52.26.2 timezone-debugsource-2019b-0.52.26.2 References: https://bugzilla.suse.com/1140016 From sle-updates at lists.suse.com Fri Aug 2 10:10:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Aug 2019 18:10:32 +0200 (CEST) Subject: SUSE-SU-2019:2042-1: moderate: Security update for python-Django Message-ID: <20190802161032.74AC1FDF5@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2042-1 Rating: moderate References: #1124991 Cross-References: CVE-2019-6975 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Django fixes the following issues: - Fixed CVE-2019-6975 (bsc#1124991) * Added CVE-2019-6975.patch to fix uncontrolled memory consumption * If ``django.utils.numberformat.format()`` -- used by ``contrib.admin`` as well as the the ``floatformat``, ``filesizeformat``, and ``intcomma`` templates filters -- received a ``Decimal`` with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to ``'{:f}'.format()``. To avoid this, decimals with more than 200 digits are now formatted using scientific notation. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2042=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-Django-1.8.19-3.12.5 References: https://www.suse.com/security/cve/CVE-2019-6975.html https://bugzilla.suse.com/1124991 From sle-updates at lists.suse.com Fri Aug 2 13:10:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Aug 2019 21:10:59 +0200 (CEST) Subject: SUSE-SU-2019:2043-1: moderate: Security update for openexr Message-ID: <20190802191059.8DA1BFDF5@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2043-1 Rating: moderate References: #1061305 Cross-References: CVE-2017-14988 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openexr fixes the following issues: - CVE-2017-14988: Fixed a denial of service in Header::readfrom() (bsc#1061305). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2043=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2043=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2043=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2043=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): openexr-2.2.1-3.9.2 openexr-debuginfo-2.2.1-3.9.2 openexr-debugsource-2.2.1-3.9.2 openexr-doc-2.2.1-3.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libIlmImf-2_2-23-32bit-2.2.1-3.9.2 libIlmImf-2_2-23-32bit-debuginfo-2.2.1-3.9.2 libIlmImfUtil-2_2-23-32bit-2.2.1-3.9.2 libIlmImfUtil-2_2-23-32bit-debuginfo-2.2.1-3.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openexr-2.2.1-3.9.2 openexr-debuginfo-2.2.1-3.9.2 openexr-debugsource-2.2.1-3.9.2 openexr-doc-2.2.1-3.9.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.9.2 libIlmImf-2_2-23-debuginfo-2.2.1-3.9.2 libIlmImfUtil-2_2-23-2.2.1-3.9.2 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.9.2 openexr-debuginfo-2.2.1-3.9.2 openexr-debugsource-2.2.1-3.9.2 openexr-devel-2.2.1-3.9.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.9.2 libIlmImf-2_2-23-debuginfo-2.2.1-3.9.2 libIlmImfUtil-2_2-23-2.2.1-3.9.2 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.9.2 openexr-debuginfo-2.2.1-3.9.2 openexr-debugsource-2.2.1-3.9.2 openexr-devel-2.2.1-3.9.2 References: https://www.suse.com/security/cve/CVE-2017-14988.html https://bugzilla.suse.com/1061305 From sle-updates at lists.suse.com Mon Aug 5 07:10:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Aug 2019 15:10:34 +0200 (CEST) Subject: SUSE-RU-2019:2044-1: moderate: Recommended update for openssh Message-ID: <20190805131034.38288FDF5@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2044-1 Rating: moderate References: #1136402 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssh fixes the following issues: - Added a patch, which reverts an upstream commit that caused compatibility issues with other software. (bsc#1136402) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2044=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2044=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2044=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2044=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): openssh-debuginfo-7.9p1-6.6.4 openssh-debugsource-7.9p1-6.6.4 openssh-fips-7.9p1-6.6.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): openssh-cavs-7.9p1-6.6.4 openssh-cavs-debuginfo-7.9p1-6.6.4 openssh-debuginfo-7.9p1-6.6.4 openssh-debugsource-7.9p1-6.6.4 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): openssh-askpass-gnome-7.9p1-6.6.6 openssh-askpass-gnome-debuginfo-7.9p1-6.6.6 openssh-askpass-gnome-debugsource-7.9p1-6.6.6 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): openssh-7.9p1-6.6.4 openssh-debuginfo-7.9p1-6.6.4 openssh-debugsource-7.9p1-6.6.4 openssh-helpers-7.9p1-6.6.4 openssh-helpers-debuginfo-7.9p1-6.6.4 References: https://bugzilla.suse.com/1136402 From sle-updates at lists.suse.com Mon Aug 5 13:10:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Aug 2019 21:10:26 +0200 (CEST) Subject: SUSE-SU-2019:2046-1: moderate: Security update for ardana packages Message-ID: <20190805191026.477AAFFD7@maintenance.suse.de> SUSE Security Update: Security update for ardana packages ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2046-1 Rating: moderate References: #1115960 #1120657 #1121530 #1122053 #1122825 #1124170 #1128453 #1131712 #1131791 #1131899 #1132542 #1132654 #1132832 #1132852 #1132853 #1132860 #1134336 Cross-References: CVE-2018-19039 CVE-2019-10876 CVE-2019-11068 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that solves three vulnerabilities and has 14 fixes is now available. Description: This update for ardana package fixes the following issues: - Update to version 9.0+git.1560211997.7ac9792: * Adds repository list parameter (bsc#1122825) - Update to version 9.0+git.1557219331.457b6e7: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 9.0+git.1559292830.208d258: * Convert number of workers to int (SOC-9418) - Update to version 9.0+git.1557424689.2b085d5: * Update gerrit location (SCRD-9140) - Update to version 9.0+git.1556225774.492d42c: * SCRD-8748 Fix default worker count determination logic (SCRD-8748) - Switch to new Gerrit Server - Update to version 9.0+git.1557220194.6a90deb: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 9.0+git.1557219517.7b97993: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 9.0+git.1559039284.6fc1d47: * Convert number of workers to int (SOC-9384) - Update to version 9.0+git.1558583814.a96bada: * Restrict rootwrap directories for cinder (bsc#1132542) - Update to version 9.0+git.1557421539.521a486: * SCRD-8748 Fix default worker count determination logic (SCRD-8748) - Update to version 9.0+git.1557219553.d850ca4: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 9.0+git.1557219586.7c96a6d: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 9.0+git.1557219626.b190680: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 9.0+git.1560868957.42bcb70: * MariaDB conf changes IPv6 (SOC-9089) - Update to version 9.0+git.1559351643.a440414: * Configure xinted mysqlchk to accept ipv6 (SOC-9369) - Update to version 9.0+git.1557219651.3d4d2d5: * Update gerrit location (SCRD-9140) - Update to version 9.0+git.1554995553.23d9513: * Configurable innodb flush options (SCRD-7496) - Switch to new Gerrit Server - Update to version 9.0+git.1558588538.9211022: * Secure designate's rootwrap files (bsc#1132542) - Update to version 9.0+git.1558549508.9bfa9e7: * specify rootwrap config file in designate sudoer (bsc#1132542) - Update to version 9.0+git.1557219686.0e71bf9: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 9.0+git.1559033522.5e5be1c: * Convert number of workers to int (SOC-9381) - Update to version 9.0+git.1557421456.f1e5016: * SCRD-8748 Fix default worker count determination logic (SCRD-8748) - Update to version 9.0+git.1557219717.fe1bde6: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 9.0+git.1559036788.b727b53: * Convert number of workers to int (SOC-9382) - Update to version 9.0+git.1557421526.a8c13bf: * SCRD-8748 Fix default worker count determination logic (SCRD-8748) - Update to version 9.0+git.1557219773.fe2f6aa: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 9.0+git.1557219807.6036a8e: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 9.0+git.1557220534.883f8c9: * Update gerrit location (SCRD-9140) - Update to version 9.0+git.1557189507.c786525: * add external network to Ironic multi-tenancy input model (SCRD-8930) - Update to version 9.0+git.1557189482.8931e67: * add neutron_l3_agent plugin (SCRD-8929) - Switch to new Gerrit Server - Update to version 9.0+git.1556199488.bdf1cdc: * SCRD-7471 Don't set external-name in ardana-ci models (SCRD-7471) - Update to version 9.0+git.1559171053.476225c: * Move keystone error url to locale bundle (SOC-3456) * Add doc link to 503 error from Keystone (SOC-3456) - Update to version 9.0+git.1558732415.467c8ab: * Consolidate setCloseButtonDisabled * Disable close button when playbook or action in progress * Disable close button when playbook or action in progress * Updated comments * Fixed an issue for replacing controller page * Prevent operations when replacing a server in progress (SCRD-8756) - Update to version 9.0+git.1558726203.bae5a7d: * Updated the message for full deployment (SOC-8879) * Add SES integration into day0/2 (SoC-8555) (#342) - Update to version 9.0+git.1557281300.f3e29e9: * Use Lato font version 2.015 from latofonts.com (#349) - Update to version 9.0+git.1556908018.7801990: * Update documentation useful link (SCRD-8689) * Open useful links in a new tab (SCRD-8910) * Added prepare deployment/deploy capability to model config (SCRD-8879) - Update to version 9.0+git.1560365077.17250c6: * Sync up rootwrap filters with upstream (SOC-9500) - Update to version 9.0+git.1557219834.53dbb0b: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 9.0+git.1559292289.b5ed172: * Convert number of processes to int (SOC-9418) - Update to version 9.0+git.1557421499.3e9fe25: * SCRD-8748 Fix default worker count determination logic (SCRD-8748) - Update to version 9.0+git.1557219888.c532b5e: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 9.0+git.1557219914.6d7ebb5: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 9.0+git.1557219960.226e32b: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Switch to new Gerrit Server - Update to version 9.0+git.1556646861.58ce24f: * update audit API map for Manila (SCRD-8747) - Update to version 9.0+git.1557219995.cd49525: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 9.0+git.1556731170.c8210e0: * Rip out vertica related code (SCRD-9031) - Switch to new Gerrit Server - Update to version 9.0+git.1557220073.7e88cfa: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 9.0+git.1560214193.fc0378b: * bind epmd.socket to ipv4 and ipv6 (SOC-8364) - Update to version 9.0+git.1557220112.00d7117: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 9.0+git.1560464557.d2f6200: * Remove the creation of /etc/neutron/rootwrap.conf (SOC-9472) - Update to version 9.0+git.1560196282.28bbf67: * Change how lbaasv2 rootwrap filters are installed (SOC-9457) - Update to version 9.0+git.1560195873.c45568f: * Rootwrap changes for supported L3-agent extensions (SOC-9459) - Update to version 9.0+git.1559846163.ca22b06: * Improve neutron service restart limit handling (SOC-8746) - Update to version 9.0+git.1559031432.b99d89a: * Convert number of workers to int (SOC-9379) - Update to version 9.0+git.1558569689.36fbbd5: * Tighten neutron sudoers to only execute rootwrap (bsc#1132542) (SOC-9031) - Update to version 9.0+git.1557942331.3c74f81: * Kill dhclient before restarting neutron-openvswitch-agent (SOC-9230) - Update to version 9.0+git.1557421465.faf2c38: * SCRD-8748 Fix default worker count determination logic (SCRD-8748) - Update to version 9.0+git.1557322578.4542665: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 9.0+git.1559869848.7a706df: * Adding support for qemu-ovmf to ardana (SOC-8985) - Update to version 9.0+git.1559823309.d3d23fe: * Convert number of workers to int (SOC-9380) - Update to version 9.0+git.1559234129.2fd63a9: * SCRD-9031 Change permitted nova-rootwrap config file pattern (bsc#1132542) - Update to version 9.0+git.1558549516.86e9f59: * specify rootwrap config file in nova sudoer (bsc#1132542) - Update to version 9.0+git.1554825274.040de21: * SCRD-8748 Fix default worker count determination logic (SCRD-8748) - Switch to new Gerrit Server - Update to version 9.0+git.1560519270.e0a2620: * Tune bumpng anphora retries (SOC-9285) - Update to version 9.0+git.1558549438.4ce3e83: * Stop installing a sudoers root escalator (SCRD-9031) - Update to version 9.0+git.1555319067.9e6f74e: * Increase number of connect retries (SCRD-7496) - Switch to new Gerrit Server - Switch to new Gerrit Server - Update to version 9.0+git.1555530925.206f1a8: * Fix 'Add New Dashboard Card' button on Ops Console dashboard (SCRD-7697) - Switch to new Gerrit Server - Update to version 9.0+git.1560269313.7ddaff2: * Configure sysctl neigh.default.gc_thres for ipv6 (SOC-5771) - Update to version 9.0+git.1559870350.2cde7ea: * Remove '/32' from iptables tasks (SOC-9349) - Update to version 9.0+git.1557219143.2fc9eb2: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 9.0+git.1560974342.47a5b12: * Correctly handle HttpError during authentication (SOC-3456) - Switch to new Gerrit Server - Update to version 9.0+git.1557220501.ebd3011: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Switch to new Gerrit Server - Update to version 9.0+git.1557220247.e78d1c3: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 9.0+git.1559038506.cc119d9: * Convert number of workers to int (SOC-9383) - Update to version 9.0+git.1557421607.00a5fae: * Update gerrit location (SCRD-9140) * SCRD-8748 Fix default worker count determination logic (SCRD-8748) - Switch to new Gerrit Server - Update to version 9.0+git.1560949748.f0bd816: * Blacklist test_delete_policies_while_tenant_attached_to_net (SOC-9235) - Update to version 9.0+git.1560694157.69a4419: * Blacklist some revert tests (SOC-9178) - Update to version 9.0+git.1560529053.50e76bf: * Blacklist some revert tests (SOC-9178) - Update to version 9.0+git.1560517118.0aac5fd: * Add configuration for manila-tempest-plugin (SOC-7496) - Update to version 9.0+git.1560180804.42077a8: * Revert Remove common failing tests from tempest runs (SOC-9366) - Update to version 9.0+git.1559833566.10d972d: * Fix lbaas tempest filter (SOC-7496) - Update to version 9.0+git.1559139132.a92980b: * Move some nova tests to serial (SOC-9366) - Update to version 9.0+git.1558706119.27e844b: * Remove comoonly failing tests from tempest runs (SOC-9366) - Update to version 9.0+git.1557825747.1002f16: * run neutron-lbaas tempest tests sequentially (SCRD-9176) - Update to version 9.0+git.1557421599.43d2140: * Update gerrit location (SCRD-9140) - Update to version 9.0+git.1557335657.ab2f1b9: * Disable TestVolumeBootPattern.test_volume_boot_pattern (SCRD-9015) * Make --os-test-timeout configurable and increase default (SCRD-7496) - Update to version 9.0+git.1556893395.1813ec1: * Increase and make timeout values configurable (SCRD-7496) * Configure tempest heat_plugin (SCRD-7496) - Switch to new Gerrit Server - Update to version 9.0+git.1556788546.313ff00: * Enable additional features for cinder testing (SCRD-7496) * Enable volume backed live migration tests (SCRD-7496) - Update to version 9.0+git.1556788508.468dae0: * Set admin project to cloud admin project (SCRD-7496) - Update to version 9.0+git.1556728115.62a8427: * Set cinder/glance admin on tempest roles (SCRD-7496) - Update to version 9.0+git.1556721233.8750e33: * Configure neutron tempest plugin (SCRD-7496) - Update to version 9.0+git.1556721213.3c2f140: * Update neutron api extensions list (SCRD-7496) - Update to version 9.0+git.1556530821.e592de1: * Update tempest test filters (SCRD-7496) - Update to version 9.0+git.1557220381.5641a2e: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Update to version 1.0+git.1560518045.ad7dc6d: * Patching node before bootstraping - Update to version 6.0+git.1561125496.b7508480: * IPv6: Export ip_version and handle the DHCP domain - Update to version 6.0+git.1558489909.b45da865: * ipv6: Update start-up.sh to be IPv6 compatible - Update to version 6.0+git.1558002425.cc651aae: * crowbar: Make potential output of reset_crowbar visible - Update to version 6.0+git.1562154525.5e2983308: * Crowbar: DomainName verification relaxed - Update to version 6.0+git.1561729566.22019624e: * upgrade: Mark correctly the set of nodes that was selected for upgrade - Update to version 6.0+git.1561555935.31c4165cc: * Use proper names for the Travis Tests (SOC-9565) * Replace Danger with Gitlint (SOC-9565) * Switch from Travis dist from Trusty to Xenial (SOC-9565) - Update to version 6.0+git.1561381017.8aab650d0: * network: Don't set datapath-ids on ovs-bridges anymore - Update to version 6.0+git.1560962186.456663e42: * crowbar: Save sync_mark attributes in databag * dns: fix designate migration - Update to version 6.0+git.1560522168.7a376b958: * travis: pin sexp_processor to 4.12.0 * Allow restricted API access during upgrade - Update to version 6.0+git.1559635691.42aa36659: * deployer: Use dhcp on crowbar_register only when enable_pxe is set (bsc#1132654) * network: Allow locking down the network config for nodes (bsc#1120657) - Update to version 6.0+git.1558533504.0a5369b05: * provisioner: enabled tuned profiles - Update to version 6.0+git.1558029089.90c1cb545: * crowbar: Add debug logging to restore API * crowbar: Move crowbarrc mgmt into crowbar cookbook (SCRD-8330) - Update to version 6.0+git.1557765503.660dd52c5: * Ignore CVE-2019-11068 during Travis (SOC-9262) - Update to version 6.0+git.1557210549.ec8c84852: * Fix order of values in nodes piechart - Update to version 6.0+git.1556186576.4d681c4ed: * Update Lato font to version 2.015 (SCRD-8948) - Update to version 6.0+git.1560951093.4af1ee5: * Add timeout multiplier * Make default sync_mark timeout configurable - update suse-branding.patch (SOC-9297) - Update to version 6.0+git.1562153583.4735fcf34: * Sync Travis with crowbar-core (SOC-9565) - Update to version 6.0+git.1561546411.c9b99ebbb: * Make ovs of_inactivity_probe configurable from neutron barclamp - Update to version 6.0+git.1561124272.c447b965b: * Configurable timeout for Galera pre-sync - Update to version 6.0+git.1560962133.cf99aa9eb: * monasca: use string keys for attrs in migrations - Update to version 6.0+git.1560502325.7de215873: * nova: only create nonexistent cell1 * nova: reinstate old db sync ordering - Update to version 6.0+git.1560353653.b92e4f9c1: * designate: do not use pacemaker as all the services are stateless * designate: allow worker on cluster. - Update to version 6.0+git.1559857307.9cb8796a6: * rabbitmq: Fix ACL of SSL key after uid/gid change - Update to version 6.0+git.1559841020.dfbbc5be5: * tempest: Disable Barbican validation of signed image (SOC-8578) - Update to version 6.0+git.1559637225.141253d99: * ironic: Add Redfish drivers by default - Update to version 6.0+git.1559542941.26fe90143: * ironic: Install deploy image with ironic - Update to version 6.0+git.1559214145.66de78575: * nova: Don't retry creating existing flavors - Update to version 6.0+git.1558698448.10d30a50d: * ironic: Use IP also in [swift] section - Update to version 6.0+git.1558609537.4ebc9b31d: * neutron: increase interval between checks to 30s * neutron: remove .openrc creation from neutron cookbooks * neutron: Don't restart l3-ha on .openrc change - Update to version 6.0+git.1558326886.306598770: * nova: Show stdout/stderr when "openstack flavor list" fails - Update to version 6.0+git.1558084779.634ff6e8a: * neutron: Add 'insecure' to old cli calls - Update to version 6.0+git.1557932150.575791c62: * database: Make wsrep_provider_options configurable (fate#327745) * horizon: Disable Ceph dashboard if not monitored (SOC-7573) - Update to version 6.0+git.1557840648.637a6f7e6: * monasca: Fix notification types initialisation * monasca: Add openvswitch plugin (SCRD-7571) * designate: do not install the keystone_authtoken on worker nodes * monasca: Configure `delegate_authorized_roles` - Update to version 6.0+git.1557734236.12a27293f: * database: Raise and align promote/demote timeouts (bsc#1131791) - Update to version 6.0+git.1557393769.797307d6f: * neutron: use crm_resource restart for restarting neutron-l3-ha-service - Update to version 6.0+git.1556267896.b86529796: * neutron: restart neutron-ha-tool when the config file changes - Update to version 6.0+git.1556220665.450d8de69: * tempest: Enable BaremetalBasicOps test - Update to version 9.20190621: * Update after branching change * Update operations-maintenance-update_maintenance.xml * add scottwulf content * address recommended changes * change PTF deploy instructions (bsc#1128453) - switch to maintenance/cloud_9 git branch - Update to version 9.20190620: * add designate barclamp (SCRD-8739) - Update to version 9.20190613: * Language update to copy-on-write * model tab for day2 UI (SOC-8879) - replaces PR992 * Updated model tab for day2 UI (SOC-8879) - Update to version 9.20190611: * Fixing merge conflicts * Fixing minor issue * Fixing Tim's edits to the config file * Adding Carl's edits * updating versions and intro * Adding comments from Walter Boring * Fixes * Fix broken build and comments * Fix SES Integration chapter: SOC-9343 - Update to version 9.20190610: * Triggering a re-build * Fixing filename error * Update install_caasp_heat_templates.xml * Update installation-installation-ses_integration.xml * Updating based on Carl's clarification * Fix bsc#1131899 * Further CaaSP restructuring and removing outdated instructions * Include instructions for registering CaaSP for MU's (SCRD-8793) - Update to version 9.20190607: * add OVSvApp, Nova proxy VM sizing (no bsc, no Jira) * optipng deployment images (no bsc, no Jira) * add nova-proxy description to ESXi and OVSvApp section (no bsc, no Jira) - Update to version 9.20190605: * move fernet token to supported Keystone feature - Update to version 9.20190528: * Remove docmanager section * Reformat the file * Feedback from csymons * Crowbar POC initial version - Update to version 9.20190522: * Remove completely outdated Bugzilla association from Supplement Guide * Remove upstream admin/user guides - Update to version 9.20190521: * add Network Security Group logging (SCRD-9124) - Update to version 9.20190520: * CLM - update MariaDB manually (bsc#1132852, SOC-9022) * add instructions for updating MariaDB manually (bsc#1132852) - Update to version 9.20190516: * Fix command to create external network * Remove sudo from commands in "Setting Up Multiple External Networks" - Update to version 9.20190515: * Update README.adoc - Update to version 9.20190514: * Grammar fix * README: Add super dummy docs how to build locally * Document bootstrap galera cluster with a missing node (bsc#1132853) * Remove authors.xml * Refinements to CaaSP MU process * Included changes requested by reviewers * Instruct CaaS users to install Tiller component (SCRD-8793) * Update install_caasp_heat_templates.xml * Document more necessary CaaSP settings (SCRD-8793) - Update to version 9.20190509: * update boot from SAN and multipath configuration (SCRD-8942) * remove outdated Swift instructions (SCRD-8941) * replace SOC 8 with SOC 9 (no bsc) * make Fernet token default (bsc#1134336) - Update to version 9.20190508: * increase VMs supported to 12000 (no bsc, no SCRD) - Update to version 9.20190506: * change repo location cloud8 to cloud9 Rocket Chat * remove note re uefi, secure boot (bsc#1132832) - Update to version 9.20190425: * address requested changes * change Monasca documentation (SCRD-7786) * changes to RHEL Installation Guide requested by T.R. (no bsc#, no SCRD) * adjust table structure and headings * restructure console alarm table (SCRD-7710, bsc#1124170) * restructure esx alarm table (SCRD-7710, bsc#1124170) * restructure identity alarm table (SCRD-7710, bsc#1124170) * restructure system alarms table (SCRD-7710, bsc#1124170) * restructure networking table (SCRD-7710, bsc#1124170) * restructure other alarms table (SCRD-7710, bsc#1124170) * restructure telemetry table (SCRD-7710, bsc#1124170) * restructure storage table (SCRD-7710, bsc#1124170) * complete compute alarm table - Update to version 9.20190424: * update Manila component installation (SCRD-8940) - Update to version 9.20190423: * Update Day0 screenshots (SCRD-8976) (#951) - Update to version 9.20190422: * add cobbler deprecation notice (no bsc#, no SCRD) * set up security rule before creating VM (SCRD-8947) - Update to version 9.20190419: * fix neutron ovsvapp commands (SCRD-8911) - Add 0001-Use-strings-when-setting-X-Cache-header.patch Fixes a problem with Twisted versions where headers values must be strings, not bools. - Update to version 0.0+git.1562242499.36b8b64 (bsc#1122053): * Add optional systemd ready and watchdog support * Drop unneeded check for "conn" * Reset last_query_response when the cache needs to be updated * Drop unneeded "conn" var initialization * Move respone header generation to own function * Use None as default result * Drop opts.being_updated variable * Use contextmanager for DB connection * Refactor DB method to get WSREP local state * Refactor method to get readonly DB status * pep8: Fix E712 comparison to False should be 'if cond is False:' * pep8: Fix E305 expected 2 blank lines after class or function def * pep8: Fix E124 closing bracket does not match visual indentation * pep8: Fix E251 unexpected spaces around keyword / parameter equals * pep8: Fix E262 inline comment should start with '# ' * pep8: Fix E261 at least two spaces before inline comment * pep8: Fix F841 local variable is assigned to but never used * pep8: Fix E302 expected 2 blank lines, found 1 * pep8: Fix E265 block comment should start with '# ' * pep8: Fix E231 missing whitespace after ',' * pep8: Fix E999 SyntaxError: invalid syntax * pep8: Fix F821 undefined name * pep8: Fix E225 missing whitespace around operator * pep8: Fix E221 multiple spaces before operator * pep8: Fix F401 module imported but unused * Add clustercheck to console_scripts * Add basic test infrastructure and a first pep8 job * Fix exception handling for pymysql exception * Readd argparse usage * Fix installation requirements * Add read timeout to prevent connection hanging forever * Exclude benchmark/ directory when creating sdist tarball * Use argparse instead of optparse * Add basic logging infrastructure * Add a standard setup.py file * Catch all query exceptions * Switch to PyMySQL - Drop pymysql.patch and readtimeout.patch. Both merged upstream. - Use systemd service type=notify which is now supported upstream - Use systemd watchdog which is now supported upstream - Update to version 5.3.3 (CVE-2018-19039, bsc#1115960) : * File Exfiltration vulnerability Security fix - Update to version ceilometer-11.0.2.dev13: * Update reno for stable/rocky - Update to version ceilometer-11.0.2.dev12: * [stable-only] Fix sphinx requirement - Update to version ceilometer-11.0.2.dev10: * tempest: Allow to configure tempest config - Update to version ceilometer-11.0.2.dev8: * Remove \_ceilometer\_check\_for\_storage check * OpenDev Migration Patch - Update to version ceilometer-11.0.2.dev6: * Added snapshot delete event * Fixes KeyError on volume create/delete - Update to version ceilometer-11.0.2.dev13: * Update reno for stable/rocky - Update to version ceilometer-11.0.2.dev12: * [stable-only] Fix sphinx requirement - Update to version ceilometer-11.0.2.dev10: * tempest: Allow to configure tempest config - Update to version ceilometer-11.0.2.dev8: * Remove \_ceilometer\_check\_for\_storage check * OpenDev Migration Patch - Update to version ceilometer-11.0.2.dev6: * Added snapshot delete event * Fixes KeyError on volume create/delete - Update to version cinder-13.0.6.dev12: * Create new image volume cache entry when cloning fails - Update to version cinder-13.0.6.dev10: * Fix python3 compatibility of rbd get\_fsid - Update to version cinder-13.0.6.dev9: * lvm: Only use initiators when comparing connector dicts - Update to version cinder-13.0.6.dev7: * Declare multiattach support for HPE MSA - Update to version cinder-13.0.6.dev6: * Fix "connector=None" issue in Kaminario drivers - Update to version cinder-13.0.6.dev5: * NetApp: Return all iSCSI targets-portals - Update to version cinder-13.0.6.dev4: * Make sure we install cinder requirements during the correct tox phase 13.0.5 - Update to version cinder-13.0.5.dev27: * Remove LOCI publishing from the post pipeline * 3PAR: Provide an option duing creation of volume from snapshot * OpenDev Migration Patch * Tests: Fix up test\_volume notify tests * Remove auth\_uri usage * Tests: Fix up migrate notify tests * Handle multiattach attribute when managing volumes * Set right attach mode after migration * Replace openstack.org git:// URLs with https:// * Check Volume Status on attahcment create/update 13.0.4 * NetApp SolidFire: Fix multi-attach volume deletion * Fix Support Matrix - Pure does support Multiattach * Fix Snapshot object metadata loading * VNX: update sg in cache * Restore VMAX unit test mock * VMAX Driver - Fix for invalid device id length * Raise the ImageTooBig exception when found it * hpe 3par driver initialization failure * Fix unexpected behavior in \_clone\_image\_volume * VNX: Add constraints for async migration * Handle drivers that do not support list manageable * Fix wrong uuid recognized when create group * Exclude disabled API versions from listing * Tintri: Inherit tests from BaseDriverTestCase * VMware: Fix revert-to-snapshot * Fix api-ref title levels and index * Fix group availability zone-backend host mismatch * Fix version return incorrect when endpoint url end without / * Fix for auth version change in Brcd HTTP * VNX Driver: delete\_hba() instead of remove\_hba() * Fix for HPE MSA 2050 login failures 13.0.3 * Avoid using 'truncate' on Windows * Fix permissions with NFS-backed snapshots and backups * Delete related encryption provider when a volume type is deleting - Update to version cinder-13.0.6.dev12: * Create new image volume cache entry when cloning fails - Update to version cinder-13.0.6.dev10: * Fix python3 compatibility of rbd get\_fsid - Update to version cinder-13.0.6.dev9: * lvm: Only use initiators when comparing connector dicts - Update to version cinder-13.0.6.dev7: * Declare multiattach support for HPE MSA - Update to version cinder-13.0.6.dev6: * Fix "connector=None" issue in Kaminario drivers - Update to version cinder-13.0.6.dev5: * NetApp: Return all iSCSI targets-portals - Update to version cinder-13.0.6.dev4: * Make sure we install cinder requirements during the correct tox phase 13.0.5 - Update to version cinder-13.0.5.dev27: * Remove LOCI publishing from the post pipeline * 3PAR: Provide an option duing creation of volume from snapshot * OpenDev Migration Patch * Tests: Fix up test\_volume notify tests * Remove auth\_uri usage * Tests: Fix up migrate notify tests * Handle multiattach attribute when managing volumes * Set right attach mode after migration * Replace openstack.org git:// URLs with https:// * Check Volume Status on attahcment create/update 13.0.4 * NetApp SolidFire: Fix multi-attach volume deletion * Fix Support Matrix - Pure does support Multiattach * Fix Snapshot object metadata loading * VNX: update sg in cache * Restore VMAX unit test mock * VMAX Driver - Fix for invalid device id length * Raise the ImageTooBig exception when found it * hpe 3par driver initialization failure * Fix unexpected behavior in \_clone\_image\_volume * VNX: Add constraints for async migration * Handle drivers that do not support list manageable * Fix wrong uuid recognized when create group * Exclude disabled API versions from listing * Tintri: Inherit tests from BaseDriverTestCase * VMware: Fix revert-to-snapshot * Fix api-ref title levels and index * Fix group availability zone-backend host mismatch * Fix version return incorrect when endpoint url end without / * Fix for auth version change in Brcd HTTP * VNX Driver: delete\_hba() instead of remove\_hba() * Fix for HPE MSA 2050 login failures 13.0.3 * Avoid using 'truncate' on Windows * Fix permissions with NFS-backed snapshots and backups * Delete related encryption provider when a volume type is deleting - add dependency on nfs-utils - Update to version horizon-14.0.4.dev4: * Make project volume group table work even with volumev3 only env - Update to version horizon-14.0.4.dev3: * Complete angular translation extract pattern 14.0.3 * OpenDev Migration Patch * Imported Translations from Zanata - Update to version designate-7.0.1.dev20: * Allow pdns4 backend to select tsigkey - Update to version designate-7.0.1.dev18: * Clean fix for bandit exclusions change - Update to version designate-7.0.1.dev17: * Fixing RabbitMQ gate timeouts * Fix DBDeadLock error resulting into 500 - Update to version designate-7.0.1.dev13: * Use branched version of neutron-tempest-plugin job * OpenDev Migration Patch - Update to version designate-7.0.1.dev20: * Allow pdns4 backend to select tsigkey - Update to version designate-7.0.1.dev18: * Clean fix for bandit exclusions change - Update to version designate-7.0.1.dev17: * Fixing RabbitMQ gate timeouts * Fix DBDeadLock error resulting into 500 - Update to version designate-7.0.1.dev13: * Use branched version of neutron-tempest-plugin job * OpenDev Migration Patch - Update to version openstack-heat-11.0.3.dev5: * Return None for attributes of sd with no actions * Fix regression with SW deployments when region not configured - Update to version openstack-heat-11.0.3.dev2: * Blacklist bandit 1.6.0 and cap Sphinx on Python2 * OpenDev Migration Patch 11.0.2 - Update to version openstack-heat-11.0.3.dev5: * Return None for attributes of sd with no actions * Fix regression with SW deployments when region not configured - Update to version openstack-heat-11.0.3.dev2: * Blacklist bandit 1.6.0 and cap Sphinx on Python2 * OpenDev Migration Patch 11.0.2 - Update to version designate-dashboard-7.0.1.dev7: * OpenDev Migration Patch * Imported Translations from Zanata - Update to latest spec from rpm-packaging * Don't exclude python bytecode files in dashboards * do not compress files during installation * install settings file for heat-dashboard - Update to version magnum-ui-5.0.2.dev9: * Limit cluster update properties * OpenDev Migration Patch - Update to latest spec from rpm-packaging * Don't exclude python bytecode files in dashboards - Update to version ironic-11.1.4.dev2: * Ansible module: fix configdrive partition creation step - Update to version ironic-11.1.4.dev1: 11.1.3 * Place upper bound on python-dracclient version - Update to version ironic-11.1.3.dev26: * Update sphinx requirements - Update to version ironic-11.1.3.dev25: * Do not try to return mock as JSON in unit tests * Ansible module fix: stream\_url - Update to version ironic-11.1.3.dev22: * Disable metadata\_csum when creating ext4 filesystems - Update to version ironic-11.1.3.dev21: * Fix pyghmi path * OpenDev Migration Patch * Reuse checksum calculation from oslo - Update to version ironic-11.1.3.dev17: * Ansible module: fix clean error handling * Ansible module: fix partition\_configdrive.sh file - Update to version ironic-11.1.4.dev2: * Ansible module: fix configdrive partition creation step - Update to version ironic-11.1.4.dev1: 11.1.3 * Place upper bound on python-dracclient version - Update to version ironic-11.1.3.dev26: * Update sphinx requirements - Update to version ironic-11.1.3.dev25: * Do not try to return mock as JSON in unit tests * Ansible module fix: stream\_url - Update to version ironic-11.1.3.dev22: * Disable metadata\_csum when creating ext4 filesystems - Update to version ironic-11.1.3.dev21: * Fix pyghmi path * OpenDev Migration Patch * Reuse checksum calculation from oslo - Update to version ironic-11.1.3.dev17: * Ansible module: fix clean error handling * Ansible module: fix partition\_configdrive.sh file - Update to version ironic-python-agent-3.3.2.dev13: * Bind mount /run into chroot when installing grub * Ironic python agent does not extract correct available memory - Update to version ironic-python-agent-3.3.2.dev9: * Fix download upper constraints - Update to version ironic-python-agent-3.3.2.dev7: * Add more channel number for detecting BMC IP address - Update to version ironic-python-agent-3.3.2.dev5: * Fixes for building images with CoreOS - Update to version ironic-python-agent-3.3.2.dev4: * Fetch upper constraints from opendev.org * OpenDev Migration Patch - Update to version keystone-14.1.1.dev7: * Blacklist bandit 1.6.0 * OpenDev Migration Patch - Update to version keystone-14.1.1.dev5: * Remove message about circular role inferences - Update to version keystone-14.1.1.dev3: * Delete shadow users when domain is deleted - Update to version keystone-14.1.1.dev7: * Blacklist bandit 1.6.0 * OpenDev Migration Patch - Update to version keystone-14.1.1.dev5: * Remove message about circular role inferences - Update to version keystone-14.1.1.dev3: * Delete shadow users when domain is deleted * fix self-service credential APIs (bsc#1121530) - Update to version magnum-7.1.1.dev24: * Fix registry on k8s\_fedora\_atomic - Update to version magnum-7.1.1.dev23: * Blacklist bandit 1.6.0 and cap Sphinx on Python2 - Update to version magnum-7.1.1.dev22: * Partial backport: Disable broken image building * OpenDev Migration Patch - Update to version magnum-7.1.1.dev24: * Fix registry on k8s\_fedora\_atomic - Update to version magnum-7.1.1.dev23: * Blacklist bandit 1.6.0 and cap Sphinx on Python2 - Update to version magnum-7.1.1.dev22: * Partial backport: Disable broken image building * OpenDev Migration Patch - Update to version manila-7.3.1.dev2: * [CI] Add bindep.txt * OpenDev Migration Patch 7.3.0 - Update to version manila-7.3.1.dev2: * [CI] Add bindep.txt * OpenDev Migration Patch 7.3.0 - Updated the openstack-monasca-agent-sudoers file (bsc#1132542) - update to version 1.14.1~dev8 - Fix team and repository tags in README.rst - update to version 1.14.1~dev7 - OpenDev Migration Patch - Blacklist bandit and update sphinx requirement - Fix loading of notification plugins - Bug Fix: Parses notifier configuration options - Update to version neutron-13.0.4.dev89: * Treat networks shared by RBAC in same way as shared with all tenants * Turn CIDR in query filter into proper subnet - Update to version neutron-13.0.4.dev86: * Prevent create port forwarding to port which has binding fip - Update to version neutron-13.0.4.dev84: * Release notes for dns\_domain behavioural changes - Update to version neutron-13.0.4.dev83: * DVR: on new port only send router update on port's host - Update to version neutron-13.0.4.dev81: * Reset MAC on unbinding direct-physical port - Update to version neutron-13.0.4.dev79: * Optimize the code that fixes the race condition of DHCP agent - Update to version neutron-13.0.4.dev77: * Switch to new engine facade for Route objects * Revert "Pass network's dns\_domain to dnsmasq conf" - Update to version neutron-13.0.4.dev73: * SRIOV agent: wait VFs initialization on embedded switch create - Update to version neutron-13.0.4.dev72: * Make OVS controller inactivity\_probe configurable * improve dvr port update under large scale deployment * Packets getting lost during SNAT with too many connections * [DVR] Block ARP to dvr router's port instead of subnet's gateway * Use list instead of six.viewkeys to avoid py2 to py3 problems * Only store segmenthostmapping when enable segment plugin * Wait to ipv6 accept\_ra be really changed by L3 agent * Add port\_forwarding to devstack plugin * Allow first address in an IPv6 subnet as valid unicast * Show all SG rules belong to SG in group's details * [DHCP] Don't resync network if same port is alredy in cache * Remove rootwrap configuration from neutron-keepalived-state-change * Use six.viewkeys instead of dict.keys to avoid py2 to py3 problems - Update to version neutron-13.0.4.dev50: * Ensure dvr ha router gateway port binding host - Update to version neutron-13.0.4.dev48: * Async notify neutron-server for HA states * Fix handling of network:shared field in policy module * Fix creating policy rules from subattributes * Keep HA ports info for HA router during entire lifecycle * Don't count ports with inactive bindings as serviceable dvr ports * Use dynamic lazy mode for fetching security group rules - Update to version neutron-13.0.4.dev38: * Revert iptables TCP checksum-fill code - Update to version neutron-13.0.4.dev36: * Get ports query: extract limit and use it only at the end - Update to version neutron-13.0.4.dev34: * Not process port forwarding if no snat functionality * Move subnet postcommit out of transaction for bulk create - Update to version neutron-13.0.4.dev30: * Give some HA router case specific resources - Update to version neutron-13.0.4.dev28: * Check master/backup router status in DVR functional tests - Update to version neutron-13.0.4.dev26: * OpenDev Migration Patch * Set HA failover bridges veth pair devices UP - Update to version neutron-13.0.4.dev23: * neutron.conf needs lock\_path set for router to operate This change is adding required configuration in neutron.conf to set the lock\_path parameter, which was missing in compute-install-ubuntu.rst - Update to version neutron-13.0.4.dev21: * Do not call update\_device\_list in large sets - Update to version neutron-13.0.4.dev19: * Avoid loading same service plugin more than once * Add dependency for service plugin * Prevent bind fip to port has port forwarding * Make test service\_plugins override simple * DVR: Correctly change MTU in fip namespace - Update to version neutron-13.0.4.dev9: * Choose random value for HA routes' vr\_id 13.0.3 * Set router\_id if floating IP has port\_forwardings * Change default local ovs connection timeout - Update to version neutron-13.0.4.dev89: * Treat networks shared by RBAC in same way as shared with all tenants * Turn CIDR in query filter into proper subnet - Update to version neutron-13.0.4.dev86: * Prevent create port forwarding to port which has binding fip - Update to version neutron-13.0.4.dev84: * Release notes for dns\_domain behavioural changes - Update to version neutron-13.0.4.dev83: * DVR: on new port only send router update on port's host - Update to version neutron-13.0.4.dev81: * Reset MAC on unbinding direct-physical port - Update to version neutron-13.0.4.dev79: * Optimize the code that fixes the race condition of DHCP agent - Update to version neutron-13.0.4.dev77: * Switch to new engine facade for Route objects * Revert "Pass network's dns\_domain to dnsmasq conf" - Update to version neutron-13.0.4.dev73: * SRIOV agent: wait VFs initialization on embedded switch create - Update to version neutron-13.0.4.dev72: * Make OVS controller inactivity\_probe configurable * improve dvr port update under large scale deployment * Packets getting lost during SNAT with too many connections * [DVR] Block ARP to dvr router's port instead of subnet's gateway * Use list instead of six.viewkeys to avoid py2 to py3 problems * Only store segmenthostmapping when enable segment plugin * Wait to ipv6 accept\_ra be really changed by L3 agent * Add port\_forwarding to devstack plugin * Allow first address in an IPv6 subnet as valid unicast * Show all SG rules belong to SG in group's details * [DHCP] Don't resync network if same port is alredy in cache * Remove rootwrap configuration from neutron-keepalived-state-change * Use six.viewkeys instead of dict.keys to avoid py2 to py3 problems - Update to version neutron-13.0.4.dev50: * Ensure dvr ha router gateway port binding host - Update to version neutron-13.0.4.dev48: * Async notify neutron-server for HA states * Fix handling of network:shared field in policy module * Fix creating policy rules from subattributes * Keep HA ports info for HA router during entire lifecycle * Don't count ports with inactive bindings as serviceable dvr ports * Use dynamic lazy mode for fetching security group rules - Don't restart neutron-ovs-cleanup on RPM update (bsc#1132860) - Update to version neutron-13.0.4.dev38: * Revert iptables TCP checksum-fill code - Update to version neutron-13.0.4.dev36: * Get ports query: extract limit and use it only at the end - Update to version neutron-13.0.4.dev34: * Not process port forwarding if no snat functionality * Move subnet postcommit out of transaction for bulk create - Update to version neutron-13.0.4.dev30: * Give some HA router case specific resources - Update to version neutron-13.0.4.dev28: * Check master/backup router status in DVR functional tests - Update to version neutron-13.0.4.dev26: * OpenDev Migration Patch * Set HA failover bridges veth pair devices UP - Update to version neutron-13.0.4.dev23: * neutron.conf needs lock\_path set for router to operate This change is adding required configuration in neutron.conf to set the lock\_path parameter, which was missing in compute-install-ubuntu.rst - Update to version neutron-13.0.4.dev21: * Do not call update\_device\_list in large sets - Update to version neutron-13.0.4.dev19: * Avoid loading same service plugin more than once * Add dependency for service plugin * Prevent bind fip to port has port forwarding * Make test service\_plugins override simple * DVR: Correctly change MTU in fip namespace - Update to version neutron-13.0.4.dev9: * Choose random value for HA routes' vr\_id 13.0.3 * Set router\_id if floating IP has port\_forwardings * Change default local ovs connection timeout * Fix KeyError in OVS firewall (bsc#1131712, CVE-2019-10876) - Update to version neutron-fwaas-13.0.2.dev14: * netfilter\_log: Correctly decode binary type prefix * OpenDev Migration Patch - Update to version neutron-fwaas-13.0.2.dev12: * Fix the verification method before creating and updating the firewall rule - Update to version neutron-fwaas-13.0.2.dev14: * netfilter\_log: Correctly decode binary type prefix * OpenDev Migration Patch - Update to version neutron-fwaas-13.0.2.dev12: * Fix the verification method before creating and updating the firewall rule - Update to version group-based-policy-5.0.1.dev443: * Fix the thread concurrency issue while calling gbp purge * Workaround expunge failure for SubnetRoute in session identity\_map - Update to version group-based-policy-5.0.1.dev440: * [AIM] Fix handling of missing PortSecurityBinding - Update to version group-based-policy-5.0.1.dev439: * Pull the upper constraint file also from the opendev.org site - Update to version group-based-policy-5.0.1.dev438: * [AIM] Don't override loading of SG rules when validating - Update to version group-based-policy-5.0.1.dev437: * Enhance the log while getting the keystone notification - Update to version group-based-policy-5.0.1.dev436: * [AIM] Cleanup RPC implementations * [AIM] Pass in limit=-1 to work around a Nova bug * [AIM] Some enhancements - Update to version group-based-policy-5.0.1.dev433: * Fix CI again * OpenDev Migration Patch - Update to version group-based-policy-5.0.1.dev431: * Re-enable unit tests and fix CI jobs - Update to version neutron-lbaas-13.0.1.dev12: * Fix memory leak in the haproxy provider driver - Update to version neutron-lbaas-13.0.1.dev11: * OpenDev Migration Patch * Revert "Updated "create\_pool" method in plugin" - Update to version neutron-lbaas-13.0.1.dev12: * Fix memory leak in the haproxy provider driver - Update to version neutron-lbaas-13.0.1.dev11: * OpenDev Migration Patch * Revert "Updated "create\_pool" method in plugin" - Update to version neutron-vpnaas-13.0.2.dev4: * Execute neutron-vpn-netns-wrapper with rootwrap\_config argument * OpenDev Migration Patch - Update to version neutron-vpnaas-13.0.2.dev4: * Execute neutron-vpn-netns-wrapper with rootwrap\_config argument * OpenDev Migration Patch - Update to version nova-18.2.2.dev9: * Init HostState.failed\_builds * libvirt: Rework 'EBUSY' (SIGKILL) error handling code path - Update to version nova-18.2.2.dev5: * Grab fresh power state info from the driver - Update to version nova-18.2.2.dev3: * libvirt: flatten rbd images when unshelving an instance 18.2.1 * Share snapshot image membership with instance owner - Update to version nova-18.2.1.dev95: * [ironic] Don't remove instance info twice in destroy * docs: Don't version links to reno docs * tox: Use basepython of python3.5 * Allow driver to properly unplug VIFs on destination on confirm resize * Move get\_pci\_mapping\_for\_migration to MigrationContext * Fixes multi-registry config in Quobyte driver * Include all network devices in nova diagnostics - Update to version nova-18.2.1.dev81: * Fix live-migration when glance image deleted - Update to version nova-18.2.1.dev79: * Replace the invalid index of nova-rocky releasenote * Workaround missing RequestSpec.instance\_group.uuid * Add regression recreate test for bug 1830747 * [stable-only] Improve the reno for consoleauth upgrade check * Restore connection\_info after live migration rollback * libvirt: Do not reraise DiskNotFound exceptions during resize * Stop logging traceback when skipping quiesce * libvirt: Avoid using os-brick encryptors when device\_path isn't provided - Update to version nova-18.2.1.dev63: * Block swap volume on volumes with >1 rw attachment - Update to version nova-18.2.1.dev62: * Fix retry of instance\_update\_and\_get\_original - Update to version nova-18.2.1.dev60: * Fix assert methods in unit tests * Skip \_exclude\_nested\_providers() if not nested - Update to version nova-18.2.1.dev56: * Pass on region when we don't have a valid ironic endpoint - Update to version nova-18.2.1.dev54: * Add functional confirm\_migration\_error test * [stable-only] Delete allocations even if \_confirm\_resize raises (part 2) - Update to version nova-18.2.1.dev50: * xenapi/agent: Change openssl error handling - Update to version nova-18.2.1.dev48: * Use migration\_status during volume migrating and retyping - Update to version nova-18.2.1.dev47: * libvirt: Always disconnect volumes after libvirtError exceptions * libvirt: Stop ignoring unknown libvirtError exceptions during volume attach - Update to version nova-18.2.1.dev45: * AZ list performance optimization: avoid double service list DB fetch - Update to version nova-18.2.1.dev44: * Create request spec, build request and mappings in one transaction * Fix {min|max}\_version in ironic Adapter setup - Update to version nova-18.2.1.dev41: * Fix regression in glance client call - Update to version nova-18.2.1.dev40: * OpenDev Migration Patch * libvirt: set device address tag only if setting disk unit - Update to version nova-18.2.1.dev37: * Update instance.availability\_zone on revertResize * Add functional recreate test for bug 1819963 * Fix incomplete instance data returned after build failure - Update to version nova-18.2.1.dev31: * Delete allocations even if \_confirm\_resize raises * Error out migration when confirm\_resize fails * Don't warn on network-vif-unplugged event during live migration * libvirt: disconnect volume when encryption fails * Temporarily mutate migration object in finish\_revert\_resize * Override the 'get' method in DriverBlockDevice class - Update to version nova-18.2.1.dev19: * Add missing libvirt exception during device detach * Fix bug preventing forbidden traits from working * Adding tests to demonstrate bug #1821824 - Update to version nova-18.2.2.dev9: * Init HostState.failed\_builds * libvirt: Rework 'EBUSY' (SIGKILL) error handling code path - Update to version nova-18.2.2.dev5: * Grab fresh power state info from the driver - Update to version nova-18.2.2.dev3: * libvirt: flatten rbd images when unshelving an instance 18.2.1 * Share snapshot image membership with instance owner - Update to version nova-18.2.1.dev95: * [ironic] Don't remove instance info twice in destroy * docs: Don't version links to reno docs * tox: Use basepython of python3.5 * Allow driver to properly unplug VIFs on destination on confirm resize * Move get\_pci\_mapping\_for\_migration to MigrationContext * Fixes multi-registry config in Quobyte driver * Include all network devices in nova diagnostics - Update to version nova-18.2.1.dev81: * Fix live-migration when glance image deleted - Update to version nova-18.2.1.dev79: * Replace the invalid index of nova-rocky releasenote * Workaround missing RequestSpec.instance\_group.uuid * Add regression recreate test for bug 1830747 * [stable-only] Improve the reno for consoleauth upgrade check * Restore connection\_info after live migration rollback * libvirt: Do not reraise DiskNotFound exceptions during resize * Stop logging traceback when skipping quiesce * libvirt: Avoid using os-brick encryptors when device\_path isn't provided - Update to version nova-18.2.1.dev63: * Block swap volume on volumes with >1 rw attachment - Update to version nova-18.2.1.dev62: * Fix retry of instance\_update\_and\_get\_original - Update to version nova-18.2.1.dev60: * Fix assert methods in unit tests * Skip \_exclude\_nested\_providers() if not nested - Update to version nova-18.2.1.dev56: * Pass on region when we don't have a valid ironic endpoint - Update to version nova-18.2.1.dev54: * Add functional confirm\_migration\_error test * [stable-only] Delete allocations even if \_confirm\_resize raises (part 2) - Update to version nova-18.2.1.dev50: * xenapi/agent: Change openssl error handling - Update to version nova-18.2.1.dev48: * Use migration\_status during volume migrating and retyping - Update to version nova-18.2.1.dev47: * libvirt: Always disconnect volumes after libvirtError exceptions * libvirt: Stop ignoring unknown libvirtError exceptions during volume attach - Update to version nova-18.2.1.dev45: * AZ list performance optimization: avoid double service list DB fetch - Update to version nova-18.2.1.dev44: * Create request spec, build request and mappings in one transaction * Fix {min|max}\_version in ironic Adapter setup - Update to version nova-18.2.1.dev41: * Fix regression in glance client call - Update to version nova-18.2.1.dev40: * OpenDev Migration Patch * libvirt: set device address tag only if setting disk unit - Update to version nova-18.2.1.dev37: * Update instance.availability\_zone on revertResize * Add functional recreate test for bug 1819963 * Fix incomplete instance data returned after build failure - Update to version nova-18.2.1.dev31: * Delete allocations even if \_confirm\_resize raises * Error out migration when confirm\_resize fails * Don't warn on network-vif-unplugged event during live migration * libvirt: disconnect volume when encryption fails * Temporarily mutate migration object in finish\_revert\_resize * Override the 'get' method in DriverBlockDevice class - Update to version nova-18.2.1.dev19: * Add missing libvirt exception during device detach * Fix bug preventing forbidden traits from working * Adding tests to demonstrate bug #1821824 - Update to version octavia-3.1.2.dev2: * Add bindep.txt for Octavia - Update to version octavia-3.1.2.dev1: * Fix allocate\_and\_associate DB deadlock 3.1.1 - Update to version octavia-3.1.1.dev8: * Treat null admin\_state\_up as False * Performance improvement for non-udp health checks - Update to version octavia-3.1.1.dev5: * Bandit test exclusions syntax change - Update to version octavia-3.1.1.dev4: * Fix IPv6 in Active/Standby topology on CentOS - Update to version octavia-3.1.1.dev3: * Fix listener API handling of None/null updates * OpenDev Migration Patch - Update to version octavia-3.1.1.dev1: * Fix a lifecycle bug with child objects 3.1.0 - Update to version 9.0+git.1558039547.f0d0ddf: * Fix validate ip version call (SOC-9301) - Update to version 9.0+git.1557220468.f113719: * Update gerrit location (SCRD-9140) - Switch to new Gerrit Server - Add patch to toggle signed image validation (SCRD-8578) - update to version 4.0.2 - Update UPPER_CONSTRAINTS_FILE for stable/rocky - Replace openstack.org git:// URLs with https:// - Update .gitreview for stable/rocky - OpenDev Migration Patch - import zuul job settings from project-config - Raise API max version for Rocky updates - Switch to new Gerrit Server - removed 0001-pass-endpoint-interface-to-http-client.patch - update to version 2.5.2 - Replace openstack.org git:// URLs with https:// - pass endpoint interface to http client - Use endpoint_override in version negotiation - Add back tarball - added 0002-Skip-read-only-test-for-CIFS.patch - added 0001-Fix-CIFS-access-for-non-multitenant-setup.patch - update to version 1.24.2 - Fix get_base_url - [CI] Fix logs for the functional test job - Return is_default as a value instead of a function object - Update UPPER_CONSTRAINTS_FILE for stable/rocky - Replace openstack.org git:// URLs with https:// - Don't quote {posargs} in tox.ini - import zuul job settings from project-config - update to version 2.5.7 - Fix FC case sensitive scanning - update to version 4.40.2 - OpenDev Migration Patch - exc_filters: fix deadlock detection for MariaDB/Galera cluster - update to 2.8.4 (SOC-9280) * Adding fix for nic\_capacity calculation - Update to version 9.0.1562324636.e7046a3: * Add the freezer service to config file and log file collection * Change the dir from where the ardana model/config files are collected Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2046=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2046=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-3.3.5 crowbar-6.0+git.1561125496.b7508480-3.6.5 crowbar-devel-6.0+git.1561125496.b7508480-3.6.5 crowbar-ha-6.0+git.1560951093.4af1ee5-3.3.7 crowbar-openstack-6.0+git.1562153583.4735fcf34-3.3.7 documentation-suse-openstack-cloud-crowbar-deployment-9.20190621-3.3.7 documentation-suse-openstack-cloud-crowbar-operations-9.20190621-3.3.7 documentation-suse-openstack-cloud-supplement-9.20190621-3.3.7 galera-python-clustercheck-0.0+git.1562242499.36b8b64-6.3.5 grafana-monasca-ui-drilldown-1.14.1~dev7-3.3.9 openstack-ceilometer-11.0.2~dev13-3.3.9 openstack-ceilometer-agent-central-11.0.2~dev13-3.3.9 openstack-ceilometer-agent-compute-11.0.2~dev13-3.3.9 openstack-ceilometer-agent-ipmi-11.0.2~dev13-3.3.9 openstack-ceilometer-agent-notification-11.0.2~dev13-3.3.9 openstack-ceilometer-polling-11.0.2~dev13-3.3.9 openstack-cinder-13.0.6~dev12-3.3.8 openstack-cinder-api-13.0.6~dev12-3.3.8 openstack-cinder-backup-13.0.6~dev12-3.3.8 openstack-cinder-scheduler-13.0.6~dev12-3.3.8 openstack-cinder-volume-13.0.6~dev12-3.3.8 openstack-dashboard-14.0.4~dev4-3.3.8 openstack-designate-7.0.1~dev20-3.3.8 openstack-designate-agent-7.0.1~dev20-3.3.8 openstack-designate-api-7.0.1~dev20-3.3.8 openstack-designate-central-7.0.1~dev20-3.3.8 openstack-designate-producer-7.0.1~dev20-3.3.8 openstack-designate-sink-7.0.1~dev20-3.3.8 openstack-designate-worker-7.0.1~dev20-3.3.8 openstack-heat-11.0.3~dev5-3.3.8 openstack-heat-api-11.0.3~dev5-3.3.8 openstack-heat-api-cfn-11.0.3~dev5-3.3.8 openstack-heat-engine-11.0.3~dev5-3.3.8 openstack-heat-plugin-heat_docker-11.0.3~dev5-3.3.8 openstack-horizon-plugin-designate-ui-7.0.1~dev7-3.3.8 openstack-horizon-plugin-heat-ui-1.4.1~dev4-4.3.7 openstack-horizon-plugin-magnum-ui-5.0.2~dev9-3.3.8 openstack-horizon-plugin-monasca-ui-1.14.1~dev7-3.3.9 openstack-ironic-11.1.4~dev2-3.3.9 openstack-ironic-api-11.1.4~dev2-3.3.9 openstack-ironic-conductor-11.1.4~dev2-3.3.9 openstack-ironic-python-agent-3.3.2~dev13-3.3.6 openstack-keystone-14.1.1~dev7-3.3.9 openstack-magnum-7.1.1~dev24-3.3.8 openstack-magnum-api-7.1.1~dev24-3.3.8 openstack-magnum-conductor-7.1.1~dev24-3.3.8 openstack-manila-7.3.1~dev2-4.3.8 openstack-manila-api-7.3.1~dev2-4.3.8 openstack-manila-data-7.3.1~dev2-4.3.8 openstack-manila-scheduler-7.3.1~dev2-4.3.8 openstack-manila-share-7.3.1~dev2-4.3.8 openstack-monasca-agent-2.8.1~dev10-3.3.6 openstack-monasca-notification-1.14.1~dev8-6.3.6 openstack-neutron-13.0.4~dev89-3.3.7 openstack-neutron-dhcp-agent-13.0.4~dev89-3.3.7 openstack-neutron-fwaas-13.0.2~dev14-3.3.7 openstack-neutron-gbp-5.0.1~dev443-3.3.6 openstack-neutron-ha-tool-13.0.4~dev89-3.3.7 openstack-neutron-l3-agent-13.0.4~dev89-3.3.7 openstack-neutron-lbaas-13.0.1~dev12-3.3.7 openstack-neutron-lbaas-agent-13.0.1~dev12-3.3.7 openstack-neutron-linuxbridge-agent-13.0.4~dev89-3.3.7 openstack-neutron-macvtap-agent-13.0.4~dev89-3.3.7 openstack-neutron-metadata-agent-13.0.4~dev89-3.3.7 openstack-neutron-metering-agent-13.0.4~dev89-3.3.7 openstack-neutron-openvswitch-agent-13.0.4~dev89-3.3.7 openstack-neutron-server-13.0.4~dev89-3.3.7 openstack-neutron-vpnaas-13.0.2~dev4-3.3.7 openstack-neutron-vyatta-agent-13.0.2~dev4-3.3.7 openstack-nova-18.2.2~dev9-3.3.8 openstack-nova-api-18.2.2~dev9-3.3.8 openstack-nova-cells-18.2.2~dev9-3.3.8 openstack-nova-compute-18.2.2~dev9-3.3.8 openstack-nova-conductor-18.2.2~dev9-3.3.8 openstack-nova-console-18.2.2~dev9-3.3.8 openstack-nova-novncproxy-18.2.2~dev9-3.3.8 openstack-nova-placement-api-18.2.2~dev9-3.3.8 openstack-nova-scheduler-18.2.2~dev9-3.3.8 openstack-nova-serialproxy-18.2.2~dev9-3.3.8 openstack-nova-vncproxy-18.2.2~dev9-3.3.8 openstack-octavia-3.1.2~dev2-3.3.6 openstack-octavia-amphora-agent-3.1.2~dev2-3.3.6 openstack-octavia-api-3.1.2~dev2-3.3.6 openstack-octavia-health-manager-3.1.2~dev2-3.3.6 openstack-octavia-housekeeping-3.1.2~dev2-3.3.6 openstack-octavia-worker-3.1.2~dev2-3.3.6 python-barbican-tempest-plugin-0.1.0-4.3.1 python-ceilometer-11.0.2~dev13-3.3.9 python-cinder-13.0.6~dev12-3.3.8 python-cinderclient-4.0.2-3.3.7 python-cinderclient-doc-4.0.2-3.3.7 python-designate-7.0.1~dev20-3.3.8 python-heat-11.0.3~dev5-3.3.8 python-horizon-14.0.4~dev4-3.3.8 python-horizon-plugin-designate-ui-7.0.1~dev7-3.3.8 python-horizon-plugin-heat-ui-1.4.1~dev4-4.3.7 python-horizon-plugin-magnum-ui-5.0.2~dev9-3.3.8 python-horizon-plugin-monasca-ui-1.14.1~dev7-3.3.9 python-ironic-11.1.4~dev2-3.3.9 python-ironicclient-2.5.2-4.3.7 python-ironicclient-doc-2.5.2-4.3.7 python-keystone-14.1.1~dev7-3.3.9 python-magnum-7.1.1~dev24-3.3.8 python-manila-7.3.1~dev2-4.3.8 python-manila-tempest-plugin-0.1.0-3.3.5 python-manilaclient-1.24.2-3.3.7 python-manilaclient-doc-1.24.2-3.3.7 python-monasca-agent-2.8.1~dev10-3.3.6 python-monasca-notification-1.14.1~dev8-6.3.6 python-neutron-13.0.4~dev89-3.3.7 python-neutron-fwaas-13.0.2~dev14-3.3.7 python-neutron-gbp-5.0.1~dev443-3.3.6 python-neutron-lbaas-13.0.1~dev12-3.3.7 python-neutron-vpnaas-13.0.2~dev4-3.3.7 python-nova-18.2.2~dev9-3.3.8 python-octavia-3.1.2~dev2-3.3.6 python-openstack_auth-14.0.4~dev4-3.3.8 python-os-brick-2.5.7-3.3.7 python-os-brick-common-2.5.7-3.3.7 python-oslo.db-4.40.2-3.3.8 python-proliantutils-2.8.4-1.1 supportutils-plugin-suse-openstack-cloud-9.0.1562324636.e7046a3-1.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): crowbar-core-6.0+git.1562154525.5e2983308-3.3.8 crowbar-core-branding-upstream-6.0+git.1562154525.5e2983308-3.3.8 grafana-5.3.3-3.3.1 grafana-debuginfo-5.3.3-3.3.1 - SUSE OpenStack Cloud 9 (noarch): ardana-ansible-9.0+git.1560211997.7ac9792-3.3.5 ardana-barbican-9.0+git.1559292830.208d258-3.3.5 ardana-cassandra-9.0+git.1557220194.6a90deb-3.3.3 ardana-ceilometer-9.0+git.1557219517.7b97993-3.3.5 ardana-cinder-9.0+git.1559039284.6fc1d47-3.3.5 ardana-cluster-9.0+git.1557219586.7c96a6d-3.3.5 ardana-cobbler-9.0+git.1557219626.b190680-3.3.5 ardana-db-9.0+git.1560868957.42bcb70-3.3.5 ardana-designate-9.0+git.1558588538.9211022-3.3.5 ardana-glance-9.0+git.1559033522.5e5be1c-3.3.5 ardana-heat-9.0+git.1559036788.b727b53-3.3.5 ardana-horizon-9.0+git.1557219807.6036a8e-3.3.5 ardana-input-model-9.0+git.1557220534.883f8c9-3.3.5 ardana-installer-ui-9.0+git.1559171053.476225c-3.3.6 ardana-installer-ui-debugsource-9.0+git.1559171053.476225c-3.3.6 ardana-ironic-9.0+git.1560365077.17250c6-3.3.5 ardana-keystone-9.0+git.1559292289.b5ed172-3.3.5 ardana-logging-9.0+git.1557219914.6d7ebb5-3.3.5 ardana-magnum-9.0+git.1557219960.226e32b-3.3.5 ardana-manila-9.0+git.1556646861.58ce24f-3.3.5 ardana-memcached-9.0+git.1557219995.cd49525-3.3.5 ardana-monasca-9.0+git.1556731170.c8210e0-3.3.5 ardana-monasca-transform-9.0+git.1557220073.7e88cfa-3.3.5 ardana-mq-9.0+git.1560214193.fc0378b-3.3.5 ardana-neutron-9.0+git.1560464557.d2f6200-3.3.5 ardana-nova-9.0+git.1559869848.7a706df-3.3.5 ardana-octavia-9.0+git.1560519270.e0a2620-3.3.5 ardana-opsconsole-9.0+git.1553642196.ba23382-3.3.5 ardana-opsconsole-ui-9.0+git.1555530925.206f1a8-4.3.7 ardana-osconfig-9.0+git.1560269313.7ddaff2-3.3.5 ardana-service-9.0+git.1560974342.47a5b12-3.3.5 ardana-service-ansible-9.0+git.1557220501.ebd3011-3.3.5 ardana-ses-9.0+git.1554740095.48252d3-3.3.5 ardana-spark-9.0+git.1557220247.e78d1c3-3.3.5 ardana-swift-9.0+git.1559038506.cc119d9-3.3.5 ardana-tempest-9.0+git.1560949748.f0bd816-3.3.5 ardana-tls-9.0+git.1557220381.5641a2e-3.3.5 caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-3.3.5 documentation-suse-openstack-cloud-deployment-9.20190621-3.3.7 documentation-suse-openstack-cloud-operations-9.20190621-3.3.7 documentation-suse-openstack-cloud-security-9.20190621-3.3.7 documentation-suse-openstack-cloud-supplement-9.20190621-3.3.7 galera-python-clustercheck-0.0+git.1562242499.36b8b64-6.3.5 grafana-monasca-ui-drilldown-1.14.1~dev7-3.3.9 openstack-ceilometer-11.0.2~dev13-3.3.9 openstack-ceilometer-agent-central-11.0.2~dev13-3.3.9 openstack-ceilometer-agent-compute-11.0.2~dev13-3.3.9 openstack-ceilometer-agent-ipmi-11.0.2~dev13-3.3.9 openstack-ceilometer-agent-notification-11.0.2~dev13-3.3.9 openstack-ceilometer-polling-11.0.2~dev13-3.3.9 openstack-cinder-13.0.6~dev12-3.3.8 openstack-cinder-api-13.0.6~dev12-3.3.8 openstack-cinder-backup-13.0.6~dev12-3.3.8 openstack-cinder-scheduler-13.0.6~dev12-3.3.8 openstack-cinder-volume-13.0.6~dev12-3.3.8 openstack-dashboard-14.0.4~dev4-3.3.8 openstack-designate-7.0.1~dev20-3.3.8 openstack-designate-agent-7.0.1~dev20-3.3.8 openstack-designate-api-7.0.1~dev20-3.3.8 openstack-designate-central-7.0.1~dev20-3.3.8 openstack-designate-producer-7.0.1~dev20-3.3.8 openstack-designate-sink-7.0.1~dev20-3.3.8 openstack-designate-worker-7.0.1~dev20-3.3.8 openstack-heat-11.0.3~dev5-3.3.8 openstack-heat-api-11.0.3~dev5-3.3.8 openstack-heat-api-cfn-11.0.3~dev5-3.3.8 openstack-heat-engine-11.0.3~dev5-3.3.8 openstack-heat-plugin-heat_docker-11.0.3~dev5-3.3.8 openstack-horizon-plugin-designate-ui-7.0.1~dev7-3.3.8 openstack-horizon-plugin-heat-ui-1.4.1~dev4-4.3.7 openstack-horizon-plugin-magnum-ui-5.0.2~dev9-3.3.8 openstack-horizon-plugin-monasca-ui-1.14.1~dev7-3.3.9 openstack-ironic-11.1.4~dev2-3.3.9 openstack-ironic-api-11.1.4~dev2-3.3.9 openstack-ironic-conductor-11.1.4~dev2-3.3.9 openstack-ironic-python-agent-3.3.2~dev13-3.3.6 openstack-keystone-14.1.1~dev7-3.3.9 openstack-magnum-7.1.1~dev24-3.3.8 openstack-magnum-api-7.1.1~dev24-3.3.8 openstack-magnum-conductor-7.1.1~dev24-3.3.8 openstack-manila-7.3.1~dev2-4.3.8 openstack-manila-api-7.3.1~dev2-4.3.8 openstack-manila-data-7.3.1~dev2-4.3.8 openstack-manila-scheduler-7.3.1~dev2-4.3.8 openstack-manila-share-7.3.1~dev2-4.3.8 openstack-monasca-agent-2.8.1~dev10-3.3.6 openstack-monasca-notification-1.14.1~dev8-6.3.6 openstack-neutron-13.0.4~dev89-3.3.7 openstack-neutron-dhcp-agent-13.0.4~dev89-3.3.7 openstack-neutron-fwaas-13.0.2~dev14-3.3.7 openstack-neutron-gbp-5.0.1~dev443-3.3.6 openstack-neutron-ha-tool-13.0.4~dev89-3.3.7 openstack-neutron-l3-agent-13.0.4~dev89-3.3.7 openstack-neutron-lbaas-13.0.1~dev12-3.3.7 openstack-neutron-lbaas-agent-13.0.1~dev12-3.3.7 openstack-neutron-linuxbridge-agent-13.0.4~dev89-3.3.7 openstack-neutron-macvtap-agent-13.0.4~dev89-3.3.7 openstack-neutron-metadata-agent-13.0.4~dev89-3.3.7 openstack-neutron-metering-agent-13.0.4~dev89-3.3.7 openstack-neutron-openvswitch-agent-13.0.4~dev89-3.3.7 openstack-neutron-server-13.0.4~dev89-3.3.7 openstack-neutron-vpnaas-13.0.2~dev4-3.3.7 openstack-neutron-vyatta-agent-13.0.2~dev4-3.3.7 openstack-nova-18.2.2~dev9-3.3.8 openstack-nova-api-18.2.2~dev9-3.3.8 openstack-nova-cells-18.2.2~dev9-3.3.8 openstack-nova-compute-18.2.2~dev9-3.3.8 openstack-nova-conductor-18.2.2~dev9-3.3.8 openstack-nova-console-18.2.2~dev9-3.3.8 openstack-nova-novncproxy-18.2.2~dev9-3.3.8 openstack-nova-placement-api-18.2.2~dev9-3.3.8 openstack-nova-scheduler-18.2.2~dev9-3.3.8 openstack-nova-serialproxy-18.2.2~dev9-3.3.8 openstack-nova-vncproxy-18.2.2~dev9-3.3.8 openstack-octavia-3.1.2~dev2-3.3.6 openstack-octavia-amphora-agent-3.1.2~dev2-3.3.6 openstack-octavia-api-3.1.2~dev2-3.3.6 openstack-octavia-health-manager-3.1.2~dev2-3.3.6 openstack-octavia-housekeeping-3.1.2~dev2-3.3.6 openstack-octavia-worker-3.1.2~dev2-3.3.6 python-ardana-configurationprocessor-9.0+git.1558039547.f0d0ddf-3.4.1 python-barbican-tempest-plugin-0.1.0-4.3.1 python-ceilometer-11.0.2~dev13-3.3.9 python-cinder-13.0.6~dev12-3.3.8 python-cinderclient-4.0.2-3.3.7 python-cinderclient-doc-4.0.2-3.3.7 python-cinderlm-0.0.2+git.1541454501.6148725-3.3.5 python-designate-7.0.1~dev20-3.3.8 python-heat-11.0.3~dev5-3.3.8 python-horizon-14.0.4~dev4-3.3.8 python-horizon-plugin-designate-ui-7.0.1~dev7-3.3.8 python-horizon-plugin-heat-ui-1.4.1~dev4-4.3.7 python-horizon-plugin-magnum-ui-5.0.2~dev9-3.3.8 python-horizon-plugin-monasca-ui-1.14.1~dev7-3.3.9 python-ironic-11.1.4~dev2-3.3.9 python-ironicclient-2.5.2-4.3.7 python-ironicclient-doc-2.5.2-4.3.7 python-keystone-14.1.1~dev7-3.3.9 python-magnum-7.1.1~dev24-3.3.8 python-manila-7.3.1~dev2-4.3.8 python-manila-tempest-plugin-0.1.0-3.3.5 python-manilaclient-1.24.2-3.3.7 python-manilaclient-doc-1.24.2-3.3.7 python-monasca-agent-2.8.1~dev10-3.3.6 python-monasca-notification-1.14.1~dev8-6.3.6 python-neutron-13.0.4~dev89-3.3.7 python-neutron-fwaas-13.0.2~dev14-3.3.7 python-neutron-gbp-5.0.1~dev443-3.3.6 python-neutron-lbaas-13.0.1~dev12-3.3.7 python-neutron-vpnaas-13.0.2~dev4-3.3.7 python-nova-18.2.2~dev9-3.3.8 python-octavia-3.1.2~dev2-3.3.6 python-openstack_auth-14.0.4~dev4-3.3.8 python-os-brick-2.5.7-3.3.7 python-os-brick-common-2.5.7-3.3.7 python-oslo.db-4.40.2-3.3.8 python-proliantutils-2.8.4-1.1 supportutils-plugin-suse-openstack-cloud-9.0.1562324636.e7046a3-1.1 venv-openstack-barbican-x86_64-7.0.1~dev18-3.2.1 venv-openstack-cinder-x86_64-13.0.6~dev12-3.2.1 venv-openstack-designate-x86_64-7.0.1~dev20-3.3.1 venv-openstack-glance-x86_64-17.0.1~dev16-3.3.1 venv-openstack-heat-x86_64-11.0.3~dev5-3.3.1 venv-openstack-horizon-x86_64-14.0.4~dev4-4.3.2 venv-openstack-ironic-x86_64-11.1.4~dev2-4.3.2 venv-openstack-keystone-x86_64-14.1.1~dev7-3.3.1 venv-openstack-magnum-x86_64-7.1.1~dev24-4.3.2 venv-openstack-manila-x86_64-7.3.1~dev2-3.3.1 venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.3.1 venv-openstack-monasca-x86_64-2.7.1~dev10-3.3.1 venv-openstack-neutron-x86_64-13.0.4~dev89-6.3.1 venv-openstack-nova-x86_64-18.2.2~dev9-3.3.1 venv-openstack-octavia-x86_64-3.1.2~dev2-4.3.1 venv-openstack-sahara-x86_64-9.0.2~dev9-3.3.1 - SUSE OpenStack Cloud 9 (x86_64): grafana-5.3.3-3.3.1 grafana-debuginfo-5.3.3-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-19039.html https://www.suse.com/security/cve/CVE-2019-10876.html https://www.suse.com/security/cve/CVE-2019-11068.html https://bugzilla.suse.com/1115960 https://bugzilla.suse.com/1120657 https://bugzilla.suse.com/1121530 https://bugzilla.suse.com/1122053 https://bugzilla.suse.com/1122825 https://bugzilla.suse.com/1124170 https://bugzilla.suse.com/1128453 https://bugzilla.suse.com/1131712 https://bugzilla.suse.com/1131791 https://bugzilla.suse.com/1131899 https://bugzilla.suse.com/1132542 https://bugzilla.suse.com/1132654 https://bugzilla.suse.com/1132832 https://bugzilla.suse.com/1132852 https://bugzilla.suse.com/1132853 https://bugzilla.suse.com/1132860 https://bugzilla.suse.com/1134336 From sle-updates at lists.suse.com Mon Aug 5 13:13:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Aug 2019 21:13:20 +0200 (CEST) Subject: SUSE-SU-2019:2047-1: moderate: Security update for python-requests Message-ID: <20190805191320.18898FFD7@maintenance.suse.de> SUSE Security Update: Security update for python-requests ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2047-1 Rating: moderate References: #1111622 Cross-References: CVE-2018-18074 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-requests to version 2.20.1 fixes the following issues: Security issue fixed: - CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header (bsc#1111622). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2047=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2047=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-requests-2.20.1-4.3.1 - SUSE OpenStack Cloud 9 (noarch): python-requests-2.20.1-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-18074.html https://bugzilla.suse.com/1111622 From sle-updates at lists.suse.com Mon Aug 5 13:13:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Aug 2019 21:13:59 +0200 (CEST) Subject: SUSE-SU-2019:2049-1: important: Security update for ceph Message-ID: <20190805191359.BEDB9FFD7@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2049-1 Rating: important References: #1121567 #1123360 #1124957 #1125080 #1125899 #1131984 #1132396 #1133139 #1133461 #1135030 #1135219 #1135221 #1135388 #1136110 Cross-References: CVE-2018-16889 CVE-2019-3821 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that solves two vulnerabilities and has 12 fixes is now available. Description: This update for ceph fixes the following issues: Security issues fixed: - CVE-2019-3821: civetweb: fix file descriptor leak (bsc#1125080) - CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth (bsc#1121567) Non-security issues fixed: - install grafana dashboards world readable (bsc#1136110) - upgrade results in cluster outage (bsc#1132396) - ceph status reports "HEALTH_WARN 3 monitors have not enabled msgr2" (bsc#1124957) - Dashboard: Opening tcmu-runner perf counters results in a 404 (bsc#1135388) - RadosGW stopped expiring objects (bsc#1133139) - Ceph does not recover when rebuilding every OSD (bsc#1133461) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2049=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2049=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2019-2049=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ceph-14.2.1.468+g994fd9e0cc-3.3.2 ceph-base-14.2.1.468+g994fd9e0cc-3.3.2 ceph-base-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 ceph-debugsource-14.2.1.468+g994fd9e0cc-3.3.2 ceph-fuse-14.2.1.468+g994fd9e0cc-3.3.2 ceph-fuse-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mds-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mds-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mgr-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mgr-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mon-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mon-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 ceph-osd-14.2.1.468+g994fd9e0cc-3.3.2 ceph-osd-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 ceph-radosgw-14.2.1.468+g994fd9e0cc-3.3.2 ceph-radosgw-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 cephfs-shell-14.2.1.468+g994fd9e0cc-3.3.2 rbd-fuse-14.2.1.468+g994fd9e0cc-3.3.2 rbd-fuse-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 rbd-mirror-14.2.1.468+g994fd9e0cc-3.3.2 rbd-mirror-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 rbd-nbd-14.2.1.468+g994fd9e0cc-3.3.2 rbd-nbd-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): ceph-test-14.2.1.468+g994fd9e0cc-3.3.2 ceph-test-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 ceph-test-debugsource-14.2.1.468+g994fd9e0cc-3.3.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): ceph-grafana-dashboards-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mgr-dashboard-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mgr-diskprediction-cloud-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mgr-diskprediction-local-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mgr-rook-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mgr-ssh-14.2.1.468+g994fd9e0cc-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): ceph-common-14.2.1.468+g994fd9e0cc-3.3.2 ceph-common-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 ceph-debugsource-14.2.1.468+g994fd9e0cc-3.3.2 libcephfs-devel-14.2.1.468+g994fd9e0cc-3.3.2 libcephfs2-14.2.1.468+g994fd9e0cc-3.3.2 libcephfs2-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 librados-devel-14.2.1.468+g994fd9e0cc-3.3.2 librados-devel-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 librados2-14.2.1.468+g994fd9e0cc-3.3.2 librados2-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 libradospp-devel-14.2.1.468+g994fd9e0cc-3.3.2 librbd-devel-14.2.1.468+g994fd9e0cc-3.3.2 librbd1-14.2.1.468+g994fd9e0cc-3.3.2 librbd1-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 librgw-devel-14.2.1.468+g994fd9e0cc-3.3.2 librgw2-14.2.1.468+g994fd9e0cc-3.3.2 librgw2-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 python3-ceph-argparse-14.2.1.468+g994fd9e0cc-3.3.2 python3-cephfs-14.2.1.468+g994fd9e0cc-3.3.2 python3-cephfs-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 python3-rados-14.2.1.468+g994fd9e0cc-3.3.2 python3-rados-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 python3-rbd-14.2.1.468+g994fd9e0cc-3.3.2 python3-rbd-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 python3-rgw-14.2.1.468+g994fd9e0cc-3.3.2 python3-rgw-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 rados-objclass-devel-14.2.1.468+g994fd9e0cc-3.3.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): ceph-14.2.1.468+g994fd9e0cc-3.3.2 ceph-base-14.2.1.468+g994fd9e0cc-3.3.2 ceph-base-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 ceph-common-14.2.1.468+g994fd9e0cc-3.3.2 ceph-common-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 ceph-debugsource-14.2.1.468+g994fd9e0cc-3.3.2 ceph-fuse-14.2.1.468+g994fd9e0cc-3.3.2 ceph-fuse-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mds-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mds-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mgr-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mgr-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mon-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mon-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 ceph-osd-14.2.1.468+g994fd9e0cc-3.3.2 ceph-osd-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 ceph-radosgw-14.2.1.468+g994fd9e0cc-3.3.2 ceph-radosgw-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 cephfs-shell-14.2.1.468+g994fd9e0cc-3.3.2 libcephfs2-14.2.1.468+g994fd9e0cc-3.3.2 libcephfs2-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 librados2-14.2.1.468+g994fd9e0cc-3.3.2 librados2-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 librbd1-14.2.1.468+g994fd9e0cc-3.3.2 librbd1-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 librgw2-14.2.1.468+g994fd9e0cc-3.3.2 librgw2-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 python3-ceph-argparse-14.2.1.468+g994fd9e0cc-3.3.2 python3-cephfs-14.2.1.468+g994fd9e0cc-3.3.2 python3-cephfs-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 python3-rados-14.2.1.468+g994fd9e0cc-3.3.2 python3-rados-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 python3-rbd-14.2.1.468+g994fd9e0cc-3.3.2 python3-rbd-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 python3-rgw-14.2.1.468+g994fd9e0cc-3.3.2 python3-rgw-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 rbd-fuse-14.2.1.468+g994fd9e0cc-3.3.2 rbd-fuse-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 rbd-mirror-14.2.1.468+g994fd9e0cc-3.3.2 rbd-mirror-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 rbd-nbd-14.2.1.468+g994fd9e0cc-3.3.2 rbd-nbd-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2 - SUSE Enterprise Storage 6 (noarch): ceph-grafana-dashboards-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mgr-dashboard-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mgr-diskprediction-local-14.2.1.468+g994fd9e0cc-3.3.2 ceph-mgr-rook-14.2.1.468+g994fd9e0cc-3.3.2 ceph-prometheus-alerts-14.2.1.468+g994fd9e0cc-3.3.2 References: https://www.suse.com/security/cve/CVE-2018-16889.html https://www.suse.com/security/cve/CVE-2019-3821.html https://bugzilla.suse.com/1121567 https://bugzilla.suse.com/1123360 https://bugzilla.suse.com/1124957 https://bugzilla.suse.com/1125080 https://bugzilla.suse.com/1125899 https://bugzilla.suse.com/1131984 https://bugzilla.suse.com/1132396 https://bugzilla.suse.com/1133139 https://bugzilla.suse.com/1133461 https://bugzilla.suse.com/1135030 https://bugzilla.suse.com/1135219 https://bugzilla.suse.com/1135221 https://bugzilla.suse.com/1135388 https://bugzilla.suse.com/1136110 From sle-updates at lists.suse.com Mon Aug 5 13:16:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Aug 2019 21:16:20 +0200 (CEST) Subject: SUSE-SU-2019:2048-1: important: Security update for mariadb Message-ID: <20190805191620.1E6BCFFD7@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2048-1 Rating: important References: #1013882 #1101676 #1101677 #1101678 #1103342 #1112368 #1112397 #1112417 #1112421 #1112432 #1116686 #1118754 #1132666 #1136037 Cross-References: CVE-2016-9843 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 CVE-2019-2529 CVE-2019-2537 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has two fixes is now available. Description: This update for mariadb fixes the following issues: Update to MariaDB 10.0.38 GA (bsc#1136037). Security issues fixed: - CVE-2019-2537: Denial of service via multiple protocols (bsc#1136037) - CVE-2019-2529: Denial of service via multiple protocols (bsc#1136037) - CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) - CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) - CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) - CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) - CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) - CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) - CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) - CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) - CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security changes: - Removed PerconaFT from the package as it has AGPL licence (bsc#1118754). - Do not just remove tokudb plugin but don't build it at all (missing jemalloc dependency). - Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666). - Removed "umask 077" from mysql-systemd-helper that caused new datadirs created with wrong permissions (bsc#1132666). Release notes and changelog: - https://kb.askmonty.org/en/mariadb-10038-release-notes - https://kb.askmonty.org/en/mariadb-10038-changelog - https://kb.askmonty.org/en/mariadb-10037-release-notes - https://kb.askmonty.org/en/mariadb-10037-changelog - https://kb.askmonty.org/en/mariadb-10036-release-notes - https://kb.askmonty.org/en/mariadb-10036-changelog Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2048=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2048=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2048=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2048=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2048=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2048=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2048=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2048=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2048=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libmysqlclient18-10.0.38-29.27.3 libmysqlclient18-debuginfo-10.0.38-29.27.3 - SUSE OpenStack Cloud 8 (x86_64): libmysqlclient18-10.0.38-29.27.3 libmysqlclient18-debuginfo-10.0.38-29.27.3 - SUSE OpenStack Cloud 7 (s390x x86_64): libmysqlclient18-10.0.38-29.27.3 libmysqlclient18-32bit-10.0.38-29.27.3 libmysqlclient18-debuginfo-10.0.38-29.27.3 libmysqlclient18-debuginfo-32bit-10.0.38-29.27.3 mariadb-10.0.38-29.27.3 mariadb-client-10.0.38-29.27.3 mariadb-client-debuginfo-10.0.38-29.27.3 mariadb-debuginfo-10.0.38-29.27.3 mariadb-debugsource-10.0.38-29.27.3 mariadb-errormessages-10.0.38-29.27.3 mariadb-tools-10.0.38-29.27.3 mariadb-tools-debuginfo-10.0.38-29.27.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libmysqlclient18-10.0.38-29.27.3 libmysqlclient18-debuginfo-10.0.38-29.27.3 mariadb-10.0.38-29.27.3 mariadb-client-10.0.38-29.27.3 mariadb-client-debuginfo-10.0.38-29.27.3 mariadb-debuginfo-10.0.38-29.27.3 mariadb-debugsource-10.0.38-29.27.3 mariadb-errormessages-10.0.38-29.27.3 mariadb-tools-10.0.38-29.27.3 mariadb-tools-debuginfo-10.0.38-29.27.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libmysqlclient18-32bit-10.0.38-29.27.3 libmysqlclient18-debuginfo-32bit-10.0.38-29.27.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libmysqlclient18-10.0.38-29.27.3 libmysqlclient18-debuginfo-10.0.38-29.27.3 mariadb-10.0.38-29.27.3 mariadb-client-10.0.38-29.27.3 mariadb-client-debuginfo-10.0.38-29.27.3 mariadb-debuginfo-10.0.38-29.27.3 mariadb-debugsource-10.0.38-29.27.3 mariadb-errormessages-10.0.38-29.27.3 mariadb-tools-10.0.38-29.27.3 mariadb-tools-debuginfo-10.0.38-29.27.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libmysqlclient18-32bit-10.0.38-29.27.3 libmysqlclient18-debuginfo-32bit-10.0.38-29.27.3 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libmysqlclient18-10.0.38-29.27.3 libmysqlclient18-32bit-10.0.38-29.27.3 libmysqlclient18-debuginfo-10.0.38-29.27.3 libmysqlclient18-debuginfo-32bit-10.0.38-29.27.3 mariadb-10.0.38-29.27.3 mariadb-client-10.0.38-29.27.3 mariadb-client-debuginfo-10.0.38-29.27.3 mariadb-debuginfo-10.0.38-29.27.3 mariadb-debugsource-10.0.38-29.27.3 mariadb-errormessages-10.0.38-29.27.3 mariadb-tools-10.0.38-29.27.3 mariadb-tools-debuginfo-10.0.38-29.27.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libmysqlclient-devel-10.0.38-29.27.3 libmysqlclient18-10.0.38-29.27.3 libmysqlclient18-debuginfo-10.0.38-29.27.3 libmysqlclient_r18-10.0.38-29.27.3 libmysqld-devel-10.0.38-29.27.3 libmysqld18-10.0.38-29.27.3 libmysqld18-debuginfo-10.0.38-29.27.3 mariadb-10.0.38-29.27.3 mariadb-client-10.0.38-29.27.3 mariadb-client-debuginfo-10.0.38-29.27.3 mariadb-debuginfo-10.0.38-29.27.3 mariadb-debugsource-10.0.38-29.27.3 mariadb-errormessages-10.0.38-29.27.3 mariadb-tools-10.0.38-29.27.3 mariadb-tools-debuginfo-10.0.38-29.27.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libmysqlclient18-32bit-10.0.38-29.27.3 libmysqlclient18-debuginfo-32bit-10.0.38-29.27.3 - SUSE Enterprise Storage 4 (x86_64): libmysqlclient18-10.0.38-29.27.3 libmysqlclient18-32bit-10.0.38-29.27.3 libmysqlclient18-debuginfo-10.0.38-29.27.3 libmysqlclient18-debuginfo-32bit-10.0.38-29.27.3 mariadb-10.0.38-29.27.3 mariadb-client-10.0.38-29.27.3 mariadb-client-debuginfo-10.0.38-29.27.3 mariadb-debuginfo-10.0.38-29.27.3 mariadb-debugsource-10.0.38-29.27.3 mariadb-errormessages-10.0.38-29.27.3 mariadb-tools-10.0.38-29.27.3 mariadb-tools-debuginfo-10.0.38-29.27.3 - HPE Helion Openstack 8 (x86_64): libmysqlclient18-10.0.38-29.27.3 libmysqlclient18-debuginfo-10.0.38-29.27.3 References: https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2018-3058.html https://www.suse.com/security/cve/CVE-2018-3063.html https://www.suse.com/security/cve/CVE-2018-3064.html https://www.suse.com/security/cve/CVE-2018-3066.html https://www.suse.com/security/cve/CVE-2018-3143.html https://www.suse.com/security/cve/CVE-2018-3156.html https://www.suse.com/security/cve/CVE-2018-3174.html https://www.suse.com/security/cve/CVE-2018-3251.html https://www.suse.com/security/cve/CVE-2018-3282.html https://www.suse.com/security/cve/CVE-2019-2529.html https://www.suse.com/security/cve/CVE-2019-2537.html https://bugzilla.suse.com/1013882 https://bugzilla.suse.com/1101676 https://bugzilla.suse.com/1101677 https://bugzilla.suse.com/1101678 https://bugzilla.suse.com/1103342 https://bugzilla.suse.com/1112368 https://bugzilla.suse.com/1112397 https://bugzilla.suse.com/1112417 https://bugzilla.suse.com/1112421 https://bugzilla.suse.com/1112432 https://bugzilla.suse.com/1116686 https://bugzilla.suse.com/1118754 https://bugzilla.suse.com/1132666 https://bugzilla.suse.com/1136037 From sle-updates at lists.suse.com Mon Aug 5 13:18:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Aug 2019 21:18:36 +0200 (CEST) Subject: SUSE-SU-2019:1783-2: important: Security update for postgresql10 Message-ID: <20190805191836.1B3AAFFD7@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1783-2 Rating: important References: #1138034 Cross-References: CVE-2019-10164 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql10 to version 10.9 fixes the following issue: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). More information at https://www.postgresql.org/docs/10/release-10-9.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1783=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1783=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-1783=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1783=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE OpenStack Cloud Crowbar 8 (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - HPE Helion Openstack 8 (noarch): postgresql10-docs-10.9-1.12.2 - HPE Helion Openstack 8 (x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 References: https://www.suse.com/security/cve/CVE-2019-10164.html https://bugzilla.suse.com/1138034 From sle-updates at lists.suse.com Tue Aug 6 07:10:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Aug 2019 15:10:51 +0200 (CEST) Subject: SUSE-RU-2019:2054-1: Recommended update for xmlsec1 Message-ID: <20190806131051.5763DFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for xmlsec1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2054-1 Rating: low References: #1141202 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xmlsec1 fixes the following issue: - xmlsec1 libraries are provided for SUSE CAASP 3.0 as dependency of open-vm-tools. (bsc#1141202) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2054=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2054=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2054=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2054=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2054=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2054=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libxmlsec1-1-1.2.26-2.9.1 libxmlsec1-1-debuginfo-1.2.26-2.9.1 libxmlsec1-openssl1-1.2.26-2.9.1 libxmlsec1-openssl1-debuginfo-1.2.26-2.9.1 xmlsec1-1.2.26-2.9.1 xmlsec1-debuginfo-1.2.26-2.9.1 xmlsec1-debugsource-1.2.26-2.9.1 - SUSE OpenStack Cloud 8 (x86_64): libxmlsec1-1-1.2.26-2.9.1 libxmlsec1-1-debuginfo-1.2.26-2.9.1 libxmlsec1-openssl1-1.2.26-2.9.1 libxmlsec1-openssl1-debuginfo-1.2.26-2.9.1 xmlsec1-1.2.26-2.9.1 xmlsec1-debuginfo-1.2.26-2.9.1 xmlsec1-debugsource-1.2.26-2.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libxmlsec1-gnutls1-1.2.26-2.9.1 libxmlsec1-gnutls1-debuginfo-1.2.26-2.9.1 libxmlsec1-openssl1-1.2.26-2.9.1 libxmlsec1-openssl1-debuginfo-1.2.26-2.9.1 xmlsec1-1.2.26-2.9.1 xmlsec1-debuginfo-1.2.26-2.9.1 xmlsec1-debugsource-1.2.26-2.9.1 xmlsec1-devel-1.2.26-2.9.1 xmlsec1-gnutls-devel-1.2.26-2.9.1 xmlsec1-nss-devel-1.2.26-2.9.1 xmlsec1-openssl-devel-1.2.26-2.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libxmlsec1-1-1.2.26-2.9.1 libxmlsec1-1-debuginfo-1.2.26-2.9.1 libxmlsec1-gcrypt1-1.2.26-2.9.1 libxmlsec1-gcrypt1-debuginfo-1.2.26-2.9.1 libxmlsec1-gnutls1-1.2.26-2.9.1 libxmlsec1-gnutls1-debuginfo-1.2.26-2.9.1 libxmlsec1-nss1-1.2.26-2.9.1 libxmlsec1-nss1-debuginfo-1.2.26-2.9.1 libxmlsec1-openssl1-1.2.26-2.9.1 libxmlsec1-openssl1-debuginfo-1.2.26-2.9.1 xmlsec1-1.2.26-2.9.1 xmlsec1-debuginfo-1.2.26-2.9.1 xmlsec1-debugsource-1.2.26-2.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libxmlsec1-1-1.2.26-2.9.1 libxmlsec1-1-debuginfo-1.2.26-2.9.1 libxmlsec1-gcrypt1-1.2.26-2.9.1 libxmlsec1-gcrypt1-debuginfo-1.2.26-2.9.1 libxmlsec1-gnutls1-1.2.26-2.9.1 libxmlsec1-gnutls1-debuginfo-1.2.26-2.9.1 libxmlsec1-nss1-1.2.26-2.9.1 libxmlsec1-nss1-debuginfo-1.2.26-2.9.1 libxmlsec1-openssl1-1.2.26-2.9.1 libxmlsec1-openssl1-debuginfo-1.2.26-2.9.1 xmlsec1-debuginfo-1.2.26-2.9.1 xmlsec1-debugsource-1.2.26-2.9.1 - SUSE CaaS Platform 3.0 (x86_64): libxmlsec1-1-1.2.26-2.9.1 libxmlsec1-openssl1-1.2.26-2.9.1 xmlsec1-1.2.26-2.9.1 - HPE Helion Openstack 8 (x86_64): libxmlsec1-1-1.2.26-2.9.1 libxmlsec1-1-debuginfo-1.2.26-2.9.1 libxmlsec1-openssl1-1.2.26-2.9.1 libxmlsec1-openssl1-debuginfo-1.2.26-2.9.1 xmlsec1-1.2.26-2.9.1 xmlsec1-debuginfo-1.2.26-2.9.1 xmlsec1-debugsource-1.2.26-2.9.1 References: https://bugzilla.suse.com/1141202 From sle-updates at lists.suse.com Tue Aug 6 07:11:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Aug 2019 15:11:35 +0200 (CEST) Subject: SUSE-SU-2019:2050-1: important: Security update for python3 Message-ID: <20190806131135.DE85FFFD7@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2050-1 Rating: important References: #1094814 #1138459 #1141853 Cross-References: CVE-2018-20852 CVE-2019-10160 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Non-security issue fixed: - Fixed an issue where the SIGINT signal was ignored or not handled (bsc#1094814). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2050=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2050=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2050=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2050=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2050=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2050=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.8-3.23.1 python3-base-debugsource-3.6.8-3.23.1 python3-testsuite-3.6.8-3.23.1 python3-testsuite-debuginfo-3.6.8-3.23.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libpython3_6m1_0-32bit-3.6.8-3.23.1 libpython3_6m1_0-32bit-debuginfo-3.6.8-3.23.1 python3-32bit-3.6.8-3.23.1 python3-32bit-debuginfo-3.6.8-3.23.1 python3-base-32bit-3.6.8-3.23.1 python3-base-32bit-debuginfo-3.6.8-3.23.1 python3-debugsource-3.6.8-3.23.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python3-doc-3.6.8-3.23.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.8-3.23.1 python3-base-debugsource-3.6.8-3.23.1 python3-testsuite-3.6.8-3.23.1 python3-testsuite-debuginfo-3.6.8-3.23.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python3-doc-3.6.8-3.23.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.8-3.23.1 python3-base-debugsource-3.6.8-3.23.1 python3-tools-3.6.8-3.23.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.8-3.23.1 python3-base-debugsource-3.6.8-3.23.1 python3-tools-3.6.8-3.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.8-3.23.1 libpython3_6m1_0-debuginfo-3.6.8-3.23.1 python3-3.6.8-3.23.1 python3-base-3.6.8-3.23.1 python3-base-debuginfo-3.6.8-3.23.1 python3-base-debugsource-3.6.8-3.23.1 python3-curses-3.6.8-3.23.1 python3-curses-debuginfo-3.6.8-3.23.1 python3-dbm-3.6.8-3.23.1 python3-dbm-debuginfo-3.6.8-3.23.1 python3-debuginfo-3.6.8-3.23.1 python3-debugsource-3.6.8-3.23.1 python3-devel-3.6.8-3.23.1 python3-devel-debuginfo-3.6.8-3.23.1 python3-idle-3.6.8-3.23.1 python3-tk-3.6.8-3.23.1 python3-tk-debuginfo-3.6.8-3.23.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.8-3.23.1 libpython3_6m1_0-debuginfo-3.6.8-3.23.1 python3-3.6.8-3.23.1 python3-base-3.6.8-3.23.1 python3-base-debuginfo-3.6.8-3.23.1 python3-base-debugsource-3.6.8-3.23.1 python3-curses-3.6.8-3.23.1 python3-curses-debuginfo-3.6.8-3.23.1 python3-dbm-3.6.8-3.23.1 python3-dbm-debuginfo-3.6.8-3.23.1 python3-debuginfo-3.6.8-3.23.1 python3-debugsource-3.6.8-3.23.1 python3-devel-3.6.8-3.23.1 python3-devel-debuginfo-3.6.8-3.23.1 python3-idle-3.6.8-3.23.1 python3-tk-3.6.8-3.23.1 python3-tk-debuginfo-3.6.8-3.23.1 References: https://www.suse.com/security/cve/CVE-2018-20852.html https://www.suse.com/security/cve/CVE-2019-10160.html https://bugzilla.suse.com/1094814 https://bugzilla.suse.com/1138459 https://bugzilla.suse.com/1141853 From sle-updates at lists.suse.com Tue Aug 6 10:11:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Aug 2019 18:11:07 +0200 (CEST) Subject: SUSE-SU-2019:2055-1: important: Security update for nodejs8 Message-ID: <20190806161107.94B04FFD7@maintenance.suse.de> SUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2055-1 Rating: important References: #1134209 #1140290 Cross-References: CVE-2019-13173 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise Module for Web Scripting 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for nodejs8 fixes the following issues: Security issue fixed: - CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter() (bsc#1140290). Non-security issue fixed: - Backported fixes for OpenSSL 1.1.1 from nodejs8 (bsc#1134209). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2019-2055=1 - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-2055=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (aarch64 ppc64le s390x x86_64): nodejs8-8.15.1-3.17.1 nodejs8-debuginfo-8.15.1-3.17.1 nodejs8-debugsource-8.15.1-3.17.1 nodejs8-devel-8.15.1-3.17.1 npm8-8.15.1-3.17.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): nodejs8-docs-8.15.1-3.17.1 - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): nodejs8-8.15.1-3.17.1 nodejs8-debuginfo-8.15.1-3.17.1 nodejs8-debugsource-8.15.1-3.17.1 nodejs8-devel-8.15.1-3.17.1 npm8-8.15.1-3.17.1 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): nodejs8-docs-8.15.1-3.17.1 References: https://www.suse.com/security/cve/CVE-2019-13173.html https://bugzilla.suse.com/1134209 https://bugzilla.suse.com/1140290 From sle-updates at lists.suse.com Tue Aug 6 10:12:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Aug 2019 18:12:00 +0200 (CEST) Subject: SUSE-SU-2019:2052-1: important: Security update for evince Message-ID: <20190806161200.173E6FFD7@maintenance.suse.de> SUSE Security Update: Security update for evince ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2052-1 Rating: important References: #1141619 Cross-References: CVE-2019-1010006 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for evince fixes the following issues: - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2052=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2052=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2052=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2052=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): evince-debuginfo-3.26.0+20180128.1bd86963-4.10.1 evince-debugsource-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-comicsdocument-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-comicsdocument-debuginfo-3.26.0+20180128.1bd86963-4.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): evince-debuginfo-3.26.0+20180128.1bd86963-4.10.1 evince-debugsource-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-comicsdocument-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-comicsdocument-debuginfo-3.26.0+20180128.1bd86963-4.10.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): evince-3.26.0+20180128.1bd86963-4.10.1 evince-debuginfo-3.26.0+20180128.1bd86963-4.10.1 evince-debugsource-3.26.0+20180128.1bd86963-4.10.1 evince-devel-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-djvudocument-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-djvudocument-debuginfo-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-dvidocument-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-dvidocument-debuginfo-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-pdfdocument-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-pdfdocument-debuginfo-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-psdocument-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-psdocument-debuginfo-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-tiffdocument-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-tiffdocument-debuginfo-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-xpsdocument-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-xpsdocument-debuginfo-3.26.0+20180128.1bd86963-4.10.1 libevdocument3-4-3.26.0+20180128.1bd86963-4.10.1 libevdocument3-4-debuginfo-3.26.0+20180128.1bd86963-4.10.1 libevview3-3-3.26.0+20180128.1bd86963-4.10.1 libevview3-3-debuginfo-3.26.0+20180128.1bd86963-4.10.1 nautilus-evince-3.26.0+20180128.1bd86963-4.10.1 nautilus-evince-debuginfo-3.26.0+20180128.1bd86963-4.10.1 typelib-1_0-EvinceDocument-3_0-3.26.0+20180128.1bd86963-4.10.1 typelib-1_0-EvinceView-3_0-3.26.0+20180128.1bd86963-4.10.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): evince-lang-3.26.0+20180128.1bd86963-4.10.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): evince-3.26.0+20180128.1bd86963-4.10.1 evince-debuginfo-3.26.0+20180128.1bd86963-4.10.1 evince-debugsource-3.26.0+20180128.1bd86963-4.10.1 evince-devel-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-djvudocument-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-djvudocument-debuginfo-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-dvidocument-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-dvidocument-debuginfo-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-pdfdocument-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-pdfdocument-debuginfo-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-psdocument-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-psdocument-debuginfo-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-tiffdocument-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-tiffdocument-debuginfo-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-xpsdocument-3.26.0+20180128.1bd86963-4.10.1 evince-plugin-xpsdocument-debuginfo-3.26.0+20180128.1bd86963-4.10.1 libevdocument3-4-3.26.0+20180128.1bd86963-4.10.1 libevdocument3-4-debuginfo-3.26.0+20180128.1bd86963-4.10.1 libevview3-3-3.26.0+20180128.1bd86963-4.10.1 libevview3-3-debuginfo-3.26.0+20180128.1bd86963-4.10.1 nautilus-evince-3.26.0+20180128.1bd86963-4.10.1 nautilus-evince-debuginfo-3.26.0+20180128.1bd86963-4.10.1 typelib-1_0-EvinceDocument-3_0-3.26.0+20180128.1bd86963-4.10.1 typelib-1_0-EvinceView-3_0-3.26.0+20180128.1bd86963-4.10.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): evince-lang-3.26.0+20180128.1bd86963-4.10.1 References: https://www.suse.com/security/cve/CVE-2019-1010006.html https://bugzilla.suse.com/1141619 From sle-updates at lists.suse.com Tue Aug 6 10:12:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Aug 2019 18:12:41 +0200 (CEST) Subject: SUSE-RU-2019:2060-1: moderate: Recommended update for libreoffice-share-linker Message-ID: <20190806161241.7E774FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for libreoffice-share-linker ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2060-1 Rating: moderate References: #1139727 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libreoffice-share-linker fixes the following issues: - Work with paranoid umask settings. (bsc#1139727) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-2060=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-2060=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2060=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): libreoffice-share-linker-1-3.3.1 - SUSE Linux Enterprise Workstation Extension 15 (noarch): libreoffice-share-linker-1-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): libreoffice-share-linker-1-3.3.1 References: https://bugzilla.suse.com/1139727 From sle-updates at lists.suse.com Tue Aug 6 10:13:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Aug 2019 18:13:21 +0200 (CEST) Subject: SUSE-OU-2019:2057-1: Optional update for sysstat Message-ID: <20190806161321.2D10BFFD7@maintenance.suse.de> SUSE Optional Update: Optional update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-OU-2019:2057-1 Rating: low References: #1142470 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for sysstat does not fix any user visible issues. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2057=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2057=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): sysstat-12.0.2-10.24.1 sysstat-debuginfo-12.0.2-10.24.1 sysstat-debugsource-12.0.2-10.24.1 sysstat-isag-12.0.2-10.24.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): sysstat-12.0.2-10.24.1 sysstat-debuginfo-12.0.2-10.24.1 sysstat-debugsource-12.0.2-10.24.1 References: https://bugzilla.suse.com/1142470 From sle-updates at lists.suse.com Tue Aug 6 10:14:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Aug 2019 18:14:02 +0200 (CEST) Subject: SUSE-RU-2019:2058-1: moderate: Recommended update for sap-installation-wizard Message-ID: <20190806161402.0FB0FFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for sap-installation-wizard ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2058-1 Rating: moderate References: #1142811 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sap-installation-wizard fixes the following issues: - Adds localization support for the SLES for SAP system role (bsc#1142811) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-2058=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): sap-installation-wizard-3.1.81.20-3.15.1 References: https://bugzilla.suse.com/1142811 From sle-updates at lists.suse.com Tue Aug 6 10:14:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Aug 2019 18:14:40 +0200 (CEST) Subject: SUSE-RU-2019:2063-1: moderate: Recommended update for openattic Message-ID: <20190806161440.4B6E6FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for openattic ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2063-1 Rating: moderate References: #1131316 #1132104 #1132543 #1139451 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for openattic fixes the following issues: - Fix RBD Snapshot timestamps are only displayed in UTC not in local time. (bsc#1131316) - Improve session handling security and block attacks. (bsc#1132543) - Fix iSCSI: add support for "backstore_emulate_pr" lrbd setting. (bsc#1132104) - RBD image update fails when RBD image uses a dedicated data pool. (bsc#1139451) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2063=1 Package List: - SUSE Enterprise Storage 5 (noarch): openattic-3.7.3-2.21.2 openattic-debugsource-3.7.3-2.21.2 References: https://bugzilla.suse.com/1131316 https://bugzilla.suse.com/1132104 https://bugzilla.suse.com/1132543 https://bugzilla.suse.com/1139451 From sle-updates at lists.suse.com Tue Aug 6 10:15:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Aug 2019 18:15:42 +0200 (CEST) Subject: SUSE-RU-2019:2062-1: moderate: Recommended update for release-notes-ses Message-ID: <20190806161542.F1A10FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ses ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2062-1 Rating: moderate References: #1135386 #1135913 #1135938 #1136075 #1136189 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: - Added more information on the Dashboard REST API (bsc#1135386) - Terminology: wire protocol (bsc#1136075) - Added info on replacing shared devices for DB/WAL (bsc#1136189) - No automated upgrade from 5.5. to 6 (bsc#1135913) - Added CephFS kernel client snapshots limitation to release notes (bsc#1135938) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2019-2062=1 Package List: - SUSE Enterprise Storage 6 (noarch): release-notes-ses-6.0.20190719-3.3.1 References: https://bugzilla.suse.com/1135386 https://bugzilla.suse.com/1135913 https://bugzilla.suse.com/1135938 https://bugzilla.suse.com/1136075 https://bugzilla.suse.com/1136189 From sle-updates at lists.suse.com Tue Aug 6 10:16:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Aug 2019 18:16:56 +0200 (CEST) Subject: SUSE-SU-2019:2053-1: important: Security update for python3 Message-ID: <20190806161656.935F0FFD7@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2053-1 Rating: important References: #1109663 #1109847 #1138459 Cross-References: CVE-2018-1000802 CVE-2018-14647 CVE-2019-10160 Affected Products: SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python3 fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document (bsc#1109847). - CVE-2018-1000802: Fixed a command injection in the shutil module (bsc#1109663). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2053=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2053=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2053=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2053=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2053=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2053=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2053=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2053=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2053=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2053=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2053=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2053=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2053=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-2053=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2053=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2053=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2053=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2053=1 Package List: - SUSE OpenStack Cloud 8 (x86_64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-curses-3.4.6-25.29.1 python3-curses-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-curses-3.4.6-25.29.1 python3-curses-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-dbm-3.4.6-25.29.1 python3-dbm-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 python3-devel-3.4.6-25.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.6-25.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-dbm-3.4.6-25.29.1 python3-dbm-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 python3-devel-3.4.6-25.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.6-25.29.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-curses-3.4.6-25.29.1 python3-curses-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-curses-3.4.6-25.29.1 python3-curses-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-curses-3.4.6-25.29.1 python3-curses-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 python3-tk-3.4.6-25.29.1 python3-tk-debuginfo-3.4.6-25.29.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython3_4m1_0-32bit-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-32bit-3.4.6-25.29.1 python3-base-debuginfo-32bit-3.4.6-25.29.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-curses-3.4.6-25.29.1 python3-curses-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-curses-3.4.6-25.29.1 python3-curses-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-curses-3.4.6-25.29.1 python3-curses-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-curses-3.4.6-25.29.1 python3-curses-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-32bit-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-32bit-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debuginfo-32bit-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-curses-3.4.6-25.29.1 python3-curses-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 python3-tk-3.4.6-25.29.1 python3-tk-debuginfo-3.4.6-25.29.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-curses-3.4.6-25.29.1 python3-curses-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 - SUSE Enterprise Storage 5 (x86_64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-curses-3.4.6-25.29.1 python3-curses-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 - SUSE Enterprise Storage 4 (x86_64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-curses-3.4.6-25.29.1 python3-curses-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 References: https://www.suse.com/security/cve/CVE-2018-1000802.html https://www.suse.com/security/cve/CVE-2018-14647.html https://www.suse.com/security/cve/CVE-2019-10160.html https://bugzilla.suse.com/1109663 https://bugzilla.suse.com/1109847 https://bugzilla.suse.com/1138459 From sle-updates at lists.suse.com Tue Aug 6 10:17:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Aug 2019 18:17:56 +0200 (CEST) Subject: SUSE-RU-2019:2061-1: moderate: Recommended update for several bugs for Hawk2 Message-ID: <20190806161756.0A86BFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for several bugs for Hawk2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2061-1 Rating: moderate References: #1089802 #1137891 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: Update for Hawk2 for the following issues: - Fix display in case of nameless cluster (bsc#1137891) - Fix utility method for checking ACL version in Hawk (bsc#1089802) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-2061=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-2061=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): hawk2-2.1.0+git.1526638315.05cdaf9d-3.3.1 hawk2-debuginfo-2.1.0+git.1526638315.05cdaf9d-3.3.1 hawk2-debugsource-2.1.0+git.1526638315.05cdaf9d-3.3.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): hawk2-2.1.0+git.1526638315.05cdaf9d-3.3.1 hawk2-debuginfo-2.1.0+git.1526638315.05cdaf9d-3.3.1 hawk2-debugsource-2.1.0+git.1526638315.05cdaf9d-3.3.1 References: https://bugzilla.suse.com/1089802 https://bugzilla.suse.com/1137891 From sle-updates at lists.suse.com Tue Aug 6 10:18:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Aug 2019 18:18:45 +0200 (CEST) Subject: SUSE-RU-2019:2059-1: moderate: Recommended update for openvswitch Message-ID: <20190806161845.09F95FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2059-1 Rating: moderate References: #1130276 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openvswitch fixes the following issues: openvswitch was updated to the upstream bugfix release 2.5.8 (bsc#1130276). Some of the changes are: * ifupdown.sh: Add missing "--may-exist" option * travis: Automatically recheck failed tests. * tests: Add ability to automatically rerun failed tests. * travis: Remove 'sudo' configuration. * rconn: Avoid occasional immediate connection failures. * odp-util: Stop parse odp actions if nlattr is overflow * stt: Fix return code during xmit. * netdev-linux: Fix function argument order in sfq_tc_load(). * python: Escape backslashes while formatting logs. * cmap: Fix hashing in cmap_find_protected(). * python: Catch setsockopt exceptions for TCP stream. * debian: Install correct vtep-ctl. * datapath-windows: Fix invalid reference in Buffermgmt.c * bond: Fix LACP fallback to active-backup when recirc is enabled. * bridge.c: prevent controller connects while flow-restore-wait Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2059=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2059=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2059=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2059=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2059=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): openvswitch-2.5.8-25.21.1 openvswitch-debuginfo-2.5.8-25.21.1 openvswitch-debugsource-2.5.8-25.21.1 openvswitch-switch-2.5.8-25.21.1 openvswitch-switch-debuginfo-2.5.8-25.21.1 - SUSE OpenStack Cloud 7 (x86_64): openvswitch-dpdk-2.5.8-25.21.1 openvswitch-dpdk-debuginfo-2.5.8-25.21.1 openvswitch-dpdk-debugsource-2.5.8-25.21.1 openvswitch-dpdk-switch-2.5.8-25.21.1 openvswitch-dpdk-switch-debuginfo-2.5.8-25.21.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): openvswitch-2.5.8-25.21.1 openvswitch-debuginfo-2.5.8-25.21.1 openvswitch-debugsource-2.5.8-25.21.1 openvswitch-switch-2.5.8-25.21.1 openvswitch-switch-debuginfo-2.5.8-25.21.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): openvswitch-dpdk-2.5.8-25.21.1 openvswitch-dpdk-debuginfo-2.5.8-25.21.1 openvswitch-dpdk-debugsource-2.5.8-25.21.1 openvswitch-dpdk-switch-2.5.8-25.21.1 openvswitch-dpdk-switch-debuginfo-2.5.8-25.21.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): openvswitch-2.5.8-25.21.1 openvswitch-debuginfo-2.5.8-25.21.1 openvswitch-debugsource-2.5.8-25.21.1 openvswitch-switch-2.5.8-25.21.1 openvswitch-switch-debuginfo-2.5.8-25.21.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): openvswitch-dpdk-2.5.8-25.21.1 openvswitch-dpdk-debuginfo-2.5.8-25.21.1 openvswitch-dpdk-debugsource-2.5.8-25.21.1 openvswitch-dpdk-switch-2.5.8-25.21.1 openvswitch-dpdk-switch-debuginfo-2.5.8-25.21.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): openvswitch-2.5.8-25.21.1 openvswitch-debuginfo-2.5.8-25.21.1 openvswitch-debugsource-2.5.8-25.21.1 openvswitch-dpdk-2.5.8-25.21.1 openvswitch-dpdk-debuginfo-2.5.8-25.21.1 openvswitch-dpdk-debugsource-2.5.8-25.21.1 openvswitch-dpdk-switch-2.5.8-25.21.1 openvswitch-dpdk-switch-debuginfo-2.5.8-25.21.1 openvswitch-switch-2.5.8-25.21.1 openvswitch-switch-debuginfo-2.5.8-25.21.1 - SUSE Enterprise Storage 4 (x86_64): openvswitch-2.5.8-25.21.1 openvswitch-debuginfo-2.5.8-25.21.1 openvswitch-debugsource-2.5.8-25.21.1 openvswitch-dpdk-2.5.8-25.21.1 openvswitch-dpdk-debuginfo-2.5.8-25.21.1 openvswitch-dpdk-debugsource-2.5.8-25.21.1 openvswitch-dpdk-switch-2.5.8-25.21.1 openvswitch-dpdk-switch-debuginfo-2.5.8-25.21.1 openvswitch-switch-2.5.8-25.21.1 openvswitch-switch-debuginfo-2.5.8-25.21.1 References: https://bugzilla.suse.com/1130276 From sle-updates at lists.suse.com Tue Aug 6 10:19:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Aug 2019 18:19:26 +0200 (CEST) Subject: SUSE-SU-2019:14139-1: important: Security update for bzip2 Message-ID: <20190806161926.56D8DFFD7@maintenance.suse.de> SUSE Security Update: Security update for bzip2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14139-1 Rating: important References: #1139083 Cross-References: CVE-2019-12900 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-bzip2-14139=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bzip2-14139=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bzip2-14139=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bzip2-14139=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): bzip2-1.0.5-34.256.8.1 bzip2-doc-1.0.5-34.256.8.1 libbz2-1-1.0.5-34.256.8.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libbz2-1-32bit-1.0.5-34.256.8.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): bzip2-1.0.5-34.256.8.1 bzip2-doc-1.0.5-34.256.8.1 libbz2-1-1.0.5-34.256.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): bzip2-debuginfo-1.0.5-34.256.8.1 bzip2-debugsource-1.0.5-34.256.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): bzip2-debuginfo-1.0.5-34.256.8.1 bzip2-debugsource-1.0.5-34.256.8.1 References: https://www.suse.com/security/cve/CVE-2019-12900.html https://bugzilla.suse.com/1139083 From sle-updates at lists.suse.com Tue Aug 6 10:20:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Aug 2019 18:20:10 +0200 (CEST) Subject: SUSE-SU-2019:2050-1: important: Security update for python3 Message-ID: <20190806162010.124BDFFD7@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2050-1 Rating: important References: #1094814 #1138459 #1141853 Cross-References: CVE-2018-20852 CVE-2019-10160 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Non-security issue fixed: - Fixed an issue where the SIGINT signal was ignored or not handled (bsc#1094814). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2050=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2050=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2050=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2050=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2050=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2050=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.8-3.23.1 python3-base-debugsource-3.6.8-3.23.1 python3-testsuite-3.6.8-3.23.1 python3-testsuite-debuginfo-3.6.8-3.23.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python3-doc-3.6.8-3.23.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libpython3_6m1_0-32bit-3.6.8-3.23.1 libpython3_6m1_0-32bit-debuginfo-3.6.8-3.23.1 python3-32bit-3.6.8-3.23.1 python3-32bit-debuginfo-3.6.8-3.23.1 python3-base-32bit-3.6.8-3.23.1 python3-base-32bit-debuginfo-3.6.8-3.23.1 python3-debugsource-3.6.8-3.23.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.8-3.23.1 python3-base-debugsource-3.6.8-3.23.1 python3-testsuite-3.6.8-3.23.1 python3-testsuite-debuginfo-3.6.8-3.23.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python3-doc-3.6.8-3.23.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.8-3.23.1 python3-base-debugsource-3.6.8-3.23.1 python3-tools-3.6.8-3.23.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.8-3.23.1 python3-base-debugsource-3.6.8-3.23.1 python3-tools-3.6.8-3.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.8-3.23.1 libpython3_6m1_0-debuginfo-3.6.8-3.23.1 python3-3.6.8-3.23.1 python3-base-3.6.8-3.23.1 python3-base-debuginfo-3.6.8-3.23.1 python3-base-debugsource-3.6.8-3.23.1 python3-curses-3.6.8-3.23.1 python3-curses-debuginfo-3.6.8-3.23.1 python3-dbm-3.6.8-3.23.1 python3-dbm-debuginfo-3.6.8-3.23.1 python3-debuginfo-3.6.8-3.23.1 python3-debugsource-3.6.8-3.23.1 python3-devel-3.6.8-3.23.1 python3-devel-debuginfo-3.6.8-3.23.1 python3-idle-3.6.8-3.23.1 python3-tk-3.6.8-3.23.1 python3-tk-debuginfo-3.6.8-3.23.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.8-3.23.1 libpython3_6m1_0-debuginfo-3.6.8-3.23.1 python3-3.6.8-3.23.1 python3-base-3.6.8-3.23.1 python3-base-debuginfo-3.6.8-3.23.1 python3-base-debugsource-3.6.8-3.23.1 python3-curses-3.6.8-3.23.1 python3-curses-debuginfo-3.6.8-3.23.1 python3-dbm-3.6.8-3.23.1 python3-dbm-debuginfo-3.6.8-3.23.1 python3-debuginfo-3.6.8-3.23.1 python3-debugsource-3.6.8-3.23.1 python3-devel-3.6.8-3.23.1 python3-devel-debuginfo-3.6.8-3.23.1 python3-idle-3.6.8-3.23.1 python3-tk-3.6.8-3.23.1 python3-tk-debuginfo-3.6.8-3.23.1 References: https://www.suse.com/security/cve/CVE-2018-20852.html https://www.suse.com/security/cve/CVE-2019-10160.html https://bugzilla.suse.com/1094814 https://bugzilla.suse.com/1138459 https://bugzilla.suse.com/1141853 From sle-updates at lists.suse.com Tue Aug 6 13:10:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Aug 2019 21:10:45 +0200 (CEST) Subject: SUSE-SU-2019:2064-1: important: Security update for python Message-ID: <20190806191045.5A945FF12@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2064-1 Rating: important References: #1138459 Cross-References: CVE-2019-10160 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2019-2064=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2064=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2064=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2064=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2064=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2064=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2064=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.14-7.14.2 python-base-debugsource-2.7.14-7.14.2 python-curses-2.7.14-7.14.2 python-curses-debuginfo-2.7.14-7.14.2 python-debuginfo-2.7.14-7.14.2 python-debugsource-2.7.14-7.14.2 python-devel-2.7.14-7.14.2 python-gdbm-2.7.14-7.14.2 python-gdbm-debuginfo-2.7.14-7.14.2 python-xml-2.7.14-7.14.2 python-xml-debuginfo-2.7.14-7.14.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.14.2 python-debugsource-2.7.14-7.14.2 python-demo-2.7.14-7.14.2 python-idle-2.7.14-7.14.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libpython2_7-1_0-32bit-2.7.14-7.14.2 libpython2_7-1_0-32bit-debuginfo-2.7.14-7.14.2 python-32bit-2.7.14-7.14.2 python-32bit-debuginfo-2.7.14-7.14.2 python-base-32bit-2.7.14-7.14.2 python-base-32bit-debuginfo-2.7.14-7.14.2 python-base-debugsource-2.7.14-7.14.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python-doc-2.7.14-7.14.3 python-doc-pdf-2.7.14-7.14.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.14.2 python-debugsource-2.7.14-7.14.2 python-demo-2.7.14-7.14.2 python-idle-2.7.14-7.14.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python-doc-2.7.14-7.14.3 python-doc-pdf-2.7.14-7.14.3 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.14.2 python-debugsource-2.7.14-7.14.2 python-tk-2.7.14-7.14.2 python-tk-debuginfo-2.7.14-7.14.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.14.2 python-debugsource-2.7.14-7.14.2 python-tk-2.7.14-7.14.2 python-tk-debuginfo-2.7.14-7.14.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.14-7.14.2 libpython2_7-1_0-debuginfo-2.7.14-7.14.2 python-2.7.14-7.14.2 python-base-2.7.14-7.14.2 python-base-debuginfo-2.7.14-7.14.2 python-base-debugsource-2.7.14-7.14.2 python-debuginfo-2.7.14-7.14.2 python-debugsource-2.7.14-7.14.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.14-7.14.2 libpython2_7-1_0-debuginfo-2.7.14-7.14.2 python-2.7.14-7.14.2 python-base-2.7.14-7.14.2 python-base-debuginfo-2.7.14-7.14.2 python-base-debugsource-2.7.14-7.14.2 python-curses-2.7.14-7.14.2 python-curses-debuginfo-2.7.14-7.14.2 python-debuginfo-2.7.14-7.14.2 python-debugsource-2.7.14-7.14.2 python-devel-2.7.14-7.14.2 python-gdbm-2.7.14-7.14.2 python-gdbm-debuginfo-2.7.14-7.14.2 python-xml-2.7.14-7.14.2 python-xml-debuginfo-2.7.14-7.14.2 References: https://www.suse.com/security/cve/CVE-2019-10160.html https://bugzilla.suse.com/1138459 From sle-updates at lists.suse.com Tue Aug 6 13:12:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Aug 2019 21:12:08 +0200 (CEST) Subject: SUSE-SU-2019:2066-1: moderate: Security update for python-Twisted Message-ID: <20190806191208.D9D4EFFD6@maintenance.suse.de> SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2066-1 Rating: moderate References: #1137825 Cross-References: CVE-2019-12387 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Twisted fixes the following issue: Security issue fixed: - CVE-2019-12387: Fixed an improper sanitization of URIs or HTTP which could have allowed attackers to perfrom CRLF attacks (bsc#1137825). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2066=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2066=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2066=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2066=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2066=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-2066=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2066=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2066=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2066=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): python-Twisted-15.2.1-9.5.2 python-Twisted-debuginfo-15.2.1-9.5.2 python-Twisted-debugsource-15.2.1-9.5.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): python-Twisted-15.2.1-9.5.2 python-Twisted-debuginfo-15.2.1-9.5.2 python-Twisted-debugsource-15.2.1-9.5.2 - SUSE OpenStack Cloud 9 (x86_64): python-Twisted-15.2.1-9.5.2 python-Twisted-debuginfo-15.2.1-9.5.2 python-Twisted-debugsource-15.2.1-9.5.2 - SUSE OpenStack Cloud 8 (x86_64): python-Twisted-15.2.1-9.5.2 python-Twisted-debuginfo-15.2.1-9.5.2 python-Twisted-debugsource-15.2.1-9.5.2 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): python-Twisted-15.2.1-9.5.2 python-Twisted-debuginfo-15.2.1-9.5.2 python-Twisted-debugsource-15.2.1-9.5.2 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): python-Twisted-15.2.1-9.5.2 python-Twisted-debuginfo-15.2.1-9.5.2 python-Twisted-debugsource-15.2.1-9.5.2 - SUSE Enterprise Storage 5 (aarch64 x86_64): python-Twisted-15.2.1-9.5.2 python-Twisted-debuginfo-15.2.1-9.5.2 python-Twisted-debugsource-15.2.1-9.5.2 - SUSE Enterprise Storage 4 (aarch64 x86_64): python-Twisted-15.2.1-9.5.2 python-Twisted-debuginfo-15.2.1-9.5.2 python-Twisted-debugsource-15.2.1-9.5.2 - HPE Helion Openstack 8 (x86_64): python-Twisted-15.2.1-9.5.2 python-Twisted-debuginfo-15.2.1-9.5.2 python-Twisted-debugsource-15.2.1-9.5.2 References: https://www.suse.com/security/cve/CVE-2019-12387.html https://bugzilla.suse.com/1137825 From sle-updates at lists.suse.com Tue Aug 6 13:13:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Aug 2019 21:13:20 +0200 (CEST) Subject: SUSE-SU-2019:2067-1: important: Security update for osc Message-ID: <20190806191320.CDA7AFFD6@maintenance.suse.de> SUSE Security Update: Security update for osc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2067-1 Rating: important References: #1129889 #1138977 #1140697 #1142518 #1142662 #1144211 Cross-References: CVE-2019-3685 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for osc to version 0.165.4 fixes the following issues: Security issue fixed: - CVE-2019-3685: Fixed broken TLS certificate handling allowing for a Man-in-the-middle attack (bsc#1142518). Non-security issues fixed: - support different token operations (runservice, release and rebuild) (requires OBS 2.10) - fix osc token decode error - offline build mode is now really offline and does not try to download the buildconfig - osc build -define now works with python3 - fixes an issue where the error message on osc meta -e was not parsed correctly - osc maintainer -s now works with python3 - simplified and fixed osc meta -e (bsc#1138977) - osc lbl now works with non utf8 encoding (bsc#1129889) - add simpleimage as local build type - allow optional fork when creating a maintenance request - fix RPMError fallback - fix local caching for all package formats - fix appname for trusted cert store - osc -h does not break anymore when using plugins - switch to difflib.diff_bytes and sys.stdout.buffer.write for diffing. This will fix all decoding issues with osc diff, osc ci and osc rq -d - fix osc ls -lb handling empty size and mtime - removed decoding on osc api command. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2067=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): osc-0.165.4-3.9.1 References: https://www.suse.com/security/cve/CVE-2019-3685.html https://bugzilla.suse.com/1129889 https://bugzilla.suse.com/1138977 https://bugzilla.suse.com/1140697 https://bugzilla.suse.com/1142518 https://bugzilla.suse.com/1142662 https://bugzilla.suse.com/1144211 From sle-updates at lists.suse.com Tue Aug 6 22:10:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 06:10:28 +0200 (CEST) Subject: SUSE-SU-2019:2072-1: important: Security update for the Linux Kernel Message-ID: <20190807041028.B626BFF12@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2072-1 Rating: important References: #1051510 #1055117 #1071995 #1083647 #1083710 #1102247 #1111666 #1119222 #1123080 #1127034 #1127315 #1129770 #1130972 #1133021 #1134097 #1134390 #1134399 #1135335 #1135642 #1136896 #1137458 #1137534 #1137535 #1137584 #1137609 #1137811 #1137827 #1139358 #1140133 #1140139 #1140322 #1140652 #1140887 #1140888 #1140889 #1140891 #1140893 #1140903 #1140945 #1140954 #1140955 #1140956 #1140957 #1140958 #1140959 #1140960 #1140961 #1140962 #1140964 #1140971 #1140972 #1140992 #1141401 #1141402 #1141452 #1141453 #1141454 #1141478 #1142023 #1142112 #1142220 #1142221 #1142254 #1142350 #1142351 #1142354 #1142359 #1142450 #1142701 #1142868 #1143003 #1143045 #1143105 #1143185 #1143189 #1143191 #1143507 Cross-References: CVE-2018-20855 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 70 fixes is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045). - CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default. (bnc#1143191) - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399). - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame. (bnc#1142254) - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) The following non-security bugs were fixed: - Correct the CVE and bug reference for a floppy security fix (CVE-2019-14284,bsc#1143189) A dedicated CVE was already assigned - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - Add back sibling paca poiter to paca (bsc#1055117). - Add support for crct10dif-vpmsum (). - af_unix: remove redundant lockdep class (git-fixes). - alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - asoc : cs4265 : readable register too low (bsc#1051510). - asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - asoc: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath6kl: add some bounds checking (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove "XXX:" comment line from run_cache_set() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert "bcache: fix high CPU occupancy during journal" (bsc#1140652). - bcache: Revert "bcache: free heap cache_set->flush_btree in bch_journal_free" (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width" (bsc#1051510). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - e1000e: start network tx queue only when link is up (bsc#1051510). - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - hid: wacom: correct touch resolution x/y typo (bsc#1051510). - hid: wacom: generic: Correct pad syncing (bsc#1051510). - hid: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - input: psmouse - fix build error of multiple definition (bsc#1051510). - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: fix Guest installation fails by "Invalid value '0-31' for 'cpuset.cpus': Invalid argument" (bsc#1143507) - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_KVM_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker. - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL (bsc#1051510). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - pci: Always allow probing with driver_override (bsc#1051510). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pci: Return error if cannot probe VF (bsc#1051510). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes). - Revert "bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()" (bsc#1140652). - Revert "e1000e: fix cyclic resets at link up with active tx" (bsc#1051510). - Revert "livepatch: Remove reliable stacktrace check in klp_try_switch_task()" (bsc#1071995). - Revert "serial: 8250: Do not service RX FIFO if interrupts are disabled" (bsc#1051510). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/vtime: steal time exponential moving average (bsc#1119222). - scripts/git_sort/git_sort.py: Add mmots tree. - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - wil6210: fix potential out-of-bounds read (bsc#1051510). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2072=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2072=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2072=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-2072=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2072=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): kernel-default-debuginfo-4.12.14-95.29.1 kernel-default-debugsource-4.12.14-95.29.1 kernel-default-extra-4.12.14-95.29.1 kernel-default-extra-debuginfo-4.12.14-95.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-95.29.1 kernel-obs-build-debugsource-4.12.14-95.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): kernel-docs-4.12.14-95.29.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.29.1 kernel-default-base-4.12.14-95.29.1 kernel-default-base-debuginfo-4.12.14-95.29.1 kernel-default-debuginfo-4.12.14-95.29.1 kernel-default-debugsource-4.12.14-95.29.1 kernel-default-devel-4.12.14-95.29.1 kernel-syms-4.12.14-95.29.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-4.12.14-95.29.1 kernel-macros-4.12.14-95.29.1 kernel-source-4.12.14-95.29.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.29.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): kernel-default-man-4.12.14-95.29.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.29.1 cluster-md-kmp-default-debuginfo-4.12.14-95.29.1 dlm-kmp-default-4.12.14-95.29.1 dlm-kmp-default-debuginfo-4.12.14-95.29.1 gfs2-kmp-default-4.12.14-95.29.1 gfs2-kmp-default-debuginfo-4.12.14-95.29.1 kernel-default-debuginfo-4.12.14-95.29.1 kernel-default-debugsource-4.12.14-95.29.1 ocfs2-kmp-default-4.12.14-95.29.1 ocfs2-kmp-default-debuginfo-4.12.14-95.29.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): kernel-devel-4.12.14-95.29.1 kernel-macros-4.12.14-95.29.1 kernel-source-4.12.14-95.29.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kernel-default-4.12.14-95.29.1 kernel-default-debuginfo-4.12.14-95.29.1 kernel-default-debugsource-4.12.14-95.29.1 kernel-default-devel-4.12.14-95.29.1 kernel-default-devel-debuginfo-4.12.14-95.29.1 kernel-default-extra-4.12.14-95.29.1 kernel-default-extra-debuginfo-4.12.14-95.29.1 kernel-syms-4.12.14-95.29.1 References: https://www.suse.com/security/cve/CVE-2018-20855.html https://www.suse.com/security/cve/CVE-2019-1125.html https://www.suse.com/security/cve/CVE-2019-11810.html https://www.suse.com/security/cve/CVE-2019-13631.html https://www.suse.com/security/cve/CVE-2019-13648.html https://www.suse.com/security/cve/CVE-2019-14283.html https://www.suse.com/security/cve/CVE-2019-14284.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1083710 https://bugzilla.suse.com/1102247 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1119222 https://bugzilla.suse.com/1123080 https://bugzilla.suse.com/1127034 https://bugzilla.suse.com/1127315 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1134097 https://bugzilla.suse.com/1134390 https://bugzilla.suse.com/1134399 https://bugzilla.suse.com/1135335 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136896 https://bugzilla.suse.com/1137458 https://bugzilla.suse.com/1137534 https://bugzilla.suse.com/1137535 https://bugzilla.suse.com/1137584 https://bugzilla.suse.com/1137609 https://bugzilla.suse.com/1137811 https://bugzilla.suse.com/1137827 https://bugzilla.suse.com/1139358 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140139 https://bugzilla.suse.com/1140322 https://bugzilla.suse.com/1140652 https://bugzilla.suse.com/1140887 https://bugzilla.suse.com/1140888 https://bugzilla.suse.com/1140889 https://bugzilla.suse.com/1140891 https://bugzilla.suse.com/1140893 https://bugzilla.suse.com/1140903 https://bugzilla.suse.com/1140945 https://bugzilla.suse.com/1140954 https://bugzilla.suse.com/1140955 https://bugzilla.suse.com/1140956 https://bugzilla.suse.com/1140957 https://bugzilla.suse.com/1140958 https://bugzilla.suse.com/1140959 https://bugzilla.suse.com/1140960 https://bugzilla.suse.com/1140961 https://bugzilla.suse.com/1140962 https://bugzilla.suse.com/1140964 https://bugzilla.suse.com/1140971 https://bugzilla.suse.com/1140972 https://bugzilla.suse.com/1140992 https://bugzilla.suse.com/1141401 https://bugzilla.suse.com/1141402 https://bugzilla.suse.com/1141452 https://bugzilla.suse.com/1141453 https://bugzilla.suse.com/1141454 https://bugzilla.suse.com/1141478 https://bugzilla.suse.com/1142023 https://bugzilla.suse.com/1142112 https://bugzilla.suse.com/1142220 https://bugzilla.suse.com/1142221 https://bugzilla.suse.com/1142254 https://bugzilla.suse.com/1142350 https://bugzilla.suse.com/1142351 https://bugzilla.suse.com/1142354 https://bugzilla.suse.com/1142359 https://bugzilla.suse.com/1142450 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142868 https://bugzilla.suse.com/1143003 https://bugzilla.suse.com/1143045 https://bugzilla.suse.com/1143105 https://bugzilla.suse.com/1143185 https://bugzilla.suse.com/1143189 https://bugzilla.suse.com/1143191 https://bugzilla.suse.com/1143507 From sle-updates at lists.suse.com Tue Aug 6 22:21:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 06:21:18 +0200 (CEST) Subject: SUSE-SU-2019:2071-1: important: Security update for the Linux Kernel Message-ID: <20190807042118.82ABEFF12@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2071-1 Rating: important References: #1051510 #1055117 #1071995 #1083647 #1083710 #1102247 #1119222 #1123080 #1127034 #1127315 #1129770 #1130972 #1133021 #1134097 #1134390 #1134399 #1135335 #1135642 #1137458 #1137534 #1137535 #1137584 #1137609 #1137827 #1139358 #1140133 #1140322 #1140652 #1140903 #1140945 #1141401 #1141402 #1141452 #1141453 #1141454 #1141478 #1142023 #1142112 #1142220 #1142221 #1142254 #1142350 #1142351 #1142354 #1142359 #1142450 #1142701 #1142868 #1143003 #1143045 #1143105 #1143185 #1143189 #1143191 #1143507 Cross-References: CVE-2018-20855 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 48 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045). - CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default. (bnc#1143191) - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399). - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame. (bnc#1142254) - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) The following non-security bugs were fixed: - Correct the CVE and bug reference for a floppy security fix (CVE-2019-14284,bsc#1143189) A dedicated CVE was already assigned - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - Add back sibling paca poiter to paca (bsc#1055117). - Add support for crct10dif-vpmsum (). - af_unix: remove redundant lockdep class (git-fixes). alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - asoc : cs4265 : readable register too low (bsc#1051510). - asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - asoc: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath6kl: add some bounds checking (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove "XXX:" comment line from run_cache_set() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert "bcache: fix high CPU occupancy during journal" (bsc#1140652). - bcache: Revert "bcache: free heap cache_set->flush_btree in bch_journal_free" (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width" (bsc#1051510). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - e1000e: start network tx queue only when link is up (bsc#1051510). - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - hid: wacom: correct touch resolution x/y typo (bsc#1051510). - hid: wacom: generic: Correct pad syncing (bsc#1051510). - hid: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - input: psmouse - fix build error of multiple definition (bsc#1051510). - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_KVM_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker. - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - lib/bitmap.c: make bitmap_parselist() thread-safe and much faster (bsc#1143507). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL (bsc#1051510). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - pci: Always allow probing with driver_override (bsc#1051510). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pci: Return error if cannot probe VF (bsc#1051510). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes). - Revert "bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()" (bsc#1140652). - Revert "e1000e: fix cyclic resets at link up with active tx" (bsc#1051510). - Revert "livepatch: Remove reliable stacktrace check in klp_try_switch_task()" (bsc#1071995). - Revert "serial: 8250: Do not service RX FIFO if interrupts are disabled" (bsc#1051510). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/vtime: steal time exponential moving average (bsc#1119222). - scripts/git_sort/git_sort.py: Add mmots tree. - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - wil6210: fix potential out-of-bounds read (bsc#1051510). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-2071=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.32.1 kernel-default-debugsource-4.12.14-150.32.1 kernel-default-livepatch-4.12.14-150.32.1 kernel-livepatch-4_12_14-150_32-default-1-1.5.1 kernel-livepatch-4_12_14-150_32-default-debuginfo-1-1.5.1 References: https://www.suse.com/security/cve/CVE-2018-20855.html https://www.suse.com/security/cve/CVE-2019-1125.html https://www.suse.com/security/cve/CVE-2019-11810.html https://www.suse.com/security/cve/CVE-2019-13631.html https://www.suse.com/security/cve/CVE-2019-13648.html https://www.suse.com/security/cve/CVE-2019-14283.html https://www.suse.com/security/cve/CVE-2019-14284.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1083710 https://bugzilla.suse.com/1102247 https://bugzilla.suse.com/1119222 https://bugzilla.suse.com/1123080 https://bugzilla.suse.com/1127034 https://bugzilla.suse.com/1127315 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1134097 https://bugzilla.suse.com/1134390 https://bugzilla.suse.com/1134399 https://bugzilla.suse.com/1135335 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1137458 https://bugzilla.suse.com/1137534 https://bugzilla.suse.com/1137535 https://bugzilla.suse.com/1137584 https://bugzilla.suse.com/1137609 https://bugzilla.suse.com/1137827 https://bugzilla.suse.com/1139358 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140322 https://bugzilla.suse.com/1140652 https://bugzilla.suse.com/1140903 https://bugzilla.suse.com/1140945 https://bugzilla.suse.com/1141401 https://bugzilla.suse.com/1141402 https://bugzilla.suse.com/1141452 https://bugzilla.suse.com/1141453 https://bugzilla.suse.com/1141454 https://bugzilla.suse.com/1141478 https://bugzilla.suse.com/1142023 https://bugzilla.suse.com/1142112 https://bugzilla.suse.com/1142220 https://bugzilla.suse.com/1142221 https://bugzilla.suse.com/1142254 https://bugzilla.suse.com/1142350 https://bugzilla.suse.com/1142351 https://bugzilla.suse.com/1142354 https://bugzilla.suse.com/1142359 https://bugzilla.suse.com/1142450 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142868 https://bugzilla.suse.com/1143003 https://bugzilla.suse.com/1143045 https://bugzilla.suse.com/1143105 https://bugzilla.suse.com/1143185 https://bugzilla.suse.com/1143189 https://bugzilla.suse.com/1143191 https://bugzilla.suse.com/1143507 From sle-updates at lists.suse.com Tue Aug 6 22:29:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 06:29:04 +0200 (CEST) Subject: SUSE-SU-2019:2070-1: important: Security update for the Linux Kernel Message-ID: <20190807042904.6FA65FF12@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2070-1 Rating: important References: #1051510 #1055117 #1071995 #1083647 #1083710 #1102247 #1103991 #1103992 #1104745 #1109837 #1111666 #1112374 #1119222 #1123080 #1127034 #1127315 #1127611 #1129770 #1130972 #1133021 #1134090 #1134097 #1134390 #1134399 #1135335 #1135642 #1136217 #1136342 #1136460 #1136461 #1136462 #1136467 #1136896 #1137458 #1137534 #1137535 #1137584 #1137609 #1137811 #1137827 #1138874 #1139358 #1139619 #1140133 #1140139 #1140322 #1140559 #1140652 #1140676 #1140887 #1140888 #1140889 #1140891 #1140893 #1140903 #1140945 #1140948 #1140954 #1140955 #1140956 #1140957 #1140958 #1140959 #1140960 #1140961 #1140962 #1140964 #1140971 #1140972 #1140992 #1141312 #1141401 #1141402 #1141452 #1141453 #1141454 #1141478 #1142023 #1142052 #1142112 #1142115 #1142119 #1142220 #1142221 #1142254 #1142350 #1142351 #1142354 #1142359 #1142450 #1142623 #1142673 #1142701 #1142868 #1143003 #1143045 #1143105 #1143185 #1143189 #1143191 #1143209 #1143507 Cross-References: CVE-2018-20855 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 95 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045). - CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default. (bnc#1143191) - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399). - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame. (bnc#1142254) - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) The following non-security bugs were fixed: - Correct the CVE and bug reference for a floppy security fix (CVE-2019-14284,bsc#1143189) A dedicated CVE was already assigned - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - Add back sibling paca poiter to paca (bsc#1055117). - Add support for crct10dif-vpmsum (). - af_unix: remove redundant lockdep class (git-fixes). - alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda - Do not resume forcibly i915 HDMI/DP codec (bsc#1111666). - alsa: hda - Fix intermittent CORB/RIRB stall on Intel chips (bsc#1111666). - alsa: hda/hdmi - Fix i915 reverse port/pin mapping (bsc#1111666). - alsa: hda/hdmi - Remove duplicated define (bsc#1111666). - alsa: hda - Optimize resume for codecs without jack detection (bsc#1111666). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: fix Line6 Helix audio format rates (bsc#1111666). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - arm64: do not override dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150). - asoc : cs4265 : readable register too low (bsc#1051510). - asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - asoc: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath10k: add missing error handling (bsc#1111666). - ath10k: add peer id check in ath10k_peer_find_by_id (bsc#1111666). - ath10k: destroy sdio workqueue while remove sdio module (bsc#1111666). - ath10k: Do not send probe response template for mesh (bsc#1111666). - ath10k: Fix encoding for protected management frames (bsc#1111666). - ath10k: fix incorrect multicast/broadcast rate setting (bsc#1111666). - ath10k: fix PCIE device wake up failed (bsc#1111666). - ath6kl: add some bounds checking (bsc#1051510). - ath9k: Check for errors when reading SREV register (bsc#1111666). - ath9k: correctly handle short radar pulses (bsc#1111666). - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection (bsc#1111666). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert "bcache: fix high CPU occupancy during journal" (bsc#1140652). - bcache: Revert "bcache: free heap cache_set->flush_btree in bch_journal_free" (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Cap the returned MSIX vectors to the RDMA driver (bsc#1134090 jsc#SLE-5954). - bnxt_en: Disable bus master during PCI shutdown and driver unload (bsc#1104745). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bnxt_en: Fix statistics context reservation logic for RDMA driver (bsc#1104745). - bnxt_en: Suppress error messages when querying DSCP DCB capabilities (bsc#1104745). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bpf: btf: fix the brackets of BTF_INT_OFFSET() (bsc#1083647). - bpf: fix callees pruning callers (bsc#1109837). - bpf: fix nested bpf tracepoints with per-cpu data (bsc#1083647). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - carl9170: fix misuse of device driver API (bsc#1111666). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - Correct iwlwifi 22000 series ucode file name (bsc#1142673) - Correct the buggy backport about AER / DPC pcie stuff (bsc#1142623) - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - Delete patches.fixes/s390-setup-fix-early-warning-messages (bsc#1140948). - dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc (bsc#1111666). - dma-direct: add support for allocation from ZONE_DMA and ZONE_DMA32 (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-direct: do not retry allocation for no-op GFP_DMA (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-direct: retry allocations using GFP_DMA for small masks (jsc#SLE-6197 bsc#1140559 LTC#173150). - dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width" (bsc#1051510). - dma-mapping: move dma_mark_clean to dma-direct.h (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-mapping: move swiotlb arch helpers to a new header (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-mapping: take dma_pfn_offset into account in dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drm/amd/display: Make some functions static (bsc#1111666). - drm/atmel-hlcdc: revert shift by 8 (bsc#1111666). - drm/i915/cml: Introduce Comet Lake PCH (jsc#SLE-6681). - drm/i915/icl: Add WaDisableBankHangMode (bsc#1111666). - drm/meson: Add support for XBGR8888 + ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1111666). - drm/nouveau/i2c: Enable i2c pads + busses during preinit (bsc#1051510). - drm: return -EFAULT if copy_to_user() fails (bsc#1111666). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - drm/udl: introduce a macro to convert dev to udl (bsc#1111666). - drm/udl: move to embedding drm device inside udl device (bsc#1111666). - drm/udl: Replace drm_dev_unref with drm_dev_put (bsc#1111666). - drm/vc4: fix fb references in async update (bsc#1141312). - drm/vmwgfx: Honor the sg list segment size limitation (bsc#1111666). - e1000e: start network tx queue only when link is up (bsc#1051510). - Enable intel-speed-select driver and update supported.conf (jsc#SLE-5364) - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - fpga: add intel stratix10 soc fpga manager driver (jsc#SLE-7057). - fpga: stratix10-soc: fix use-after-free on s10_init() (jsc#SLE-7057). - fpga: stratix10-soc: fix wrong of_node_put() in init function (jsc#jsc#SLE-7057). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1111666). - hid: wacom: correct touch resolution x/y typo (bsc#1051510). - hid: wacom: generic: Correct pad syncing (bsc#1051510). - hid: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - ib/ipoib: Add child to parent list only if device initialized (bsc#1103992). - ib/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE (bsc#1103991). - idr: fix overflow case for idr_for_each_entry_ul() (bsc#1109837). - input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - input: psmouse - fix build error of multiple definition (bsc#1051510). - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - iommu-helper: mark iommu_is_span_boundary as inline (jsc#SLE-6197 bsc#1140559 LTC#173150). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - iwlwifi: correct one of the PCI struct names (bsc#1111666). - iwlwifi: do not WARN when calling iwl_get_shared_mem_conf with RF-Kill (bsc#1111666). - iwlwifi: fix cfg structs for 22000 with different RF modules (bsc#1111666). - iwlwifi: fix devices with PCI Device ID 0x34F0 and 11ac RF modules (bsc#1111666). - iwlwifi: Fix double-free problems in iwl_req_fw_callback() (bsc#1111666). - iwlwifi: fix RF-Kill interrupt while FW load for gen2 devices (bsc#1111666). - iwlwifi: mvm: Drop large non sta frames (bsc#1111666). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1111666). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1111666). - kabi fix for hda_codec.relaxed_resume flag (bsc#1111666). - kabi: Fix lost iommu-helper symbols on arm64 (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: mask changes made by basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: mask changes made by swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: mask changes made by use of DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: remove unused hcall definition (bsc#1140322 LTC#176270). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_kvm_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_kvm_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker. - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - lib/bitmap.c: make bitmap_parselist() thread-safe and much faster (bsc#1143507). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - libnvdimm/region: Register badblocks before namespaces (bsc#1143209). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - mac80211: do not start any work during reconfigure flow (bsc#1111666). - mac80211: fix rate reporting inside cfg80211_calculate_bitrate_he() (bsc#1111666). - mac80211: free peer keys before vif down in mesh (bsc#1111666). - mac80211: mesh: fix RCU warning (bsc#1111666). - mac80211: only warn once on chanctx_conf being NULL (bsc#1111666). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mips: fix an off-by-one in dma_capable (jsc#SLE-6197 bsc#1140559 LTC#173150). - mlxsw: spectrum_dcb: Configure DSCP map as the last rule is removed (bsc#1112374). - mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL (bsc#1051510). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - mt7601u: do not schedule rx_tasklet when the device has been disconnected (bsc#1111666). - mt7601u: fix possible memory leak when the device is disconnected (bsc#1111666). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/af_iucv: build proper skbs for HiperTransport (bsc#1142221 LTC#179332). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142221 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net: hns3: Fix inconsistent indenting (bsc#1140676). - net: hns: fix ICMP6 neighbor solicitation messages discard problem (bsc#1140676). - net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw() (bsc#1140676). - net: hns: Fix loopback test failed at copper ports (bsc#1140676). - net: hns: Fix probabilistic memory overwrite when HNS driver initialized (bsc#1140676). - net: hns: fix unsigned comparison to less than zero (bsc#1140676). - net: hns: Fix WARNING when remove HNS driver with SMMU enabled (bsc#1140676). - net: hns: Use NAPI_POLL_WEIGHT for hns driver (bsc#1140676). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net/mlx5e: Rx, Fix checksum calculation for new hardware (bsc#1127611). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net/tls: fix socket wmem accounting on fallback with netem (bsc#1109837). - net/tls: make sure offload also gets the keys wiped (bsc#1109837). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - p54usb: Fix race between disconnect and firmware loading (bsc#1111666). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - pci/aer: Use cached AER Capability offset (bsc#1142623). - pci: Always allow probing with driver_override (bsc#1051510). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pci/P2PDMA: Fix missing check for dma_virt_ops (bsc#1111666). - pci / PM: Use SMART_SUSPEND and LEAVE_SUSPENDED flags for PCIe ports (bsc#1142623). - pci/portdrv: Add #defines for AER and DPC Interrupt Message Number masks (bsc#1142623). - pci/portdrv: Consolidate comments (bsc#1142623). - pci/portdrv: Disable port driver in compat mode (bsc#1142623). - pci/portdrv: Remove pcie_portdrv_err_handler.slot_reset (bsc#1142623). - pci: portdrv: Restore PCI config state on slot reset (bsc#1142623). - pci/portdrv: Support PCIe services on subtractive decode bridges (bsc#1142623). - pci/portdrv: Use conventional Device ID table formatting (bsc#1142623). - pci: Return error if cannot probe VF (bsc#1051510). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: ISST: Add common API to register and handle ioctls (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mailbox interface via MSRs (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mailbox interface via PCI (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mmio interface (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select PUNIT MSR interface (jsc#SLE-5364). - platform/x86: ISST: Add IOCTL to Translate Linux logical CPU to PUNIT CPU number (jsc#SLE-5364). - platform/x86: ISST: Restore state on resume (jsc#SLE-5364). - platform/x86: ISST: Store per CPU information (jsc#SLE-5364). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/papr_scm: Force a scm-unbind if initial scm-bind fails (bsc#1140322 LTC#176270). - powerpc/papr_scm: Update drc_pmem_unbind() to use H_SCM_UNBIND_ALL (bsc#1140322 LTC#176270). - powerpc/pseries: Update SCM hcall op-codes in hvcall.h (bsc#1140322 LTC#176270). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppc: Convert mmu context allocation to new IDA API (bsc#1139619 LTC#178538). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - qed: Fix build error without CONFIG_DEVLINK (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix -Wmaybe-uninitialized false positive (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qedi: Use hwfns and affin_hwfn_idx to get MSI-X vector index (jsc#SLE-4693 bsc#1136462). - rdma/odp: Fix missed unlock in non-blocking invalidate_start (bsc#1103992). - rdma/srp: Accept again source addresses that do not have a port number (bsc#1103992). - rdma/srp: Document srp_parse_in() arguments (bsc#1103992 ). - rdma/uverbs: check for allocation failure in uapi_add_elm() (bsc#1103992). - rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes). - Revert "bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()" (bsc#1140652). - Revert "e1000e: fix cyclic resets at link up with active tx" (bsc#1051510). - Revert "livepatch: Remove reliable stacktrace check in klp_try_switch_task()" (bsc#1071995). - Revert "serial: 8250: Do not service RX FIFO if interrupts are disabled" (bsc#1051510). - rtlwifi: rtl8192cu: fix error handle when usb probe failed (bsc#1111666). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390: add alignment hints to vector load and store (jsc#SLE-6907 LTC#175887). - s390/airq: use DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cio: add basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cio: introduce DMA pools to cio (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cpum_cf: add ctr_stcctm() function (jsc#SLE-6904 ). - s390/cpum_cf: Add minimal in-kernel interface for counter measurements (jsc#SLE-6904). - s390/cpum_cf: Add support for CPU-MF SVN 6 (jsc#SLE-6904 ). - s390/cpum_cf_diag: Add support for CPU-MF SVN 6 (jsc#SLE-6904 ). - s390/cpum_cf_diag: Add support for s390 counter facility diagnostic trace (jsc#SLE-6904). - s390/cpum_cf: introduce kernel_cpumcf_alert() to obtain measurement alerts (jsc#SLE-6904). - s390/cpum_cf: introduce kernel_cpumcf_avail() function (jsc#SLE-6904). - s390/cpum_cf: move counter set controls to a new header file (jsc#SLE-6904). - s390/cpum_cf: prepare for in-kernel counter measurements (jsc#SLE-6904). - s390/cpum_cf: rename per-CPU counter facility structure and variables (jsc#SLE-6904). - s390/cpumf: Add extended counter set definitions for model 8561 and 8562 (bsc#1142052 LTC#179320). - s390/cpu_mf: add store cpu counter multiple instruction support (jsc#SLE-6904). - s390/cpumf: Fix warning from check_processor_id (jsc#SLE-6904 ). - s390/cpu_mf: move struct cpu_cf_events and per-CPU variable to header file (jsc#SLE-6904). - s390/cpu_mf: replace stcctm5() with the stcctm() function (jsc#SLE-6904). - s390/dma: provide proper ARCH_ZONE_DMA_BITS value (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/mm: force swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142119 LTC#179331). - s390/qeth: be drop monitor friendly (bsc#1142115 LTC#179337). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390: remove the unused dma_capable helper (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390: report new CPU capabilities (jsc#SLE-6907 LTC#175887). - s390/vtime: steal time exponential moving average (bsc#1119222). - s390/zcrypt: Fix wrong dispatching for control domain CPRBs (bsc#1137811 LTC#178088). - scripts/git_sort/git_sort.py: Add mmots tree. - scsi: cxgb4i: add wait_for_completion() (jsc#SLE-4678 bsc#1136342). - scsi: cxgbi: KABI: fix handle completion etc (jsc#SLE-4678 bsc#1136342). - scsi: cxgbi: remove redundant __kfree_skb call on skb and free cst->atid (jsc#SLE-4678 bsc#1136342). - scsi: fc: add FPIN ELS definition (bsc#1136217,jsc#SLE-4722). - scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1136217,jsc#SLE-4722). - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - scsi: lpfc: Add loopback testing to trunking mode (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: add support for posting FC events on FPIN reception (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Annotate switch/case fall-through (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: avoid uninitialized variable warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Cancel queued work for an IO when processing a received ABTS (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Change smp_processor_id() into raw_smp_processor_id() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Convert bootstrap mbx polling from msleep to udelay (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Coordinate adapter error handling with offline handling (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct boot bios information to FDMI registration (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct localport timeout duration error (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct __lpfc_sli_issue_iocb_s4 lockdep check (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct nvmet buffer free race condition (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Declare local functions static (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Enhance 6072 log string (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix 32-bit format string warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix a handful of indentation issues (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix alloc context on oas lun creations (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix a recently introduced compiler warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix BFS crash with DIX enabled (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix build error (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix calls to dma_set_mask_and_coherent() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix deadlock due to nested hbalock call (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix driver crash in target reset handler (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix duplicate log message numbers (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix error code if kcalloc() fails (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix error codes in lpfc_sli4_pci_mem_setup() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix fc4type information for FDMI (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix fcp_rsp_len checking on lun reset (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix FDMI fc4type for nvme support (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix FDMI manufacturer attribute value (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix handling of trunk links state reporting (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix hardlockup in scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix HDMI2 registration string for symbolic name (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix incorrect logical link speed on trunks when links down (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix indentation and balance braces (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix io lost on host resets (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix kernel warnings related to smp_processor_id() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix link speed reporting for 4-link trunk (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix location of SCSI ktime counters (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix lpfc_nvmet_mrq attribute handling when 0 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix mailbox hang on adapter init (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix memory leak in abnormal exit path from lpfc_eq_create (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix missing wakeups on abort threads (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet async receive buffer replenishment (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet handling of first burst cmd (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet handling of received ABTS for unmapped frames (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet target abort cmd matching (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix oops when driver is loaded with 1 interrupt vector (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix poor use of hardware queues if fewer irq vectors (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix protocol support on G6 and G7 adapters (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix PT2PT PLOGI collison stopping discovery (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix unused variable warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fixup eq_clr_intr references (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix use-after-free mailbox cmd completion (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Make lpfc_sli4_oas_verify static (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Move trunk_errmsg[] from a header file into a .c file (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Prevent 'use after free' memory overwrite in nvmet LS handling (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Reduce memory footprint for lpfc_queue (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove set but not used variable 'phys_id' (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove set-but-not-used variables (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove unused functions (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Resolve inconsistent check of hdwq in lpfc_scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Resolve irq-unsafe lockdep heirarchy warning in lpfc_io_free (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: resolve static checker warning in lpfc_sli4_hba_unset (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Revert message logging on unsupported topology (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Revise message when stuck due to unresponsive adapter (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Rework misleading nvme not supported in firmware message (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Separate CQ processing for nvmet_fc upcalls (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Specify node affinity for queue memory allocation (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Stop adapter if pci errors detected (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update Copyright in driver version (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update lpfc version to 12.2.0.1 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update lpfc version to 12.2.0.3 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: use dma_set_mask_and_coherent (bsc#1136217,jsc#SLE-4722). - scsi: qedf: Add additional checks for io_req->sc_cmd validity (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add a flag to help debugging io_req which could not be cleaned (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add comment to display logging levels (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add driver state to 'driver_stats' debugfs node (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add LBA to underrun debug messages (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add missing return in qedf_scsi_done() (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add port_id for fcport into initiate_cleanup debug message (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add return value to log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Change MSI-X load error message (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check for fcoe_libfc_config failure (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check for tm_flags instead of cmd_type during cleanup (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check the return value of start_xmit (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Cleanup rrq_work after QEDF_CMD_OUTSTANDING is cleared (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Correctly handle refcounting of rdata (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Do not queue anything if upload is in progress (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Do not send ABTS for under run scenario (bsc#1136467 jsc#SLE-4694). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Fix lport may be used uninitialized warning (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Modify flush routine to handle all I/Os and TMF (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Print fcport information on wait for upload timeout (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Print scsi_cmd backpointer in good completion path if the command is still being used (bsc#1136467 jsc#SLE-4694). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Remove set but not used variable 'fr_len' (bsc#1136467 jsc#SLE-4694). - scsi: qedf: remove set but not used variables (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Update the driver version to 8.37.25.19 (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Wait for upload and link down processing during soft ctx reset (bsc#1136467 jsc#SLE-4694). - scsi: qedi: add module param to set ping packet size (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Add packet filter in light L2 Rx path (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Check for session online before getting iSCSI TLV data (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Cleanup redundant QEDI_PAGE_SIZE macro definition (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Fix spelling mistake "OUSTANDING" -> "OUTSTANDING" (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Move LL2 producer index processing in BH (jsc#SLE-4693 bsc#1136462). - scsi: qedi: remove set but not used variables 'cdev' and 'udev' (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Replace PAGE_SIZE with QEDI_PAGE_SIZE (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Update driver version to 8.33.0.21 (jsc#SLE-4693 bsc#1136462). - scsi: qla2xxx: do not crash on uninitialized pool list (boo#1138874). - scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1136217,jsc#SLE-4722). - scsi: scsi_transport_fc: refactor event posting routines (bsc#1136217,jsc#SLE-4722). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - tcp: fix tcp_set_congestion_control() use from bpf hook (bsc#1109837). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - tools: bpftool: Fix json dump crash on powerpc (bsc#1109837). - tools: bpftool: use correct argument in cgroup errors (bsc#1109837). - tools/power/x86: A tool to validate Intel Speed Select commands (jsc#SLE-5364). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - virtio/s390: add indirection to indicators access (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: DMA support for virtio-ccw (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: make airq summary indicators DMA (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use cacheline aligned airq bit vectors (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use DMA memory for ccw I/O and classic notifiers (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use vring_create_virtqueue (jsc#SLE-6197 bsc#1140559 LTC#173150). - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vrf: sit mtu should not be updated when vrf netdev is the link (networking-stable-19_05_14). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - wil6210: drop old event after wmi_call timeout (bsc#1111666). - wil6210: fix potential out-of-bounds read (bsc#1051510). - wil6210: fix spurious interrupts in 3-msi (bsc#1111666). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xdp: fix possible cq entry leak (bsc#1109837). - xdp: fix race on generic receive path (bsc#1109837). - xdp: hold device for umem regardless of zero-copy mode (bsc#1109837). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). - xprtrdma: Fix use-after-free in rpcrdma_post_recvs (bsc#1103992 ). - xsk: Properly terminate assignment in xskq_produce_flush_desc (bsc#1109837). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2070=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-azure-4.12.14-6.23.1 kernel-azure-base-4.12.14-6.23.1 kernel-azure-base-debuginfo-4.12.14-6.23.1 kernel-azure-debuginfo-4.12.14-6.23.1 kernel-azure-debugsource-4.12.14-6.23.1 kernel-azure-devel-4.12.14-6.23.1 kernel-syms-azure-4.12.14-6.23.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-azure-4.12.14-6.23.1 kernel-source-azure-4.12.14-6.23.1 References: https://www.suse.com/security/cve/CVE-2018-20855.html https://www.suse.com/security/cve/CVE-2019-1125.html https://www.suse.com/security/cve/CVE-2019-11810.html https://www.suse.com/security/cve/CVE-2019-13631.html https://www.suse.com/security/cve/CVE-2019-13648.html https://www.suse.com/security/cve/CVE-2019-14283.html https://www.suse.com/security/cve/CVE-2019-14284.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1083710 https://bugzilla.suse.com/1102247 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104745 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1119222 https://bugzilla.suse.com/1123080 https://bugzilla.suse.com/1127034 https://bugzilla.suse.com/1127315 https://bugzilla.suse.com/1127611 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1134090 https://bugzilla.suse.com/1134097 https://bugzilla.suse.com/1134390 https://bugzilla.suse.com/1134399 https://bugzilla.suse.com/1135335 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136217 https://bugzilla.suse.com/1136342 https://bugzilla.suse.com/1136460 https://bugzilla.suse.com/1136461 https://bugzilla.suse.com/1136462 https://bugzilla.suse.com/1136467 https://bugzilla.suse.com/1136896 https://bugzilla.suse.com/1137458 https://bugzilla.suse.com/1137534 https://bugzilla.suse.com/1137535 https://bugzilla.suse.com/1137584 https://bugzilla.suse.com/1137609 https://bugzilla.suse.com/1137811 https://bugzilla.suse.com/1137827 https://bugzilla.suse.com/1138874 https://bugzilla.suse.com/1139358 https://bugzilla.suse.com/1139619 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140139 https://bugzilla.suse.com/1140322 https://bugzilla.suse.com/1140559 https://bugzilla.suse.com/1140652 https://bugzilla.suse.com/1140676 https://bugzilla.suse.com/1140887 https://bugzilla.suse.com/1140888 https://bugzilla.suse.com/1140889 https://bugzilla.suse.com/1140891 https://bugzilla.suse.com/1140893 https://bugzilla.suse.com/1140903 https://bugzilla.suse.com/1140945 https://bugzilla.suse.com/1140948 https://bugzilla.suse.com/1140954 https://bugzilla.suse.com/1140955 https://bugzilla.suse.com/1140956 https://bugzilla.suse.com/1140957 https://bugzilla.suse.com/1140958 https://bugzilla.suse.com/1140959 https://bugzilla.suse.com/1140960 https://bugzilla.suse.com/1140961 https://bugzilla.suse.com/1140962 https://bugzilla.suse.com/1140964 https://bugzilla.suse.com/1140971 https://bugzilla.suse.com/1140972 https://bugzilla.suse.com/1140992 https://bugzilla.suse.com/1141312 https://bugzilla.suse.com/1141401 https://bugzilla.suse.com/1141402 https://bugzilla.suse.com/1141452 https://bugzilla.suse.com/1141453 https://bugzilla.suse.com/1141454 https://bugzilla.suse.com/1141478 https://bugzilla.suse.com/1142023 https://bugzilla.suse.com/1142052 https://bugzilla.suse.com/1142112 https://bugzilla.suse.com/1142115 https://bugzilla.suse.com/1142119 https://bugzilla.suse.com/1142220 https://bugzilla.suse.com/1142221 https://bugzilla.suse.com/1142254 https://bugzilla.suse.com/1142350 https://bugzilla.suse.com/1142351 https://bugzilla.suse.com/1142354 https://bugzilla.suse.com/1142359 https://bugzilla.suse.com/1142450 https://bugzilla.suse.com/1142623 https://bugzilla.suse.com/1142673 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142868 https://bugzilla.suse.com/1143003 https://bugzilla.suse.com/1143045 https://bugzilla.suse.com/1143105 https://bugzilla.suse.com/1143185 https://bugzilla.suse.com/1143189 https://bugzilla.suse.com/1143191 https://bugzilla.suse.com/1143209 https://bugzilla.suse.com/1143507 From sle-updates at lists.suse.com Tue Aug 6 22:42:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 06:42:49 +0200 (CEST) Subject: SUSE-SU-2019:2073-1: important: Security update for the Linux Kernel Message-ID: <20190807044249.A5B01FF12@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2073-1 Rating: important References: #1051510 #1055117 #1071995 #1083647 #1083710 #1102247 #1103991 #1103992 #1104745 #1109837 #1111666 #1112374 #1119222 #1123080 #1127034 #1127315 #1127611 #1129770 #1130972 #1133021 #1134090 #1134097 #1134390 #1134399 #1135335 #1135642 #1136217 #1136342 #1136460 #1136461 #1136462 #1136467 #1137458 #1137534 #1137535 #1137584 #1137609 #1137811 #1137827 #1138874 #1139358 #1139619 #1140133 #1140139 #1140322 #1140559 #1140652 #1140676 #1140903 #1140945 #1140948 #1141312 #1141401 #1141402 #1141452 #1141453 #1141454 #1141478 #1141558 #1142023 #1142052 #1142083 #1142112 #1142115 #1142119 #1142220 #1142221 #1142254 #1142350 #1142351 #1142354 #1142359 #1142450 #1142623 #1142673 #1142701 #1142868 #1143003 #1143045 #1143105 #1143185 #1143189 #1143191 #1143209 #1143507 Cross-References: CVE-2018-20855 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 78 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045). - CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default. (bnc#1143191) - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399). - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame. (bnc#1142254) - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) The following non-security bugs were fixed: - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - Add back sibling paca poiter to paca (bsc#1055117). - Add support for crct10dif-vpmsum (). - af_unix: remove redundant lockdep class (git-fixes). - alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda - Do not resume forcibly i915 HDMI/DP codec (bsc#1111666). - alsa: hda - Fix intermittent CORB/RIRB stall on Intel chips (bsc#1111666). - alsa: hda/hdmi - Fix i915 reverse port/pin mapping (bsc#1111666). - alsa: hda/hdmi - Remove duplicated define (bsc#1111666). - alsa: hda - Optimize resume for codecs without jack detection (bsc#1111666). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: fix Line6 Helix audio format rates (bsc#1111666). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - arm64: do not override dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150). - asoc : cs4265 : readable register too low (bsc#1051510). - asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - asoc: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath10k: add missing error handling (bsc#1111666). - ath10k: add peer id check in ath10k_peer_find_by_id (bsc#1111666). - ath10k: destroy sdio workqueue while remove sdio module (bsc#1111666). - ath10k: Do not send probe response template for mesh (bsc#1111666). - ath10k: Fix encoding for protected management frames (bsc#1111666). - ath10k: fix incorrect multicast/broadcast rate setting (bsc#1111666). - ath10k: fix PCIE device wake up failed (bsc#1111666). - ath6kl: add some bounds checking (bsc#1051510). - ath9k: Check for errors when reading SREV register (bsc#1111666). - ath9k: correctly handle short radar pulses (bsc#1111666). - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection (bsc#1111666). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert "bcache: fix high CPU occupancy during journal" (bsc#1140652). - bcache: Revert "bcache: free heap cache_set->flush_btree in bch_journal_free" (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Cap the returned MSIX vectors to the RDMA driver (bsc#1134090 jsc#SLE-5954). - bnxt_en: Disable bus master during PCI shutdown and driver unload (bsc#1104745). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bnxt_en: Fix statistics context reservation logic for RDMA driver (bsc#1104745). - bnxt_en: Suppress error messages when querying DSCP DCB capabilities (bsc#1104745). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bpf: btf: fix the brackets of BTF_INT_OFFSET() (bsc#1083647). - bpf: fix callees pruning callers (bsc#1109837). - bpf: fix nested bpf tracepoints with per-cpu data (bsc#1083647). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - carl9170: fix misuse of device driver API (bsc#1111666). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - Correct iwlwifi 22000 series ucode file name (bsc#1142673) - Correct the buggy backport about AER / DPC pcie stuff (bsc#1142623) - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - Delete patches.fixes/s390-setup-fix-early-warning-messages (bsc#1140948). - dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc (bsc#1111666). - dma-direct: add support for allocation from ZONE_DMA and ZONE_DMA32 (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-direct: do not retry allocation for no-op GFP_DMA (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-direct: retry allocations using GFP_DMA for small masks (jsc#SLE-6197 bsc#1140559 LTC#173150). - dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width" (bsc#1051510). - dma-mapping: move dma_mark_clean to dma-direct.h (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-mapping: move swiotlb arch helpers to a new header (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-mapping: take dma_pfn_offset into account in dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drm/amd/display: Make some functions static (bsc#1111666). - drm/atmel-hlcdc: revert shift by 8 (bsc#1111666). - drm/i915/cml: Introduce Comet Lake PCH (jsc#SLE-6681). - drm/i915/icl: Add WaDisableBankHangMode (bsc#1111666). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1111666). - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm: return -EFAULT if copy_to_user() fails (bsc#1111666). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - drm/udl: introduce a macro to convert dev to udl (bsc#1111666). - drm/udl: move to embedding drm device inside udl device (bsc#1111666). - drm/udl: Replace drm_dev_unref with drm_dev_put (bsc#1111666). - drm/vc4: fix fb references in async update (bsc#1141312). - drm/vmwgfx: Honor the sg list segment size limitation (bsc#1111666). - e1000e: start network tx queue only when link is up (bsc#1051510). - Enable intel-speed-select driver and update supported.conf (jsc#SLE-5364) - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - fpga: add intel stratix10 soc fpga manager driver (jsc#SLE-7057). - fpga: stratix10-soc: fix use-after-free on s10_init() (jsc#SLE-7057). - fpga: stratix10-soc: fix wrong of_node_put() in init function (jsc#jsc#SLE-7057). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1111666). - hid: wacom: correct touch resolution x/y typo (bsc#1051510). - hid: wacom: generic: Correct pad syncing (bsc#1051510). - hid: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - ib/ipoib: Add child to parent list only if device initialized (bsc#1103992). - ib/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE (bsc#1103991). - idr: fix overflow case for idr_for_each_entry_ul() (bsc#1109837). - input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - input: psmouse - fix build error of multiple definition (bsc#1051510). - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - iommu-helper: mark iommu_is_span_boundary as inline (jsc#SLE-6197 bsc#1140559 LTC#173150). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - iwlwifi: correct one of the PCI struct names (bsc#1111666). - iwlwifi: do not WARN when calling iwl_get_shared_mem_conf with RF-Kill (bsc#1111666). - iwlwifi: fix cfg structs for 22000 with different RF modules (bsc#1111666). - iwlwifi: fix devices with PCI Device ID 0x34F0 and 11ac RF modules (bsc#1111666). - iwlwifi: Fix double-free problems in iwl_req_fw_callback() (bsc#1111666). - iwlwifi: fix RF-Kill interrupt while FW load for gen2 devices (bsc#1111666). - iwlwifi: mvm: Drop large non sta frames (bsc#1111666). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1111666). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1111666). - kabi fix for hda_codec.relaxed_resume flag (bsc#1111666). - kabi: Fix lost iommu-helper symbols on arm64 (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: mask changes made by basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: mask changes made by swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: mask changes made by use of DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: remove unused hcall definition (bsc#1140322 LTC#176270). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_kvm_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_kvm_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker. - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - libnvdimm/region: Register badblocks before namespaces (bsc#1143209). - lib/bitmap.c: make bitmap_parselist() thread-safe and much faster (bsc#1143507). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - mac80211: do not start any work during reconfigure flow (bsc#1111666). - mac80211: fix rate reporting inside cfg80211_calculate_bitrate_he() (bsc#1111666). - mac80211: free peer keys before vif down in mesh (bsc#1111666). - mac80211: mesh: fix RCU warning (bsc#1111666). - mac80211: only warn once on chanctx_conf being NULL (bsc#1111666). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mips: fix an off-by-one in dma_capable (jsc#SLE-6197 bsc#1140559 LTC#173150). - mlxsw: spectrum_dcb: Configure DSCP map as the last rule is removed (bsc#1112374). - mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL (bsc#1051510). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - mt7601u: do not schedule rx_tasklet when the device has been disconnected (bsc#1111666). - mt7601u: fix possible memory leak when the device is disconnected (bsc#1111666). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/af_iucv: build proper skbs for HiperTransport (bsc#1142221 LTC#179332). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142221 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net: hns3: Fix inconsistent indenting (bsc#1140676). - net: hns: fix ICMP6 neighbor solicitation messages discard problem (bsc#1140676). - net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw() (bsc#1140676). - net: hns: Fix loopback test failed at copper ports (bsc#1140676). - net: hns: Fix probabilistic memory overwrite when HNS driver initialized (bsc#1140676). - net: hns: fix unsigned comparison to less than zero (bsc#1140676). - net: hns: Fix WARNING when remove HNS driver with SMMU enabled (bsc#1140676). - net: hns: Use NAPI_POLL_WEIGHT for hns driver (bsc#1140676). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net/mlx5e: Rx, Fix checksum calculation for new hardware (bsc#1127611). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net/tls: fix socket wmem accounting on fallback with netem (bsc#1109837). - net/tls: make sure offload also gets the keys wiped (bsc#1109837). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - p54usb: Fix race between disconnect and firmware loading (bsc#1111666). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - pci/aer: Use cached AER Capability offset (bsc#1142623). - pci: Always allow probing with driver_override (bsc#1051510). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pci/P2PDMA: Fix missing check for dma_virt_ops (bsc#1111666). - pci / PM: Use SMART_SUSPEND and LEAVE_SUSPENDED flags for PCIe ports (bsc#1142623). - pci/portdrv: Add #defines for AER and DPC Interrupt Message Number masks (bsc#1142623). - pci/portdrv: Consolidate comments (bsc#1142623). - pci/portdrv: Disable port driver in compat mode (bsc#1142623). - pci/portdrv: Remove pcie_portdrv_err_handler.slot_reset (bsc#1142623). - pci: portdrv: Restore PCI config state on slot reset (bsc#1142623). - pci/portdrv: Support PCIe services on subtractive decode bridges (bsc#1142623). - pci/portdrv: Use conventional Device ID table formatting (bsc#1142623). - pci: Return error if cannot probe VF (bsc#1051510). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: ISST: Add common API to register and handle ioctls (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mailbox interface via MSRs (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mailbox interface via PCI (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mmio interface (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select PUNIT MSR interface (jsc#SLE-5364). - platform/x86: ISST: Add IOCTL to Translate Linux logical CPU to PUNIT CPU number (jsc#SLE-5364). - platform/x86: ISST: Restore state on resume (jsc#SLE-5364). - platform/x86: ISST: Store per CPU information (jsc#SLE-5364). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/papr_scm: Force a scm-unbind if initial scm-bind fails (bsc#1140322 LTC#176270). - powerpc/papr_scm: Update drc_pmem_unbind() to use H_SCM_UNBIND_ALL (bsc#1140322 LTC#176270). - powerpc/pseries: Update SCM hcall op-codes in hvcall.h (bsc#1140322 LTC#176270). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppc: Convert mmu context allocation to new IDA API (bsc#1139619 LTC#178538). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - qed: Fix build error without CONFIG_DEVLINK (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix -Wmaybe-uninitialized false positive (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qedi: Use hwfns and affin_hwfn_idx to get MSI-X vector index (jsc#SLE-4693 bsc#1136462). - rdma/odp: Fix missed unlock in non-blocking invalidate_start (bsc#1103992). - rdma/srp: Accept again source addresses that do not have a port number (bsc#1103992). - rdma/srp: Document srp_parse_in() arguments (bsc#1103992 ). - rdma/uverbs: check for allocation failure in uapi_add_elm() (bsc#1103992). - rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes). - Revert "bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()" (bsc#1140652). - Revert "e1000e: fix cyclic resets at link up with active tx" (bsc#1051510). - Revert "livepatch: Remove reliable stacktrace check in klp_try_switch_task()" (bsc#1071995). - Revert "serial: 8250: Do not service RX FIFO if interrupts are disabled" (bsc#1051510). - rtlwifi: rtl8192cu: fix error handle when usb probe failed (bsc#1111666). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390: add alignment hints to vector load and store (jsc#SLE-6907 LTC#175887). - s390/airq: use DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cio: add basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cio: introduce DMA pools to cio (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cpum_cf: add ctr_stcctm() function (jsc#SLE-6904 ). - s390/cpum_cf: Add minimal in-kernel interface for counter measurements (jsc#SLE-6904). - s390/cpum_cf: Add support for CPU-MF SVN 6 (jsc#SLE-6904 ). - s390/cpum_cf_diag: Add support for CPU-MF SVN 6 (jsc#SLE-6904 ). - s390/cpum_cf_diag: Add support for s390 counter facility diagnostic trace (jsc#SLE-6904). - s390/cpum_cf: introduce kernel_cpumcf_alert() to obtain measurement alerts (jsc#SLE-6904). - s390/cpum_cf: introduce kernel_cpumcf_avail() function (jsc#SLE-6904). - s390/cpum_cf: move counter set controls to a new header file (jsc#SLE-6904). - s390/cpum_cf: prepare for in-kernel counter measurements (jsc#SLE-6904). - s390/cpum_cf: rename per-CPU counter facility structure and variables (jsc#SLE-6904). - s390/cpumf: Add extended counter set definitions for model 8561 and 8562 (bsc#1142052 LTC#179320). - s390/cpu_mf: add store cpu counter multiple instruction support (jsc#SLE-6904). - s390/cpumf: Fix warning from check_processor_id (jsc#SLE-6904 ). - s390/cpu_mf: move struct cpu_cf_events and per-CPU variable to header file (jsc#SLE-6904). - s390/cpu_mf: replace stcctm5() with the stcctm() function (jsc#SLE-6904). - s390/dma: provide proper ARCH_ZONE_DMA_BITS value (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/mm: force swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142119 LTC#179331). - s390/qeth: be drop monitor friendly (bsc#1142115 LTC#179337). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390: remove the unused dma_capable helper (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390: report new CPU capabilities (jsc#SLE-6907 LTC#175887). - s390/vtime: steal time exponential moving average (bsc#1119222). - s390/zcrypt: Fix wrong dispatching for control domain CPRBs (bsc#1137811 LTC#178088). - scripts/git_sort/git_sort.py: Add mmots tree. - scsi: cxgb4i: add wait_for_completion() (jsc#SLE-4678 bsc#1136342). - scsi: cxgbi: KABI: fix handle completion etc (jsc#SLE-4678 bsc#1136342). - scsi: cxgbi: remove redundant __kfree_skb call on skb and free cst->atid (jsc#SLE-4678 bsc#1136342). - scsi: fc: add FPIN ELS definition (bsc#1136217,jsc#SLE-4722). - scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1136217,jsc#SLE-4722). - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - scsi: lpfc: Add loopback testing to trunking mode (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: add support for posting FC events on FPIN reception (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Annotate switch/case fall-through (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: avoid uninitialized variable warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Cancel queued work for an IO when processing a received ABTS (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Change smp_processor_id() into raw_smp_processor_id() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Convert bootstrap mbx polling from msleep to udelay (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Coordinate adapter error handling with offline handling (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct boot bios information to FDMI registration (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct localport timeout duration error (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct __lpfc_sli_issue_iocb_s4 lockdep check (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct nvmet buffer free race condition (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Declare local functions static (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Enhance 6072 log string (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix 32-bit format string warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix a handful of indentation issues (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix alloc context on oas lun creations (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix a recently introduced compiler warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix BFS crash with DIX enabled (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix build error (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix calls to dma_set_mask_and_coherent() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix deadlock due to nested hbalock call (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix driver crash in target reset handler (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix duplicate log message numbers (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix error code if kcalloc() fails (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix error codes in lpfc_sli4_pci_mem_setup() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix fc4type information for FDMI (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix fcp_rsp_len checking on lun reset (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix FDMI fc4type for nvme support (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix FDMI manufacturer attribute value (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix handling of trunk links state reporting (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix hardlockup in scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix HDMI2 registration string for symbolic name (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix incorrect logical link speed on trunks when links down (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix indentation and balance braces (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix io lost on host resets (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix kernel warnings related to smp_processor_id() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix link speed reporting for 4-link trunk (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix location of SCSI ktime counters (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix lpfc_nvmet_mrq attribute handling when 0 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix mailbox hang on adapter init (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix memory leak in abnormal exit path from lpfc_eq_create (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix missing wakeups on abort threads (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet async receive buffer replenishment (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet handling of first burst cmd (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet handling of received ABTS for unmapped frames (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet target abort cmd matching (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix oops when driver is loaded with 1 interrupt vector (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix poor use of hardware queues if fewer irq vectors (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix protocol support on G6 and G7 adapters (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix PT2PT PLOGI collison stopping discovery (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix unused variable warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fixup eq_clr_intr references (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix use-after-free mailbox cmd completion (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Make lpfc_sli4_oas_verify static (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Move trunk_errmsg[] from a header file into a .c file (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Prevent 'use after free' memory overwrite in nvmet LS handling (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Reduce memory footprint for lpfc_queue (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove set but not used variable 'phys_id' (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove set-but-not-used variables (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove unused functions (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Resolve inconsistent check of hdwq in lpfc_scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Resolve irq-unsafe lockdep heirarchy warning in lpfc_io_free (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: resolve static checker warning in lpfc_sli4_hba_unset (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Revert message logging on unsupported topology (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Revise message when stuck due to unresponsive adapter (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Rework misleading nvme not supported in firmware message (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Separate CQ processing for nvmet_fc upcalls (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Specify node affinity for queue memory allocation (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Stop adapter if pci errors detected (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update Copyright in driver version (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update lpfc version to 12.2.0.1 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update lpfc version to 12.2.0.3 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: use dma_set_mask_and_coherent (bsc#1136217,jsc#SLE-4722). - scsi: qedf: Add additional checks for io_req->sc_cmd validity (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add a flag to help debugging io_req which could not be cleaned (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add comment to display logging levels (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add driver state to 'driver_stats' debugfs node (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add LBA to underrun debug messages (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add missing return in qedf_scsi_done() (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add port_id for fcport into initiate_cleanup debug message (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add return value to log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Change MSI-X load error message (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check for fcoe_libfc_config failure (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check for tm_flags instead of cmd_type during cleanup (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check the return value of start_xmit (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Cleanup rrq_work after QEDF_CMD_OUTSTANDING is cleared (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Correctly handle refcounting of rdata (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Do not queue anything if upload is in progress (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Do not send ABTS for under run scenario (bsc#1136467 jsc#SLE-4694). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Fix lport may be used uninitialized warning (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Modify flush routine to handle all I/Os and TMF (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Print fcport information on wait for upload timeout (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Print scsi_cmd backpointer in good completion path if the command is still being used (bsc#1136467 jsc#SLE-4694). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Remove set but not used variable 'fr_len' (bsc#1136467 jsc#SLE-4694). - scsi: qedf: remove set but not used variables (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Update the driver version to 8.37.25.19 (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Wait for upload and link down processing during soft ctx reset (bsc#1136467 jsc#SLE-4694). - scsi: qedi: add module param to set ping packet size (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Add packet filter in light L2 Rx path (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Check for session online before getting iSCSI TLV data (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Cleanup redundant QEDI_PAGE_SIZE macro definition (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Fix spelling mistake "OUSTANDING" -> "OUTSTANDING" (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Move LL2 producer index processing in BH (jsc#SLE-4693 bsc#1136462). - scsi: qedi: remove set but not used variables 'cdev' and 'udev' (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Replace PAGE_SIZE with QEDI_PAGE_SIZE (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Update driver version to 8.33.0.21 (jsc#SLE-4693 bsc#1136462). - scsi: qla2xxx: do not crash on uninitialized pool list (boo#1138874). - scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1136217,jsc#SLE-4722). - scsi: scsi_transport_fc: refactor event posting routines (bsc#1136217,jsc#SLE-4722). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - tcp: fix tcp_set_congestion_control() use from bpf hook (bsc#1109837). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - tools: bpftool: Fix json dump crash on powerpc (bsc#1109837). - tools: bpftool: use correct argument in cgroup errors (bsc#1109837). - tools/power/x86: A tool to validate Intel Speed Select commands (jsc#SLE-5364). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - virtio/s390: add indirection to indicators access (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: DMA support for virtio-ccw (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: make airq summary indicators DMA (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use cacheline aligned airq bit vectors (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use DMA memory for ccw I/O and classic notifiers (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use vring_create_virtqueue (jsc#SLE-6197 bsc#1140559 LTC#173150). - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vrf: sit mtu should not be updated when vrf netdev is the link (networking-stable-19_05_14). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - wil6210: drop old event after wmi_call timeout (bsc#1111666). - wil6210: fix potential out-of-bounds read (bsc#1051510). - wil6210: fix spurious interrupts in 3-msi (bsc#1111666). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xdp: fix possible cq entry leak (bsc#1109837). - xdp: fix race on generic receive path (bsc#1109837). - xdp: hold device for umem regardless of zero-copy mode (bsc#1109837). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). - xprtrdma: Fix use-after-free in rpcrdma_post_recvs (bsc#1103992 ). - xsk: Properly terminate assignment in xskq_produce_flush_desc (bsc#1109837). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-2073=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2073=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-2073=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2073=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2073=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-2073=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.15.1 kernel-default-debugsource-4.12.14-197.15.1 kernel-default-extra-4.12.14-197.15.1 kernel-default-extra-debuginfo-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.15.1 kernel-default-debugsource-4.12.14-197.15.1 kernel-obs-qa-4.12.14-197.15.1 kernel-vanilla-4.12.14-197.15.1 kernel-vanilla-base-4.12.14-197.15.1 kernel-vanilla-base-debuginfo-4.12.14-197.15.1 kernel-vanilla-debuginfo-4.12.14-197.15.1 kernel-vanilla-debugsource-4.12.14-197.15.1 kernel-vanilla-devel-4.12.14-197.15.1 kernel-vanilla-devel-debuginfo-4.12.14-197.15.1 kernel-vanilla-livepatch-devel-4.12.14-197.15.1 kselftests-kmp-default-4.12.14-197.15.1 kselftests-kmp-default-debuginfo-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le x86_64): kernel-debug-4.12.14-197.15.1 kernel-debug-base-4.12.14-197.15.1 kernel-debug-base-debuginfo-4.12.14-197.15.1 kernel-debug-debuginfo-4.12.14-197.15.1 kernel-debug-debugsource-4.12.14-197.15.1 kernel-debug-devel-4.12.14-197.15.1 kernel-debug-devel-debuginfo-4.12.14-197.15.1 kernel-debug-livepatch-devel-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x): kernel-default-livepatch-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64): dtb-al-4.12.14-197.15.1 dtb-allwinner-4.12.14-197.15.1 dtb-altera-4.12.14-197.15.1 dtb-amd-4.12.14-197.15.1 dtb-amlogic-4.12.14-197.15.1 dtb-apm-4.12.14-197.15.1 dtb-arm-4.12.14-197.15.1 dtb-broadcom-4.12.14-197.15.1 dtb-cavium-4.12.14-197.15.1 dtb-exynos-4.12.14-197.15.1 dtb-freescale-4.12.14-197.15.1 dtb-hisilicon-4.12.14-197.15.1 dtb-lg-4.12.14-197.15.1 dtb-marvell-4.12.14-197.15.1 dtb-mediatek-4.12.14-197.15.1 dtb-nvidia-4.12.14-197.15.1 dtb-qcom-4.12.14-197.15.1 dtb-renesas-4.12.14-197.15.1 dtb-rockchip-4.12.14-197.15.1 dtb-socionext-4.12.14-197.15.1 dtb-sprd-4.12.14-197.15.1 dtb-xilinx-4.12.14-197.15.1 dtb-zte-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): kernel-kvmsmall-4.12.14-197.15.1 kernel-kvmsmall-base-4.12.14-197.15.1 kernel-kvmsmall-base-debuginfo-4.12.14-197.15.1 kernel-kvmsmall-debuginfo-4.12.14-197.15.1 kernel-kvmsmall-debugsource-4.12.14-197.15.1 kernel-kvmsmall-devel-4.12.14-197.15.1 kernel-kvmsmall-devel-debuginfo-4.12.14-197.15.1 kernel-kvmsmall-livepatch-devel-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): kernel-docs-html-4.12.14-197.15.1 kernel-source-vanilla-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): kernel-zfcpdump-debuginfo-4.12.14-197.15.1 kernel-zfcpdump-debugsource-4.12.14-197.15.1 kernel-zfcpdump-man-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.15.1 kernel-default-debugsource-4.12.14-197.15.1 reiserfs-kmp-default-4.12.14-197.15.1 reiserfs-kmp-default-debuginfo-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.15.1 kernel-obs-build-debugsource-4.12.14-197.15.1 kernel-syms-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.15.1 kernel-source-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.15.1 kernel-default-base-4.12.14-197.15.1 kernel-default-base-debuginfo-4.12.14-197.15.1 kernel-default-debuginfo-4.12.14-197.15.1 kernel-default-debugsource-4.12.14-197.15.1 kernel-default-devel-4.12.14-197.15.1 kernel-default-devel-debuginfo-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.15.1 kernel-macros-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.15.1 kernel-zfcpdump-4.12.14-197.15.1 kernel-zfcpdump-debuginfo-4.12.14-197.15.1 kernel-zfcpdump-debugsource-4.12.14-197.15.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.15.1 cluster-md-kmp-default-debuginfo-4.12.14-197.15.1 dlm-kmp-default-4.12.14-197.15.1 dlm-kmp-default-debuginfo-4.12.14-197.15.1 gfs2-kmp-default-4.12.14-197.15.1 gfs2-kmp-default-debuginfo-4.12.14-197.15.1 kernel-default-debuginfo-4.12.14-197.15.1 kernel-default-debugsource-4.12.14-197.15.1 ocfs2-kmp-default-4.12.14-197.15.1 ocfs2-kmp-default-debuginfo-4.12.14-197.15.1 References: https://www.suse.com/security/cve/CVE-2018-20855.html https://www.suse.com/security/cve/CVE-2019-1125.html https://www.suse.com/security/cve/CVE-2019-11810.html https://www.suse.com/security/cve/CVE-2019-13631.html https://www.suse.com/security/cve/CVE-2019-13648.html https://www.suse.com/security/cve/CVE-2019-14283.html https://www.suse.com/security/cve/CVE-2019-14284.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1083710 https://bugzilla.suse.com/1102247 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104745 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1119222 https://bugzilla.suse.com/1123080 https://bugzilla.suse.com/1127034 https://bugzilla.suse.com/1127315 https://bugzilla.suse.com/1127611 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1134090 https://bugzilla.suse.com/1134097 https://bugzilla.suse.com/1134390 https://bugzilla.suse.com/1134399 https://bugzilla.suse.com/1135335 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136217 https://bugzilla.suse.com/1136342 https://bugzilla.suse.com/1136460 https://bugzilla.suse.com/1136461 https://bugzilla.suse.com/1136462 https://bugzilla.suse.com/1136467 https://bugzilla.suse.com/1137458 https://bugzilla.suse.com/1137534 https://bugzilla.suse.com/1137535 https://bugzilla.suse.com/1137584 https://bugzilla.suse.com/1137609 https://bugzilla.suse.com/1137811 https://bugzilla.suse.com/1137827 https://bugzilla.suse.com/1138874 https://bugzilla.suse.com/1139358 https://bugzilla.suse.com/1139619 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140139 https://bugzilla.suse.com/1140322 https://bugzilla.suse.com/1140559 https://bugzilla.suse.com/1140652 https://bugzilla.suse.com/1140676 https://bugzilla.suse.com/1140903 https://bugzilla.suse.com/1140945 https://bugzilla.suse.com/1140948 https://bugzilla.suse.com/1141312 https://bugzilla.suse.com/1141401 https://bugzilla.suse.com/1141402 https://bugzilla.suse.com/1141452 https://bugzilla.suse.com/1141453 https://bugzilla.suse.com/1141454 https://bugzilla.suse.com/1141478 https://bugzilla.suse.com/1141558 https://bugzilla.suse.com/1142023 https://bugzilla.suse.com/1142052 https://bugzilla.suse.com/1142083 https://bugzilla.suse.com/1142112 https://bugzilla.suse.com/1142115 https://bugzilla.suse.com/1142119 https://bugzilla.suse.com/1142220 https://bugzilla.suse.com/1142221 https://bugzilla.suse.com/1142254 https://bugzilla.suse.com/1142350 https://bugzilla.suse.com/1142351 https://bugzilla.suse.com/1142354 https://bugzilla.suse.com/1142359 https://bugzilla.suse.com/1142450 https://bugzilla.suse.com/1142623 https://bugzilla.suse.com/1142673 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142868 https://bugzilla.suse.com/1143003 https://bugzilla.suse.com/1143045 https://bugzilla.suse.com/1143105 https://bugzilla.suse.com/1143185 https://bugzilla.suse.com/1143189 https://bugzilla.suse.com/1143191 https://bugzilla.suse.com/1143209 https://bugzilla.suse.com/1143507 From sle-updates at lists.suse.com Tue Aug 6 22:54:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 06:54:30 +0200 (CEST) Subject: SUSE-SU-2019:2068-1: important: Security update for the Linux Azure Kernel Message-ID: <20190807045430.55E82FF12@maintenance.suse.de> SUSE Security Update: Security update for the Linux Azure Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2068-1 Rating: important References: #1051510 #1055117 #1071995 #1083647 #1083710 #1103991 #1111666 #1119222 #1123080 #1127034 #1127315 #1129770 #1133021 #1134097 #1134390 #1134399 #1135335 #1135642 #1137458 #1137534 #1137535 #1137584 #1137609 #1137827 #1139358 #1140133 #1140139 #1140322 #1140652 #1140887 #1140888 #1140889 #1140891 #1140893 #1140903 #1140945 #1140948 #1140954 #1140955 #1140956 #1140957 #1140958 #1140959 #1140960 #1140961 #1140962 #1140964 #1140971 #1140972 #1140992 #1141401 #1141402 #1141452 #1141453 #1141454 #1141478 #1142023 #1142112 #1142220 #1142221 #1142265 #1142350 #1142351 #1142354 #1142359 #1142450 #1142701 #1142868 #1143003 #1143105 #1143185 #1143189 #1143191 #1143507 Cross-References: CVE-2018-20855 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 67 fixes is now available. Description: The SUSE Linux Enterprise 15 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20855: An issue was discovered in create_qp_common, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. (bnc#bsc#1103991) - CVE-2019-1125: Fix Spectre V1 variant via swapgs: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-14284: In the Linux kernel, drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. (bnc#bsc#1143189) - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (bsc#1143191) - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. (bsc#1134399) - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user can cause a denial of service via a sigreturn() system call that sends a crafted signal frame. (bnc#1142265) - CVE-2019-13631: In parse_hid_report_descriptor, a malicious usb device could send an hid: report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) The following non-security bugs were fixed: - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - acpi: PM: Allow transitions to D0 to occur in special cases (bsc#1051510). - acpi: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510). - af_unix: remove redundant lockdep class (git-fixes). - alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - asoc : cs4265 : readable register too low (bsc#1051510). - asoc: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666). - asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - asoc: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath6kl: add some bounds checking (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: Revert "bcache: fix high CPU occupancy during journal" (bsc#1140652). - bcache: Revert "bcache: free heap cache_set->flush_btree in bch_journal_free" (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove "XXX:" comment line from run_cache_set() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - blacklist.conf: Add "signal: Do not restart fork when signals come in." - blacklist.conf: Add 65fd4cb65b2d Documentation: Move L1TF to separate directory - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: kill btrfs clear path blocking (bsc#1140139). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dax: Fix xarray entry association for mixed mappings (bsc#1140893). - dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width" (bsc#1051510). - documentation: DMA-API: fix a function name of max_mapping_size (bsc#1140954). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE (bsc#1051510). - drm/i915/dmc: protect against reading random memory (bsc#1051510). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - e1000e: start network tx queue only when link is up (bsc#1051510). - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() (bsc#1140889). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bsc#1140887). - fs: Abort file_remove_privs() for non-reg. files (bsc#1140888). - gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510). - hid: wacom: correct touch resolution x/y typo (bsc#1051510). - hid: wacom: generic: Correct pad syncing (bsc#1051510). - hid: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - hugetlbfs: dirty pages as they are added to pagecache (git fixes (mm/hugetlbfs)). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (git fixes (mm/hugetlbfs)). - input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - input: psmouse - fix build error of multiple definition (bsc#1051510). - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - iommu/amd: Make iommu_disable safer (bsc#1140955). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510). - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510). - iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510). - iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956). - iommu/vt-d: Duplicate iommu_resv_region objects per device list (bsc#1140959). - iommu/vt-d: Handle RMRR with pci bridge device scopes (bsc#1140961). - iommu/vt-d: Handle pci bridge RMRR device scopes in intel_iommu_get_resv_regions (bsc#1140960). - iommu/vt-d: Introduce is_downstream_to_pci_bridge helper (bsc#1140962). - iommu/vt-d: Remove unnecessary rcu_read_locks (bsc#1140964). - iommu: Fix a leak in iommu_insert_resv_region (bsc#1140957). - iommu: Use right function to get group for device (bsc#1140958). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510). - irqchip/mbigen: Do not clear eventid when freeing an MSI (bsc#1051510). - kabi: Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_KVM_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker. - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971). - kvm: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972). - kvm: x86: fix return value for reserved EFER (bsc#1140992). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - lib/bitmap.c: make bitmap_parselist() thread-safe and much faster (bsc#1143507). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm/vmscan.c: prevent useless kswapd loops (git fixes (mm/vmscan)). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL (bsc#1051510). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - pci: Always allow probing with driver_override (bsc#1051510). - pci: Do not poll for PME if the device is in D3cold (bsc#1051510). - pci: Return error if cannot probe VF (bsc#1051510). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/mm: Add back sibling paca poiter to paca (bsc#1055117). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (git-fixes). - ptrace: restore smp_rmb() in __ptrace_may_access() (git-fixes). - pwm: stm32: Use 3 cells ->of_xlate() (bsc#1111666). - qmi_wwan: Fix out-of-bounds read (bsc#1111666). - rds: IB: fix 'passing zero to ERR_PTR()' warning (git-fixes). - regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/vtime: steal time exponential moving average (bsc#1119222). - s390: Fix booting regression (bsc#1140948). - scripts/git_sort/git_sort.py: Add mmots tree. - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - sctp: Fix memory leak in sctp_process_init (networking-stable-19_06_09). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - signal/ptrace: Do not leak unitialized kernel memory with PTRACE_PEEK_SIGINFO (git-fixes). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - staging:iio:ad7150: fix threshold mode config bit (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - wil6210: fix potential out-of-bounds read (bsc#1051510). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-2068=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2068=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): kernel-devel-azure-4.12.14-5.38.1 kernel-source-azure-4.12.14-5.38.1 - SUSE Linux Enterprise Module for Public Cloud 15 (x86_64): kernel-azure-4.12.14-5.38.1 kernel-azure-base-4.12.14-5.38.1 kernel-azure-base-debuginfo-4.12.14-5.38.1 kernel-azure-debuginfo-4.12.14-5.38.1 kernel-azure-devel-4.12.14-5.38.1 kernel-syms-azure-4.12.14-5.38.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): kernel-devel-azure-4.12.14-5.38.1 kernel-source-azure-4.12.14-5.38.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): cluster-md-kmp-azure-4.12.14-5.38.1 cluster-md-kmp-azure-debuginfo-4.12.14-5.38.1 dlm-kmp-azure-4.12.14-5.38.1 dlm-kmp-azure-debuginfo-4.12.14-5.38.1 gfs2-kmp-azure-4.12.14-5.38.1 gfs2-kmp-azure-debuginfo-4.12.14-5.38.1 kernel-azure-4.12.14-5.38.1 kernel-azure-base-4.12.14-5.38.1 kernel-azure-base-debuginfo-4.12.14-5.38.1 kernel-azure-debuginfo-4.12.14-5.38.1 kernel-azure-debugsource-4.12.14-5.38.1 kernel-azure-devel-4.12.14-5.38.1 kernel-azure-devel-debuginfo-4.12.14-5.38.1 kernel-azure-extra-4.12.14-5.38.1 kernel-azure-extra-debuginfo-4.12.14-5.38.1 kernel-azure-livepatch-4.12.14-5.38.1 kernel-syms-azure-4.12.14-5.38.1 kselftests-kmp-azure-4.12.14-5.38.1 kselftests-kmp-azure-debuginfo-4.12.14-5.38.1 ocfs2-kmp-azure-4.12.14-5.38.1 ocfs2-kmp-azure-debuginfo-4.12.14-5.38.1 reiserfs-kmp-azure-4.12.14-5.38.1 reiserfs-kmp-azure-debuginfo-4.12.14-5.38.1 References: https://www.suse.com/security/cve/CVE-2018-20855.html https://www.suse.com/security/cve/CVE-2019-1125.html https://www.suse.com/security/cve/CVE-2019-11810.html https://www.suse.com/security/cve/CVE-2019-13631.html https://www.suse.com/security/cve/CVE-2019-13648.html https://www.suse.com/security/cve/CVE-2019-14283.html https://www.suse.com/security/cve/CVE-2019-14284.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1083710 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1119222 https://bugzilla.suse.com/1123080 https://bugzilla.suse.com/1127034 https://bugzilla.suse.com/1127315 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1134097 https://bugzilla.suse.com/1134390 https://bugzilla.suse.com/1134399 https://bugzilla.suse.com/1135335 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1137458 https://bugzilla.suse.com/1137534 https://bugzilla.suse.com/1137535 https://bugzilla.suse.com/1137584 https://bugzilla.suse.com/1137609 https://bugzilla.suse.com/1137827 https://bugzilla.suse.com/1139358 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140139 https://bugzilla.suse.com/1140322 https://bugzilla.suse.com/1140652 https://bugzilla.suse.com/1140887 https://bugzilla.suse.com/1140888 https://bugzilla.suse.com/1140889 https://bugzilla.suse.com/1140891 https://bugzilla.suse.com/1140893 https://bugzilla.suse.com/1140903 https://bugzilla.suse.com/1140945 https://bugzilla.suse.com/1140948 https://bugzilla.suse.com/1140954 https://bugzilla.suse.com/1140955 https://bugzilla.suse.com/1140956 https://bugzilla.suse.com/1140957 https://bugzilla.suse.com/1140958 https://bugzilla.suse.com/1140959 https://bugzilla.suse.com/1140960 https://bugzilla.suse.com/1140961 https://bugzilla.suse.com/1140962 https://bugzilla.suse.com/1140964 https://bugzilla.suse.com/1140971 https://bugzilla.suse.com/1140972 https://bugzilla.suse.com/1140992 https://bugzilla.suse.com/1141401 https://bugzilla.suse.com/1141402 https://bugzilla.suse.com/1141452 https://bugzilla.suse.com/1141453 https://bugzilla.suse.com/1141454 https://bugzilla.suse.com/1141478 https://bugzilla.suse.com/1142023 https://bugzilla.suse.com/1142112 https://bugzilla.suse.com/1142220 https://bugzilla.suse.com/1142221 https://bugzilla.suse.com/1142265 https://bugzilla.suse.com/1142350 https://bugzilla.suse.com/1142351 https://bugzilla.suse.com/1142354 https://bugzilla.suse.com/1142359 https://bugzilla.suse.com/1142450 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142868 https://bugzilla.suse.com/1143003 https://bugzilla.suse.com/1143105 https://bugzilla.suse.com/1143185 https://bugzilla.suse.com/1143189 https://bugzilla.suse.com/1143191 https://bugzilla.suse.com/1143507 From sle-updates at lists.suse.com Tue Aug 6 23:04:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 07:04:27 +0200 (CEST) Subject: SUSE-SU-2019:2073-1: important: Security update for the Linux Kernel Message-ID: <20190807050427.E152EFF12@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2073-1 Rating: important References: #1051510 #1055117 #1071995 #1083647 #1083710 #1102247 #1103991 #1103992 #1104745 #1109837 #1111666 #1112374 #1119222 #1123080 #1127034 #1127315 #1127611 #1129770 #1130972 #1133021 #1134090 #1134097 #1134390 #1134399 #1135335 #1135642 #1136217 #1136342 #1136460 #1136461 #1136462 #1136467 #1137458 #1137534 #1137535 #1137584 #1137609 #1137811 #1137827 #1138874 #1139358 #1139619 #1140133 #1140139 #1140322 #1140559 #1140652 #1140676 #1140903 #1140945 #1140948 #1141312 #1141401 #1141402 #1141452 #1141453 #1141454 #1141478 #1141558 #1142023 #1142052 #1142083 #1142112 #1142115 #1142119 #1142220 #1142221 #1142254 #1142350 #1142351 #1142354 #1142359 #1142450 #1142623 #1142673 #1142701 #1142868 #1143003 #1143045 #1143105 #1143185 #1143189 #1143191 #1143209 #1143507 Cross-References: CVE-2018-20855 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 78 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045). - CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default. (bnc#1143191) - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399). - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame. (bnc#1142254) - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) The following non-security bugs were fixed: - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - Add back sibling paca poiter to paca (bsc#1055117). - Add support for crct10dif-vpmsum (). - af_unix: remove redundant lockdep class (git-fixes). - alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda - Do not resume forcibly i915 HDMI/DP codec (bsc#1111666). - alsa: hda - Fix intermittent CORB/RIRB stall on Intel chips (bsc#1111666). - alsa: hda/hdmi - Fix i915 reverse port/pin mapping (bsc#1111666). - alsa: hda/hdmi - Remove duplicated define (bsc#1111666). - alsa: hda - Optimize resume for codecs without jack detection (bsc#1111666). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: fix Line6 Helix audio format rates (bsc#1111666). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - arm64: do not override dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150). - asoc : cs4265 : readable register too low (bsc#1051510). - asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - asoc: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath10k: add missing error handling (bsc#1111666). - ath10k: add peer id check in ath10k_peer_find_by_id (bsc#1111666). - ath10k: destroy sdio workqueue while remove sdio module (bsc#1111666). - ath10k: Do not send probe response template for mesh (bsc#1111666). - ath10k: Fix encoding for protected management frames (bsc#1111666). - ath10k: fix incorrect multicast/broadcast rate setting (bsc#1111666). - ath10k: fix PCIE device wake up failed (bsc#1111666). - ath6kl: add some bounds checking (bsc#1051510). - ath9k: Check for errors when reading SREV register (bsc#1111666). - ath9k: correctly handle short radar pulses (bsc#1111666). - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection (bsc#1111666). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert "bcache: fix high CPU occupancy during journal" (bsc#1140652). - bcache: Revert "bcache: free heap cache_set->flush_btree in bch_journal_free" (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Cap the returned MSIX vectors to the RDMA driver (bsc#1134090 jsc#SLE-5954). - bnxt_en: Disable bus master during PCI shutdown and driver unload (bsc#1104745). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bnxt_en: Fix statistics context reservation logic for RDMA driver (bsc#1104745). - bnxt_en: Suppress error messages when querying DSCP DCB capabilities (bsc#1104745). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bpf: btf: fix the brackets of BTF_INT_OFFSET() (bsc#1083647). - bpf: fix callees pruning callers (bsc#1109837). - bpf: fix nested bpf tracepoints with per-cpu data (bsc#1083647). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - carl9170: fix misuse of device driver API (bsc#1111666). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - Correct iwlwifi 22000 series ucode file name (bsc#1142673) - Correct the buggy backport about AER / DPC pcie stuff (bsc#1142623) - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - Delete patches.fixes/s390-setup-fix-early-warning-messages (bsc#1140948). - dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc (bsc#1111666). - dma-direct: add support for allocation from ZONE_DMA and ZONE_DMA32 (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-direct: do not retry allocation for no-op GFP_DMA (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-direct: retry allocations using GFP_DMA for small masks (jsc#SLE-6197 bsc#1140559 LTC#173150). - dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width" (bsc#1051510). - dma-mapping: move dma_mark_clean to dma-direct.h (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-mapping: move swiotlb arch helpers to a new header (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-mapping: take dma_pfn_offset into account in dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drm/amd/display: Make some functions static (bsc#1111666). - drm/atmel-hlcdc: revert shift by 8 (bsc#1111666). - drm/i915/cml: Introduce Comet Lake PCH (jsc#SLE-6681). - drm/i915/icl: Add WaDisableBankHangMode (bsc#1111666). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1111666). - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm: return -EFAULT if copy_to_user() fails (bsc#1111666). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - drm/udl: introduce a macro to convert dev to udl (bsc#1111666). - drm/udl: move to embedding drm device inside udl device (bsc#1111666). - drm/udl: Replace drm_dev_unref with drm_dev_put (bsc#1111666). - drm/vc4: fix fb references in async update (bsc#1141312). - drm/vmwgfx: Honor the sg list segment size limitation (bsc#1111666). - e1000e: start network tx queue only when link is up (bsc#1051510). - Enable intel-speed-select driver and update supported.conf (jsc#SLE-5364) - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - fpga: add intel stratix10 soc fpga manager driver (jsc#SLE-7057). - fpga: stratix10-soc: fix use-after-free on s10_init() (jsc#SLE-7057). - fpga: stratix10-soc: fix wrong of_node_put() in init function (jsc#jsc#SLE-7057). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1111666). - hid: wacom: correct touch resolution x/y typo (bsc#1051510). - hid: wacom: generic: Correct pad syncing (bsc#1051510). - hid: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - ib/ipoib: Add child to parent list only if device initialized (bsc#1103992). - ib/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE (bsc#1103991). - idr: fix overflow case for idr_for_each_entry_ul() (bsc#1109837). - input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - input: psmouse - fix build error of multiple definition (bsc#1051510). - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - iommu-helper: mark iommu_is_span_boundary as inline (jsc#SLE-6197 bsc#1140559 LTC#173150). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - iwlwifi: correct one of the PCI struct names (bsc#1111666). - iwlwifi: do not WARN when calling iwl_get_shared_mem_conf with RF-Kill (bsc#1111666). - iwlwifi: fix cfg structs for 22000 with different RF modules (bsc#1111666). - iwlwifi: fix devices with PCI Device ID 0x34F0 and 11ac RF modules (bsc#1111666). - iwlwifi: Fix double-free problems in iwl_req_fw_callback() (bsc#1111666). - iwlwifi: fix RF-Kill interrupt while FW load for gen2 devices (bsc#1111666). - iwlwifi: mvm: Drop large non sta frames (bsc#1111666). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1111666). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1111666). - kabi fix for hda_codec.relaxed_resume flag (bsc#1111666). - kabi: Fix lost iommu-helper symbols on arm64 (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: mask changes made by basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: mask changes made by swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: mask changes made by use of DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: remove unused hcall definition (bsc#1140322 LTC#176270). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_kvm_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_kvm_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker. - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - libnvdimm/region: Register badblocks before namespaces (bsc#1143209). - lib/bitmap.c: make bitmap_parselist() thread-safe and much faster (bsc#1143507). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - mac80211: do not start any work during reconfigure flow (bsc#1111666). - mac80211: fix rate reporting inside cfg80211_calculate_bitrate_he() (bsc#1111666). - mac80211: free peer keys before vif down in mesh (bsc#1111666). - mac80211: mesh: fix RCU warning (bsc#1111666). - mac80211: only warn once on chanctx_conf being NULL (bsc#1111666). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mips: fix an off-by-one in dma_capable (jsc#SLE-6197 bsc#1140559 LTC#173150). - mlxsw: spectrum_dcb: Configure DSCP map as the last rule is removed (bsc#1112374). - mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL (bsc#1051510). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - mt7601u: do not schedule rx_tasklet when the device has been disconnected (bsc#1111666). - mt7601u: fix possible memory leak when the device is disconnected (bsc#1111666). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/af_iucv: build proper skbs for HiperTransport (bsc#1142221 LTC#179332). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142221 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net: hns3: Fix inconsistent indenting (bsc#1140676). - net: hns: fix ICMP6 neighbor solicitation messages discard problem (bsc#1140676). - net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw() (bsc#1140676). - net: hns: Fix loopback test failed at copper ports (bsc#1140676). - net: hns: Fix probabilistic memory overwrite when HNS driver initialized (bsc#1140676). - net: hns: fix unsigned comparison to less than zero (bsc#1140676). - net: hns: Fix WARNING when remove HNS driver with SMMU enabled (bsc#1140676). - net: hns: Use NAPI_POLL_WEIGHT for hns driver (bsc#1140676). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net/mlx5e: Rx, Fix checksum calculation for new hardware (bsc#1127611). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net/tls: fix socket wmem accounting on fallback with netem (bsc#1109837). - net/tls: make sure offload also gets the keys wiped (bsc#1109837). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - p54usb: Fix race between disconnect and firmware loading (bsc#1111666). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - pci/aer: Use cached AER Capability offset (bsc#1142623). - pci: Always allow probing with driver_override (bsc#1051510). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pci/P2PDMA: Fix missing check for dma_virt_ops (bsc#1111666). - pci / PM: Use SMART_SUSPEND and LEAVE_SUSPENDED flags for PCIe ports (bsc#1142623). - pci/portdrv: Add #defines for AER and DPC Interrupt Message Number masks (bsc#1142623). - pci/portdrv: Consolidate comments (bsc#1142623). - pci/portdrv: Disable port driver in compat mode (bsc#1142623). - pci/portdrv: Remove pcie_portdrv_err_handler.slot_reset (bsc#1142623). - pci: portdrv: Restore PCI config state on slot reset (bsc#1142623). - pci/portdrv: Support PCIe services on subtractive decode bridges (bsc#1142623). - pci/portdrv: Use conventional Device ID table formatting (bsc#1142623). - pci: Return error if cannot probe VF (bsc#1051510). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: ISST: Add common API to register and handle ioctls (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mailbox interface via MSRs (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mailbox interface via PCI (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mmio interface (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select PUNIT MSR interface (jsc#SLE-5364). - platform/x86: ISST: Add IOCTL to Translate Linux logical CPU to PUNIT CPU number (jsc#SLE-5364). - platform/x86: ISST: Restore state on resume (jsc#SLE-5364). - platform/x86: ISST: Store per CPU information (jsc#SLE-5364). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/papr_scm: Force a scm-unbind if initial scm-bind fails (bsc#1140322 LTC#176270). - powerpc/papr_scm: Update drc_pmem_unbind() to use H_SCM_UNBIND_ALL (bsc#1140322 LTC#176270). - powerpc/pseries: Update SCM hcall op-codes in hvcall.h (bsc#1140322 LTC#176270). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppc: Convert mmu context allocation to new IDA API (bsc#1139619 LTC#178538). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - qed: Fix build error without CONFIG_DEVLINK (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix -Wmaybe-uninitialized false positive (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qedi: Use hwfns and affin_hwfn_idx to get MSI-X vector index (jsc#SLE-4693 bsc#1136462). - rdma/odp: Fix missed unlock in non-blocking invalidate_start (bsc#1103992). - rdma/srp: Accept again source addresses that do not have a port number (bsc#1103992). - rdma/srp: Document srp_parse_in() arguments (bsc#1103992 ). - rdma/uverbs: check for allocation failure in uapi_add_elm() (bsc#1103992). - rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes). - Revert "bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()" (bsc#1140652). - Revert "e1000e: fix cyclic resets at link up with active tx" (bsc#1051510). - Revert "livepatch: Remove reliable stacktrace check in klp_try_switch_task()" (bsc#1071995). - Revert "serial: 8250: Do not service RX FIFO if interrupts are disabled" (bsc#1051510). - rtlwifi: rtl8192cu: fix error handle when usb probe failed (bsc#1111666). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390: add alignment hints to vector load and store (jsc#SLE-6907 LTC#175887). - s390/airq: use DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cio: add basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cio: introduce DMA pools to cio (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cpum_cf: add ctr_stcctm() function (jsc#SLE-6904 ). - s390/cpum_cf: Add minimal in-kernel interface for counter measurements (jsc#SLE-6904). - s390/cpum_cf: Add support for CPU-MF SVN 6 (jsc#SLE-6904 ). - s390/cpum_cf_diag: Add support for CPU-MF SVN 6 (jsc#SLE-6904 ). - s390/cpum_cf_diag: Add support for s390 counter facility diagnostic trace (jsc#SLE-6904). - s390/cpum_cf: introduce kernel_cpumcf_alert() to obtain measurement alerts (jsc#SLE-6904). - s390/cpum_cf: introduce kernel_cpumcf_avail() function (jsc#SLE-6904). - s390/cpum_cf: move counter set controls to a new header file (jsc#SLE-6904). - s390/cpum_cf: prepare for in-kernel counter measurements (jsc#SLE-6904). - s390/cpum_cf: rename per-CPU counter facility structure and variables (jsc#SLE-6904). - s390/cpumf: Add extended counter set definitions for model 8561 and 8562 (bsc#1142052 LTC#179320). - s390/cpu_mf: add store cpu counter multiple instruction support (jsc#SLE-6904). - s390/cpumf: Fix warning from check_processor_id (jsc#SLE-6904 ). - s390/cpu_mf: move struct cpu_cf_events and per-CPU variable to header file (jsc#SLE-6904). - s390/cpu_mf: replace stcctm5() with the stcctm() function (jsc#SLE-6904). - s390/dma: provide proper ARCH_ZONE_DMA_BITS value (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/mm: force swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142119 LTC#179331). - s390/qeth: be drop monitor friendly (bsc#1142115 LTC#179337). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390: remove the unused dma_capable helper (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390: report new CPU capabilities (jsc#SLE-6907 LTC#175887). - s390/vtime: steal time exponential moving average (bsc#1119222). - s390/zcrypt: Fix wrong dispatching for control domain CPRBs (bsc#1137811 LTC#178088). - scripts/git_sort/git_sort.py: Add mmots tree. - scsi: cxgb4i: add wait_for_completion() (jsc#SLE-4678 bsc#1136342). - scsi: cxgbi: KABI: fix handle completion etc (jsc#SLE-4678 bsc#1136342). - scsi: cxgbi: remove redundant __kfree_skb call on skb and free cst->atid (jsc#SLE-4678 bsc#1136342). - scsi: fc: add FPIN ELS definition (bsc#1136217,jsc#SLE-4722). - scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1136217,jsc#SLE-4722). - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - scsi: lpfc: Add loopback testing to trunking mode (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: add support for posting FC events on FPIN reception (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Annotate switch/case fall-through (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: avoid uninitialized variable warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Cancel queued work for an IO when processing a received ABTS (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Change smp_processor_id() into raw_smp_processor_id() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Convert bootstrap mbx polling from msleep to udelay (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Coordinate adapter error handling with offline handling (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct boot bios information to FDMI registration (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct localport timeout duration error (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct __lpfc_sli_issue_iocb_s4 lockdep check (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct nvmet buffer free race condition (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Declare local functions static (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Enhance 6072 log string (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix 32-bit format string warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix a handful of indentation issues (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix alloc context on oas lun creations (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix a recently introduced compiler warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix BFS crash with DIX enabled (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix build error (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix calls to dma_set_mask_and_coherent() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix deadlock due to nested hbalock call (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix driver crash in target reset handler (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix duplicate log message numbers (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix error code if kcalloc() fails (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix error codes in lpfc_sli4_pci_mem_setup() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix fc4type information for FDMI (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix fcp_rsp_len checking on lun reset (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix FDMI fc4type for nvme support (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix FDMI manufacturer attribute value (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix handling of trunk links state reporting (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix hardlockup in scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix HDMI2 registration string for symbolic name (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix incorrect logical link speed on trunks when links down (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix indentation and balance braces (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix io lost on host resets (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix kernel warnings related to smp_processor_id() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix link speed reporting for 4-link trunk (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix location of SCSI ktime counters (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix lpfc_nvmet_mrq attribute handling when 0 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix mailbox hang on adapter init (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix memory leak in abnormal exit path from lpfc_eq_create (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix missing wakeups on abort threads (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet async receive buffer replenishment (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet handling of first burst cmd (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet handling of received ABTS for unmapped frames (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet target abort cmd matching (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix oops when driver is loaded with 1 interrupt vector (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix poor use of hardware queues if fewer irq vectors (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix protocol support on G6 and G7 adapters (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix PT2PT PLOGI collison stopping discovery (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix unused variable warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fixup eq_clr_intr references (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix use-after-free mailbox cmd completion (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Make lpfc_sli4_oas_verify static (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Move trunk_errmsg[] from a header file into a .c file (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Prevent 'use after free' memory overwrite in nvmet LS handling (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Reduce memory footprint for lpfc_queue (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove set but not used variable 'phys_id' (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove set-but-not-used variables (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove unused functions (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Resolve inconsistent check of hdwq in lpfc_scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Resolve irq-unsafe lockdep heirarchy warning in lpfc_io_free (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: resolve static checker warning in lpfc_sli4_hba_unset (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Revert message logging on unsupported topology (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Revise message when stuck due to unresponsive adapter (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Rework misleading nvme not supported in firmware message (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Separate CQ processing for nvmet_fc upcalls (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Specify node affinity for queue memory allocation (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Stop adapter if pci errors detected (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update Copyright in driver version (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update lpfc version to 12.2.0.1 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update lpfc version to 12.2.0.3 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: use dma_set_mask_and_coherent (bsc#1136217,jsc#SLE-4722). - scsi: qedf: Add additional checks for io_req->sc_cmd validity (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add a flag to help debugging io_req which could not be cleaned (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add comment to display logging levels (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add driver state to 'driver_stats' debugfs node (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add LBA to underrun debug messages (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add missing return in qedf_scsi_done() (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add port_id for fcport into initiate_cleanup debug message (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add return value to log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Change MSI-X load error message (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check for fcoe_libfc_config failure (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check for tm_flags instead of cmd_type during cleanup (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check the return value of start_xmit (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Cleanup rrq_work after QEDF_CMD_OUTSTANDING is cleared (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Correctly handle refcounting of rdata (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Do not queue anything if upload is in progress (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Do not send ABTS for under run scenario (bsc#1136467 jsc#SLE-4694). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Fix lport may be used uninitialized warning (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Modify flush routine to handle all I/Os and TMF (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Print fcport information on wait for upload timeout (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Print scsi_cmd backpointer in good completion path if the command is still being used (bsc#1136467 jsc#SLE-4694). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Remove set but not used variable 'fr_len' (bsc#1136467 jsc#SLE-4694). - scsi: qedf: remove set but not used variables (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Update the driver version to 8.37.25.19 (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Wait for upload and link down processing during soft ctx reset (bsc#1136467 jsc#SLE-4694). - scsi: qedi: add module param to set ping packet size (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Add packet filter in light L2 Rx path (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Check for session online before getting iSCSI TLV data (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Cleanup redundant QEDI_PAGE_SIZE macro definition (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Fix spelling mistake "OUSTANDING" -> "OUTSTANDING" (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Move LL2 producer index processing in BH (jsc#SLE-4693 bsc#1136462). - scsi: qedi: remove set but not used variables 'cdev' and 'udev' (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Replace PAGE_SIZE with QEDI_PAGE_SIZE (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Update driver version to 8.33.0.21 (jsc#SLE-4693 bsc#1136462). - scsi: qla2xxx: do not crash on uninitialized pool list (boo#1138874). - scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1136217,jsc#SLE-4722). - scsi: scsi_transport_fc: refactor event posting routines (bsc#1136217,jsc#SLE-4722). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - tcp: fix tcp_set_congestion_control() use from bpf hook (bsc#1109837). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - tools: bpftool: Fix json dump crash on powerpc (bsc#1109837). - tools: bpftool: use correct argument in cgroup errors (bsc#1109837). - tools/power/x86: A tool to validate Intel Speed Select commands (jsc#SLE-5364). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - virtio/s390: add indirection to indicators access (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: DMA support for virtio-ccw (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: make airq summary indicators DMA (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use cacheline aligned airq bit vectors (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use DMA memory for ccw I/O and classic notifiers (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use vring_create_virtqueue (jsc#SLE-6197 bsc#1140559 LTC#173150). - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vrf: sit mtu should not be updated when vrf netdev is the link (networking-stable-19_05_14). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - wil6210: drop old event after wmi_call timeout (bsc#1111666). - wil6210: fix potential out-of-bounds read (bsc#1051510). - wil6210: fix spurious interrupts in 3-msi (bsc#1111666). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xdp: fix possible cq entry leak (bsc#1109837). - xdp: fix race on generic receive path (bsc#1109837). - xdp: hold device for umem regardless of zero-copy mode (bsc#1109837). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). - xprtrdma: Fix use-after-free in rpcrdma_post_recvs (bsc#1103992 ). - xsk: Properly terminate assignment in xskq_produce_flush_desc (bsc#1109837). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-2073=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2073=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-2073=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-2073=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2073=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2073=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-2073=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.15.1 kernel-default-debugsource-4.12.14-197.15.1 kernel-default-extra-4.12.14-197.15.1 kernel-default-extra-debuginfo-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.15.1 kernel-default-debugsource-4.12.14-197.15.1 kernel-obs-qa-4.12.14-197.15.1 kernel-vanilla-4.12.14-197.15.1 kernel-vanilla-base-4.12.14-197.15.1 kernel-vanilla-base-debuginfo-4.12.14-197.15.1 kernel-vanilla-debuginfo-4.12.14-197.15.1 kernel-vanilla-debugsource-4.12.14-197.15.1 kernel-vanilla-devel-4.12.14-197.15.1 kernel-vanilla-devel-debuginfo-4.12.14-197.15.1 kernel-vanilla-livepatch-devel-4.12.14-197.15.1 kselftests-kmp-default-4.12.14-197.15.1 kselftests-kmp-default-debuginfo-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le x86_64): kernel-debug-4.12.14-197.15.1 kernel-debug-base-4.12.14-197.15.1 kernel-debug-base-debuginfo-4.12.14-197.15.1 kernel-debug-debuginfo-4.12.14-197.15.1 kernel-debug-debugsource-4.12.14-197.15.1 kernel-debug-devel-4.12.14-197.15.1 kernel-debug-devel-debuginfo-4.12.14-197.15.1 kernel-debug-livepatch-devel-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x): kernel-default-livepatch-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64): dtb-al-4.12.14-197.15.1 dtb-allwinner-4.12.14-197.15.1 dtb-altera-4.12.14-197.15.1 dtb-amd-4.12.14-197.15.1 dtb-amlogic-4.12.14-197.15.1 dtb-apm-4.12.14-197.15.1 dtb-arm-4.12.14-197.15.1 dtb-broadcom-4.12.14-197.15.1 dtb-cavium-4.12.14-197.15.1 dtb-exynos-4.12.14-197.15.1 dtb-freescale-4.12.14-197.15.1 dtb-hisilicon-4.12.14-197.15.1 dtb-lg-4.12.14-197.15.1 dtb-marvell-4.12.14-197.15.1 dtb-mediatek-4.12.14-197.15.1 dtb-nvidia-4.12.14-197.15.1 dtb-qcom-4.12.14-197.15.1 dtb-renesas-4.12.14-197.15.1 dtb-rockchip-4.12.14-197.15.1 dtb-socionext-4.12.14-197.15.1 dtb-sprd-4.12.14-197.15.1 dtb-xilinx-4.12.14-197.15.1 dtb-zte-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): kernel-kvmsmall-4.12.14-197.15.1 kernel-kvmsmall-base-4.12.14-197.15.1 kernel-kvmsmall-base-debuginfo-4.12.14-197.15.1 kernel-kvmsmall-debuginfo-4.12.14-197.15.1 kernel-kvmsmall-debugsource-4.12.14-197.15.1 kernel-kvmsmall-devel-4.12.14-197.15.1 kernel-kvmsmall-devel-debuginfo-4.12.14-197.15.1 kernel-kvmsmall-livepatch-devel-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): kernel-docs-html-4.12.14-197.15.1 kernel-source-vanilla-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): kernel-zfcpdump-debuginfo-4.12.14-197.15.1 kernel-zfcpdump-debugsource-4.12.14-197.15.1 kernel-zfcpdump-man-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.15.1 kernel-default-debugsource-4.12.14-197.15.1 kernel-default-livepatch-4.12.14-197.15.1 kernel-default-livepatch-devel-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.15.1 kernel-default-debugsource-4.12.14-197.15.1 reiserfs-kmp-default-4.12.14-197.15.1 reiserfs-kmp-default-debuginfo-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.15.1 kernel-obs-build-debugsource-4.12.14-197.15.1 kernel-syms-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.15.1 kernel-source-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.15.1 kernel-default-base-4.12.14-197.15.1 kernel-default-base-debuginfo-4.12.14-197.15.1 kernel-default-debuginfo-4.12.14-197.15.1 kernel-default-debugsource-4.12.14-197.15.1 kernel-default-devel-4.12.14-197.15.1 kernel-default-devel-debuginfo-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.15.1 kernel-macros-4.12.14-197.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.15.1 kernel-zfcpdump-4.12.14-197.15.1 kernel-zfcpdump-debuginfo-4.12.14-197.15.1 kernel-zfcpdump-debugsource-4.12.14-197.15.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.15.1 cluster-md-kmp-default-debuginfo-4.12.14-197.15.1 dlm-kmp-default-4.12.14-197.15.1 dlm-kmp-default-debuginfo-4.12.14-197.15.1 gfs2-kmp-default-4.12.14-197.15.1 gfs2-kmp-default-debuginfo-4.12.14-197.15.1 kernel-default-debuginfo-4.12.14-197.15.1 kernel-default-debugsource-4.12.14-197.15.1 ocfs2-kmp-default-4.12.14-197.15.1 ocfs2-kmp-default-debuginfo-4.12.14-197.15.1 References: https://www.suse.com/security/cve/CVE-2018-20855.html https://www.suse.com/security/cve/CVE-2019-1125.html https://www.suse.com/security/cve/CVE-2019-11810.html https://www.suse.com/security/cve/CVE-2019-13631.html https://www.suse.com/security/cve/CVE-2019-13648.html https://www.suse.com/security/cve/CVE-2019-14283.html https://www.suse.com/security/cve/CVE-2019-14284.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1083710 https://bugzilla.suse.com/1102247 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104745 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1119222 https://bugzilla.suse.com/1123080 https://bugzilla.suse.com/1127034 https://bugzilla.suse.com/1127315 https://bugzilla.suse.com/1127611 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1134090 https://bugzilla.suse.com/1134097 https://bugzilla.suse.com/1134390 https://bugzilla.suse.com/1134399 https://bugzilla.suse.com/1135335 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136217 https://bugzilla.suse.com/1136342 https://bugzilla.suse.com/1136460 https://bugzilla.suse.com/1136461 https://bugzilla.suse.com/1136462 https://bugzilla.suse.com/1136467 https://bugzilla.suse.com/1137458 https://bugzilla.suse.com/1137534 https://bugzilla.suse.com/1137535 https://bugzilla.suse.com/1137584 https://bugzilla.suse.com/1137609 https://bugzilla.suse.com/1137811 https://bugzilla.suse.com/1137827 https://bugzilla.suse.com/1138874 https://bugzilla.suse.com/1139358 https://bugzilla.suse.com/1139619 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140139 https://bugzilla.suse.com/1140322 https://bugzilla.suse.com/1140559 https://bugzilla.suse.com/1140652 https://bugzilla.suse.com/1140676 https://bugzilla.suse.com/1140903 https://bugzilla.suse.com/1140945 https://bugzilla.suse.com/1140948 https://bugzilla.suse.com/1141312 https://bugzilla.suse.com/1141401 https://bugzilla.suse.com/1141402 https://bugzilla.suse.com/1141452 https://bugzilla.suse.com/1141453 https://bugzilla.suse.com/1141454 https://bugzilla.suse.com/1141478 https://bugzilla.suse.com/1141558 https://bugzilla.suse.com/1142023 https://bugzilla.suse.com/1142052 https://bugzilla.suse.com/1142083 https://bugzilla.suse.com/1142112 https://bugzilla.suse.com/1142115 https://bugzilla.suse.com/1142119 https://bugzilla.suse.com/1142220 https://bugzilla.suse.com/1142221 https://bugzilla.suse.com/1142254 https://bugzilla.suse.com/1142350 https://bugzilla.suse.com/1142351 https://bugzilla.suse.com/1142354 https://bugzilla.suse.com/1142359 https://bugzilla.suse.com/1142450 https://bugzilla.suse.com/1142623 https://bugzilla.suse.com/1142673 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142868 https://bugzilla.suse.com/1143003 https://bugzilla.suse.com/1143045 https://bugzilla.suse.com/1143105 https://bugzilla.suse.com/1143185 https://bugzilla.suse.com/1143189 https://bugzilla.suse.com/1143191 https://bugzilla.suse.com/1143209 https://bugzilla.suse.com/1143507 From sle-updates at lists.suse.com Tue Aug 6 23:16:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 07:16:00 +0200 (CEST) Subject: SUSE-SU-2019:2069-1: important: Security update for the Linux Kernel for Azure Message-ID: <20190807051600.77E59FF12@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel for Azure ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2069-1 Rating: important References: #1051510 #1055117 #1071995 #1083647 #1083710 #1088047 #1094555 #1098633 #1103990 #1103991 #1103992 #1104745 #1106383 #1109837 #1111666 #1112374 #1114279 #1114685 #1119113 #1119222 #1119532 #1120423 #1123080 #1125703 #1127034 #1127315 #1127611 #1128432 #1128902 #1129770 #1130836 #1132390 #1133021 #1133401 #1133738 #1134090 #1134097 #1134390 #1134395 #1134399 #1134730 #1134738 #1135153 #1135296 #1135335 #1135556 #1135642 #1135897 #1136156 #1136157 #1136161 #1136217 #1136264 #1136271 #1136333 #1136342 #1136343 #1136345 #1136348 #1136460 #1136461 #1136462 #1136467 #1137103 #1137194 #1137224 #1137366 #1137429 #1137458 #1137534 #1137535 #1137584 #1137586 #1137609 #1137625 #1137728 #1137811 #1137827 #1137884 #1137985 #1138263 #1138291 #1138293 #1138336 #1138374 #1138375 #1138589 #1138681 #1138719 #1138732 #1138874 #1138879 #1139358 #1139619 #1139712 #1139751 #1139771 #1139865 #1140133 #1140139 #1140228 #1140322 #1140328 #1140405 #1140424 #1140428 #1140454 #1140463 #1140559 #1140575 #1140577 #1140637 #1140652 #1140658 #1140676 #1140715 #1140719 #1140726 #1140727 #1140728 #1140814 #1140887 #1140888 #1140889 #1140891 #1140893 #1140903 #1140945 #1140948 #1140954 #1140955 #1140956 #1140957 #1140958 #1140959 #1140960 #1140961 #1140962 #1140964 #1140971 #1140972 #1140992 #1141312 #1141401 #1141402 #1141452 #1141453 #1141454 #1141478 #1141558 #1142023 #1142052 #1142083 #1142112 #1142115 #1142119 #1142220 #1142221 #1142265 #1142350 #1142351 #1142354 #1142359 #1142450 #1142623 #1142673 #1142701 #1142868 #1143003 #1143105 #1143185 #1143189 #1143191 #1143209 #1143507 Cross-References: CVE-2018-16871 CVE-2018-20836 CVE-2018-20855 CVE-2019-10638 CVE-2019-10639 CVE-2019-1125 CVE-2019-11478 CVE-2019-11599 CVE-2019-11810 CVE-2019-12614 CVE-2019-12817 CVE-2019-12818 CVE-2019-12819 CVE-2019-13233 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that solves 18 vulnerabilities and has 157 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20855: An issue was discovered in create_qp_common, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. (bnc#bsc#1103991) - CVE-2019-1125: Fix Spectre V1 variant via swapgs: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-14284: In the Linux kernel, drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. (bnc#bsc#1143189) - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (bsc#1143191) - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. (bsc#1134399) - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user can cause a denial of service via a sigreturn() system call that sends a crafted signal frame. (bnc#1142265) - CVE-2019-13631: In parse_hid_report_descriptor, a malicious usb device could send an hid: report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) - CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. (bsc#1140577) - CVE-2019-13233: In arch/x86/lib/insn-eval.c, there was a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. (bnc#1140454) - CVE-2018-20836: In the Linux kernel there was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12817: Linux kernel for powerpc had a bug where unrelated processes could be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. (bsc#1138263, bsc#1139619) - CVE-2019-12614: In dlpar_parse_cc_property there was an unchecked kstrdup of prop->name, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bsc#1137194) - CVE-2018-16871: An attacker, who was able to mount an exported NFS filesystem, was able to trigger a null pointer dereference by using an invalid NFS sequence. This could panic the machine and deny access to the NFS server. (bsc#1137103) - CVE-2019-12819: An issue was discovered in the Linux kernel The function __mdiobus_register() calls put_device(), which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bsc#1138291) - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bsc#1138293) The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - acpi: Add Hygon Dhyana support (). - acpi: PM: Allow transitions to D0 to occur in special cases (bsc#1051510). - acpi: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510). - acpica: Clear status of GPEs on first direct enable (bsc#1111666). - af_key: unconditionally clone on broadcast (bsc#1051510). - af_unix: remove redundant lockdep class (git-fixes). - alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda - Do not resume forcibly i915 HDMI/DP codec (bsc#1111666). - alsa: hda - Fix intermittent CORB/RIRB stall on Intel chips (bsc#1111666). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda - Optimize resume for codecs without jack detection (bsc#1111666). - alsa: hda/hdmi - Fix i915 reverse port/pin mapping (bsc#1111666). - alsa: hda/hdmi - Remove duplicated define (bsc#1111666). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: Fix parse of UAC2 Extension Units (bsc#1111666). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - alsa: usb-audio: fix Line6 Helix audio format rates (bsc#1111666). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - arm64: do not override dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150). - asoc: : cs4265 : readable register too low (bsc#1051510). - asoc:: cs42xx8: Add regcache mask dirty (bsc#1051510). - asoc:: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666). - asoc:: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - asoc:: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - asoc:: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath10k: Do not send probe response template for mesh (bsc#1111666). - ath10k: Fix encoding for protected management frames (bsc#1111666). - ath10k: add missing error handling (bsc#1111666). - ath10k: add peer id check in ath10k_peer_find_by_id (bsc#1111666). - ath10k: destroy sdio workqueue while remove sdio module (bsc#1111666). - ath10k: fix incorrect multicast/broadcast rate setting (bsc#1111666). - ath10k: fix pciE device wake up failed (bsc#1111666). - ath6kl: add some bounds checking (bsc#1051510). - ath9k: Check for errors when reading SREV register (bsc#1111666). - ath9k: correctly handle short radar pulses (bsc#1111666). - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection (bsc#1111666). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: Revert "bcache: fix high CPU occupancy during journal" (bsc#1140652). - bcache: Revert "bcache: fix high CPU occupancy during journal" (bsc#1140652). - bcache: Revert "bcache: free heap cache_set->flush_btree in bch_journal_free" (bsc#1140652). - bcache: Revert "bcache: free heap cache_set->flush_btree in bch_journal_free" (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove "XXX:" comment line from run_cache_set() (bsc#1140652). - bcache: remove "XXX:" comment line from run_cache_set() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bluetooth: Replace the bluetooth fix with the upstream commit (bsc#1135556) - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Add device IDs 0x1806 and 0x1752 for 57500 devices (bsc#1137224). - bnxt_en: Add support for BCM957504 (bsc#1137224). - bnxt_en: Cap the returned MSIX vectors to the rdma driver (bsc#1134090 jsc#SLE-5954). - bnxt_en: Disable bus master during pci shutdown and driver unload (bsc#1104745). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bnxt_en: Fix statistics context reservation logic for rdma driver (bsc#1104745). - bnxt_en: Suppress error messages when querying DSCP DCB capabilities (bsc#1104745). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bpf, devmap: Add missing RCU read lock on flush (bsc#1109837). - bpf, devmap: Add missing bulk queue free (bsc#1109837). - bpf, devmap: Fix premature entry free on destroying map (bsc#1109837). - bpf, tcp: correctly handle DONT_WAIT flags and timeo == 0 (bsc#1109837). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bpf: btf: fix the brackets of BTF_INT_OFFSET() (bsc#1083647). - bpf: devmap: fix use-after-free Read in __dev_map_entry_free (bsc#1109837). - bpf: fix callees pruning callers (bsc#1109837). - bpf: fix nested bpf tracepoints with per-cpu data (bsc#1083647). - bpf: lpm_trie: check left child of last leftmost node for NULL (bsc#1109837). - bpf: sockmap fix msg->sg.size account on ingress skb (bsc#1109837). - bpf: sockmap remove duplicate queue free (bsc#1109837). - bpf: sockmap, fix use after free from sleep in psock backlog workqueue (bsc#1109837). - brcmfmac: fix NULL pointer derefence during usb disconnect (bsc#1111666). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1111666). - ceph: factor out ceph_lookup_inode() (bsc#1138681). - ceph: fix NULL pointer deref when debugging is enabled (bsc#1138681). - ceph: fix potential use-after-free in ceph_mdsc_build_path (bsc#1138681). - ceph: flush dirty inodes before proceeding with remount (bsc#1138681). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - ceph: print inode number in __caps_issued_mask debugging messages (bsc#1138681). - ceph: quota: fix quota subdir mounts (bsc#1138681). - ceph: remove duplicated filelock ref increase (bsc#1138681). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - cxgb4: Enable hash filter with offload (bsc#1136345 jsc#SLE-4681). - cxgb4: use firmware API for validating filter spec (bsc#1136345 jsc#SLE-4681). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dax: Fix xarray entry association for mixed mappings (bsc#1140893). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc (bsc#1111666). - dma-direct: add support for allocation from ZONE_DMA and ZONE_DMA32 (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-direct: do not retry allocation for no-op GFP_DMA (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-direct: retry allocations using GFP_DMA for small masks (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-mapping: move dma_mark_clean to dma-direct.h (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-mapping: move swiotlb arch helpers to a new header (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-mapping: take dma_pfn_offset into account in dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150). - dmaengine: Replace WARN_TAINT_ONCE() with pr_warn_once() (jsc#SLE-5442). - dmaengine: at_xdmac: remove BUG_ON macro in tasklet (bsc#1111666). - dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width" (bsc#1051510). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - dmaengine: ioat: constify pci_device_id (jsc#SLE-5442). - dmaengine: ioat: do not use DMA_ERROR_CODE (jsc#SLE-5442). - dmaengine: ioat: fix prototype of ioat_enumerate_channels (jsc#SLE-5442). - dmaengine: ioatdma: Add Snow Ridge ioatdma device id (jsc#SLE-5442). - dmaengine: ioatdma: Add intr_coalesce sysfs entry (jsc#SLE-5442). - dmaengine: ioatdma: add descriptor pre-fetch support for v3.4 (jsc#SLE-5442). - dmaengine: ioatdma: disable DCA enabling on IOATDMA v3.4 (jsc#SLE-5442). - dmaengine: ioatdma: set the completion address register after channel reset (jsc#SLE-5442). - dmaengine: ioatdma: support latency tolerance report (LTR) for v3.4 (jsc#SLE-5442). - dmaengine: pl330: _stop: clear interrupt status (bsc#1111666). - dmaengine: tegra210-adma: Fix crash during probe (bsc#1111666). - dmaengine: tegra210-adma: restore channel status (bsc#1111666). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - documentation/ABI: Document umwait control sysfs interfaces (jsc#SLE-5187). - documentation: DMA-API: fix a function name of max_mapping_size (bsc#1140954). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base/devres: introduce devm_release_action() (bsc#1103992). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/dma/ioat: Remove now-redundant smp_read_barrier_depends() (jsc#SLE-5442). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers: fix a typo in the kernel doc for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers: provide devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amd/display: Fix Divide by 0 in memory calculations (bsc#1111666). - drm/amd/display: Make some functions static (bsc#1111666). - drm/amd/display: Set stream->mode_changed when connectors change (bsc#1111666). - drm/amd/display: Use plane->color_space for dpp if specified (bsc#1111666). - drm/amd/display: fix releasing planes when exiting odm (bsc#1111666). - drm/amd/powerplay: use hardware fan control if no powerplay fan table (bsc#1111666). - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to early_init (bsc#1111666). - drm/amdgpu: remove ATPX_DGPU_REQ_POWER_FOR_DISPLAYS check when hotplug-in (bsc#1111666). - drm/arm/hdlcd: Actually validate CRTC modes (bsc#1111666). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/arm/mali-dp: Add a loop around the second set CVAL and try 5 times (bsc#1111666). - drm/atmel-hlcdc: revert shift by 8 (bsc#1111666). - drm/edid: abstract override/firmware EDID retrieval (bsc#1111666). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1111666). - drm/fb-helper: generic: Do not take module ref for fbcon (bsc#1111666). - drm/i915/aml: Add new Amber Lake pci ID (jsc#SLE-4986). - drm/i915/cfl: Adding another pci Device ID (jsc#SLE-4986). - drm/i915/cml: Add CML pci IDS (jsc#SLE-4986). - drm/i915/cml: Introduce Comet Lake PCH (jsc#SLE-6681). - drm/i915/dmc: protect against reading random memory (bsc#1051510). - drm/i915/gvt: Initialize intel_gvt_gtt_entry in stack (bsc#1111666). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/icl: Add WaDisableBankHangMode (bsc#1111666). - drm/i915/icl: Adding few more device IDs for Ice Lake (jsc#SLE-4986). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/i915: Add new AML_ULX support list (jsc#SLE-4986). - drm/i915: Add new ICL pci ID (jsc#SLE-4986). - drm/i915: Apply correct ddi translation table for AML device (jsc#SLE-4986). - drm/i915: Attach the pci match data to the device upon creation (jsc#SLE-4986). - drm/i915: Fix uninitialized mask in intel_device_info_subplatform_init (jsc#SLE-4986). - drm/i915: Introduce concept of a sub-platform (jsc#SLE-4986). - drm/i915: Maintain consistent documentation subsection ordering (bsc#1111666). - drm/i915: Mark AML 0x87CA as ULX (jsc#SLE-4986). - drm/i915: Move final cleanup of drm_i915_private to i915_driver_destroy (jsc#SLE-4986). - drm/i915: Remove redundant device id from IS_IRONLAKE_M macro (jsc#SLE-4986). - drm/i915: Split Pineview device info into desktop and mobile (jsc#SLE-4986). - drm/i915: Split some pci ids into separate groups (jsc#SLE-4986). - drm/i915: start moving runtime device info to a separate struct (jsc#SLE-4986). - drm/imx: notify drm core before sending event during crtc disable (bsc#1111666). - drm/imx: only send event on crtc disable if kept disabled (bsc#1111666). - drm/lease: Make sure implicit planes are leased (bsc#1111666). - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1111666). - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1111666). - drm/mediatek: clear num_pipes when unbind driver (bsc#1111666). - drm/mediatek: fix unbind functions (bsc#1111666). - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1111666). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1111666). - drm/msm: a5xx: fix possible object reference leak (bsc#1111666). - drm/msm: fix fb references in async update (bsc#1111666). - drm/nouveau/bar/nv50: ensure BAR is mapped (bsc#1111666). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when encoders change (bsc#1111666). - drm/nouveau/kms/gv100-: fix spurious window immediate interlocks (bsc#1111666). - drm/omap: dsi: Fix PM for display blank with paired dss_pll calls (bsc#1111666). - drm/panel: otm8009a: Add delay at the end of initialization (bsc#1111666). - drm/pl111: fix possible object reference leak (bsc#1111666). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - drm/sun4i: dsi: Change the start delay calculation (bsc#1111666). - drm/sun4i: dsi: Enforce boundaries on the start delay (bsc#1111666). - drm/udl: Replace drm_dev_unref with drm_dev_put (bsc#1111666). - drm/udl: introduce a macro to convert dev to udl (bsc#1111666). - drm/udl: move to embedding drm device inside udl device (bsc#1111666). - drm/v3d: Handle errors from IRQ setup (bsc#1111666). - drm/vc4: fix fb references in async update (bsc#1141312). - drm/vmwgfx: Honor the sg list segment size limitation (bsc#1111666). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1111666). - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1111666). - drm: Fix drm_release() and device unplug (bsc#1111666). - drm: add fallback override/firmware EDID modes workaround (bsc#1111666). - drm: add non-desktop quirk for Valve HMDs (bsc#1111666). - drm: add non-desktop quirks to Sensics and OSVR headsets (bsc#1111666). - drm: do not block fb changes for async plane updates (bsc#1111666). - drm: etnaviv: avoid DMA API warning when importing buffers (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for GPD MicroPC (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for GPD pocket2 (bsc#1111666). - drm: return -EFAULT if copy_to_user() fails (bsc#1111666). - e1000e: start network tx queue only when link is up (bsc#1051510). - edac, amd64: Add Hygon Dhyana support (). - edac/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891). - failover: allow name change on IFF_UP slave interfaces (bsc#1109837). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - fpga: add intel stratix10 soc fpga manager driver (jsc#SLE-7057). - fpga: stratix10-soc: fix use-after-free on s10_init() (jsc#SLE-7057). - fpga: stratix10-soc: fix wrong of_node_put() in init function (jsc#jsc#SLE-7057). - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() (bsc#1140889). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bsc#1140887). - fs: Abort file_remove_privs() for non-reg. files (bsc#1140888). - fs: kill btrfs clear path blocking (bsc#1140139). - fs: Btrfs: fix race between block group removal and block group allocation (bsc#1143003). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1111666). - hid:: Wacom: switch Dell canvas into highres mode (bsc#1051510). - hid:: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - hid:: wacom: Add ability to provide explicit battery status info (bsc#1051510). - hid:: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - hid:: wacom: Add support for Pro Pen slim (bsc#1051510). - hid:: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - hid:: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - hid:: wacom: Do not set tool type until we're in range (bsc#1051510). - hid:: wacom: Mark expected switch fall-through (bsc#1051510). - hid:: wacom: Move handling of hid: quirks into a dedicated function (bsc#1051510). - hid:: wacom: Move hid: fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - hid:: wacom: Properly handle AES serial number and tool type (bsc#1051510). - hid:: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - hid:: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - hid:: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - hid:: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - hid:: wacom: Support "in range" for Intuos/Bamboo tablets where possible (bsc#1051510). - hid:: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - hid:: wacom: Work around hid: descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hid:: wacom: convert Wacom custom usages to standard hid: usages (bsc#1051510). - hid:: wacom: correct touch resolution x/y typo (bsc#1051510). - hid:: wacom: fix mistake in printk (bsc#1051510). - hid:: wacom: generic: Correct pad syncing (bsc#1051510). - hid:: wacom: generic: Ignore hid:_DG_BATTERYSTRENTH == 0 (bsc#1051510). - hid:: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - hid:: wacom: generic: Refactor generic battery handling (bsc#1051510). - hid:: wacom: generic: Report AES battery information (bsc#1051510). - hid:: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - hid:: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - hid:: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - hid:: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - hid:: wacom: generic: Support multiple tools per report (bsc#1051510). - hid:: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - hid:: wacom: generic: add the "Report Valid" usage (bsc#1051510). - hid:: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - hid:: wacom: generic: read hid:_DG_CONTACTMAX from any feature report (bsc#1051510). - hid:: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - hugetlbfs: dirty pages as they are added to pagecache (git fixes (mm/hugetlbfs)). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (git fixes (mm/hugetlbfs)). - hv/netvsc: Set probe mode to sync (bsc#1142083). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: mlxcpld: Add support for extended transaction length for i2c-mlxcpld (bsc#1112374). - i2c: mlxcpld: Add support for smbus block read transaction (bsc#1112374). - i2c: mlxcpld: Allow configurable adapter id for mlxcpld (bsc#1112374). - i2c: mlxcpld: Fix adapter functionality support callback (bsc#1112374). - i2c: mlxcpld: Fix wrong initialization order in probe (bsc#1112374). - i2c: mux: mlxcpld: simplify code to reach the adapter (bsc#1112374). - i2c: synquacer: fix synquacer_i2c_doxfer() return value (bsc#1111666). - ib/hfi1: Clear the IOWAIT pending bits when QP is put into error state (bsc#1114685). - ib/hfi1: Create inline to get extended headers (bsc#1114685 ). - ib/hfi1: Validate fault injection opcode user input (bsc#1114685 ). - ib/ipoib: Add child to parent list only if device initialized (bsc#1103992). - ib/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE (bsc#1103991). - ib/mlx5: Verify DEVX general object type correctly (bsc#1103991 ). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - idr: fix overflow case for idr_for_each_entry_ul() (bsc#1109837). - input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - input: psmouse - fix build error of multiple definition (bsc#1051510). - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - iommu-helper: mark iommu_is_span_boundary as inline (jsc#SLE-6197 bsc#1140559 LTC#173150). - iommu/amd: Make iommu_disable safer (bsc#1140955). - iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes (bsc#1111666). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510). - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510). - iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510). - iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956). - iommu/vt-d: Duplicate iommu_resv_region objects per device list (bsc#1140959). - iommu/vt-d: Handle RMRR with pci bridge device scopes (bsc#1140961). - iommu/vt-d: Handle pci bridge RMRR device scopes in intel_iommu_get_resv_regions (bsc#1140960). - iommu/vt-d: Introduce is_downstream_to_pci_bridge helper (bsc#1140962). - iommu/vt-d: Remove unnecessary rcu_read_locks (bsc#1140964). - iommu: Fix a leak in iommu_insert_resv_region (bsc#1140957). - iommu: Use right function to get group for device (bsc#1140958). - iov_iter: Fix build error without CONFIG_CRYPTO (bsc#1111666). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fib: Do not assume only nodes hold a reference on routes (bsc#1138732). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510). - irqchip/mbigen: Do not clear eventid when freeing an MSI (bsc#1051510). - iw_cxgb4: Fix qpid leak (bsc#1136348 jsc#SLE-4684). - iwlwifi: Correct iwlwifi 22000 series ucode file name (bsc#1142673) - iwlwifi: Fix double-free problems in iwl_req_fw_callback() (bsc#1111666). - iwlwifi: correct one of the pci struct names (bsc#1111666). - iwlwifi: do not WARN when calling iwl_get_shared_mem_conf with RF-Kill (bsc#1111666). - iwlwifi: fix RF-Kill interrupt while FW load for gen2 devices (bsc#1111666). - iwlwifi: fix cfg structs for 22000 with different RF modules (bsc#1111666). - iwlwifi: fix devices with pci Device ID 0x34F0 and 11ac RF modules (bsc#1111666). - iwlwifi: mvm: Drop large non sta frames (bsc#1111666). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1111666). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1111666). - ixgbe: Avoid NULL pointer dereference with VF on non-IPsec hw (bsc#1140228). - kABI fix for hda_codec.relaxed_resume flag (bsc#1111666). - kABI workaround for asus-wmi changes (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kABI: Fix lost iommu-helper symbols on arm64 (jsc#SLE-6197 bsc#1140559 LTC#173150). - kABI: mask changes made by basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150). - kABI: mask changes made by swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150). - kABI: mask changes made by use of DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi fixup blk_mq_register_dev() (bsc#1140637). - kabi/severities: Whitelist airq_iv_* (s390-specific) - kabi/severities: Whitelist more s390x internal symbols - kabi/severities: Whitelist s390 internal-only symbols - kabi: Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - kabi: Mask no_vf_scan in struct pci_dev (jsc#SLE-5803 ). - kabi: remove unused hcall definition (bsc#1140322 LTC#176270). - kabi: s390: enum interruption_class (jsc#SLE-5789 bsc#1134730 LTC#173388). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_kvm_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_kvm_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker. - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - kvm: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972). - kvm: x86: fix return value for reserved EFER (bsc#1140992). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - lib/bitmap.c: make bitmap_parselist() thread-safe and much faster (bsc#1143507). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - libnvdimm/region: Register badblocks before namespaces (bsc#1143209). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: allow 4addr AP operation on crypto controlled devices (bsc#1051510). - mac80211: do not start any work during reconfigure flow (bsc#1111666). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: fix rate reporting inside cfg80211_calculate_bitrate_he() (bsc#1111666). - mac80211: free peer keys before vif down in mesh (bsc#1111666). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - mac80211: mesh: fix RCU warning (bsc#1111666). - mac80211: only warn once on chanctx_conf being NULL (bsc#1111666). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mips: fix an off-by-one in dma_capable (jsc#SLE-6197 bsc#1140559 LTC#173150). - mlxsw: core: Add API for QSFP module temperature thresholds reading (bsc#1112374). - mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue (bsc#1112374). - mlxsw: core: Move ethtool module callbacks to a common location (bsc#1112374). - mlxsw: core: Prevent reading unsupported slave address from SFP EEPROM (bsc#1112374). - mlxsw: core: mlxsw: core: avoid -Wint-in-bool-context warning (bsc#1112374). - mlxsw: pci: Reincrease pci reset timeout (bsc#1112374). - mlxsw: reg: Add Management Temperature Bulk Register (bsc#1112374). - mlxsw: spectrum: Move QSFP EEPROM definitions to common location (bsc#1112374). - mlxsw: spectrum: Put MC TCs into DWRR mode (bsc#1112374). - mlxsw: spectrum_dcb: Configure DSCP map as the last rule is removed (bsc#1112374). - mlxsw: spectrum_flower: Fix TOS matching (bsc#1112374). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm/devm_memremap_pages: introduce devm_memunmap_pages (bsc#1103992). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm/page_alloc.c: avoid potential NULL pointer dereference (git fixes (mm/pagealloc)). - mm/page_alloc.c: fix never set ALLOC_NOFRAGMENT flag (git fixes (mm/pagealloc)). - mm/vmscan.c: prevent useless kswapd loops (git fixes (mm/vmscan)). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: complete HS400 before checking status (bsc#1111666). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - mt7601u: do not schedule rx_tasklet when the device has been disconnected (bsc#1111666). - mt7601u: fix possible memory leak when the device is disconnected (bsc#1111666). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net/af_iucv: build proper skbs for HiperTransport (bsc#1142221 LTC#179332). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142221 LTC#179332). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net/mlx5: Avoid reloading already removed devices (bsc#1103990 ). - net/mlx5: FPGA, tls, hold rcu read lock a bit longer (bsc#1103990). - net/mlx5: FPGA, tls, idr remove on flow delete (bsc#1103990 ). - net/mlx5: Set completion EQs as shared resources (bsc#1103991 ). - net/mlx5: Update pci error handler entries and command translation (bsc#1103991). - net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled (bsc#1103990). - net/mlx5e: Fix the max MTU check in case of XDP (bsc#1103990 ). - net/mlx5e: Fix use-after-free after xdp_return_frame (bsc#1103990). - net/mlx5e: Rx, Check ip headers sanity (bsc#1103990 ). - net/mlx5e: Rx, Fix checksum calculation for new hardware (bsc#1127611). - net/mlx5e: Rx, Fixup skb checksum for packets with tail padding (bsc#1109837). - net/mlx5e: XDP, Fix shifted flag index in RQ bitmap (bsc#1103990 ). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net/sched: cbs: Fix error path of cbs_module_init (bsc#1109837). - net/sched: cbs: fix port_rate miscalculation (bsc#1109837). - net/tls: avoid NULL pointer deref on nskb->sk in fallback (bsc#1109837). - net/tls: avoid potential deadlock in tls_set_device_offload_rx() (bsc#1109837). - net/tls: do not copy negative amounts of data in reencrypt (bsc#1109837). - net/tls: do not ignore netdev notifications if no TLS features (bsc#1109837). - net/tls: do not leak IV and record seq when offload fails (bsc#1109837). - net/tls: do not leak partially sent record in device mode (bsc#1109837). - net/tls: fix build without CONFIG_TLS_DEVICE (bsc#1109837). - net/tls: fix copy to fragments in reencrypt (bsc#1109837). - net/tls: fix page double free on TX cleanup (bsc#1109837). - net/tls: fix refcount adjustment in fallback (bsc#1109837). - net/tls: fix socket wmem accounting on fallback with netem (bsc#1109837). - net/tls: fix state removal with feature flags off (bsc#1109837). - net/tls: fix the IV leaks (bsc#1109837). - net/tls: make sure offload also gets the keys wiped (bsc#1109837). - net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded() (bsc#1109837). - net/tls: replace the sleeping lock around RX resync with a bit lock (bsc#1109837). - net/udp_gso: Allow TX timestamp with UDP GSO (bsc#1109837). - net: Fix missing meta data in skb with vlan packet (bsc#1109837). - net: avoid weird emergency message (networking-stable-19_05_21). - net: core: support XDP generic on stacked devices (bsc#1109837). - net: do not clear sock->sk early to avoid trouble in strparser (bsc#1103990). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1138879). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1138879). - net: ena: add ethtool function for changing io queue sizes (bsc#1138879). - net: ena: add good checksum counter (bsc#1138879). - net: ena: add handling of llq max tx burst size (bsc#1138879). - net: ena: add newline at the end of pr_err prints (bsc#1138879). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1138879). - net: ena: allow automatic fallback to polling mode (bsc#1138879). - net: ena: allow queue allocation backoff when low on memory (bsc#1138879). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1138879). - net: ena: enable negotiating larger Rx ring size (bsc#1138879). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1138879). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1138879). - net: ena: fix incorrect test of supported hash function (bsc#1138879). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1138879). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1138879). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1138879). - net: ena: gcc 8: fix compilation warning (bsc#1138879). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1138879). - net: ena: make ethtool show correct current and max queue sizes (bsc#1138879). - net: ena: optimise calculations for CQ doorbell (bsc#1138879). - net: ena: remove inline keyword from functions in *.c (bsc#1138879). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1138879). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1138879). - net: ena: use dev_info_once instead of static variable (bsc#1138879). - net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set (bsc#1130836). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - net: hns3: Fix inconsistent indenting (bsc#1140676). - net: hns: Fix WARNING when remove HNS driver with SMMU enabled (bsc#1140676). - net: hns: Fix loopback test failed at copper ports (bsc#1140676). - net: hns: Fix probabilistic memory overwrite when HNS driver initialized (bsc#1140676). - net: hns: Use NAPI_POLL_WEIGHT for hns driver (bsc#1140676). - net: hns: fix ICMP6 neighbor solicitation messages discard problem (bsc#1140676). - net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw() (bsc#1140676). - net: hns: fix unsigned comparison to less than zero (bsc#1140676). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net: phy: marvell10g: report if the PHY fails to boot firmware (bsc#1119113). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: tls, correctly account for copied bytes with multiple sk_msgs (bsc#1109837). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - new primitive: vmemdup_user() (jsc#SLE-4712 bsc#1136156). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - nfp: bpf: fix static check error through tightening shift amount adjustment (bsc#1109837). - nfp: flower: add rcu locks when accessing netdev for tunnels (bsc#1109837). - nfs: Do not restrict NFSv4.2 on openSUSE (bsc#1138719). - nl80211: fix station_info pertid memory leak (bsc#1051510). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - p54usb: Fix race between disconnect and firmware loading (bsc#1111666). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - pci / PM: Use SMART_SUSPEND and LEAVE_SUSPENDED flags for pcie ports (bsc#1142623). - pci/AER: Use cached AER Capability offset (bsc#1142623). - pci/IOV: Add flag so platforms can skip VF scanning (jsc#SLE-5803). - pci/IOV: Factor out sriov_add_vfs() (jsc#SLE-5803). - pci/P2PDMA: Fix missing check for dma_virt_ops (bsc#1111666). - pci/P2PDMA: fix the gen_pool_add_virt() failure path (bsc#1103992). - pci/portdrv: Add #defines for AER and DPC Interrupt Message Number masks (bsc#1142623). - pci/portdrv: Consolidate comments (bsc#1142623). - pci/portdrv: Disable port driver in compat mode (bsc#1142623). - pci/portdrv: Remove pcie_portdrv_err_handler.slot_reset (bsc#1142623). - pci/portdrv: Support pcie services on subtractive decode bridges (bsc#1142623). - pci/portdrv: Use conventional Device ID table formatting (bsc#1142623). - pci: Always allow probing with driver_override (bsc#1051510). - pci: Correct the buggy backport about AER / DPC pcie stuff (bsc#1142623) - pci: Disable VF decoding before pcibios_sriov_disable() updates resources (jsc#SLE-5803). - pci: Do not poll for PME if the device is in D3cold (bsc#1051510). - pci: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: Return error if cannot probe VF (bsc#1051510). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pci: portdrv: Restore pci config state on slot reset (bsc#1142623). - pci: fix IOU hotplug behavior (bsc#1141558) - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - pinctrl/amd: add get_direction handler (bsc#1140463). - pinctrl/amd: fix gpio irq level in debugfs (bsc#1140463). - pinctrl/amd: fix masking of GPIO interrupts (bsc#1140463). - pinctrl/amd: make functions amd_gpio_suspend and amd_gpio_resume static (bsc#1140463). - pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type (bsc#1140463). - pinctrl/amd: poll InterruptEnable bits in enable_irq (bsc#1140463). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc (bsc#1136333 jsc#SLE-4994). - platform/mellanox: Add new ODM system types to mlx-platform (bsc#1112374). - platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow (bsc#1111666). - platform/x86: ISST: Add IOCTL to Translate Linux logical CPU to PUNIT CPU number (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select PUNIT MSR interface (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mailbox interface via MSRs (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mailbox interface via pci (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mmio interface (jsc#SLE-5364). - platform/x86: ISST: Add common API to register and handle ioctls (jsc#SLE-5364). - platform/x86: ISST: Restore state on resume (jsc#SLE-5364). - platform/x86: ISST: Store per CPU information (jsc#SLE-5364). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_pmc_core: Add ICL platform support (jsc#SLE-5226). - platform/x86: intel_pmc_core: Add Package cstates residency info (jsc#SLE-5226). - platform/x86: intel_pmc_core: Avoid a u32 overflow (jsc#SLE-5226). - platform/x86: intel_pmc_core: Include Reserved IP for LTR (jsc#SLE-5226). - platform/x86: intel_pmc_core: Mark local function static (jsc#SLE-5226). - platform/x86: intel_pmc_core: Quirk to ignore XTAL shutdown (jsc#SLE-5226). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: mlx-platform: Add ASIC hotplug device configuration (bsc#1112374). - platform/x86: mlx-platform: Add LED platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add UID LED for the next generation systems (bsc#1112374). - platform/x86: mlx-platform: Add definitions for new registers (bsc#1112374). - platform/x86: mlx-platform: Add extra CPLD for next generation systems (bsc#1112374). - platform/x86: mlx-platform: Add mlx-wdt platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlxreg-fan platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlxreg-io platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add support for fan capability registers (bsc#1112374). - platform/x86: mlx-platform: Add support for fan direction register (bsc#1112374). - platform/x86: mlx-platform: Add support for new VMOD0007 board name (bsc#1112374). - platform/x86: mlx-platform: Add support for tachometer speed register (bsc#1112374). - platform/x86: mlx-platform: Allow mlxreg-io driver activation for more systems (bsc#1112374). - platform/x86: mlx-platform: Allow mlxreg-io driver activation for new systems (bsc#1112374). - platform/x86: mlx-platform: Change mlxreg-io configuration for MSN274x systems (bsc#1112374). - platform/x86: mlx-platform: Convert to use SPDX identifier (bsc#1112374). - platform/x86: mlx-platform: Fix LED configuration (bsc#1112374). - platform/x86: mlx-platform: Fix access mode for fan_dir attribute (bsc#1112374). - platform/x86: mlx-platform: Fix copy-paste error in mlxplat_init() (bsc#1112374). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - platform/x86: mlx-platform: Fix tachometer registers (bsc#1112374). - platform/x86: mlx-platform: Remove unused define (bsc#1112374). - platform/x86: mlx-platform: Rename new systems product names (bsc#1112374). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - platform_data/mlxreg: Add capability field to core platform data (bsc#1112374). - platform_data/mlxreg: Document fixes for core platform data (bsc#1112374). - platform_data/mlxreg: additions for Mellanox watchdog driver (bsc#1112374). - pm/core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - pm: ACPI/pci: Resume all devices during hibernation (bsc#1111666). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/papr_scm: Force a scm-unbind if initial scm-bind fails (bsc#1140322 LTC#176270). - powerpc/papr_scm: Update drc_pmem_unbind() to use H_SCM_UNBIND_ALL (bsc#1140322 LTC#176270). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/pseries: Update SCM hcall op-codes in hvcall.h (bsc#1140322 LTC#176270). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppc64le: enable CONFIG_PPC_DT_CPU_FTRS (jsc#SLE-7159). - ppc: Convert mmu context allocation to new IDA API (bsc#1139619 LTC#178538). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (git-fixes). - ptrace: restore smp_rmb() in __ptrace_may_access() (git-fixes). - pwm: stm32: Use 3 cells ->of_xlate() (bsc#1111666). - qed: Fix -Wmaybe-uninitialized false positive (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix build error without CONFIG_DEVLINK (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qedi: Use hwfns and affin_hwfn_idx to get MSI-X vector index (jsc#SLE-4693 bsc#1136462). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: Fix out-of-bounds read (bsc#1111666). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - ras/cec: Convert the timer callback to a workqueue (bsc#1114279). - ras/cec: Fix binary search function (bsc#1114279). - rbd: do not assert on writes to snapshots (bsc#1137985 bsc#1138681). - rdma/cxgb4: Do not expose DMA addresses (bsc#1136348 jsc#SLE-4684). - rdma/cxgb4: Use sizeof() notation (bsc#1136348 jsc#SLE-4684). - rdma/ipoib: Allow user space differentiate between valid dev_port (bsc#1103992). - rdma/mlx5: Do not allow the user to write to the clock page (bsc#1103991). - rdma/mlx5: Initialize roce port info before multiport master init (bsc#1103991). - rdma/mlx5: Use rdma_user_map_io for mapping BAR pages (bsc#1103992). - rdma/odp: Fix missed unlock in non-blocking invalidate_start (bsc#1103992). - rdma/srp: Accept again source addresses that do not have a port number (bsc#1103992). - rdma/srp: Document srp_parse_in() arguments (bsc#1103992 ). - rdma/uverbs: check for allocation failure in uapi_add_elm() (bsc#1103992). - rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes). - regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510). - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - rtlwifi: rtl8192cu: fix error handle when usb probe failed (bsc#1111666). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390/airq: provide cacheline aligned ivs (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/airq: recognize directed interrupts (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/airq: use DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cio: add basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cio: introduce DMA pools to cio (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cpu_mf: add store cpu counter multiple instruction support (jsc#SLE-6904). - s390/cpu_mf: move struct cpu_cf_events and per-CPU variable to header file (jsc#SLE-6904). - s390/cpu_mf: replace stcctm5() with the stcctm() function (jsc#SLE-6904). - s390/cpum_cf: Add minimal in-kernel interface for counter measurements (jsc#SLE-6904). - s390/cpum_cf: Add support for CPU-MF SVN 6 (jsc#SLE-6904 ). - s390/cpum_cf: add ctr_stcctm() function (jsc#SLE-6904 ). - s390/cpum_cf: introduce kernel_cpumcf_alert() to obtain measurement alerts (jsc#SLE-6904). - s390/cpum_cf: introduce kernel_cpumcf_avail() function (jsc#SLE-6904). - s390/cpum_cf: move counter set controls to a new header file (jsc#SLE-6904). - s390/cpum_cf: prepare for in-kernel counter measurements (jsc#SLE-6904). - s390/cpum_cf: rename per-CPU counter facility structure and variables (jsc#SLE-6904). - s390/cpum_cf_diag: Add support for CPU-MF SVN 6 (jsc#SLE-6904 ). - s390/cpum_cf_diag: Add support for s390 counter facility diagnostic trace (jsc#SLE-6904). - s390/cpumf: Add extended counter set definitions for model 8561 and 8562 (bsc#1142052 LTC#179320). - s390/cpumf: Fix warning from check_processor_id (jsc#SLE-6904 ). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/dma: provide proper ARCH_ZONE_DMA_BITS value (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/ism: move oddities of device IO to wrapper function (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589). - s390/mm: force swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/pci: add parameter to disable usage of MIO instructions (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390/pci: add parameter to force floating irqs (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: clarify interrupt vector usage (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: fix assignment of bus resources (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390/pci: fix struct definition for set pci function (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390/pci: gather statistics for floating vs directed irqs (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: improve bar check (jsc#SLE-5803). - s390/pci: map IOV resources (jsc#SLE-5803). - s390/pci: mark command line parser data __initdata (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: move everything irq related to pci_irq.c (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: move io address mapping code to pci_insn.c (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390/pci: provide support for CPU directed interrupts (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: provide support for MIO instructions (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390/pci: remove stale rc (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: remove unused define (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: skip VF scanning (jsc#SLE-5803). - s390/protvirt: add memory sharing for diag 308 set/store (jsc#SLE-5759 bsc#1135153 LTC#173151). - s390/protvirt: block kernel command line alteration (jsc#SLE-5759 bsc#1135153 LTC#173151). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142119 LTC#179331). - s390/qeth: be drop monitor friendly (bsc#1142115 LTC#179337). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/sclp: detect DIRQ facility (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/setup: fix early warning messages (bsc#1051510). - s390/uv: introduce guest side ultravisor code (jsc#SLE-5759 bsc#1135153 LTC#173151). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - s390/vtime: steal time exponential moving average (bsc#1119222). - s390/zcrypt: Fix wrong dispatching for control domain CPRBs (bsc#1137811 LTC#178088). - s390: add alignment hints to vector load and store (jsc#SLE-6907 LTC#175887). - s390: enable processes for mio instructions (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390: remove the unused dma_capable helper (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390: report new CPU capabilities (jsc#SLE-6907 LTC#175887). - s390: revert s390-setup-fix-early-warning-messages (bsc#1140948). - s390: show statistics for MSI IRQs (jsc#SLE-5789 bsc#1134730 LTC#173388). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scripts/git_sort/git_sort.py: Add mmots tree. - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scripts/git_sort/git_sort.py: drop old scsi branches - scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1136217,jsc#SLE-4722). - scsi: aacraid: Mark expected switch fall-through (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: Mark expected switch fall-throughs (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: change event_wait to a completion (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: change wait_sem to a completion (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: clean up some indentation and formatting issues (jsc#SLE-4710 bsc#1136161). - scsi: be2iscsi: be_iscsi: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: be_main: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: fix spelling mistake "Retreiving" -> "Retrieving" (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: lpfc: fix typo (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: remove unused variable dmsg (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: switch to generic DMA API (jsc#SLE-4721 bsc#1136264). - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: csiostor: Remove set but not used variable 'pln' (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: csio_wr: mark expected switch fall-through (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: drop serial_number usage (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix calls to dma_set_mask_and_coherent() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix incorrect dma device in case of vport (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: no need to check return value of debugfs_create functions (jsc#SLE-4679 bsc#1136343). - scsi: cxgb4i: add wait_for_completion() (jsc#SLE-4678 bsc#1136342). - scsi: cxgbi: KABI: fix handle completion etc (jsc#SLE-4678 bsc#1136342). - scsi: cxgbi: remove redundant __kfree_skb call on skb and free cst->atid (jsc#SLE-4678 bsc#1136342). - scsi: fc: add FPIN ELS definition (bsc#1136217,jsc#SLE-4722). - scsi: hpsa: Use vmemdup_user to replace the open code (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: bump driver version (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: check for lv removal (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: clean up two indentation issues (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct device id issues (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct device resets (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct ioaccel2 chaining (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct simple mode (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: fix an uninitialized read and dereference of pointer dev (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: mark expected switch fall-throughs (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: remove timeout from TURs (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: switch to generic DMA API (jsc#SLE-4712 bsc#1136156). - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - scsi: lpfc: Add loopback testing to trunking mode (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Annotate switch/case fall-through (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Cancel queued work for an IO when processing a received ABTS (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Change smp_processor_id() into raw_smp_processor_id() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Convert bootstrap mbx polling from msleep to udelay (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Coordinate adapter error handling with offline handling (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct __lpfc_sli_issue_iocb_s4 lockdep check (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct boot bios information to FDMI registration (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct localport timeout duration error (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct nvmet buffer free race condition (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Declare local functions static (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Enhance 6072 log string (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix BFS crash with DIX enabled (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix FDMI fc4type for nvme support (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix FDMI manufacturer attribute value (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix HDMI2 registration string for symbolic name (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix PT2PT PLOGI collison stopping discovery (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix a recently introduced compiler warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix alloc context on oas lun creations (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix build error (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix deadlock due to nested hbalock call (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix driver crash in target reset handler (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix duplicate log message numbers (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix error code if kcalloc() fails (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix error codes in lpfc_sli4_pci_mem_setup() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix fc4type information for FDMI (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix fcp_rsp_len checking on lun reset (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix handling of trunk links state reporting (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix hardlockup in scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix incorrect logical link speed on trunks when links down (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix indentation and balance braces (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix io lost on host resets (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix kernel warnings related to smp_processor_id() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix link speed reporting for 4-link trunk (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix location of SCSI ktime counters (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix lpfc_nvmet_mrq attribute handling when 0 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix mailbox hang on adapter init (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix memory leak in abnormal exit path from lpfc_eq_create (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix missing wakeups on abort threads (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet async receive buffer replenishment (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet handling of first burst cmd (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet handling of received ABTS for unmapped frames (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet target abort cmd matching (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix oops when driver is loaded with 1 interrupt vector (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix poor use of hardware queues if fewer irq vectors (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix protocol support on G6 and G7 adapters (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix use-after-free mailbox cmd completion (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fixup eq_clr_intr references (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Make lpfc_sli4_oas_verify static (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Move trunk_errmsg[] from a header file into a .c file (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Prevent 'use after free' memory overwrite in nvmet LS handling (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Reduce memory footprint for lpfc_queue (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove set but not used variable 'phys_id' (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove set-but-not-used variables (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove unused functions (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Resolve inconsistent check of hdwq in lpfc_scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Resolve irq-unsafe lockdep heirarchy warning in lpfc_io_free (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Revert message logging on unsupported topology (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Revise message when stuck due to unresponsive adapter (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Rework misleading nvme not supported in firmware message (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Separate CQ processing for nvmet_fc upcalls (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Specify node affinity for queue memory allocation (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Stop adapter if pci errors detected (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update Copyright in driver version (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update lpfc version to 12.2.0.1 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update lpfc version to 12.2.0.3 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: add support for posting FC events on FPIN reception (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: avoid uninitialized variable warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix 32-bit format string warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix a handful of indentation issues (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix calls to dma_set_mask_and_coherent() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix unused variable warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: resolve static checker warning in lpfc_sli4_hba_unset (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: use dma_set_mask_and_coherent (bsc#1136217,jsc#SLE-4722). - scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in driver (bsc#1136271). - scsi: megaraid_sas: Retry reads of outbound_intr_status reg (bsc#1136271). - scsi: megaraid_sas: Rework code to get PD and LD list (bsc#1136271). - scsi: megaraid_sas: Rework device add code in AEN path (bsc#1136271). - scsi: megaraid_sas: Update structures for HOST_DEVICE_LIST DCMD (bsc#1136271). - scsi: megaraid_sas: correct an info message (bsc#1136271). - scsi: megaraid_sas: driver version update (bsc#1136271). - scsi: mpt3sas: Add Atomic RequestDescriptor support on Aero (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add flag high_iops_queues (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add missing breaks in switch statements (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add support for ATLAS pcie switch (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add support for NVMe Switch Adapter (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Affinity high iops queues IRQs to local node (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Enable interrupt coalescing on high iops (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Fix kernel panic during expander reset (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Fix typo in request_desript_type (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Improve the threshold value and introduce module param (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Introduce perf_mode module parameter (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Irq poll to avoid CPU hard lockups (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Load balance to improve performance and avoid soft lockups (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Rename mpi endpoint device ID macro (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update driver version to 27.102.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update driver version to 29.100.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update mpt3sas driver version to 28.100.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Use high iops queues under some circumstances (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: change _base_get_msix_index prototype (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: fix indentation issue (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: function pointers of request descriptor (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: save and use MSI-X index for posting RD (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: simplify interrupt handler (bsc#1125703,jsc#SLE-4717). - scsi: qedf: Add LBA to underrun debug messages (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add a flag to help debugging io_req which could not be cleaned (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add additional checks for io_req->sc_cmd validity (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add comment to display logging levels (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add driver state to 'driver_stats' debugfs node (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add missing return in qedf_scsi_done() (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add port_id for fcport into initiate_cleanup debug message (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add return value to log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Change MSI-X load error message (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check for fcoe_libfc_config failure (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check for tm_flags instead of cmd_type during cleanup (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check the return value of start_xmit (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Cleanup rrq_work after QEDF_CMD_OUTSTANDING is cleared (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Correctly handle refcounting of rdata (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Do not queue anything if upload is in progress (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Do not send ABTS for under run scenario (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Fix lport may be used uninitialized warning (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Modify flush routine to handle all I/Os and TMF (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Print fcport information on wait for upload timeout (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Print scsi_cmd backpointer in good completion path if the command is still being used (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Remove set but not used variable 'fr_len' (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Update the driver version to 8.37.25.19 (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Wait for upload and link down processing during soft ctx reset (bsc#1136467 jsc#SLE-4694). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1136467 jsc#SLE-4694). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (bsc#1136467 jsc#SLE-4694). - scsi: qedf: remove set but not used variables (bsc#1136467 jsc#SLE-4694). - scsi: qedi: Add packet filter in light L2 Rx path (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Check for session online before getting iSCSI TLV data (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Cleanup redundant QEDI_PAGE_SIZE macro definition (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Fix spelling mistake "OUSTANDING" -> "OUTSTANDING" (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Move LL2 producer index processing in BH (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Replace PAGE_SIZE with QEDI_PAGE_SIZE (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Update driver version to 8.33.0.21 (jsc#SLE-4693 bsc#1136462). - scsi: qedi: add module param to set ping packet size (jsc#SLE-4693 bsc#1136462). - scsi: qedi: remove set but not used variables 'cdev' and 'udev' (jsc#SLE-4693 bsc#1136462). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: qla2xxx: do not crash on uninitialized pool list (boo#1138874). - scsi: fix multipath hang (bsc#1119532). - scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1136217,jsc#SLE-4722). - scsi: scsi_transport_fc: refactor event posting routines (bsc#1136217,jsc#SLE-4722). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - signal/ptrace: Do not leak unitialized kernel memory with PTRACE_PEEK_SIGINFO (git-fixes). - smb3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - staging:iio:ad7150: fix threshold mode config bit (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - supported.conf: added mlxbf_tmfifo (bsc#1136333 jsc#SLE-4994) - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - tcp: be more careful in tcp_fragment() (bsc#1139751). - tcp: fix tcp_set_congestion_control() use from bpf hook (bsc#1109837). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - tools/power/x86: A tool to validate Intel Speed Select commands (jsc#SLE-5364). - tools: bpftool: Fix json dump crash on powerpc (bsc#1109837). - tools: bpftool: fix infinite loop in map create (bsc#1109837). - tools: bpftool: use correct argument in cgroup errors (bsc#1109837). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - typec: tcpm: fix compiler warning about stupid things (git-fixes). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio/s390: DMA support for virtio-ccw (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: add indirection to indicators access (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: make airq summary indicators DMA (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use DMA memory for ccw I/O and classic notifiers (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use cacheline aligned airq bit vectors (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use vring_create_virtqueue (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vrf: sit mtu should not be updated when vrf netdev is the link (networking-stable-19_05_14). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - wil6210: drop old event after wmi_call timeout (bsc#1111666). - wil6210: fix potential out-of-bounds read (bsc#1051510). - wil6210: fix spurious interrupts in 3-msi (bsc#1111666). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/CPU: Add Icelake model number (jsc#SLE-5226). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/cpufeatures: Enumerate user wait instructions (jsc#SLE-5187). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to kvm (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). This feature was requested for SLE15 but aws reverted in packaging and master. - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to pci and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/umip: Make the UMIP activated message generic (bsc#1138336). - x86/umip: Print UMIP line only once (bsc#1138336). - x86/umwait: Add sysfs interface to control umwait C0.2 state (jsc#SLE-5187). - x86/umwait: Add sysfs interface to control umwait maximum time (jsc#SLE-5187). - x86/umwait: Initialize umwait control values (jsc#SLE-5187). - x86/xen: Add Hygon Dhyana support to Xen (). - xdp: check device pointer before clearing (bsc#1109837). - xdp: fix possible cq entry leak (bsc#1109837). - xdp: fix race on generic receive path (bsc#1109837). - xdp: hold device for umem regardless of zero-copy mode (bsc#1109837). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). - xprtrdma: Fix use-after-free in rpcrdma_post_recvs (bsc#1103992 ). - xsk: Properly terminate assignment in xskq_produce_flush_desc (bsc#1109837). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2019-2069=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): kernel-azure-4.12.14-8.13.1 kernel-azure-base-4.12.14-8.13.1 kernel-azure-base-debuginfo-4.12.14-8.13.1 kernel-azure-debuginfo-4.12.14-8.13.1 kernel-azure-devel-4.12.14-8.13.1 kernel-syms-azure-4.12.14-8.13.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): kernel-devel-azure-4.12.14-8.13.1 kernel-source-azure-4.12.14-8.13.1 References: https://www.suse.com/security/cve/CVE-2018-16871.html https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2018-20855.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-1125.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-11810.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12817.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://www.suse.com/security/cve/CVE-2019-13233.html https://www.suse.com/security/cve/CVE-2019-13631.html https://www.suse.com/security/cve/CVE-2019-13648.html https://www.suse.com/security/cve/CVE-2019-14283.html https://www.suse.com/security/cve/CVE-2019-14284.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1083710 https://bugzilla.suse.com/1088047 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104745 https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114685 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1119222 https://bugzilla.suse.com/1119532 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1123080 https://bugzilla.suse.com/1125703 https://bugzilla.suse.com/1127034 https://bugzilla.suse.com/1127315 https://bugzilla.suse.com/1127611 https://bugzilla.suse.com/1128432 https://bugzilla.suse.com/1128902 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130836 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1133401 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134090 https://bugzilla.suse.com/1134097 https://bugzilla.suse.com/1134390 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1134399 https://bugzilla.suse.com/1134730 https://bugzilla.suse.com/1134738 https://bugzilla.suse.com/1135153 https://bugzilla.suse.com/1135296 https://bugzilla.suse.com/1135335 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135897 https://bugzilla.suse.com/1136156 https://bugzilla.suse.com/1136157 https://bugzilla.suse.com/1136161 https://bugzilla.suse.com/1136217 https://bugzilla.suse.com/1136264 https://bugzilla.suse.com/1136271 https://bugzilla.suse.com/1136333 https://bugzilla.suse.com/1136342 https://bugzilla.suse.com/1136343 https://bugzilla.suse.com/1136345 https://bugzilla.suse.com/1136348 https://bugzilla.suse.com/1136460 https://bugzilla.suse.com/1136461 https://bugzilla.suse.com/1136462 https://bugzilla.suse.com/1136467 https://bugzilla.suse.com/1137103 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1137224 https://bugzilla.suse.com/1137366 https://bugzilla.suse.com/1137429 https://bugzilla.suse.com/1137458 https://bugzilla.suse.com/1137534 https://bugzilla.suse.com/1137535 https://bugzilla.suse.com/1137584 https://bugzilla.suse.com/1137586 https://bugzilla.suse.com/1137609 https://bugzilla.suse.com/1137625 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1137811 https://bugzilla.suse.com/1137827 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137985 https://bugzilla.suse.com/1138263 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1138293 https://bugzilla.suse.com/1138336 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138375 https://bugzilla.suse.com/1138589 https://bugzilla.suse.com/1138681 https://bugzilla.suse.com/1138719 https://bugzilla.suse.com/1138732 https://bugzilla.suse.com/1138874 https://bugzilla.suse.com/1138879 https://bugzilla.suse.com/1139358 https://bugzilla.suse.com/1139619 https://bugzilla.suse.com/1139712 https://bugzilla.suse.com/1139751 https://bugzilla.suse.com/1139771 https://bugzilla.suse.com/1139865 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140139 https://bugzilla.suse.com/1140228 https://bugzilla.suse.com/1140322 https://bugzilla.suse.com/1140328 https://bugzilla.suse.com/1140405 https://bugzilla.suse.com/1140424 https://bugzilla.suse.com/1140428 https://bugzilla.suse.com/1140454 https://bugzilla.suse.com/1140463 https://bugzilla.suse.com/1140559 https://bugzilla.suse.com/1140575 https://bugzilla.suse.com/1140577 https://bugzilla.suse.com/1140637 https://bugzilla.suse.com/1140652 https://bugzilla.suse.com/1140658 https://bugzilla.suse.com/1140676 https://bugzilla.suse.com/1140715 https://bugzilla.suse.com/1140719 https://bugzilla.suse.com/1140726 https://bugzilla.suse.com/1140727 https://bugzilla.suse.com/1140728 https://bugzilla.suse.com/1140814 https://bugzilla.suse.com/1140887 https://bugzilla.suse.com/1140888 https://bugzilla.suse.com/1140889 https://bugzilla.suse.com/1140891 https://bugzilla.suse.com/1140893 https://bugzilla.suse.com/1140903 https://bugzilla.suse.com/1140945 https://bugzilla.suse.com/1140948 https://bugzilla.suse.com/1140954 https://bugzilla.suse.com/1140955 https://bugzilla.suse.com/1140956 https://bugzilla.suse.com/1140957 https://bugzilla.suse.com/1140958 https://bugzilla.suse.com/1140959 https://bugzilla.suse.com/1140960 https://bugzilla.suse.com/1140961 https://bugzilla.suse.com/1140962 https://bugzilla.suse.com/1140964 https://bugzilla.suse.com/1140971 https://bugzilla.suse.com/1140972 https://bugzilla.suse.com/1140992 https://bugzilla.suse.com/1141312 https://bugzilla.suse.com/1141401 https://bugzilla.suse.com/1141402 https://bugzilla.suse.com/1141452 https://bugzilla.suse.com/1141453 https://bugzilla.suse.com/1141454 https://bugzilla.suse.com/1141478 https://bugzilla.suse.com/1141558 https://bugzilla.suse.com/1142023 https://bugzilla.suse.com/1142052 https://bugzilla.suse.com/1142083 https://bugzilla.suse.com/1142112 https://bugzilla.suse.com/1142115 https://bugzilla.suse.com/1142119 https://bugzilla.suse.com/1142220 https://bugzilla.suse.com/1142221 https://bugzilla.suse.com/1142265 https://bugzilla.suse.com/1142350 https://bugzilla.suse.com/1142351 https://bugzilla.suse.com/1142354 https://bugzilla.suse.com/1142359 https://bugzilla.suse.com/1142450 https://bugzilla.suse.com/1142623 https://bugzilla.suse.com/1142673 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142868 https://bugzilla.suse.com/1143003 https://bugzilla.suse.com/1143105 https://bugzilla.suse.com/1143185 https://bugzilla.suse.com/1143189 https://bugzilla.suse.com/1143191 https://bugzilla.suse.com/1143209 https://bugzilla.suse.com/1143507 From sle-updates at lists.suse.com Tue Aug 6 23:39:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 07:39:24 +0200 (CEST) Subject: SUSE-SU-2019:2071-1: important: Security update for the Linux Kernel Message-ID: <20190807053924.DBEC7FF12@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2071-1 Rating: important References: #1051510 #1055117 #1071995 #1083647 #1083710 #1102247 #1119222 #1123080 #1127034 #1127315 #1129770 #1130972 #1133021 #1134097 #1134390 #1134399 #1135335 #1135642 #1137458 #1137534 #1137535 #1137584 #1137609 #1137827 #1139358 #1140133 #1140322 #1140652 #1140903 #1140945 #1141401 #1141402 #1141452 #1141453 #1141454 #1141478 #1142023 #1142112 #1142220 #1142221 #1142254 #1142350 #1142351 #1142354 #1142359 #1142450 #1142701 #1142868 #1143003 #1143045 #1143105 #1143185 #1143189 #1143191 #1143507 Cross-References: CVE-2018-20855 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 48 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045). - CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default. (bnc#1143191) - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399). - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame. (bnc#1142254) - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) The following non-security bugs were fixed: - Correct the CVE and bug reference for a floppy security fix (CVE-2019-14284,bsc#1143189) A dedicated CVE was already assigned - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - Add back sibling paca poiter to paca (bsc#1055117). - Add support for crct10dif-vpmsum (). - af_unix: remove redundant lockdep class (git-fixes). alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - asoc : cs4265 : readable register too low (bsc#1051510). - asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - asoc: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath6kl: add some bounds checking (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove "XXX:" comment line from run_cache_set() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert "bcache: fix high CPU occupancy during journal" (bsc#1140652). - bcache: Revert "bcache: free heap cache_set->flush_btree in bch_journal_free" (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width" (bsc#1051510). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - e1000e: start network tx queue only when link is up (bsc#1051510). - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - hid: wacom: correct touch resolution x/y typo (bsc#1051510). - hid: wacom: generic: Correct pad syncing (bsc#1051510). - hid: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - input: psmouse - fix build error of multiple definition (bsc#1051510). - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_KVM_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker. - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - lib/bitmap.c: make bitmap_parselist() thread-safe and much faster (bsc#1143507). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL (bsc#1051510). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - pci: Always allow probing with driver_override (bsc#1051510). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pci: Return error if cannot probe VF (bsc#1051510). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes). - Revert "bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()" (bsc#1140652). - Revert "e1000e: fix cyclic resets at link up with active tx" (bsc#1051510). - Revert "livepatch: Remove reliable stacktrace check in klp_try_switch_task()" (bsc#1071995). - Revert "serial: 8250: Do not service RX FIFO if interrupts are disabled" (bsc#1051510). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/vtime: steal time exponential moving average (bsc#1119222). - scripts/git_sort/git_sort.py: Add mmots tree. - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - wil6210: fix potential out-of-bounds read (bsc#1051510). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-2071=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2071=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-2071=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-2071=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2071=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2071=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-2071=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-150.32.1 kernel-default-debugsource-4.12.14-150.32.1 kernel-default-extra-4.12.14-150.32.1 kernel-default-extra-debuginfo-4.12.14-150.32.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-default-base-4.12.14-150.32.1 kernel-default-base-debuginfo-4.12.14-150.32.1 kernel-default-debuginfo-4.12.14-150.32.1 kernel-default-debugsource-4.12.14-150.32.1 kernel-obs-qa-4.12.14-150.32.1 kselftests-kmp-default-4.12.14-150.32.1 kselftests-kmp-default-debuginfo-4.12.14-150.32.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): kernel-docs-html-4.12.14-150.32.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.32.1 kernel-default-debugsource-4.12.14-150.32.1 kernel-default-livepatch-4.12.14-150.32.1 kernel-livepatch-4_12_14-150_32-default-1-1.5.1 kernel-livepatch-4_12_14-150_32-default-debuginfo-1-1.5.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-150.32.1 kernel-default-debugsource-4.12.14-150.32.1 reiserfs-kmp-default-4.12.14-150.32.1 reiserfs-kmp-default-debuginfo-4.12.14-150.32.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-150.32.1 kernel-obs-build-debugsource-4.12.14-150.32.1 kernel-syms-4.12.14-150.32.1 kernel-vanilla-base-4.12.14-150.32.1 kernel-vanilla-base-debuginfo-4.12.14-150.32.1 kernel-vanilla-debuginfo-4.12.14-150.32.1 kernel-vanilla-debugsource-4.12.14-150.32.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-150.32.1 kernel-source-4.12.14-150.32.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150.32.1 kernel-default-base-4.12.14-150.32.1 kernel-default-debuginfo-4.12.14-150.32.1 kernel-default-debugsource-4.12.14-150.32.1 kernel-default-devel-4.12.14-150.32.1 kernel-default-devel-debuginfo-4.12.14-150.32.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-150.32.1 kernel-macros-4.12.14-150.32.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-150.32.1 kernel-zfcpdump-4.12.14-150.32.1 kernel-zfcpdump-debuginfo-4.12.14-150.32.1 kernel-zfcpdump-debugsource-4.12.14-150.32.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150.32.1 cluster-md-kmp-default-debuginfo-4.12.14-150.32.1 dlm-kmp-default-4.12.14-150.32.1 dlm-kmp-default-debuginfo-4.12.14-150.32.1 gfs2-kmp-default-4.12.14-150.32.1 gfs2-kmp-default-debuginfo-4.12.14-150.32.1 kernel-default-debuginfo-4.12.14-150.32.1 kernel-default-debugsource-4.12.14-150.32.1 ocfs2-kmp-default-4.12.14-150.32.1 ocfs2-kmp-default-debuginfo-4.12.14-150.32.1 References: https://www.suse.com/security/cve/CVE-2018-20855.html https://www.suse.com/security/cve/CVE-2019-1125.html https://www.suse.com/security/cve/CVE-2019-11810.html https://www.suse.com/security/cve/CVE-2019-13631.html https://www.suse.com/security/cve/CVE-2019-13648.html https://www.suse.com/security/cve/CVE-2019-14283.html https://www.suse.com/security/cve/CVE-2019-14284.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1083710 https://bugzilla.suse.com/1102247 https://bugzilla.suse.com/1119222 https://bugzilla.suse.com/1123080 https://bugzilla.suse.com/1127034 https://bugzilla.suse.com/1127315 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1134097 https://bugzilla.suse.com/1134390 https://bugzilla.suse.com/1134399 https://bugzilla.suse.com/1135335 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1137458 https://bugzilla.suse.com/1137534 https://bugzilla.suse.com/1137535 https://bugzilla.suse.com/1137584 https://bugzilla.suse.com/1137609 https://bugzilla.suse.com/1137827 https://bugzilla.suse.com/1139358 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140322 https://bugzilla.suse.com/1140652 https://bugzilla.suse.com/1140903 https://bugzilla.suse.com/1140945 https://bugzilla.suse.com/1141401 https://bugzilla.suse.com/1141402 https://bugzilla.suse.com/1141452 https://bugzilla.suse.com/1141453 https://bugzilla.suse.com/1141454 https://bugzilla.suse.com/1141478 https://bugzilla.suse.com/1142023 https://bugzilla.suse.com/1142112 https://bugzilla.suse.com/1142220 https://bugzilla.suse.com/1142221 https://bugzilla.suse.com/1142254 https://bugzilla.suse.com/1142350 https://bugzilla.suse.com/1142351 https://bugzilla.suse.com/1142354 https://bugzilla.suse.com/1142359 https://bugzilla.suse.com/1142450 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142868 https://bugzilla.suse.com/1143003 https://bugzilla.suse.com/1143045 https://bugzilla.suse.com/1143105 https://bugzilla.suse.com/1143185 https://bugzilla.suse.com/1143189 https://bugzilla.suse.com/1143191 https://bugzilla.suse.com/1143507 From sle-updates at lists.suse.com Tue Aug 6 23:47:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 07:47:06 +0200 (CEST) Subject: SUSE-SU-2019:2072-1: important: Security update for the Linux Kernel Message-ID: <20190807054706.273D9FF12@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2072-1 Rating: important References: #1051510 #1055117 #1071995 #1083647 #1083710 #1102247 #1111666 #1119222 #1123080 #1127034 #1127315 #1129770 #1130972 #1133021 #1134097 #1134390 #1134399 #1135335 #1135642 #1136896 #1137458 #1137534 #1137535 #1137584 #1137609 #1137811 #1137827 #1139358 #1140133 #1140139 #1140322 #1140652 #1140887 #1140888 #1140889 #1140891 #1140893 #1140903 #1140945 #1140954 #1140955 #1140956 #1140957 #1140958 #1140959 #1140960 #1140961 #1140962 #1140964 #1140971 #1140972 #1140992 #1141401 #1141402 #1141452 #1141453 #1141454 #1141478 #1142023 #1142112 #1142220 #1142221 #1142254 #1142350 #1142351 #1142354 #1142359 #1142450 #1142701 #1142868 #1143003 #1143045 #1143105 #1143185 #1143189 #1143191 #1143507 Cross-References: CVE-2018-20855 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 70 fixes is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045). - CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default. (bnc#1143191) - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399). - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame. (bnc#1142254) - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) The following non-security bugs were fixed: - Correct the CVE and bug reference for a floppy security fix (CVE-2019-14284,bsc#1143189) A dedicated CVE was already assigned - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - Add back sibling paca poiter to paca (bsc#1055117). - Add support for crct10dif-vpmsum (). - af_unix: remove redundant lockdep class (git-fixes). - alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - asoc : cs4265 : readable register too low (bsc#1051510). - asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - asoc: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath6kl: add some bounds checking (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove "XXX:" comment line from run_cache_set() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert "bcache: fix high CPU occupancy during journal" (bsc#1140652). - bcache: Revert "bcache: free heap cache_set->flush_btree in bch_journal_free" (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width" (bsc#1051510). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - e1000e: start network tx queue only when link is up (bsc#1051510). - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - hid: wacom: correct touch resolution x/y typo (bsc#1051510). - hid: wacom: generic: Correct pad syncing (bsc#1051510). - hid: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - input: psmouse - fix build error of multiple definition (bsc#1051510). - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: fix Guest installation fails by "Invalid value '0-31' for 'cpuset.cpus': Invalid argument" (bsc#1143507) - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_KVM_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker. - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL (bsc#1051510). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - pci: Always allow probing with driver_override (bsc#1051510). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pci: Return error if cannot probe VF (bsc#1051510). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes). - Revert "bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()" (bsc#1140652). - Revert "e1000e: fix cyclic resets at link up with active tx" (bsc#1051510). - Revert "livepatch: Remove reliable stacktrace check in klp_try_switch_task()" (bsc#1071995). - Revert "serial: 8250: Do not service RX FIFO if interrupts are disabled" (bsc#1051510). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/vtime: steal time exponential moving average (bsc#1119222). - scripts/git_sort/git_sort.py: Add mmots tree. - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - wil6210: fix potential out-of-bounds read (bsc#1051510). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2072=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2072=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2072=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-2072=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-2072=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2072=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): kernel-default-debuginfo-4.12.14-95.29.1 kernel-default-debugsource-4.12.14-95.29.1 kernel-default-extra-4.12.14-95.29.1 kernel-default-extra-debuginfo-4.12.14-95.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-95.29.1 kernel-obs-build-debugsource-4.12.14-95.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): kernel-docs-4.12.14-95.29.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.29.1 kernel-default-base-4.12.14-95.29.1 kernel-default-base-debuginfo-4.12.14-95.29.1 kernel-default-debuginfo-4.12.14-95.29.1 kernel-default-debugsource-4.12.14-95.29.1 kernel-default-devel-4.12.14-95.29.1 kernel-syms-4.12.14-95.29.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-4.12.14-95.29.1 kernel-macros-4.12.14-95.29.1 kernel-source-4.12.14-95.29.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.29.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): kernel-default-man-4.12.14-95.29.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_29-default-1-6.5.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.29.1 cluster-md-kmp-default-debuginfo-4.12.14-95.29.1 dlm-kmp-default-4.12.14-95.29.1 dlm-kmp-default-debuginfo-4.12.14-95.29.1 gfs2-kmp-default-4.12.14-95.29.1 gfs2-kmp-default-debuginfo-4.12.14-95.29.1 kernel-default-debuginfo-4.12.14-95.29.1 kernel-default-debugsource-4.12.14-95.29.1 ocfs2-kmp-default-4.12.14-95.29.1 ocfs2-kmp-default-debuginfo-4.12.14-95.29.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kernel-default-4.12.14-95.29.1 kernel-default-debuginfo-4.12.14-95.29.1 kernel-default-debugsource-4.12.14-95.29.1 kernel-default-devel-4.12.14-95.29.1 kernel-default-devel-debuginfo-4.12.14-95.29.1 kernel-default-extra-4.12.14-95.29.1 kernel-default-extra-debuginfo-4.12.14-95.29.1 kernel-syms-4.12.14-95.29.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): kernel-devel-4.12.14-95.29.1 kernel-macros-4.12.14-95.29.1 kernel-source-4.12.14-95.29.1 References: https://www.suse.com/security/cve/CVE-2018-20855.html https://www.suse.com/security/cve/CVE-2019-1125.html https://www.suse.com/security/cve/CVE-2019-11810.html https://www.suse.com/security/cve/CVE-2019-13631.html https://www.suse.com/security/cve/CVE-2019-13648.html https://www.suse.com/security/cve/CVE-2019-14283.html https://www.suse.com/security/cve/CVE-2019-14284.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1083710 https://bugzilla.suse.com/1102247 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1119222 https://bugzilla.suse.com/1123080 https://bugzilla.suse.com/1127034 https://bugzilla.suse.com/1127315 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1134097 https://bugzilla.suse.com/1134390 https://bugzilla.suse.com/1134399 https://bugzilla.suse.com/1135335 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136896 https://bugzilla.suse.com/1137458 https://bugzilla.suse.com/1137534 https://bugzilla.suse.com/1137535 https://bugzilla.suse.com/1137584 https://bugzilla.suse.com/1137609 https://bugzilla.suse.com/1137811 https://bugzilla.suse.com/1137827 https://bugzilla.suse.com/1139358 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140139 https://bugzilla.suse.com/1140322 https://bugzilla.suse.com/1140652 https://bugzilla.suse.com/1140887 https://bugzilla.suse.com/1140888 https://bugzilla.suse.com/1140889 https://bugzilla.suse.com/1140891 https://bugzilla.suse.com/1140893 https://bugzilla.suse.com/1140903 https://bugzilla.suse.com/1140945 https://bugzilla.suse.com/1140954 https://bugzilla.suse.com/1140955 https://bugzilla.suse.com/1140956 https://bugzilla.suse.com/1140957 https://bugzilla.suse.com/1140958 https://bugzilla.suse.com/1140959 https://bugzilla.suse.com/1140960 https://bugzilla.suse.com/1140961 https://bugzilla.suse.com/1140962 https://bugzilla.suse.com/1140964 https://bugzilla.suse.com/1140971 https://bugzilla.suse.com/1140972 https://bugzilla.suse.com/1140992 https://bugzilla.suse.com/1141401 https://bugzilla.suse.com/1141402 https://bugzilla.suse.com/1141452 https://bugzilla.suse.com/1141453 https://bugzilla.suse.com/1141454 https://bugzilla.suse.com/1141478 https://bugzilla.suse.com/1142023 https://bugzilla.suse.com/1142112 https://bugzilla.suse.com/1142220 https://bugzilla.suse.com/1142221 https://bugzilla.suse.com/1142254 https://bugzilla.suse.com/1142350 https://bugzilla.suse.com/1142351 https://bugzilla.suse.com/1142354 https://bugzilla.suse.com/1142359 https://bugzilla.suse.com/1142450 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142868 https://bugzilla.suse.com/1143003 https://bugzilla.suse.com/1143045 https://bugzilla.suse.com/1143105 https://bugzilla.suse.com/1143185 https://bugzilla.suse.com/1143189 https://bugzilla.suse.com/1143191 https://bugzilla.suse.com/1143507 From sle-updates at lists.suse.com Wed Aug 7 07:10:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 15:10:39 +0200 (CEST) Subject: SUSE-SU-2019:2078-1: important: Security update for nodejs4 Message-ID: <20190807131039.876A5FF12@maintenance.suse.de> SUSE Security Update: Security update for nodejs4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2078-1 Rating: important References: #1140290 Cross-References: CVE-2019-13173 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nodejs4 fixes the following issues: - CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter() (bsc#1140290). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-2078=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2078=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le x86_64): nodejs4-4.9.1-15.23.1 nodejs4-debuginfo-4.9.1-15.23.1 nodejs4-debugsource-4.9.1-15.23.1 nodejs4-devel-4.9.1-15.23.1 npm4-4.9.1-15.23.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs4-docs-4.9.1-15.23.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): nodejs4-4.9.1-15.23.1 nodejs4-debuginfo-4.9.1-15.23.1 nodejs4-debugsource-4.9.1-15.23.1 References: https://www.suse.com/security/cve/CVE-2019-13173.html https://bugzilla.suse.com/1140290 From sle-updates at lists.suse.com Wed Aug 7 07:11:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 15:11:21 +0200 (CEST) Subject: SUSE-SU-2019:14141-1: important: Security update for evince Message-ID: <20190807131121.80B4DFF12@maintenance.suse.de> SUSE Security Update: Security update for evince ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14141-1 Rating: important References: #1133037 #1141619 Cross-References: CVE-2019-1010006 CVE-2019-11459 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for evince fixes the following issues: Security issues fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-evince-14141=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-evince-14141=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-evince-14141=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-evince-14141=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): evince-2.28.2-0.7.8.1 evince-doc-2.28.2-0.7.8.1 evince-lang-2.28.2-0.7.8.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): evince-2.28.2-0.7.8.1 evince-doc-2.28.2-0.7.8.1 evince-lang-2.28.2-0.7.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): evince-debuginfo-2.28.2-0.7.8.1 evince-debugsource-2.28.2-0.7.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): evince-debuginfo-2.28.2-0.7.8.1 evince-debugsource-2.28.2-0.7.8.1 References: https://www.suse.com/security/cve/CVE-2019-1010006.html https://www.suse.com/security/cve/CVE-2019-11459.html https://bugzilla.suse.com/1133037 https://bugzilla.suse.com/1141619 From sle-updates at lists.suse.com Wed Aug 7 07:12:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 15:12:16 +0200 (CEST) Subject: SUSE-SU-2019:2080-1: important: Security update for evince Message-ID: <20190807131216.C2CFDFF12@maintenance.suse.de> SUSE Security Update: Security update for evince ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2080-1 Rating: important References: #1133037 #1141619 Cross-References: CVE-2019-1010006 CVE-2019-11459 Affected Products: SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for evince fixes the following issues: Security issues fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2080=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2080=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2019-2080=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2080=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2080=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2080=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2080=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2080=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2080=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2080=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2080=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2080=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2080=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2080=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2080=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2080=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2080=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2080=1 Package List: - SUSE OpenStack Cloud 8 (noarch): evince-lang-3.20.2-6.27.1 - SUSE OpenStack Cloud 8 (x86_64): evince-3.20.2-6.27.1 evince-browser-plugin-3.20.2-6.27.1 evince-browser-plugin-debuginfo-3.20.2-6.27.1 evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 evince-plugin-djvudocument-3.20.2-6.27.1 evince-plugin-djvudocument-debuginfo-3.20.2-6.27.1 evince-plugin-dvidocument-3.20.2-6.27.1 evince-plugin-dvidocument-debuginfo-3.20.2-6.27.1 evince-plugin-pdfdocument-3.20.2-6.27.1 evince-plugin-pdfdocument-debuginfo-3.20.2-6.27.1 evince-plugin-psdocument-3.20.2-6.27.1 evince-plugin-psdocument-debuginfo-3.20.2-6.27.1 evince-plugin-tiffdocument-3.20.2-6.27.1 evince-plugin-tiffdocument-debuginfo-3.20.2-6.27.1 evince-plugin-xpsdocument-3.20.2-6.27.1 evince-plugin-xpsdocument-debuginfo-3.20.2-6.27.1 libevdocument3-4-3.20.2-6.27.1 libevdocument3-4-debuginfo-3.20.2-6.27.1 libevview3-3-3.20.2-6.27.1 libevview3-3-debuginfo-3.20.2-6.27.1 nautilus-evince-3.20.2-6.27.1 nautilus-evince-debuginfo-3.20.2-6.27.1 - SUSE OpenStack Cloud 7 (s390x x86_64): evince-3.20.2-6.27.1 evince-browser-plugin-3.20.2-6.27.1 evince-browser-plugin-debuginfo-3.20.2-6.27.1 evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 evince-plugin-djvudocument-3.20.2-6.27.1 evince-plugin-djvudocument-debuginfo-3.20.2-6.27.1 evince-plugin-dvidocument-3.20.2-6.27.1 evince-plugin-dvidocument-debuginfo-3.20.2-6.27.1 evince-plugin-pdfdocument-3.20.2-6.27.1 evince-plugin-pdfdocument-debuginfo-3.20.2-6.27.1 evince-plugin-psdocument-3.20.2-6.27.1 evince-plugin-psdocument-debuginfo-3.20.2-6.27.1 evince-plugin-tiffdocument-3.20.2-6.27.1 evince-plugin-tiffdocument-debuginfo-3.20.2-6.27.1 evince-plugin-xpsdocument-3.20.2-6.27.1 evince-plugin-xpsdocument-debuginfo-3.20.2-6.27.1 libevdocument3-4-3.20.2-6.27.1 libevdocument3-4-debuginfo-3.20.2-6.27.1 libevview3-3-3.20.2-6.27.1 libevview3-3-debuginfo-3.20.2-6.27.1 nautilus-evince-3.20.2-6.27.1 nautilus-evince-debuginfo-3.20.2-6.27.1 - SUSE OpenStack Cloud 7 (noarch): evince-lang-3.20.2-6.27.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 typelib-1_0-EvinceDocument-3_0-3.20.2-6.27.1 typelib-1_0-EvinceView-3_0-3.20.2-6.27.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 typelib-1_0-EvinceDocument-3_0-3.20.2-6.27.1 typelib-1_0-EvinceView-3_0-3.20.2-6.27.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 evince-devel-3.20.2-6.27.1 typelib-1_0-EvinceDocument-3_0-3.20.2-6.27.1 typelib-1_0-EvinceView-3_0-3.20.2-6.27.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 evince-devel-3.20.2-6.27.1 typelib-1_0-EvinceDocument-3_0-3.20.2-6.27.1 typelib-1_0-EvinceView-3_0-3.20.2-6.27.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): evince-3.20.2-6.27.1 evince-browser-plugin-3.20.2-6.27.1 evince-browser-plugin-debuginfo-3.20.2-6.27.1 evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 evince-plugin-djvudocument-3.20.2-6.27.1 evince-plugin-djvudocument-debuginfo-3.20.2-6.27.1 evince-plugin-dvidocument-3.20.2-6.27.1 evince-plugin-dvidocument-debuginfo-3.20.2-6.27.1 evince-plugin-pdfdocument-3.20.2-6.27.1 evince-plugin-pdfdocument-debuginfo-3.20.2-6.27.1 evince-plugin-psdocument-3.20.2-6.27.1 evince-plugin-psdocument-debuginfo-3.20.2-6.27.1 evince-plugin-tiffdocument-3.20.2-6.27.1 evince-plugin-tiffdocument-debuginfo-3.20.2-6.27.1 evince-plugin-xpsdocument-3.20.2-6.27.1 evince-plugin-xpsdocument-debuginfo-3.20.2-6.27.1 libevdocument3-4-3.20.2-6.27.1 libevdocument3-4-debuginfo-3.20.2-6.27.1 libevview3-3-3.20.2-6.27.1 libevview3-3-debuginfo-3.20.2-6.27.1 nautilus-evince-3.20.2-6.27.1 nautilus-evince-debuginfo-3.20.2-6.27.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): evince-lang-3.20.2-6.27.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): evince-3.20.2-6.27.1 evince-browser-plugin-3.20.2-6.27.1 evince-browser-plugin-debuginfo-3.20.2-6.27.1 evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 evince-plugin-djvudocument-3.20.2-6.27.1 evince-plugin-djvudocument-debuginfo-3.20.2-6.27.1 evince-plugin-dvidocument-3.20.2-6.27.1 evince-plugin-dvidocument-debuginfo-3.20.2-6.27.1 evince-plugin-pdfdocument-3.20.2-6.27.1 evince-plugin-pdfdocument-debuginfo-3.20.2-6.27.1 evince-plugin-psdocument-3.20.2-6.27.1 evince-plugin-psdocument-debuginfo-3.20.2-6.27.1 evince-plugin-tiffdocument-3.20.2-6.27.1 evince-plugin-tiffdocument-debuginfo-3.20.2-6.27.1 evince-plugin-xpsdocument-3.20.2-6.27.1 evince-plugin-xpsdocument-debuginfo-3.20.2-6.27.1 libevdocument3-4-3.20.2-6.27.1 libevdocument3-4-debuginfo-3.20.2-6.27.1 libevview3-3-3.20.2-6.27.1 libevview3-3-debuginfo-3.20.2-6.27.1 nautilus-evince-3.20.2-6.27.1 nautilus-evince-debuginfo-3.20.2-6.27.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): evince-lang-3.20.2-6.27.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): evince-3.20.2-6.27.1 evince-browser-plugin-3.20.2-6.27.1 evince-browser-plugin-debuginfo-3.20.2-6.27.1 evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 evince-plugin-djvudocument-3.20.2-6.27.1 evince-plugin-djvudocument-debuginfo-3.20.2-6.27.1 evince-plugin-dvidocument-3.20.2-6.27.1 evince-plugin-dvidocument-debuginfo-3.20.2-6.27.1 evince-plugin-pdfdocument-3.20.2-6.27.1 evince-plugin-pdfdocument-debuginfo-3.20.2-6.27.1 evince-plugin-psdocument-3.20.2-6.27.1 evince-plugin-psdocument-debuginfo-3.20.2-6.27.1 evince-plugin-tiffdocument-3.20.2-6.27.1 evince-plugin-tiffdocument-debuginfo-3.20.2-6.27.1 evince-plugin-xpsdocument-3.20.2-6.27.1 evince-plugin-xpsdocument-debuginfo-3.20.2-6.27.1 libevdocument3-4-3.20.2-6.27.1 libevdocument3-4-debuginfo-3.20.2-6.27.1 libevview3-3-3.20.2-6.27.1 libevview3-3-debuginfo-3.20.2-6.27.1 nautilus-evince-3.20.2-6.27.1 nautilus-evince-debuginfo-3.20.2-6.27.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): evince-lang-3.20.2-6.27.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): evince-3.20.2-6.27.1 evince-browser-plugin-3.20.2-6.27.1 evince-browser-plugin-debuginfo-3.20.2-6.27.1 evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 evince-plugin-djvudocument-3.20.2-6.27.1 evince-plugin-djvudocument-debuginfo-3.20.2-6.27.1 evince-plugin-dvidocument-3.20.2-6.27.1 evince-plugin-dvidocument-debuginfo-3.20.2-6.27.1 evince-plugin-pdfdocument-3.20.2-6.27.1 evince-plugin-pdfdocument-debuginfo-3.20.2-6.27.1 evince-plugin-psdocument-3.20.2-6.27.1 evince-plugin-psdocument-debuginfo-3.20.2-6.27.1 evince-plugin-tiffdocument-3.20.2-6.27.1 evince-plugin-tiffdocument-debuginfo-3.20.2-6.27.1 evince-plugin-xpsdocument-3.20.2-6.27.1 evince-plugin-xpsdocument-debuginfo-3.20.2-6.27.1 libevdocument3-4-3.20.2-6.27.1 libevdocument3-4-debuginfo-3.20.2-6.27.1 libevview3-3-3.20.2-6.27.1 libevview3-3-debuginfo-3.20.2-6.27.1 nautilus-evince-3.20.2-6.27.1 nautilus-evince-debuginfo-3.20.2-6.27.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): evince-lang-3.20.2-6.27.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): evince-3.20.2-6.27.1 evince-browser-plugin-3.20.2-6.27.1 evince-browser-plugin-debuginfo-3.20.2-6.27.1 evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 evince-plugin-djvudocument-3.20.2-6.27.1 evince-plugin-djvudocument-debuginfo-3.20.2-6.27.1 evince-plugin-dvidocument-3.20.2-6.27.1 evince-plugin-dvidocument-debuginfo-3.20.2-6.27.1 evince-plugin-pdfdocument-3.20.2-6.27.1 evince-plugin-pdfdocument-debuginfo-3.20.2-6.27.1 evince-plugin-psdocument-3.20.2-6.27.1 evince-plugin-psdocument-debuginfo-3.20.2-6.27.1 evince-plugin-tiffdocument-3.20.2-6.27.1 evince-plugin-tiffdocument-debuginfo-3.20.2-6.27.1 evince-plugin-xpsdocument-3.20.2-6.27.1 evince-plugin-xpsdocument-debuginfo-3.20.2-6.27.1 libevdocument3-4-3.20.2-6.27.1 libevdocument3-4-debuginfo-3.20.2-6.27.1 libevview3-3-3.20.2-6.27.1 libevview3-3-debuginfo-3.20.2-6.27.1 nautilus-evince-3.20.2-6.27.1 nautilus-evince-debuginfo-3.20.2-6.27.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): evince-lang-3.20.2-6.27.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): evince-3.20.2-6.27.1 evince-browser-plugin-3.20.2-6.27.1 evince-browser-plugin-debuginfo-3.20.2-6.27.1 evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 evince-plugin-djvudocument-3.20.2-6.27.1 evince-plugin-djvudocument-debuginfo-3.20.2-6.27.1 evince-plugin-dvidocument-3.20.2-6.27.1 evince-plugin-dvidocument-debuginfo-3.20.2-6.27.1 evince-plugin-pdfdocument-3.20.2-6.27.1 evince-plugin-pdfdocument-debuginfo-3.20.2-6.27.1 evince-plugin-psdocument-3.20.2-6.27.1 evince-plugin-psdocument-debuginfo-3.20.2-6.27.1 evince-plugin-tiffdocument-3.20.2-6.27.1 evince-plugin-tiffdocument-debuginfo-3.20.2-6.27.1 evince-plugin-xpsdocument-3.20.2-6.27.1 evince-plugin-xpsdocument-debuginfo-3.20.2-6.27.1 libevdocument3-4-3.20.2-6.27.1 libevdocument3-4-debuginfo-3.20.2-6.27.1 libevview3-3-3.20.2-6.27.1 libevview3-3-debuginfo-3.20.2-6.27.1 nautilus-evince-3.20.2-6.27.1 nautilus-evince-debuginfo-3.20.2-6.27.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): evince-lang-3.20.2-6.27.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): evince-3.20.2-6.27.1 evince-browser-plugin-3.20.2-6.27.1 evince-browser-plugin-debuginfo-3.20.2-6.27.1 evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 evince-plugin-djvudocument-3.20.2-6.27.1 evince-plugin-djvudocument-debuginfo-3.20.2-6.27.1 evince-plugin-dvidocument-3.20.2-6.27.1 evince-plugin-dvidocument-debuginfo-3.20.2-6.27.1 evince-plugin-pdfdocument-3.20.2-6.27.1 evince-plugin-pdfdocument-debuginfo-3.20.2-6.27.1 evince-plugin-psdocument-3.20.2-6.27.1 evince-plugin-psdocument-debuginfo-3.20.2-6.27.1 evince-plugin-tiffdocument-3.20.2-6.27.1 evince-plugin-tiffdocument-debuginfo-3.20.2-6.27.1 evince-plugin-xpsdocument-3.20.2-6.27.1 evince-plugin-xpsdocument-debuginfo-3.20.2-6.27.1 libevdocument3-4-3.20.2-6.27.1 libevdocument3-4-debuginfo-3.20.2-6.27.1 libevview3-3-3.20.2-6.27.1 libevview3-3-debuginfo-3.20.2-6.27.1 nautilus-evince-3.20.2-6.27.1 nautilus-evince-debuginfo-3.20.2-6.27.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): evince-lang-3.20.2-6.27.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): evince-3.20.2-6.27.1 evince-browser-plugin-3.20.2-6.27.1 evince-browser-plugin-debuginfo-3.20.2-6.27.1 evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 evince-plugin-djvudocument-3.20.2-6.27.1 evince-plugin-djvudocument-debuginfo-3.20.2-6.27.1 evince-plugin-dvidocument-3.20.2-6.27.1 evince-plugin-dvidocument-debuginfo-3.20.2-6.27.1 evince-plugin-pdfdocument-3.20.2-6.27.1 evince-plugin-pdfdocument-debuginfo-3.20.2-6.27.1 evince-plugin-psdocument-3.20.2-6.27.1 evince-plugin-psdocument-debuginfo-3.20.2-6.27.1 evince-plugin-tiffdocument-3.20.2-6.27.1 evince-plugin-tiffdocument-debuginfo-3.20.2-6.27.1 evince-plugin-xpsdocument-3.20.2-6.27.1 evince-plugin-xpsdocument-debuginfo-3.20.2-6.27.1 libevdocument3-4-3.20.2-6.27.1 libevdocument3-4-debuginfo-3.20.2-6.27.1 libevview3-3-3.20.2-6.27.1 libevview3-3-debuginfo-3.20.2-6.27.1 nautilus-evince-3.20.2-6.27.1 nautilus-evince-debuginfo-3.20.2-6.27.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): evince-lang-3.20.2-6.27.1 - SUSE Linux Enterprise Desktop 12-SP5 (noarch): evince-lang-3.20.2-6.27.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): evince-3.20.2-6.27.1 evince-browser-plugin-3.20.2-6.27.1 evince-browser-plugin-debuginfo-3.20.2-6.27.1 evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 evince-plugin-djvudocument-3.20.2-6.27.1 evince-plugin-djvudocument-debuginfo-3.20.2-6.27.1 evince-plugin-dvidocument-3.20.2-6.27.1 evince-plugin-dvidocument-debuginfo-3.20.2-6.27.1 evince-plugin-pdfdocument-3.20.2-6.27.1 evince-plugin-pdfdocument-debuginfo-3.20.2-6.27.1 evince-plugin-psdocument-3.20.2-6.27.1 evince-plugin-psdocument-debuginfo-3.20.2-6.27.1 evince-plugin-tiffdocument-3.20.2-6.27.1 evince-plugin-tiffdocument-debuginfo-3.20.2-6.27.1 evince-plugin-xpsdocument-3.20.2-6.27.1 evince-plugin-xpsdocument-debuginfo-3.20.2-6.27.1 libevdocument3-4-3.20.2-6.27.1 libevdocument3-4-debuginfo-3.20.2-6.27.1 libevview3-3-3.20.2-6.27.1 libevview3-3-debuginfo-3.20.2-6.27.1 nautilus-evince-3.20.2-6.27.1 nautilus-evince-debuginfo-3.20.2-6.27.1 typelib-1_0-EvinceDocument-3_0-3.20.2-6.27.1 typelib-1_0-EvinceView-3_0-3.20.2-6.27.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): evince-lang-3.20.2-6.27.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): evince-3.20.2-6.27.1 evince-browser-plugin-3.20.2-6.27.1 evince-browser-plugin-debuginfo-3.20.2-6.27.1 evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 evince-plugin-djvudocument-3.20.2-6.27.1 evince-plugin-djvudocument-debuginfo-3.20.2-6.27.1 evince-plugin-dvidocument-3.20.2-6.27.1 evince-plugin-dvidocument-debuginfo-3.20.2-6.27.1 evince-plugin-pdfdocument-3.20.2-6.27.1 evince-plugin-pdfdocument-debuginfo-3.20.2-6.27.1 evince-plugin-psdocument-3.20.2-6.27.1 evince-plugin-psdocument-debuginfo-3.20.2-6.27.1 evince-plugin-tiffdocument-3.20.2-6.27.1 evince-plugin-tiffdocument-debuginfo-3.20.2-6.27.1 evince-plugin-xpsdocument-3.20.2-6.27.1 evince-plugin-xpsdocument-debuginfo-3.20.2-6.27.1 libevdocument3-4-3.20.2-6.27.1 libevdocument3-4-debuginfo-3.20.2-6.27.1 libevview3-3-3.20.2-6.27.1 libevview3-3-debuginfo-3.20.2-6.27.1 nautilus-evince-3.20.2-6.27.1 nautilus-evince-debuginfo-3.20.2-6.27.1 typelib-1_0-EvinceDocument-3_0-3.20.2-6.27.1 typelib-1_0-EvinceView-3_0-3.20.2-6.27.1 - SUSE Enterprise Storage 5 (noarch): evince-lang-3.20.2-6.27.1 - SUSE Enterprise Storage 5 (x86_64): evince-3.20.2-6.27.1 evince-browser-plugin-3.20.2-6.27.1 evince-browser-plugin-debuginfo-3.20.2-6.27.1 evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 evince-plugin-djvudocument-3.20.2-6.27.1 evince-plugin-djvudocument-debuginfo-3.20.2-6.27.1 evince-plugin-dvidocument-3.20.2-6.27.1 evince-plugin-dvidocument-debuginfo-3.20.2-6.27.1 evince-plugin-pdfdocument-3.20.2-6.27.1 evince-plugin-pdfdocument-debuginfo-3.20.2-6.27.1 evince-plugin-psdocument-3.20.2-6.27.1 evince-plugin-psdocument-debuginfo-3.20.2-6.27.1 evince-plugin-tiffdocument-3.20.2-6.27.1 evince-plugin-tiffdocument-debuginfo-3.20.2-6.27.1 evince-plugin-xpsdocument-3.20.2-6.27.1 evince-plugin-xpsdocument-debuginfo-3.20.2-6.27.1 libevdocument3-4-3.20.2-6.27.1 libevdocument3-4-debuginfo-3.20.2-6.27.1 libevview3-3-3.20.2-6.27.1 libevview3-3-debuginfo-3.20.2-6.27.1 nautilus-evince-3.20.2-6.27.1 nautilus-evince-debuginfo-3.20.2-6.27.1 - SUSE Enterprise Storage 4 (noarch): evince-lang-3.20.2-6.27.1 - SUSE Enterprise Storage 4 (x86_64): evince-3.20.2-6.27.1 evince-browser-plugin-3.20.2-6.27.1 evince-browser-plugin-debuginfo-3.20.2-6.27.1 evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 evince-plugin-djvudocument-3.20.2-6.27.1 evince-plugin-djvudocument-debuginfo-3.20.2-6.27.1 evince-plugin-dvidocument-3.20.2-6.27.1 evince-plugin-dvidocument-debuginfo-3.20.2-6.27.1 evince-plugin-pdfdocument-3.20.2-6.27.1 evince-plugin-pdfdocument-debuginfo-3.20.2-6.27.1 evince-plugin-psdocument-3.20.2-6.27.1 evince-plugin-psdocument-debuginfo-3.20.2-6.27.1 evince-plugin-tiffdocument-3.20.2-6.27.1 evince-plugin-tiffdocument-debuginfo-3.20.2-6.27.1 evince-plugin-xpsdocument-3.20.2-6.27.1 evince-plugin-xpsdocument-debuginfo-3.20.2-6.27.1 libevdocument3-4-3.20.2-6.27.1 libevdocument3-4-debuginfo-3.20.2-6.27.1 libevview3-3-3.20.2-6.27.1 libevview3-3-debuginfo-3.20.2-6.27.1 nautilus-evince-3.20.2-6.27.1 nautilus-evince-debuginfo-3.20.2-6.27.1 References: https://www.suse.com/security/cve/CVE-2019-1010006.html https://www.suse.com/security/cve/CVE-2019-11459.html https://bugzilla.suse.com/1133037 https://bugzilla.suse.com/1141619 From sle-updates at lists.suse.com Wed Aug 7 07:13:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 15:13:10 +0200 (CEST) Subject: SUSE-RU-2019:2075-1: moderate: Recommended update for openstack-ironic-image Message-ID: <20190807131310.16C65FF12@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-ironic-image ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2075-1 Rating: moderate References: #1137626 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-ironic-image fixes the following issues: - add dosfstools (bsc#1137626) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2075=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2075=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): openstack-ironic-image-debugsource-9.0.0-3.3.1 openstack-ironic-image-x86_64-9.0.0-3.3.1 - SUSE OpenStack Cloud 9 (noarch): openstack-ironic-image-debugsource-9.0.0-3.3.1 openstack-ironic-image-x86_64-9.0.0-3.3.1 References: https://bugzilla.suse.com/1137626 From sle-updates at lists.suse.com Wed Aug 7 07:13:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 15:13:53 +0200 (CEST) Subject: SUSE-RU-2019:2076-1: moderate: Recommended update for dnsmasq Message-ID: <20190807131353.167C1FF12@maintenance.suse.de> SUSE Recommended Update: Recommended update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2076-1 Rating: moderate References: #1135449 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dnsmasq fixes the following issues: - Change permissions on /srv/tftpboot from 0750 to 0755 to sync with other providers/users of the directory. (bsc#1135449) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2076=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2076=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2076=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2076=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2076=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2076=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2076=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2076=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): dnsmasq-debuginfo-2.78-18.9.1 dnsmasq-debugsource-2.78-18.9.1 dnsmasq-utils-2.78-18.9.1 dnsmasq-utils-debuginfo-2.78-18.9.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): dnsmasq-debuginfo-2.78-18.9.1 dnsmasq-debugsource-2.78-18.9.1 dnsmasq-utils-2.78-18.9.1 dnsmasq-utils-debuginfo-2.78-18.9.1 - SUSE OpenStack Cloud 9 (x86_64): dnsmasq-debuginfo-2.78-18.9.1 dnsmasq-debugsource-2.78-18.9.1 dnsmasq-utils-2.78-18.9.1 dnsmasq-utils-debuginfo-2.78-18.9.1 - SUSE OpenStack Cloud 8 (x86_64): dnsmasq-debuginfo-2.78-18.9.1 dnsmasq-debugsource-2.78-18.9.1 dnsmasq-utils-2.78-18.9.1 dnsmasq-utils-debuginfo-2.78-18.9.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): dnsmasq-debuginfo-2.78-18.9.1 dnsmasq-debugsource-2.78-18.9.1 dnsmasq-utils-2.78-18.9.1 dnsmasq-utils-debuginfo-2.78-18.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): dnsmasq-2.78-18.9.1 dnsmasq-debuginfo-2.78-18.9.1 dnsmasq-debugsource-2.78-18.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): dnsmasq-2.78-18.9.1 dnsmasq-debuginfo-2.78-18.9.1 dnsmasq-debugsource-2.78-18.9.1 - HPE Helion Openstack 8 (x86_64): dnsmasq-debuginfo-2.78-18.9.1 dnsmasq-debugsource-2.78-18.9.1 dnsmasq-utils-2.78-18.9.1 dnsmasq-utils-debuginfo-2.78-18.9.1 References: https://bugzilla.suse.com/1135449 From sle-updates at lists.suse.com Wed Aug 7 07:14:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 15:14:35 +0200 (CEST) Subject: SUSE-RU-2019:2077-1: moderate: Recommended update for wireless-regdb Message-ID: <20190807131435.3BB59FF12@maintenance.suse.de> SUSE Recommended Update: Recommended update for wireless-regdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2077-1 Rating: moderate References: #1138177 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wireless-regdb fixes the following issues: - Update to version 2019.06.03 (bsc#1138177): * Expand 60 GHz band for Japan to 57-66 GHz * update source of information for CU * Update regulatory rules for South Korea * Update regulatory rules for Japan (JP) on 5GHz * update source of information for ES Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2077=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2077=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): wireless-regdb-2019.06.03-3.14.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): wireless-regdb-2019.06.03-3.14.1 References: https://bugzilla.suse.com/1138177 From sle-updates at lists.suse.com Wed Aug 7 10:10:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 18:10:27 +0200 (CEST) Subject: SUSE-SU-2019:2081-1: important: Security update for nodejs10 Message-ID: <20190807161027.16CF5FF12@maintenance.suse.de> SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2081-1 Rating: important References: #1134208 #1140290 Cross-References: CVE-2019-13173 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise Module for Web Scripting 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for nodejs10 to version 10.16.0 fixes the following issues: Security issue fixed: - CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter() (bsc#1140290). Non-security issue fixed: - Update to new upstream LTS version 10.16.0, including npm version 6.9.0 and openssl version 1.1.1b (bsc#1134208). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2019-2081=1 - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-2081=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (aarch64 ppc64le s390x x86_64): nodejs10-10.16.0-1.9.1 nodejs10-debuginfo-10.16.0-1.9.1 nodejs10-debugsource-10.16.0-1.9.1 nodejs10-devel-10.16.0-1.9.1 npm10-10.16.0-1.9.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): nodejs10-docs-10.16.0-1.9.1 - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): nodejs10-10.16.0-1.9.1 nodejs10-debuginfo-10.16.0-1.9.1 nodejs10-debugsource-10.16.0-1.9.1 nodejs10-devel-10.16.0-1.9.1 npm10-10.16.0-1.9.1 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): nodejs10-docs-10.16.0-1.9.1 References: https://www.suse.com/security/cve/CVE-2019-13173.html https://bugzilla.suse.com/1134208 https://bugzilla.suse.com/1140290 From sle-updates at lists.suse.com Wed Aug 7 10:11:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 18:11:14 +0200 (CEST) Subject: SUSE-RU-2019:2084-1: moderate: Recommended update for polkit-default-privs Message-ID: <20190807161114.8F32BFF12@maintenance.suse.de> SUSE Recommended Update: Recommended update for polkit-default-privs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2084-1 Rating: moderate References: #1140151 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for polkit-default-privs fixes the following issues: - various new libvirt actions were white listed (bsc#1140151) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2084=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2084=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.10-5.6.2 rpmlint-mini-debuginfo-1.10-5.6.2 rpmlint-mini-debugsource-1.10-5.6.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): polkit-default-privs-13.2-10.30.1 References: https://bugzilla.suse.com/1140151 From sle-updates at lists.suse.com Wed Aug 7 10:11:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 18:11:56 +0200 (CEST) Subject: SUSE-RU-2019:2086-1: moderate: Recommended update for postfix Message-ID: <20190807161156.75C7BFF12@maintenance.suse.de> SUSE Recommended Update: Recommended update for postfix ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2086-1 Rating: moderate References: #1104543 #1140521 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for postfix fixes the following issues: - config.postfix does not start tlsmgr in master.cf when using POSTFIX_SMTP_TLS_CLIENT="must". (bsc#1104543) - Fixed postfix can not use ldap tables (bsc#1140521) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2086=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2086=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2086=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2086=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2086=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2086=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): postfix-debuginfo-3.3.1-5.10.1 postfix-debugsource-3.3.1-5.10.1 postfix-mysql-3.3.1-5.10.1 postfix-mysql-debuginfo-3.3.1-5.10.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): postfix-debuginfo-3.3.1-5.10.1 postfix-debugsource-3.3.1-5.10.1 postfix-mysql-3.3.1-5.10.1 postfix-mysql-debuginfo-3.3.1-5.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): postfix-debuginfo-3.3.1-5.10.1 postfix-debugsource-3.3.1-5.10.1 postfix-lmdb-3.3.1-5.10.1 postfix-lmdb-debuginfo-3.3.1-5.10.1 postfix-postgresql-3.3.1-5.10.1 postfix-postgresql-debuginfo-3.3.1-5.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): postfix-debuginfo-3.3.1-5.10.1 postfix-debugsource-3.3.1-5.10.1 postfix-lmdb-3.3.1-5.10.1 postfix-lmdb-debuginfo-3.3.1-5.10.1 postfix-postgresql-3.3.1-5.10.1 postfix-postgresql-debuginfo-3.3.1-5.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): postfix-3.3.1-5.10.1 postfix-debuginfo-3.3.1-5.10.1 postfix-debugsource-3.3.1-5.10.1 postfix-devel-3.3.1-5.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): postfix-doc-3.3.1-5.10.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): postfix-3.3.1-5.10.1 postfix-debuginfo-3.3.1-5.10.1 postfix-debugsource-3.3.1-5.10.1 postfix-devel-3.3.1-5.10.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): postfix-doc-3.3.1-5.10.1 References: https://bugzilla.suse.com/1104543 https://bugzilla.suse.com/1140521 From sle-updates at lists.suse.com Wed Aug 7 10:12:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 18:12:46 +0200 (CEST) Subject: SUSE-RU-2019:2083-1: moderate: Recommended update for polkit-default-privs Message-ID: <20190807161246.670FDFF12@maintenance.suse.de> SUSE Recommended Update: Recommended update for polkit-default-privs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2083-1 Rating: moderate References: #1140151 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for polkit-default-privs fixes the following issues: - various new libvirt actions were whitelisted (bsc#1140151) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2083=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2083=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.10-7.2.1 rpmlint-mini-debuginfo-1.10-7.2.1 rpmlint-mini-debugsource-1.10-7.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): polkit-default-privs-13.2-18.5.1 References: https://bugzilla.suse.com/1140151 From sle-updates at lists.suse.com Wed Aug 7 10:13:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 18:13:30 +0200 (CEST) Subject: SUSE-RU-2019:2085-1: moderate: Recommended update for apparmor Message-ID: <20190807161330.265FAFF12@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2085-1 Rating: moderate References: #1135751 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apparmor fixes the following issues: - Profile updates for dnsmasq, dovecot, identd, syslog-ng - Parser: fix "Px -> foo-bar" (the "-" was rejected before) - Add certbot paths to abstractions/ssl_certs and abstractions/ssl_keys. - Fix build with swig 4.0. (bsc#1135751) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2085=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2085=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2085=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2085=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2085=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2085=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.12.3-7.20.1 apache2-mod_apparmor-debuginfo-2.12.3-7.20.1 apparmor-debugsource-2.12.3-7.20.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.12.3-7.20.1 apache2-mod_apparmor-debuginfo-2.12.3-7.20.1 apparmor-debugsource-2.12.3-7.20.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.12.3-7.20.1 ruby-apparmor-2.12.3-7.20.1 ruby-apparmor-debuginfo-2.12.3-7.20.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.12.3-7.20.1 ruby-apparmor-2.12.3-7.20.1 ruby-apparmor-debuginfo-2.12.3-7.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.12.3-7.20.1 apparmor-parser-2.12.3-7.20.1 apparmor-parser-debuginfo-2.12.3-7.20.1 libapparmor-debugsource-2.12.3-7.20.1 libapparmor-devel-2.12.3-7.20.1 libapparmor1-2.12.3-7.20.1 libapparmor1-debuginfo-2.12.3-7.20.1 pam_apparmor-2.12.3-7.20.1 pam_apparmor-debuginfo-2.12.3-7.20.1 perl-apparmor-2.12.3-7.20.1 perl-apparmor-debuginfo-2.12.3-7.20.1 python3-apparmor-2.12.3-7.20.1 python3-apparmor-debuginfo-2.12.3-7.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): apparmor-abstractions-2.12.3-7.20.1 apparmor-docs-2.12.3-7.20.1 apparmor-parser-lang-2.12.3-7.20.1 apparmor-profiles-2.12.3-7.20.1 apparmor-utils-2.12.3-7.20.1 apparmor-utils-lang-2.12.3-7.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libapparmor1-32bit-2.12.3-7.20.1 libapparmor1-32bit-debuginfo-2.12.3-7.20.1 pam_apparmor-32bit-2.12.3-7.20.1 pam_apparmor-32bit-debuginfo-2.12.3-7.20.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.12.3-7.20.1 apparmor-parser-2.12.3-7.20.1 apparmor-parser-debuginfo-2.12.3-7.20.1 libapparmor-debugsource-2.12.3-7.20.1 libapparmor-devel-2.12.3-7.20.1 libapparmor1-2.12.3-7.20.1 libapparmor1-debuginfo-2.12.3-7.20.1 pam_apparmor-2.12.3-7.20.1 pam_apparmor-debuginfo-2.12.3-7.20.1 perl-apparmor-2.12.3-7.20.1 perl-apparmor-debuginfo-2.12.3-7.20.1 python3-apparmor-2.12.3-7.20.1 python3-apparmor-debuginfo-2.12.3-7.20.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libapparmor1-32bit-2.12.3-7.20.1 libapparmor1-32bit-debuginfo-2.12.3-7.20.1 pam_apparmor-32bit-2.12.3-7.20.1 pam_apparmor-32bit-debuginfo-2.12.3-7.20.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): apparmor-abstractions-2.12.3-7.20.1 apparmor-docs-2.12.3-7.20.1 apparmor-parser-lang-2.12.3-7.20.1 apparmor-profiles-2.12.3-7.20.1 apparmor-utils-2.12.3-7.20.1 apparmor-utils-lang-2.12.3-7.20.1 References: https://bugzilla.suse.com/1135751 From sle-updates at lists.suse.com Wed Aug 7 10:14:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2019 18:14:13 +0200 (CEST) Subject: SUSE-RU-2019:2082-1: moderate: Recommended update for wireless-regdb Message-ID: <20190807161413.04A42FF12@maintenance.suse.de> SUSE Recommended Update: Recommended update for wireless-regdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2082-1 Rating: moderate References: #1138177 Affected Products: SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wireless-regdb fixes the following issues: - Update to version 2019.06.03 (bsc#1138177): * Expand 60 GHz band for Japan to 57-66 GHz * update source of information for CU * Update regulatory rules for South Korea * Update regulatory rules for Japan (JP) on 5GHz * update source of information for ES Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2082=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2082=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2082=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2082=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2082=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2082=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2082=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2082=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2082=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2082=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2082=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2082=1 Package List: - SUSE OpenStack Cloud 8 (noarch): wireless-regdb-2019.06.03-4.22.1 - SUSE OpenStack Cloud 7 (noarch): wireless-regdb-2019.06.03-4.22.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): wireless-regdb-2019.06.03-4.22.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): wireless-regdb-2019.06.03-4.22.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): wireless-regdb-2019.06.03-4.22.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): wireless-regdb-2019.06.03-4.22.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): wireless-regdb-2019.06.03-4.22.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): wireless-regdb-2019.06.03-4.22.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): wireless-regdb-2019.06.03-4.22.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): wireless-regdb-2019.06.03-4.22.1 - SUSE Enterprise Storage 5 (noarch): wireless-regdb-2019.06.03-4.22.1 - SUSE Enterprise Storage 4 (noarch): wireless-regdb-2019.06.03-4.22.1 References: https://bugzilla.suse.com/1138177 From sle-updates at lists.suse.com Wed Aug 7 16:10:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Aug 2019 00:10:24 +0200 (CEST) Subject: SUSE-SU-2019:2088-1: moderate: Security update for tcpdump Message-ID: <20190807221024.22101FF12@maintenance.suse.de> SUSE Security Update: Security update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2088-1 Rating: moderate References: #1068716 #1142439 Cross-References: CVE-2017-16808 CVE-2019-1010220 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2019-1010220: Fixed a buffer over-read in print_prefix() which may expose data (bsc#1142439). - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print() and lookup_emem() (bsc#1068716). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2088=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2088=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-14.11.1 tcpdump-debuginfo-4.9.2-14.11.1 tcpdump-debugsource-4.9.2-14.11.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): tcpdump-4.9.2-14.11.1 tcpdump-debuginfo-4.9.2-14.11.1 tcpdump-debugsource-4.9.2-14.11.1 References: https://www.suse.com/security/cve/CVE-2017-16808.html https://www.suse.com/security/cve/CVE-2019-1010220.html https://bugzilla.suse.com/1068716 https://bugzilla.suse.com/1142439 From sle-updates at lists.suse.com Wed Aug 7 16:11:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Aug 2019 00:11:20 +0200 (CEST) Subject: SUSE-SU-2019:2087-1: moderate: Security update for tcpdump Message-ID: <20190807221120.3FBE7FF12@maintenance.suse.de> SUSE Security Update: Security update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2087-1 Rating: moderate References: #1068716 #1142439 Cross-References: CVE-2017-16808 CVE-2019-1010220 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2019-1010220: Fixed a buffer over-read in print_prefix() which may expose data (bsc#1142439). - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print() and lookup_emem() (bsc#1068716). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2087=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2087=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-3.6.1 tcpdump-debuginfo-4.9.2-3.6.1 tcpdump-debugsource-4.9.2-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-3.6.1 tcpdump-debuginfo-4.9.2-3.6.1 tcpdump-debugsource-4.9.2-3.6.1 References: https://www.suse.com/security/cve/CVE-2017-16808.html https://www.suse.com/security/cve/CVE-2019-1010220.html https://bugzilla.suse.com/1068716 https://bugzilla.suse.com/1142439 From sle-updates at lists.suse.com Thu Aug 8 07:11:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Aug 2019 15:11:07 +0200 (CEST) Subject: SUSE-SU-2019:2089-1: moderate: Security update for squid Message-ID: <20190808131107.A278BF798@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2089-1 Rating: moderate References: #1140738 #1141329 #1141332 Cross-References: CVE-2019-12525 CVE-2019-12529 CVE-2019-13345 Affected Products: SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for squid fixes the following issues: Security issue fixed: - CVE-2019-12529: Fixed a potential denial of service associated with HTTP Basic Authentication credentials (bsc#1141329). - CVE-2019-12525: Fixed a denial of service during processing of HTTP Digest Authentication credentials (bsc#1141332). - CVE-2019-13345: Fixed a cross site scripting vulnerability via user_name or auth parameter in cachemgr.cgi (bsc#1140738). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2089=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2089=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2089=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2089=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2089=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2089=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2089=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2089=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2089=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2089=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2089=1 Package List: - SUSE OpenStack Cloud 8 (x86_64): squid-3.5.21-26.17.1 squid-debuginfo-3.5.21-26.17.1 squid-debugsource-3.5.21-26.17.1 - SUSE OpenStack Cloud 7 (s390x x86_64): squid-3.5.21-26.17.1 squid-debuginfo-3.5.21-26.17.1 squid-debugsource-3.5.21-26.17.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): squid-3.5.21-26.17.1 squid-debuginfo-3.5.21-26.17.1 squid-debugsource-3.5.21-26.17.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): squid-3.5.21-26.17.1 squid-debuginfo-3.5.21-26.17.1 squid-debugsource-3.5.21-26.17.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): squid-3.5.21-26.17.1 squid-debuginfo-3.5.21-26.17.1 squid-debugsource-3.5.21-26.17.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): squid-3.5.21-26.17.1 squid-debuginfo-3.5.21-26.17.1 squid-debugsource-3.5.21-26.17.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): squid-3.5.21-26.17.1 squid-debuginfo-3.5.21-26.17.1 squid-debugsource-3.5.21-26.17.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): squid-3.5.21-26.17.1 squid-debuginfo-3.5.21-26.17.1 squid-debugsource-3.5.21-26.17.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): squid-3.5.21-26.17.1 squid-debuginfo-3.5.21-26.17.1 squid-debugsource-3.5.21-26.17.1 - SUSE Enterprise Storage 5 (x86_64): squid-3.5.21-26.17.1 squid-debuginfo-3.5.21-26.17.1 squid-debugsource-3.5.21-26.17.1 - SUSE Enterprise Storage 4 (x86_64): squid-3.5.21-26.17.1 squid-debuginfo-3.5.21-26.17.1 squid-debugsource-3.5.21-26.17.1 References: https://www.suse.com/security/cve/CVE-2019-12525.html https://www.suse.com/security/cve/CVE-2019-12529.html https://www.suse.com/security/cve/CVE-2019-13345.html https://bugzilla.suse.com/1140738 https://bugzilla.suse.com/1141329 https://bugzilla.suse.com/1141332 From sle-updates at lists.suse.com Thu Aug 8 10:10:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Aug 2019 18:10:37 +0200 (CEST) Subject: SUSE-SU-2019:2092-1: moderate: Security update for squid Message-ID: <20190808161037.0ED88F798@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2092-1 Rating: moderate References: #1140738 Cross-References: CVE-2019-13345 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for squid fixes the following issues: Security issue fixed: - CVE-2019-13345: Fixed a cross site scripting vulnerability via user_name or auth parameter in cachemgr.cgi (bsc#1140738). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2092=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2092=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): squid-4.8-5.8.1 squid-debuginfo-4.8-5.8.1 squid-debugsource-4.8-5.8.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): squid-4.8-5.8.1 squid-debuginfo-4.8-5.8.1 squid-debugsource-4.8-5.8.1 References: https://www.suse.com/security/cve/CVE-2019-13345.html https://bugzilla.suse.com/1140738 From sle-updates at lists.suse.com Thu Aug 8 10:11:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Aug 2019 18:11:28 +0200 (CEST) Subject: SUSE-SU-2019:2091-1: important: Security update for python Message-ID: <20190808161128.7F001F798@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2091-1 Rating: important References: #1138459 #1141853 Cross-References: CVE-2018-20852 CVE-2019-10160 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2091=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2091=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2091=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2019-2091=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2091=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2091=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2091=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2091=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2091=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2091=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2091=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2091=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2091=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2091=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2091=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2091=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2091=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2091=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2091=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2091=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2091=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2091=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libpython2_7-1_0-2.7.13-28.31.1 libpython2_7-1_0-32bit-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.31.1 python-2.7.13-28.31.1 python-32bit-2.7.13-28.31.1 python-base-2.7.13-28.31.1 python-base-32bit-2.7.13-28.31.1 python-base-debuginfo-2.7.13-28.31.1 python-base-debuginfo-32bit-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-curses-2.7.13-28.31.1 python-curses-debuginfo-2.7.13-28.31.1 python-debuginfo-2.7.13-28.31.1 python-debuginfo-32bit-2.7.13-28.31.1 python-debugsource-2.7.13-28.31.1 python-demo-2.7.13-28.31.1 python-gdbm-2.7.13-28.31.1 python-gdbm-debuginfo-2.7.13-28.31.1 python-idle-2.7.13-28.31.1 python-tk-2.7.13-28.31.1 python-tk-debuginfo-2.7.13-28.31.1 python-xml-2.7.13-28.31.1 python-xml-debuginfo-2.7.13-28.31.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): python-doc-2.7.13-28.31.2 python-doc-pdf-2.7.13-28.31.2 - SUSE OpenStack Cloud 8 (noarch): python-doc-2.7.13-28.31.2 python-doc-pdf-2.7.13-28.31.2 - SUSE OpenStack Cloud 8 (x86_64): libpython2_7-1_0-2.7.13-28.31.1 libpython2_7-1_0-32bit-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.31.1 python-2.7.13-28.31.1 python-32bit-2.7.13-28.31.1 python-base-2.7.13-28.31.1 python-base-32bit-2.7.13-28.31.1 python-base-debuginfo-2.7.13-28.31.1 python-base-debuginfo-32bit-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-curses-2.7.13-28.31.1 python-curses-debuginfo-2.7.13-28.31.1 python-debuginfo-2.7.13-28.31.1 python-debuginfo-32bit-2.7.13-28.31.1 python-debugsource-2.7.13-28.31.1 python-demo-2.7.13-28.31.1 python-gdbm-2.7.13-28.31.1 python-gdbm-debuginfo-2.7.13-28.31.1 python-idle-2.7.13-28.31.1 python-tk-2.7.13-28.31.1 python-tk-debuginfo-2.7.13-28.31.1 python-xml-2.7.13-28.31.1 python-xml-debuginfo-2.7.13-28.31.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libpython2_7-1_0-2.7.13-28.31.1 libpython2_7-1_0-32bit-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.31.1 python-2.7.13-28.31.1 python-32bit-2.7.13-28.31.1 python-base-2.7.13-28.31.1 python-base-32bit-2.7.13-28.31.1 python-base-debuginfo-2.7.13-28.31.1 python-base-debuginfo-32bit-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-curses-2.7.13-28.31.1 python-curses-debuginfo-2.7.13-28.31.1 python-debuginfo-2.7.13-28.31.1 python-debuginfo-32bit-2.7.13-28.31.1 python-debugsource-2.7.13-28.31.1 python-demo-2.7.13-28.31.1 python-devel-2.7.13-28.31.1 python-gdbm-2.7.13-28.31.1 python-gdbm-debuginfo-2.7.13-28.31.1 python-idle-2.7.13-28.31.1 python-tk-2.7.13-28.31.1 python-tk-debuginfo-2.7.13-28.31.1 python-xml-2.7.13-28.31.1 python-xml-debuginfo-2.7.13-28.31.1 - SUSE OpenStack Cloud 7 (noarch): python-doc-2.7.13-28.31.2 python-doc-pdf-2.7.13-28.31.2 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): python-base-debuginfo-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-devel-2.7.13-28.31.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): python-base-debuginfo-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-devel-2.7.13-28.31.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-devel-2.7.13-28.31.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-devel-2.7.13-28.31.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libpython2_7-1_0-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-2.7.13-28.31.1 python-2.7.13-28.31.1 python-base-2.7.13-28.31.1 python-base-debuginfo-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-curses-2.7.13-28.31.1 python-curses-debuginfo-2.7.13-28.31.1 python-debuginfo-2.7.13-28.31.1 python-debugsource-2.7.13-28.31.1 python-demo-2.7.13-28.31.1 python-gdbm-2.7.13-28.31.1 python-gdbm-debuginfo-2.7.13-28.31.1 python-idle-2.7.13-28.31.1 python-tk-2.7.13-28.31.1 python-tk-debuginfo-2.7.13-28.31.1 python-xml-2.7.13-28.31.1 python-xml-debuginfo-2.7.13-28.31.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): python-doc-2.7.13-28.31.2 python-doc-pdf-2.7.13-28.31.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libpython2_7-1_0-32bit-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.31.1 python-32bit-2.7.13-28.31.1 python-base-32bit-2.7.13-28.31.1 python-base-debuginfo-32bit-2.7.13-28.31.1 python-debuginfo-32bit-2.7.13-28.31.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libpython2_7-1_0-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-2.7.13-28.31.1 python-2.7.13-28.31.1 python-base-2.7.13-28.31.1 python-base-debuginfo-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-curses-2.7.13-28.31.1 python-curses-debuginfo-2.7.13-28.31.1 python-debuginfo-2.7.13-28.31.1 python-debugsource-2.7.13-28.31.1 python-demo-2.7.13-28.31.1 python-devel-2.7.13-28.31.1 python-gdbm-2.7.13-28.31.1 python-gdbm-debuginfo-2.7.13-28.31.1 python-idle-2.7.13-28.31.1 python-tk-2.7.13-28.31.1 python-tk-debuginfo-2.7.13-28.31.1 python-xml-2.7.13-28.31.1 python-xml-debuginfo-2.7.13-28.31.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libpython2_7-1_0-32bit-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.31.1 python-32bit-2.7.13-28.31.1 python-base-32bit-2.7.13-28.31.1 python-base-debuginfo-32bit-2.7.13-28.31.1 python-debuginfo-32bit-2.7.13-28.31.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): python-doc-2.7.13-28.31.2 python-doc-pdf-2.7.13-28.31.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libpython2_7-1_0-2.7.13-28.31.1 libpython2_7-1_0-32bit-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.31.1 python-2.7.13-28.31.1 python-32bit-2.7.13-28.31.1 python-base-2.7.13-28.31.1 python-base-32bit-2.7.13-28.31.1 python-base-debuginfo-2.7.13-28.31.1 python-base-debuginfo-32bit-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-curses-2.7.13-28.31.1 python-curses-debuginfo-2.7.13-28.31.1 python-debuginfo-2.7.13-28.31.1 python-debuginfo-32bit-2.7.13-28.31.1 python-debugsource-2.7.13-28.31.1 python-demo-2.7.13-28.31.1 python-devel-2.7.13-28.31.1 python-gdbm-2.7.13-28.31.1 python-gdbm-debuginfo-2.7.13-28.31.1 python-idle-2.7.13-28.31.1 python-tk-2.7.13-28.31.1 python-tk-debuginfo-2.7.13-28.31.1 python-xml-2.7.13-28.31.1 python-xml-debuginfo-2.7.13-28.31.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): python-doc-2.7.13-28.31.2 python-doc-pdf-2.7.13-28.31.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-2.7.13-28.31.1 python-2.7.13-28.31.1 python-base-2.7.13-28.31.1 python-base-debuginfo-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-curses-2.7.13-28.31.1 python-curses-debuginfo-2.7.13-28.31.1 python-debuginfo-2.7.13-28.31.1 python-debugsource-2.7.13-28.31.1 python-demo-2.7.13-28.31.1 python-gdbm-2.7.13-28.31.1 python-gdbm-debuginfo-2.7.13-28.31.1 python-idle-2.7.13-28.31.1 python-tk-2.7.13-28.31.1 python-tk-debuginfo-2.7.13-28.31.1 python-xml-2.7.13-28.31.1 python-xml-debuginfo-2.7.13-28.31.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.31.1 python-32bit-2.7.13-28.31.1 python-base-32bit-2.7.13-28.31.1 python-base-debuginfo-32bit-2.7.13-28.31.1 python-debuginfo-32bit-2.7.13-28.31.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-doc-2.7.13-28.31.2 python-doc-pdf-2.7.13-28.31.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-2.7.13-28.31.1 python-2.7.13-28.31.1 python-base-2.7.13-28.31.1 python-base-debuginfo-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-curses-2.7.13-28.31.1 python-curses-debuginfo-2.7.13-28.31.1 python-debuginfo-2.7.13-28.31.1 python-debugsource-2.7.13-28.31.1 python-demo-2.7.13-28.31.1 python-gdbm-2.7.13-28.31.1 python-gdbm-debuginfo-2.7.13-28.31.1 python-idle-2.7.13-28.31.1 python-tk-2.7.13-28.31.1 python-tk-debuginfo-2.7.13-28.31.1 python-xml-2.7.13-28.31.1 python-xml-debuginfo-2.7.13-28.31.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.31.1 python-32bit-2.7.13-28.31.1 python-base-32bit-2.7.13-28.31.1 python-base-debuginfo-32bit-2.7.13-28.31.1 python-debuginfo-32bit-2.7.13-28.31.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): python-doc-2.7.13-28.31.2 python-doc-pdf-2.7.13-28.31.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-2.7.13-28.31.1 python-2.7.13-28.31.1 python-base-2.7.13-28.31.1 python-base-debuginfo-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-curses-2.7.13-28.31.1 python-curses-debuginfo-2.7.13-28.31.1 python-debuginfo-2.7.13-28.31.1 python-debugsource-2.7.13-28.31.1 python-demo-2.7.13-28.31.1 python-gdbm-2.7.13-28.31.1 python-gdbm-debuginfo-2.7.13-28.31.1 python-idle-2.7.13-28.31.1 python-tk-2.7.13-28.31.1 python-tk-debuginfo-2.7.13-28.31.1 python-xml-2.7.13-28.31.1 python-xml-debuginfo-2.7.13-28.31.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.31.1 python-32bit-2.7.13-28.31.1 python-base-32bit-2.7.13-28.31.1 python-base-debuginfo-32bit-2.7.13-28.31.1 python-debuginfo-32bit-2.7.13-28.31.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): python-doc-2.7.13-28.31.2 python-doc-pdf-2.7.13-28.31.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libpython2_7-1_0-2.7.13-28.31.1 libpython2_7-1_0-32bit-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.31.1 python-2.7.13-28.31.1 python-32bit-2.7.13-28.31.1 python-base-2.7.13-28.31.1 python-base-32bit-2.7.13-28.31.1 python-base-debuginfo-2.7.13-28.31.1 python-base-debuginfo-32bit-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-curses-2.7.13-28.31.1 python-curses-debuginfo-2.7.13-28.31.1 python-debuginfo-2.7.13-28.31.1 python-debuginfo-32bit-2.7.13-28.31.1 python-debugsource-2.7.13-28.31.1 python-demo-2.7.13-28.31.1 python-gdbm-2.7.13-28.31.1 python-gdbm-debuginfo-2.7.13-28.31.1 python-idle-2.7.13-28.31.1 python-tk-2.7.13-28.31.1 python-tk-debuginfo-2.7.13-28.31.1 python-xml-2.7.13-28.31.1 python-xml-debuginfo-2.7.13-28.31.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): python-doc-2.7.13-28.31.2 python-doc-pdf-2.7.13-28.31.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-2.7.13-28.31.1 python-2.7.13-28.31.1 python-base-2.7.13-28.31.1 python-base-debuginfo-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-curses-2.7.13-28.31.1 python-curses-debuginfo-2.7.13-28.31.1 python-debuginfo-2.7.13-28.31.1 python-debugsource-2.7.13-28.31.1 python-demo-2.7.13-28.31.1 python-devel-2.7.13-28.31.1 python-gdbm-2.7.13-28.31.1 python-gdbm-debuginfo-2.7.13-28.31.1 python-idle-2.7.13-28.31.1 python-tk-2.7.13-28.31.1 python-tk-debuginfo-2.7.13-28.31.1 python-xml-2.7.13-28.31.1 python-xml-debuginfo-2.7.13-28.31.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.31.1 python-32bit-2.7.13-28.31.1 python-base-32bit-2.7.13-28.31.1 python-base-debuginfo-32bit-2.7.13-28.31.1 python-debuginfo-32bit-2.7.13-28.31.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): python-doc-2.7.13-28.31.2 python-doc-pdf-2.7.13-28.31.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython2_7-1_0-2.7.13-28.31.1 libpython2_7-1_0-32bit-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.31.1 python-2.7.13-28.31.1 python-32bit-2.7.13-28.31.1 python-base-2.7.13-28.31.1 python-base-32bit-2.7.13-28.31.1 python-base-debuginfo-2.7.13-28.31.1 python-base-debuginfo-32bit-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-curses-2.7.13-28.31.1 python-curses-debuginfo-2.7.13-28.31.1 python-debuginfo-2.7.13-28.31.1 python-debuginfo-32bit-2.7.13-28.31.1 python-debugsource-2.7.13-28.31.1 python-demo-2.7.13-28.31.1 python-gdbm-2.7.13-28.31.1 python-gdbm-debuginfo-2.7.13-28.31.1 python-idle-2.7.13-28.31.1 python-tk-2.7.13-28.31.1 python-tk-debuginfo-2.7.13-28.31.1 python-xml-2.7.13-28.31.1 python-xml-debuginfo-2.7.13-28.31.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-doc-2.7.13-28.31.2 python-doc-pdf-2.7.13-28.31.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-2.7.13-28.31.1 python-2.7.13-28.31.1 python-base-2.7.13-28.31.1 python-base-debuginfo-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-curses-2.7.13-28.31.1 python-curses-debuginfo-2.7.13-28.31.1 python-debuginfo-2.7.13-28.31.1 python-debugsource-2.7.13-28.31.1 python-demo-2.7.13-28.31.1 python-devel-2.7.13-28.31.1 python-gdbm-2.7.13-28.31.1 python-gdbm-debuginfo-2.7.13-28.31.1 python-idle-2.7.13-28.31.1 python-tk-2.7.13-28.31.1 python-tk-debuginfo-2.7.13-28.31.1 python-xml-2.7.13-28.31.1 python-xml-debuginfo-2.7.13-28.31.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.31.1 python-32bit-2.7.13-28.31.1 python-base-32bit-2.7.13-28.31.1 python-base-debuginfo-32bit-2.7.13-28.31.1 python-debuginfo-32bit-2.7.13-28.31.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): python-doc-2.7.13-28.31.2 python-doc-pdf-2.7.13-28.31.2 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): libpython2_7-1_0-2.7.13-28.31.1 libpython2_7-1_0-32bit-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.31.1 python-2.7.13-28.31.1 python-base-2.7.13-28.31.1 python-base-debuginfo-2.7.13-28.31.1 python-base-debuginfo-32bit-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-curses-2.7.13-28.31.1 python-curses-debuginfo-2.7.13-28.31.1 python-debuginfo-2.7.13-28.31.1 python-debugsource-2.7.13-28.31.1 python-devel-2.7.13-28.31.1 python-tk-2.7.13-28.31.1 python-tk-debuginfo-2.7.13-28.31.1 python-xml-2.7.13-28.31.1 python-xml-debuginfo-2.7.13-28.31.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpython2_7-1_0-2.7.13-28.31.1 libpython2_7-1_0-32bit-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.31.1 python-2.7.13-28.31.1 python-base-2.7.13-28.31.1 python-base-debuginfo-2.7.13-28.31.1 python-base-debuginfo-32bit-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-curses-2.7.13-28.31.1 python-curses-debuginfo-2.7.13-28.31.1 python-debuginfo-2.7.13-28.31.1 python-debugsource-2.7.13-28.31.1 python-devel-2.7.13-28.31.1 python-tk-2.7.13-28.31.1 python-tk-debuginfo-2.7.13-28.31.1 python-xml-2.7.13-28.31.1 python-xml-debuginfo-2.7.13-28.31.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): python-debuginfo-2.7.13-28.31.1 python-debugsource-2.7.13-28.31.1 python-strict-tls-check-2.7.13-28.31.1 - SUSE Enterprise Storage 5 (x86_64): libpython2_7-1_0-2.7.13-28.31.1 libpython2_7-1_0-32bit-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.31.1 python-2.7.13-28.31.1 python-32bit-2.7.13-28.31.1 python-base-2.7.13-28.31.1 python-base-32bit-2.7.13-28.31.1 python-base-debuginfo-2.7.13-28.31.1 python-base-debuginfo-32bit-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-curses-2.7.13-28.31.1 python-curses-debuginfo-2.7.13-28.31.1 python-debuginfo-32bit-2.7.13-28.31.1 python-demo-2.7.13-28.31.1 python-gdbm-2.7.13-28.31.1 python-gdbm-debuginfo-2.7.13-28.31.1 python-idle-2.7.13-28.31.1 python-tk-2.7.13-28.31.1 python-tk-debuginfo-2.7.13-28.31.1 python-xml-2.7.13-28.31.1 python-xml-debuginfo-2.7.13-28.31.1 - SUSE Enterprise Storage 5 (noarch): python-doc-2.7.13-28.31.2 python-doc-pdf-2.7.13-28.31.2 - SUSE Enterprise Storage 4 (x86_64): libpython2_7-1_0-2.7.13-28.31.1 libpython2_7-1_0-32bit-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.31.1 python-2.7.13-28.31.1 python-32bit-2.7.13-28.31.1 python-base-2.7.13-28.31.1 python-base-32bit-2.7.13-28.31.1 python-base-debuginfo-2.7.13-28.31.1 python-base-debuginfo-32bit-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-curses-2.7.13-28.31.1 python-curses-debuginfo-2.7.13-28.31.1 python-debuginfo-2.7.13-28.31.1 python-debuginfo-32bit-2.7.13-28.31.1 python-debugsource-2.7.13-28.31.1 python-demo-2.7.13-28.31.1 python-devel-2.7.13-28.31.1 python-gdbm-2.7.13-28.31.1 python-gdbm-debuginfo-2.7.13-28.31.1 python-idle-2.7.13-28.31.1 python-tk-2.7.13-28.31.1 python-tk-debuginfo-2.7.13-28.31.1 python-xml-2.7.13-28.31.1 python-xml-debuginfo-2.7.13-28.31.1 - SUSE Enterprise Storage 4 (noarch): python-doc-2.7.13-28.31.2 python-doc-pdf-2.7.13-28.31.2 - SUSE CaaS Platform 3.0 (x86_64): libpython2_7-1_0-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-2.7.13-28.31.1 python-2.7.13-28.31.1 python-base-2.7.13-28.31.1 python-base-debuginfo-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-debuginfo-2.7.13-28.31.1 python-debugsource-2.7.13-28.31.1 python-xml-2.7.13-28.31.1 python-xml-debuginfo-2.7.13-28.31.1 - HPE Helion Openstack 8 (noarch): python-doc-2.7.13-28.31.2 python-doc-pdf-2.7.13-28.31.2 - HPE Helion Openstack 8 (x86_64): libpython2_7-1_0-2.7.13-28.31.1 libpython2_7-1_0-32bit-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-2.7.13-28.31.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.31.1 python-2.7.13-28.31.1 python-32bit-2.7.13-28.31.1 python-base-2.7.13-28.31.1 python-base-32bit-2.7.13-28.31.1 python-base-debuginfo-2.7.13-28.31.1 python-base-debuginfo-32bit-2.7.13-28.31.1 python-base-debugsource-2.7.13-28.31.1 python-curses-2.7.13-28.31.1 python-curses-debuginfo-2.7.13-28.31.1 python-debuginfo-2.7.13-28.31.1 python-debuginfo-32bit-2.7.13-28.31.1 python-debugsource-2.7.13-28.31.1 python-demo-2.7.13-28.31.1 python-gdbm-2.7.13-28.31.1 python-gdbm-debuginfo-2.7.13-28.31.1 python-idle-2.7.13-28.31.1 python-tk-2.7.13-28.31.1 python-tk-debuginfo-2.7.13-28.31.1 python-xml-2.7.13-28.31.1 python-xml-debuginfo-2.7.13-28.31.1 References: https://www.suse.com/security/cve/CVE-2018-20852.html https://www.suse.com/security/cve/CVE-2019-10160.html https://bugzilla.suse.com/1138459 https://bugzilla.suse.com/1141853 From sle-updates at lists.suse.com Thu Aug 8 10:12:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Aug 2019 18:12:22 +0200 (CEST) Subject: SUSE-SU-2019:14142-1: important: Security update for python Message-ID: <20190808161222.64894F798@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14142-1 Rating: important References: #1138459 #1141853 Cross-References: CVE-2018-20852 CVE-2019-10160 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-python-14142=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-python-14142=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-python-14142=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-python-14142=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libpython2_6-1_0-2.6.9-40.29.1 python-2.6.9-40.29.1 python-base-2.6.9-40.29.1 python-curses-2.6.9-40.29.1 python-demo-2.6.9-40.29.1 python-gdbm-2.6.9-40.29.1 python-idle-2.6.9-40.29.1 python-tk-2.6.9-40.29.1 python-xml-2.6.9-40.29.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libpython2_6-1_0-32bit-2.6.9-40.29.1 python-32bit-2.6.9-40.29.1 python-base-32bit-2.6.9-40.29.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): python-doc-2.6-8.40.29.1 python-doc-pdf-2.6-8.40.29.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): python-doc-2.6-8.40.29.1 python-doc-pdf-2.6-8.40.29.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libpython2_6-1_0-2.6.9-40.29.1 python-2.6.9-40.29.1 python-base-2.6.9-40.29.1 python-curses-2.6.9-40.29.1 python-demo-2.6.9-40.29.1 python-gdbm-2.6.9-40.29.1 python-idle-2.6.9-40.29.1 python-tk-2.6.9-40.29.1 python-xml-2.6.9-40.29.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): python-base-debuginfo-2.6.9-40.29.1 python-base-debugsource-2.6.9-40.29.1 python-debuginfo-2.6.9-40.29.1 python-debugsource-2.6.9-40.29.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): python-base-debuginfo-32bit-2.6.9-40.29.1 python-debuginfo-32bit-2.6.9-40.29.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): python-base-debuginfo-2.6.9-40.29.1 python-base-debugsource-2.6.9-40.29.1 python-debuginfo-2.6.9-40.29.1 python-debugsource-2.6.9-40.29.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): python-base-debuginfo-32bit-2.6.9-40.29.1 python-debuginfo-32bit-2.6.9-40.29.1 References: https://www.suse.com/security/cve/CVE-2018-20852.html https://www.suse.com/security/cve/CVE-2019-10160.html https://bugzilla.suse.com/1138459 https://bugzilla.suse.com/1141853 From sle-updates at lists.suse.com Fri Aug 9 04:11:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Aug 2019 12:11:16 +0200 (CEST) Subject: SUSE-RU-2019:2094-1: moderate: Recommended update for glm Message-ID: <20190809101116.CD2B0F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for glm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2094-1 Rating: moderate References: #1135667 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for glm fixes the following issues: - Create a glm.pc file (fixes bsc#1135667) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2094=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2094=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2094=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2094=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): glm-doc-0.9.7.5-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): glm-doc-0.9.7.5-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): glm-devel-0.9.7.5-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): glm-devel-0.9.7.5-3.3.1 References: https://bugzilla.suse.com/1135667 From sle-updates at lists.suse.com Fri Aug 9 04:12:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Aug 2019 12:12:00 +0200 (CEST) Subject: SUSE-RU-2019:2095-1: moderate: Recommended update for container-suseconnect Message-ID: <20190809101200.4872CF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for container-suseconnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2095-1 Rating: moderate References: #1138731 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP1 SUSE Linux Enterprise Module for Containers 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.1.0 (bsc#1138731), fixing interacting with SCC behind proxy and SMT. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2019-2095=1 - SUSE Linux Enterprise Module for Containers 15: zypper in -t patch SUSE-SLE-Module-Containers-15-2019-2095=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): container-suseconnect-2.1.0-4.6.1 - SUSE Linux Enterprise Module for Containers 15 (ppc64le s390x x86_64): container-suseconnect-2.1.0-4.6.1 References: https://bugzilla.suse.com/1138731 From sle-updates at lists.suse.com Fri Aug 9 04:12:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Aug 2019 12:12:43 +0200 (CEST) Subject: SUSE-RU-2019:2096-1: moderate: Recommended update for docker-img-store-setup Message-ID: <20190809101243.ADC3CF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for docker-img-store-setup ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2096-1 Rating: moderate References: #1138201 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for docker-img-store-setup fixes the following issues: - Support creation of the container storage filesystem with XFS to use the overlay fs driver. (bsc#1138201) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2019-2096=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-2096=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): docker-img-store-setup-1.0.1-3.3.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): docker-img-store-setup-1.0.1-3.3.1 References: https://bugzilla.suse.com/1138201 From sle-updates at lists.suse.com Fri Aug 9 07:11:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Aug 2019 15:11:03 +0200 (CEST) Subject: SUSE-RU-2019:2097-1: important: Recommended update for libgcrypt Message-ID: <20190809131103.8726EF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2097-1 Rating: important References: #1097073 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libgcrypt fixes the following issues: - Fixed a regression where system were unable to boot in fips mode, caused by an incomplete implementation of previous change (bsc#1097073). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2097=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2097=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libgcrypt-cavs-1.8.2-8.9.1 libgcrypt-cavs-debuginfo-1.8.2-8.9.1 libgcrypt-debugsource-1.8.2-8.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libgcrypt-devel-32bit-1.8.2-8.9.1 libgcrypt-devel-32bit-debuginfo-1.8.2-8.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.8.2-8.9.1 libgcrypt-devel-1.8.2-8.9.1 libgcrypt-devel-debuginfo-1.8.2-8.9.1 libgcrypt20-1.8.2-8.9.1 libgcrypt20-debuginfo-1.8.2-8.9.1 libgcrypt20-hmac-1.8.2-8.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libgcrypt20-32bit-1.8.2-8.9.1 libgcrypt20-32bit-debuginfo-1.8.2-8.9.1 libgcrypt20-hmac-32bit-1.8.2-8.9.1 References: https://bugzilla.suse.com/1097073 From sle-updates at lists.suse.com Fri Aug 9 07:11:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Aug 2019 15:11:48 +0200 (CEST) Subject: SUSE-RU-2019:2101-1: moderate: Recommended update for suse-module-tools Message-ID: <20190809131149.009D3F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-module-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2101-1 Rating: moderate References: #1100989 #1105495 #1111300 #1123697 #1123704 #1127155 #1127891 #1131635 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for suse-module-tools to version 12.6 fixes the following issues: - weak-modules2: emit "inconsistent" warning only if replacement fails (bsc#1127155) - modprobe.conf.common: add csiostor->cxgb4 dependency (bsc#1100989, bsc#1131635) - Fix driver-check.sh (bsc#1123697, bsc#1123704) - modsign-verify: support for parsing PKCS#7 signatures (bsc#1111300, bsc#1105495) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2101=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2101=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): suse-module-tools-12.6-27.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): suse-module-tools-12.6-27.3.2 - SUSE CaaS Platform 3.0 (x86_64): suse-module-tools-12.6-27.3.2 References: https://bugzilla.suse.com/1100989 https://bugzilla.suse.com/1105495 https://bugzilla.suse.com/1111300 https://bugzilla.suse.com/1123697 https://bugzilla.suse.com/1123704 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1127891 https://bugzilla.suse.com/1131635 From sle-updates at lists.suse.com Fri Aug 9 07:13:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Aug 2019 15:13:30 +0200 (CEST) Subject: SUSE-SU-2019:2099-1: important: Security update for nodejs10 Message-ID: <20190809131330.68D67F798@maintenance.suse.de> SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2099-1 Rating: important References: #1134208 #1140290 Cross-References: CVE-2019-13173 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for nodejs10 to version 10.16.0 fixes the following issues: Security issue fixed: - CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter() (bsc#1140290). Non-security issue fixed: - Update to new upstream LTS version 10.16.0, including npm version 6.9.0 and openssl version 1.1.1b (bsc#1134208). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-2099=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs10-10.16.0-1.9.1 nodejs10-debuginfo-10.16.0-1.9.1 nodejs10-debugsource-10.16.0-1.9.1 nodejs10-devel-10.16.0-1.9.1 npm10-10.16.0-1.9.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs10-docs-10.16.0-1.9.1 References: https://www.suse.com/security/cve/CVE-2019-13173.html https://bugzilla.suse.com/1134208 https://bugzilla.suse.com/1140290 From sle-updates at lists.suse.com Fri Aug 9 07:14:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Aug 2019 15:14:46 +0200 (CEST) Subject: SUSE-RU-2019:2100-1: moderate: Recommended update for yast2-installation Message-ID: <20190809131446.8C07EF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-installation ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2100-1 Rating: moderate References: #1047470 #1122303 #1129073 #1129375 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for yast2-installation fixes the following issues: - Ensure that installation with VNC + textmode still installs via VNC (bsc#1129073) - Respect Textmode=1 when installing over SSH with a DISPLAY (bsc#1047470) - Copying SSH keys from a privious installation into the new one: * Sets the right file permissions for the SSH deamon (bsc#1122303) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2100=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2100=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): yast2-installation-3.3.0.3-4.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): yast2-installation-3.3.0.3-4.3.1 References: https://bugzilla.suse.com/1047470 https://bugzilla.suse.com/1122303 https://bugzilla.suse.com/1129073 https://bugzilla.suse.com/1129375 From sle-updates at lists.suse.com Fri Aug 9 07:15:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Aug 2019 15:15:50 +0200 (CEST) Subject: SUSE-SU-2019:2098-1: important: Security update for evince Message-ID: <20190809131550.6E7CCF798@maintenance.suse.de> SUSE Security Update: Security update for evince ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2098-1 Rating: important References: #1133037 #1141619 Cross-References: CVE-2019-1010006 CVE-2019-11459 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for evince fixes the following issues: Security issues fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2098=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2098=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): evince-3.10.3-2.8.1 evince-debuginfo-3.10.3-2.8.1 evince-debugsource-3.10.3-2.8.1 libevdocument3-4-3.10.3-2.8.1 libevdocument3-4-debuginfo-3.10.3-2.8.1 libevview3-3-3.10.3-2.8.1 libevview3-3-debuginfo-3.10.3-2.8.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): evince-lang-3.10.3-2.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): evince-3.10.3-2.8.1 evince-debuginfo-3.10.3-2.8.1 evince-debugsource-3.10.3-2.8.1 libevdocument3-4-3.10.3-2.8.1 libevdocument3-4-debuginfo-3.10.3-2.8.1 libevview3-3-3.10.3-2.8.1 libevview3-3-debuginfo-3.10.3-2.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): evince-lang-3.10.3-2.8.1 References: https://www.suse.com/security/cve/CVE-2019-1010006.html https://www.suse.com/security/cve/CVE-2019-11459.html https://bugzilla.suse.com/1133037 https://bugzilla.suse.com/1141619 From sle-updates at lists.suse.com Fri Aug 9 10:10:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Aug 2019 18:10:30 +0200 (CEST) Subject: SUSE-SU-2019:2104-1: moderate: Security update for wireshark Message-ID: <20190809161030.AEB35F798@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2104-1 Rating: moderate References: #1141980 Cross-References: CVE-2019-13619 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for wireshark to version 2.4.16 fixes the following issues: Security issue fixed: - CVE-2019-13619: ASN.1 BER and related dissectors crash (bsc#1141980). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2104=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2104=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2104=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.16-48.51.1 wireshark-debugsource-2.4.16-48.51.1 wireshark-devel-2.4.16-48.51.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.16-48.51.1 libwireshark9-debuginfo-2.4.16-48.51.1 libwiretap7-2.4.16-48.51.1 libwiretap7-debuginfo-2.4.16-48.51.1 libwscodecs1-2.4.16-48.51.1 libwscodecs1-debuginfo-2.4.16-48.51.1 libwsutil8-2.4.16-48.51.1 libwsutil8-debuginfo-2.4.16-48.51.1 wireshark-2.4.16-48.51.1 wireshark-debuginfo-2.4.16-48.51.1 wireshark-debugsource-2.4.16-48.51.1 wireshark-gtk-2.4.16-48.51.1 wireshark-gtk-debuginfo-2.4.16-48.51.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libwireshark9-2.4.16-48.51.1 libwireshark9-debuginfo-2.4.16-48.51.1 libwiretap7-2.4.16-48.51.1 libwiretap7-debuginfo-2.4.16-48.51.1 libwscodecs1-2.4.16-48.51.1 libwscodecs1-debuginfo-2.4.16-48.51.1 libwsutil8-2.4.16-48.51.1 libwsutil8-debuginfo-2.4.16-48.51.1 wireshark-2.4.16-48.51.1 wireshark-debuginfo-2.4.16-48.51.1 wireshark-debugsource-2.4.16-48.51.1 wireshark-gtk-2.4.16-48.51.1 wireshark-gtk-debuginfo-2.4.16-48.51.1 References: https://www.suse.com/security/cve/CVE-2019-13619.html https://bugzilla.suse.com/1141980 From sle-updates at lists.suse.com Fri Aug 9 10:11:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Aug 2019 18:11:15 +0200 (CEST) Subject: SUSE-SU-2019:2103-1: moderate: Security update for wireshark Message-ID: <20190809161115.49520F798@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2103-1 Rating: moderate References: #1141980 Cross-References: CVE-2019-13619 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for wireshark to version 2.4.16 fixes the following issues: Security issue fixed: - CVE-2019-13619: ASN.1 BER and related dissectors crash (bsc#1141980). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2103=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2103=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2103=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2103=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.16-3.31.1 wireshark-debugsource-2.4.16-3.31.1 wireshark-devel-2.4.16-3.31.1 wireshark-ui-qt-2.4.16-3.31.1 wireshark-ui-qt-debuginfo-2.4.16-3.31.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.16-3.31.1 wireshark-debugsource-2.4.16-3.31.1 wireshark-devel-2.4.16-3.31.1 wireshark-ui-qt-2.4.16-3.31.1 wireshark-ui-qt-debuginfo-2.4.16-3.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.16-3.31.1 libwireshark9-debuginfo-2.4.16-3.31.1 libwiretap7-2.4.16-3.31.1 libwiretap7-debuginfo-2.4.16-3.31.1 libwscodecs1-2.4.16-3.31.1 libwscodecs1-debuginfo-2.4.16-3.31.1 libwsutil8-2.4.16-3.31.1 libwsutil8-debuginfo-2.4.16-3.31.1 wireshark-2.4.16-3.31.1 wireshark-debuginfo-2.4.16-3.31.1 wireshark-debugsource-2.4.16-3.31.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.16-3.31.1 libwireshark9-debuginfo-2.4.16-3.31.1 libwiretap7-2.4.16-3.31.1 libwiretap7-debuginfo-2.4.16-3.31.1 libwscodecs1-2.4.16-3.31.1 libwscodecs1-debuginfo-2.4.16-3.31.1 libwsutil8-2.4.16-3.31.1 libwsutil8-debuginfo-2.4.16-3.31.1 wireshark-2.4.16-3.31.1 wireshark-debuginfo-2.4.16-3.31.1 wireshark-debugsource-2.4.16-3.31.1 References: https://www.suse.com/security/cve/CVE-2019-13619.html https://bugzilla.suse.com/1141980 From sle-updates at lists.suse.com Fri Aug 9 10:12:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Aug 2019 18:12:02 +0200 (CEST) Subject: SUSE-SU-2019:2105-1: important: Security update for libvirt Message-ID: <20190809161202.125B9F798@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2105-1 Rating: important References: #1133719 #1138301 #1138303 Cross-References: CVE-2019-10161 CVE-2019-10167 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Non-security issue fixed: - qemu: Add support for overriding max threads per process limit (bsc#1133719) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2105=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2105=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2105=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2105=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2105=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libvirt-2.0.0-27.61.1 libvirt-client-2.0.0-27.61.1 libvirt-client-debuginfo-2.0.0-27.61.1 libvirt-daemon-2.0.0-27.61.1 libvirt-daemon-config-network-2.0.0-27.61.1 libvirt-daemon-config-nwfilter-2.0.0-27.61.1 libvirt-daemon-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-interface-2.0.0-27.61.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-lxc-2.0.0-27.61.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-network-2.0.0-27.61.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-nodedev-2.0.0-27.61.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-nwfilter-2.0.0-27.61.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-qemu-2.0.0-27.61.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-secret-2.0.0-27.61.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-storage-2.0.0-27.61.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.61.1 libvirt-daemon-hooks-2.0.0-27.61.1 libvirt-daemon-lxc-2.0.0-27.61.1 libvirt-daemon-qemu-2.0.0-27.61.1 libvirt-debugsource-2.0.0-27.61.1 libvirt-doc-2.0.0-27.61.1 libvirt-lock-sanlock-2.0.0-27.61.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.61.1 libvirt-nss-2.0.0-27.61.1 libvirt-nss-debuginfo-2.0.0-27.61.1 - SUSE OpenStack Cloud 7 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.61.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.61.1 libvirt-daemon-xen-2.0.0-27.61.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libvirt-2.0.0-27.61.1 libvirt-client-2.0.0-27.61.1 libvirt-client-debuginfo-2.0.0-27.61.1 libvirt-daemon-2.0.0-27.61.1 libvirt-daemon-config-network-2.0.0-27.61.1 libvirt-daemon-config-nwfilter-2.0.0-27.61.1 libvirt-daemon-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-interface-2.0.0-27.61.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-lxc-2.0.0-27.61.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-network-2.0.0-27.61.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-nodedev-2.0.0-27.61.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-nwfilter-2.0.0-27.61.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-qemu-2.0.0-27.61.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-secret-2.0.0-27.61.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-storage-2.0.0-27.61.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.61.1 libvirt-daemon-hooks-2.0.0-27.61.1 libvirt-daemon-lxc-2.0.0-27.61.1 libvirt-daemon-qemu-2.0.0-27.61.1 libvirt-debugsource-2.0.0-27.61.1 libvirt-doc-2.0.0-27.61.1 libvirt-lock-sanlock-2.0.0-27.61.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.61.1 libvirt-nss-2.0.0-27.61.1 libvirt-nss-debuginfo-2.0.0-27.61.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.61.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.61.1 libvirt-daemon-xen-2.0.0-27.61.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libvirt-2.0.0-27.61.1 libvirt-client-2.0.0-27.61.1 libvirt-client-debuginfo-2.0.0-27.61.1 libvirt-daemon-2.0.0-27.61.1 libvirt-daemon-config-network-2.0.0-27.61.1 libvirt-daemon-config-nwfilter-2.0.0-27.61.1 libvirt-daemon-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-interface-2.0.0-27.61.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-lxc-2.0.0-27.61.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-network-2.0.0-27.61.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-nodedev-2.0.0-27.61.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-nwfilter-2.0.0-27.61.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-qemu-2.0.0-27.61.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-secret-2.0.0-27.61.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-storage-2.0.0-27.61.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.61.1 libvirt-daemon-hooks-2.0.0-27.61.1 libvirt-daemon-lxc-2.0.0-27.61.1 libvirt-daemon-qemu-2.0.0-27.61.1 libvirt-debugsource-2.0.0-27.61.1 libvirt-doc-2.0.0-27.61.1 libvirt-lock-sanlock-2.0.0-27.61.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.61.1 libvirt-nss-2.0.0-27.61.1 libvirt-nss-debuginfo-2.0.0-27.61.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.61.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.61.1 libvirt-daemon-xen-2.0.0-27.61.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libvirt-2.0.0-27.61.1 libvirt-client-2.0.0-27.61.1 libvirt-client-debuginfo-2.0.0-27.61.1 libvirt-daemon-2.0.0-27.61.1 libvirt-daemon-config-network-2.0.0-27.61.1 libvirt-daemon-config-nwfilter-2.0.0-27.61.1 libvirt-daemon-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-interface-2.0.0-27.61.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-libxl-2.0.0-27.61.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-lxc-2.0.0-27.61.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-network-2.0.0-27.61.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-nodedev-2.0.0-27.61.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-nwfilter-2.0.0-27.61.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-qemu-2.0.0-27.61.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-secret-2.0.0-27.61.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-storage-2.0.0-27.61.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.61.1 libvirt-daemon-hooks-2.0.0-27.61.1 libvirt-daemon-lxc-2.0.0-27.61.1 libvirt-daemon-qemu-2.0.0-27.61.1 libvirt-daemon-xen-2.0.0-27.61.1 libvirt-debugsource-2.0.0-27.61.1 libvirt-doc-2.0.0-27.61.1 libvirt-lock-sanlock-2.0.0-27.61.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.61.1 libvirt-nss-2.0.0-27.61.1 libvirt-nss-debuginfo-2.0.0-27.61.1 - SUSE Enterprise Storage 4 (x86_64): libvirt-2.0.0-27.61.1 libvirt-client-2.0.0-27.61.1 libvirt-client-debuginfo-2.0.0-27.61.1 libvirt-daemon-2.0.0-27.61.1 libvirt-daemon-config-network-2.0.0-27.61.1 libvirt-daemon-config-nwfilter-2.0.0-27.61.1 libvirt-daemon-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-interface-2.0.0-27.61.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-libxl-2.0.0-27.61.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-lxc-2.0.0-27.61.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-network-2.0.0-27.61.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-nodedev-2.0.0-27.61.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-nwfilter-2.0.0-27.61.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-qemu-2.0.0-27.61.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-secret-2.0.0-27.61.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.61.1 libvirt-daemon-driver-storage-2.0.0-27.61.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.61.1 libvirt-daemon-hooks-2.0.0-27.61.1 libvirt-daemon-lxc-2.0.0-27.61.1 libvirt-daemon-qemu-2.0.0-27.61.1 libvirt-daemon-xen-2.0.0-27.61.1 libvirt-debugsource-2.0.0-27.61.1 libvirt-doc-2.0.0-27.61.1 libvirt-lock-sanlock-2.0.0-27.61.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.61.1 libvirt-nss-2.0.0-27.61.1 libvirt-nss-debuginfo-2.0.0-27.61.1 References: https://www.suse.com/security/cve/CVE-2019-10161.html https://www.suse.com/security/cve/CVE-2019-10167.html https://bugzilla.suse.com/1133719 https://bugzilla.suse.com/1138301 https://bugzilla.suse.com/1138303 From sle-updates at lists.suse.com Fri Aug 9 13:10:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Aug 2019 21:10:17 +0200 (CEST) Subject: SUSE-SU-2019:2106-1: moderate: Security update for ImageMagick Message-ID: <20190809191017.9ED96F798@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2106-1 Rating: moderate References: #1139884 #1139885 #1139886 #1140100 #1140102 #1140103 #1140104 #1140105 #1140106 #1140110 #1140111 #1140501 #1140513 #1140520 #1140534 #1140538 #1140543 #1140545 #1140547 #1140549 #1140552 #1140554 #1140664 #1140665 #1140666 #1140667 #1140668 #1140669 #1140673 #1141171 Cross-References: CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13133 CVE-2019-13134 CVE-2019-13135 CVE-2019-13136 CVE-2019-13137 CVE-2019-13295 CVE-2019-13296 CVE-2019-13297 CVE-2019-13298 CVE-2019-13299 CVE-2019-13300 CVE-2019-13301 CVE-2019-13302 CVE-2019-13303 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13310 CVE-2019-13311 CVE-2019-13391 CVE-2019-13454 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes 30 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2019-13301: Fixed a memory leak in AcquireMagickMemory() (bsc#1140554). - CVE-2019-13309: Fixed a memory leak at AcquireMagickMemory due to mishandling the NoSuchImage error in CLIListOperatorImages (bsc#1140520). - CVE-2019-13310: Fixed a memory leak at AcquireMagickMemory because of an error in MagickWand/mogrify.c (bsc#1140501). - CVE-2019-13311: Fixed a memory leak at AcquireMagickMemory because of a wand/mogrify.c error (bsc#1140513). - CVE-2019-13303: Fixed a heap-based buffer over-read in MagickCore/composite.c in CompositeImage (bsc#1140549). - CVE-2019-13296: Fixed a memory leak in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c (bsc#1140665). - CVE-2019-13299: Fixed a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel (bsc#1140668). - CVE-2019-13454: Fixed a division by zero in RemoveDuplicateLayers in MagickCore/layer.c (bsc#1141171). - CVE-2019-13295: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140664). - CVE-2019-13297: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140666). - CVE-2019-12979: Fixed the use of uninitialized values in SyncImageSettings() (bsc#1139886). - CVE-2019-13391: Fixed a heap-based buffer over-read in MagickCore/fourier.c (bsc#1140673). - CVE-2019-13308: Fixed a heap-based buffer overflow in MagickCore/fourier.c (bsc#1140534). - CVE-2019-13302: Fixed a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages (bsc#1140552). - CVE-2019-13298: Fixed a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo (bsc#1140667). - CVE-2019-13300: Fixed a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages (bsc#1140669). - CVE-2019-13307: Fixed a heap-based buffer overflow at MagickCore/statistic.c (bsc#1140538). - CVE-2019-12977: Fixed the use of uninitialized values in WriteJP2Imag() (bsc#1139884). - CVE-2019-12975: Fixed a memory leak in the WriteDPXImage() in coders/dpx.c (bsc#1140106). - CVE-2019-13135: Fixed the use of uninitialized values in ReadCUTImage() (bsc#1140103). - CVE-2019-12978: Fixed the use of uninitialized values in ReadPANGOImage() (bsc#1139885). - CVE-2019-12974: Fixed a NULL pointer dereference in the ReadPANGOImage() (bsc#1140111). - CVE-2019-13304: Fixed a stack-based buffer overflow at coders/pnm.c in WritePNMImage (bsc#1140547). - CVE-2019-13305: Fixed one more stack-based buffer overflow at coders/pnm.c in WritePNMImage (bsc#1140545). - CVE-2019-13306: Fixed an additional stack-based buffer overflow at coders/pnm.c in WritePNMImage (bsc#1140543). - CVE-2019-13133: Fixed a memory leak in the ReadBMPImage() (bsc#1140100). - CVE-2019-13134: Fixed a memory leak in the ReadVIFFImage() (bsc#1140102). - CVE-2019-13137: Fixed a memory leak in the ReadPSImage() (bsc#1140105). - CVE-2019-13136: Fixed a integer overflow vulnerability in the TIFFSeekCustomStream() (bsc#1140104). - CVE-2019-12976: Fixed a memory leak in the ReadPCLImage() in coders/pcl.c(bsc#1140110). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2106=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2106=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2106=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2106=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2106=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2106=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ImageMagick-config-7-upstream-7.0.7.34-3.67.1 ImageMagick-debuginfo-7.0.7.34-3.67.1 ImageMagick-debugsource-7.0.7.34-3.67.1 ImageMagick-extra-7.0.7.34-3.67.1 ImageMagick-extra-debuginfo-7.0.7.34-3.67.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): ImageMagick-doc-7.0.7.34-3.67.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): ImageMagick-devel-32bit-7.0.7.34-3.67.1 libMagick++-7_Q16HDRI4-32bit-7.0.7.34-3.67.1 libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-3.67.1 libMagick++-devel-32bit-7.0.7.34-3.67.1 libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-3.67.1 libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-3.67.1 libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-3.67.1 libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-3.67.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.67.1 ImageMagick-debugsource-7.0.7.34-3.67.1 ImageMagick-extra-7.0.7.34-3.67.1 ImageMagick-extra-debuginfo-7.0.7.34-3.67.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): ImageMagick-doc-7.0.7.34-3.67.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.67.1 ImageMagick-debugsource-7.0.7.34-3.67.1 perl-PerlMagick-7.0.7.34-3.67.1 perl-PerlMagick-debuginfo-7.0.7.34-3.67.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.67.1 ImageMagick-debugsource-7.0.7.34-3.67.1 perl-PerlMagick-7.0.7.34-3.67.1 perl-PerlMagick-debuginfo-7.0.7.34-3.67.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.67.1 ImageMagick-config-7-SUSE-7.0.7.34-3.67.1 ImageMagick-debuginfo-7.0.7.34-3.67.1 ImageMagick-debugsource-7.0.7.34-3.67.1 ImageMagick-devel-7.0.7.34-3.67.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.67.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.67.1 libMagick++-devel-7.0.7.34-3.67.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.67.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.67.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.67.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.67.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.67.1 ImageMagick-config-7-SUSE-7.0.7.34-3.67.1 ImageMagick-config-7-upstream-7.0.7.34-3.67.1 ImageMagick-debuginfo-7.0.7.34-3.67.1 ImageMagick-debugsource-7.0.7.34-3.67.1 ImageMagick-devel-7.0.7.34-3.67.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.67.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.67.1 libMagick++-devel-7.0.7.34-3.67.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.67.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.67.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.67.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.67.1 References: https://www.suse.com/security/cve/CVE-2019-12974.html https://www.suse.com/security/cve/CVE-2019-12975.html https://www.suse.com/security/cve/CVE-2019-12976.html https://www.suse.com/security/cve/CVE-2019-12977.html https://www.suse.com/security/cve/CVE-2019-12978.html https://www.suse.com/security/cve/CVE-2019-12979.html https://www.suse.com/security/cve/CVE-2019-13133.html https://www.suse.com/security/cve/CVE-2019-13134.html https://www.suse.com/security/cve/CVE-2019-13135.html https://www.suse.com/security/cve/CVE-2019-13136.html https://www.suse.com/security/cve/CVE-2019-13137.html https://www.suse.com/security/cve/CVE-2019-13295.html https://www.suse.com/security/cve/CVE-2019-13296.html https://www.suse.com/security/cve/CVE-2019-13297.html https://www.suse.com/security/cve/CVE-2019-13298.html https://www.suse.com/security/cve/CVE-2019-13299.html https://www.suse.com/security/cve/CVE-2019-13300.html https://www.suse.com/security/cve/CVE-2019-13301.html https://www.suse.com/security/cve/CVE-2019-13302.html https://www.suse.com/security/cve/CVE-2019-13303.html https://www.suse.com/security/cve/CVE-2019-13304.html https://www.suse.com/security/cve/CVE-2019-13305.html https://www.suse.com/security/cve/CVE-2019-13306.html https://www.suse.com/security/cve/CVE-2019-13307.html https://www.suse.com/security/cve/CVE-2019-13308.html https://www.suse.com/security/cve/CVE-2019-13309.html https://www.suse.com/security/cve/CVE-2019-13310.html https://www.suse.com/security/cve/CVE-2019-13311.html https://www.suse.com/security/cve/CVE-2019-13391.html https://www.suse.com/security/cve/CVE-2019-13454.html https://bugzilla.suse.com/1139884 https://bugzilla.suse.com/1139885 https://bugzilla.suse.com/1139886 https://bugzilla.suse.com/1140100 https://bugzilla.suse.com/1140102 https://bugzilla.suse.com/1140103 https://bugzilla.suse.com/1140104 https://bugzilla.suse.com/1140105 https://bugzilla.suse.com/1140106 https://bugzilla.suse.com/1140110 https://bugzilla.suse.com/1140111 https://bugzilla.suse.com/1140501 https://bugzilla.suse.com/1140513 https://bugzilla.suse.com/1140520 https://bugzilla.suse.com/1140534 https://bugzilla.suse.com/1140538 https://bugzilla.suse.com/1140543 https://bugzilla.suse.com/1140545 https://bugzilla.suse.com/1140547 https://bugzilla.suse.com/1140549 https://bugzilla.suse.com/1140552 https://bugzilla.suse.com/1140554 https://bugzilla.suse.com/1140664 https://bugzilla.suse.com/1140665 https://bugzilla.suse.com/1140666 https://bugzilla.suse.com/1140667 https://bugzilla.suse.com/1140668 https://bugzilla.suse.com/1140669 https://bugzilla.suse.com/1140673 https://bugzilla.suse.com/1141171 From sle-updates at lists.suse.com Mon Aug 12 04:12:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Aug 2019 12:12:15 +0200 (CEST) Subject: SUSE-RU-2019:2109-1: moderate: Recommended update for nmap Message-ID: <20190812101215.CF618F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for nmap ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2109-1 Rating: moderate References: #1143277 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nmap fixes the following issues: - Fixed an infinite loop in tls-alpn when server is forcing a protocol (bsc#1143277) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2109=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2109=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2109=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2109=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2109=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): nmap-debuginfo-7.70-3.8.1 nmap-debugsource-7.70-3.8.1 nping-7.70-3.8.1 nping-debuginfo-7.70-3.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ncat-7.70-3.8.1 ncat-debuginfo-7.70-3.8.1 ndiff-7.70-3.8.1 nmap-debuginfo-7.70-3.8.1 nmap-debugsource-7.70-3.8.1 nping-7.70-3.8.1 nping-debuginfo-7.70-3.8.1 zenmap-7.70-3.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ncat-7.70-3.8.1 ncat-debuginfo-7.70-3.8.1 ndiff-7.70-3.8.1 nmap-debuginfo-7.70-3.8.1 nmap-debugsource-7.70-3.8.1 nping-7.70-3.8.1 nping-debuginfo-7.70-3.8.1 zenmap-7.70-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): nmap-7.70-3.8.1 nmap-debuginfo-7.70-3.8.1 nmap-debugsource-7.70-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): nmap-7.70-3.8.1 nmap-debuginfo-7.70-3.8.1 nmap-debugsource-7.70-3.8.1 References: https://bugzilla.suse.com/1143277 From sle-updates at lists.suse.com Mon Aug 12 04:13:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Aug 2019 12:13:03 +0200 (CEST) Subject: SUSE-RU-2019:2107-1: moderate: Recommended update for xorg-x11-server Message-ID: <20190812101303.AD95EF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2107-1 Rating: moderate References: #1136118 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xorg-x11-server fixes the following issues: - Improved performance of modesetting driver when loading the vnc Xserver module (bsc#1136118) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2107=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2107=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2107=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.19.6-4.3.1 xorg-x11-server-debugsource-1.19.6-4.3.1 xorg-x11-server-sdk-1.19.6-4.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-4.3.1 xorg-x11-server-debuginfo-1.19.6-4.3.1 xorg-x11-server-debugsource-1.19.6-4.3.1 xorg-x11-server-extra-1.19.6-4.3.1 xorg-x11-server-extra-debuginfo-1.19.6-4.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): xorg-x11-server-1.19.6-4.3.1 xorg-x11-server-debuginfo-1.19.6-4.3.1 xorg-x11-server-debugsource-1.19.6-4.3.1 xorg-x11-server-extra-1.19.6-4.3.1 xorg-x11-server-extra-debuginfo-1.19.6-4.3.1 References: https://bugzilla.suse.com/1136118 From sle-updates at lists.suse.com Mon Aug 12 04:13:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Aug 2019 12:13:53 +0200 (CEST) Subject: SUSE-RU-2019:2108-1: moderate: Recommended update for ceph Message-ID: <20190812101353.108C8F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2108-1 Rating: moderate References: #1135205 #1137261 #1140737 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for ceph fixes the following issues: - Add CephFS library to create subvolumes properly. (bsc#1135205) - Include a warning message that in certain situtations the RBD client recommends creating a tcmu-runner. (bsc#1137261) - Add, update and remove translations. (bsc#1140737) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2108=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2108=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2019-2108=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ceph-14.2.2.348+gf6da3d1d18-3.6.1 ceph-base-14.2.2.348+gf6da3d1d18-3.6.1 ceph-base-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 ceph-debugsource-14.2.2.348+gf6da3d1d18-3.6.1 ceph-fuse-14.2.2.348+gf6da3d1d18-3.6.1 ceph-fuse-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mds-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mds-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mgr-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mgr-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mon-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mon-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 ceph-osd-14.2.2.348+gf6da3d1d18-3.6.1 ceph-osd-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 ceph-radosgw-14.2.2.348+gf6da3d1d18-3.6.1 ceph-radosgw-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 cephfs-shell-14.2.2.348+gf6da3d1d18-3.6.1 rbd-fuse-14.2.2.348+gf6da3d1d18-3.6.1 rbd-fuse-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 rbd-mirror-14.2.2.348+gf6da3d1d18-3.6.1 rbd-mirror-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 rbd-nbd-14.2.2.348+gf6da3d1d18-3.6.1 rbd-nbd-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): ceph-grafana-dashboards-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mgr-dashboard-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mgr-diskprediction-cloud-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mgr-diskprediction-local-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mgr-rook-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mgr-ssh-14.2.2.348+gf6da3d1d18-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): ceph-test-14.2.2.348+gf6da3d1d18-3.6.1 ceph-test-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 ceph-test-debugsource-14.2.2.348+gf6da3d1d18-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): ceph-common-14.2.2.348+gf6da3d1d18-3.6.1 ceph-common-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 ceph-debugsource-14.2.2.348+gf6da3d1d18-3.6.1 libcephfs-devel-14.2.2.348+gf6da3d1d18-3.6.1 libcephfs2-14.2.2.348+gf6da3d1d18-3.6.1 libcephfs2-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 librados-devel-14.2.2.348+gf6da3d1d18-3.6.1 librados-devel-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 librados2-14.2.2.348+gf6da3d1d18-3.6.1 librados2-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 libradospp-devel-14.2.2.348+gf6da3d1d18-3.6.1 librbd-devel-14.2.2.348+gf6da3d1d18-3.6.1 librbd1-14.2.2.348+gf6da3d1d18-3.6.1 librbd1-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 librgw-devel-14.2.2.348+gf6da3d1d18-3.6.1 librgw2-14.2.2.348+gf6da3d1d18-3.6.1 librgw2-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 python3-ceph-argparse-14.2.2.348+gf6da3d1d18-3.6.1 python3-cephfs-14.2.2.348+gf6da3d1d18-3.6.1 python3-cephfs-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 python3-rados-14.2.2.348+gf6da3d1d18-3.6.1 python3-rados-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 python3-rbd-14.2.2.348+gf6da3d1d18-3.6.1 python3-rbd-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 python3-rgw-14.2.2.348+gf6da3d1d18-3.6.1 python3-rgw-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 rados-objclass-devel-14.2.2.348+gf6da3d1d18-3.6.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): ceph-14.2.2.348+gf6da3d1d18-3.6.1 ceph-base-14.2.2.348+gf6da3d1d18-3.6.1 ceph-base-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 ceph-common-14.2.2.348+gf6da3d1d18-3.6.1 ceph-common-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 ceph-debugsource-14.2.2.348+gf6da3d1d18-3.6.1 ceph-fuse-14.2.2.348+gf6da3d1d18-3.6.1 ceph-fuse-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mds-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mds-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mgr-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mgr-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mon-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mon-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 ceph-osd-14.2.2.348+gf6da3d1d18-3.6.1 ceph-osd-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 ceph-radosgw-14.2.2.348+gf6da3d1d18-3.6.1 ceph-radosgw-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 cephfs-shell-14.2.2.348+gf6da3d1d18-3.6.1 libcephfs2-14.2.2.348+gf6da3d1d18-3.6.1 libcephfs2-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 librados2-14.2.2.348+gf6da3d1d18-3.6.1 librados2-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 librbd1-14.2.2.348+gf6da3d1d18-3.6.1 librbd1-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 librgw2-14.2.2.348+gf6da3d1d18-3.6.1 librgw2-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 python3-ceph-argparse-14.2.2.348+gf6da3d1d18-3.6.1 python3-cephfs-14.2.2.348+gf6da3d1d18-3.6.1 python3-cephfs-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 python3-rados-14.2.2.348+gf6da3d1d18-3.6.1 python3-rados-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 python3-rbd-14.2.2.348+gf6da3d1d18-3.6.1 python3-rbd-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 python3-rgw-14.2.2.348+gf6da3d1d18-3.6.1 python3-rgw-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 rbd-fuse-14.2.2.348+gf6da3d1d18-3.6.1 rbd-fuse-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 rbd-mirror-14.2.2.348+gf6da3d1d18-3.6.1 rbd-mirror-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 rbd-nbd-14.2.2.348+gf6da3d1d18-3.6.1 rbd-nbd-debuginfo-14.2.2.348+gf6da3d1d18-3.6.1 - SUSE Enterprise Storage 6 (noarch): ceph-grafana-dashboards-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mgr-dashboard-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mgr-diskprediction-local-14.2.2.348+gf6da3d1d18-3.6.1 ceph-mgr-rook-14.2.2.348+gf6da3d1d18-3.6.1 ceph-prometheus-alerts-14.2.2.348+gf6da3d1d18-3.6.1 References: https://bugzilla.suse.com/1135205 https://bugzilla.suse.com/1137261 https://bugzilla.suse.com/1140737 From sle-updates at lists.suse.com Mon Aug 12 04:14:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Aug 2019 12:14:51 +0200 (CEST) Subject: SUSE-RU-2019:2110-1: moderate: Recommended update for python-azure-sdk Message-ID: <20190812101451.2B1C4F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-sdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2110-1 Rating: moderate References: #1054413 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-azure-sdk fixes the following issues: Include python-azure-sdk meta package in SLE-12 (fate#323875, bsc#1054413) The Python Azure SDK was seperated into components (bsc#1054413): + Bump version to 2.0.0.1 to obsolete the monolitic package + Added individual components of Python Azure SDK to Requires Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-2110=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azure-sdk-2.0.0.1-14.6.1 References: https://bugzilla.suse.com/1054413 From sle-updates at lists.suse.com Mon Aug 12 07:10:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Aug 2019 15:10:17 +0200 (CEST) Subject: SUSE-SU-2019:2114-1: moderate: Security update for python Message-ID: <20190812131017.EE3E7F798@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2114-1 Rating: moderate References: #1141853 Cross-References: CVE-2018-20852 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issues: - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2019-2114=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2114=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2114=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2114=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2114=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2114=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2114=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.14-7.17.1 python-base-debugsource-2.7.14-7.17.1 python-curses-2.7.14-7.17.1 python-curses-debuginfo-2.7.14-7.17.1 python-debuginfo-2.7.14-7.17.1 python-debugsource-2.7.14-7.17.1 python-devel-2.7.14-7.17.1 python-gdbm-2.7.14-7.17.1 python-gdbm-debuginfo-2.7.14-7.17.1 python-xml-2.7.14-7.17.1 python-xml-debuginfo-2.7.14-7.17.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.17.1 python-debugsource-2.7.14-7.17.1 python-demo-2.7.14-7.17.1 python-idle-2.7.14-7.17.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python-doc-2.7.14-7.17.1 python-doc-pdf-2.7.14-7.17.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libpython2_7-1_0-32bit-2.7.14-7.17.1 libpython2_7-1_0-32bit-debuginfo-2.7.14-7.17.1 python-32bit-2.7.14-7.17.1 python-32bit-debuginfo-2.7.14-7.17.1 python-base-32bit-2.7.14-7.17.1 python-base-32bit-debuginfo-2.7.14-7.17.1 python-base-debugsource-2.7.14-7.17.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.17.1 python-debugsource-2.7.14-7.17.1 python-demo-2.7.14-7.17.1 python-idle-2.7.14-7.17.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python-doc-2.7.14-7.17.1 python-doc-pdf-2.7.14-7.17.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.17.1 python-debugsource-2.7.14-7.17.1 python-tk-2.7.14-7.17.1 python-tk-debuginfo-2.7.14-7.17.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.17.1 python-debugsource-2.7.14-7.17.1 python-tk-2.7.14-7.17.1 python-tk-debuginfo-2.7.14-7.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.14-7.17.1 libpython2_7-1_0-debuginfo-2.7.14-7.17.1 python-2.7.14-7.17.1 python-base-2.7.14-7.17.1 python-base-debuginfo-2.7.14-7.17.1 python-base-debugsource-2.7.14-7.17.1 python-debuginfo-2.7.14-7.17.1 python-debugsource-2.7.14-7.17.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.14-7.17.1 libpython2_7-1_0-debuginfo-2.7.14-7.17.1 python-2.7.14-7.17.1 python-base-2.7.14-7.17.1 python-base-debuginfo-2.7.14-7.17.1 python-base-debugsource-2.7.14-7.17.1 python-curses-2.7.14-7.17.1 python-curses-debuginfo-2.7.14-7.17.1 python-debuginfo-2.7.14-7.17.1 python-debugsource-2.7.14-7.17.1 python-devel-2.7.14-7.17.1 python-gdbm-2.7.14-7.17.1 python-gdbm-debuginfo-2.7.14-7.17.1 python-xml-2.7.14-7.17.1 python-xml-debuginfo-2.7.14-7.17.1 References: https://www.suse.com/security/cve/CVE-2018-20852.html https://bugzilla.suse.com/1141853 From sle-updates at lists.suse.com Mon Aug 12 07:11:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Aug 2019 15:11:03 +0200 (CEST) Subject: SUSE-RU-2019:2112-1: moderate: Recommended update for deepsea Message-ID: <20190812131103.B064CF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for deepsea ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2112-1 Rating: moderate References: #1110528 #1133826 #1134723 #1138442 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for deepsea fixes the following issues: - This fixes the mds names for new deployments. Daemon names that would start with a digit (i.e. when a hostname starts with a digit) get a mds. prefix (bsc#1138442) - mds will get restarted when no CephFS is present after upgrading (bsc#1110528) - Improved removal with missing disk (bsc#1133826, bsc#1134723) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2112=1 Package List: - SUSE Enterprise Storage 5 (noarch): deepsea-0.8.11+git.0.16de46e5e-2.37.1 References: https://bugzilla.suse.com/1110528 https://bugzilla.suse.com/1133826 https://bugzilla.suse.com/1134723 https://bugzilla.suse.com/1138442 From sle-updates at lists.suse.com Tue Aug 13 04:10:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Aug 2019 12:10:46 +0200 (CEST) Subject: SUSE-RU-2019:2116-1: moderate: Recommended update for aide Message-ID: <20190813101046.BF4EFF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for aide ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2116-1 Rating: moderate References: #1098360 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aide fixes the following issues: - Remove not available gcrypt algorithm 7 DB_HAVAL (bsc#1098360). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2116=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2116=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2116=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2116=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): aide-debuginfo-0.16-3.3.1 aide-debugsource-0.16-3.3.1 aide-test-0.16-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): aide-debuginfo-0.16-3.3.1 aide-debugsource-0.16-3.3.1 aide-test-0.16-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): aide-0.16-3.3.1 aide-debuginfo-0.16-3.3.1 aide-debugsource-0.16-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): aide-0.16-3.3.1 aide-debuginfo-0.16-3.3.1 aide-debugsource-0.16-3.3.1 References: https://bugzilla.suse.com/1098360 From sle-updates at lists.suse.com Tue Aug 13 10:10:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Aug 2019 18:10:27 +0200 (CEST) Subject: SUSE-SU-2019:2117-1: important: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Message-ID: <20190813161027.3D7CCF798@maintenance.suse.de> SUSE Security Update: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2117-1 Rating: important References: #1100331 #1121967 #1138920 #1139649 #1142160 #1142413 #1143409 Cross-References: CVE-2018-10892 CVE-2019-13509 CVE-2019-14271 CVE-2019-5736 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Containers 15-SP1 SUSE Linux Enterprise Module for Containers 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker: - CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409). - CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160). - Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649). runc: - Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920). - Update to runc 425e105d5a03, which is required by Docker (bsc#1139649). containerd: - CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967). - Update to containerd v1.2.6, which is required by docker (bsc#1139649). golang-github-docker-libnetwork: - Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2117=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2117=1 - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2019-2117=1 - SUSE Linux Enterprise Module for Containers 15: zypper in -t patch SUSE-SLE-Module-Containers-15-2019-2117=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): containerd-ctr-1.2.6-5.16.1 containerd-kubic-1.2.6-5.16.1 containerd-kubic-ctr-1.2.6-5.16.1 docker-debuginfo-19.03.1_ce-6.26.2 docker-kubic-19.03.1_ce-6.26.2 docker-kubic-debuginfo-19.03.1_ce-6.26.2 docker-kubic-kubeadm-criconfig-19.03.1_ce-6.26.2 docker-kubic-test-19.03.1_ce-6.26.2 docker-kubic-test-debuginfo-19.03.1_ce-6.26.2 docker-libnetwork-kubic-0.7.0.1+gitr2800_fc5a7d91d54c-4.15.1 docker-libnetwork-kubic-debuginfo-0.7.0.1+gitr2800_fc5a7d91d54c-4.15.1 docker-runc-kubic-1.0.0rc8+gitr3826_425e105d5a03-6.21.2 docker-runc-kubic-debuginfo-1.0.0rc8+gitr3826_425e105d5a03-6.21.2 docker-test-19.03.1_ce-6.26.2 docker-test-debuginfo-19.03.1_ce-6.26.2 golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-4.15.1 golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2800_fc5a7d91d54c-4.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): docker-kubic-bash-completion-19.03.1_ce-6.26.2 docker-kubic-zsh-completion-19.03.1_ce-6.26.2 docker-zsh-completion-19.03.1_ce-6.26.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): containerd-ctr-1.2.6-5.16.1 docker-debuginfo-19.03.1_ce-6.26.2 docker-test-19.03.1_ce-6.26.2 docker-test-debuginfo-19.03.1_ce-6.26.2 golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-4.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): docker-zsh-completion-19.03.1_ce-6.26.2 - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): containerd-1.2.6-5.16.1 docker-19.03.1_ce-6.26.2 docker-debuginfo-19.03.1_ce-6.26.2 docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-4.15.1 docker-libnetwork-debuginfo-0.7.0.1+gitr2800_fc5a7d91d54c-4.15.1 docker-runc-1.0.0rc8+gitr3826_425e105d5a03-6.21.2 docker-runc-debuginfo-1.0.0rc8+gitr3826_425e105d5a03-6.21.2 - SUSE Linux Enterprise Module for Containers 15-SP1 (noarch): docker-bash-completion-19.03.1_ce-6.26.2 - SUSE Linux Enterprise Module for Containers 15 (ppc64le s390x x86_64): containerd-1.2.6-5.16.1 docker-19.03.1_ce-6.26.2 docker-debuginfo-19.03.1_ce-6.26.2 docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-4.15.1 docker-libnetwork-debuginfo-0.7.0.1+gitr2800_fc5a7d91d54c-4.15.1 docker-runc-1.0.0rc8+gitr3826_425e105d5a03-6.21.2 docker-runc-debuginfo-1.0.0rc8+gitr3826_425e105d5a03-6.21.2 - SUSE Linux Enterprise Module for Containers 15 (noarch): docker-bash-completion-19.03.1_ce-6.26.2 References: https://www.suse.com/security/cve/CVE-2018-10892.html https://www.suse.com/security/cve/CVE-2019-13509.html https://www.suse.com/security/cve/CVE-2019-14271.html https://www.suse.com/security/cve/CVE-2019-5736.html https://bugzilla.suse.com/1100331 https://bugzilla.suse.com/1121967 https://bugzilla.suse.com/1138920 https://bugzilla.suse.com/1139649 https://bugzilla.suse.com/1142160 https://bugzilla.suse.com/1142413 https://bugzilla.suse.com/1143409 From sle-updates at lists.suse.com Tue Aug 13 10:12:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Aug 2019 18:12:34 +0200 (CEST) Subject: SUSE-SU-2019:2118-1: important: Security update for mariadb-100 Message-ID: <20190813161234.C719EF798@maintenance.suse.de> SUSE Security Update: Security update for mariadb-100 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2118-1 Rating: important References: #1136037 Cross-References: CVE-2019-2529 CVE-2019-2537 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for mariadb-100 to version 10.0.38 fixes the following issues: - CVE-2019-2537: Fixed a denial of service vulnerability which can lead to MySQL compromise (bsc#1136037). - CVE-2019-2529: Fixed a denial of service vulnerability by an privileged attacker via a protocol compromise (bsc#1136037). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2118=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2118=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2118=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2118=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libmysqlclient_r18-10.0.38-2.6.2 libmysqlclient_r18-32bit-10.0.38-2.6.2 mariadb-100-debuginfo-10.0.38-2.6.2 mariadb-100-debugsource-10.0.38-2.6.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libmysqlclient-devel-10.0.38-2.6.2 libmysqlclient_r18-10.0.38-2.6.2 libmysqld-devel-10.0.38-2.6.2 libmysqld18-10.0.38-2.6.2 libmysqld18-debuginfo-10.0.38-2.6.2 mariadb-100-debuginfo-10.0.38-2.6.2 mariadb-100-debugsource-10.0.38-2.6.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libmysqlclient18-10.0.38-2.6.2 libmysqlclient18-debuginfo-10.0.38-2.6.2 mariadb-100-debuginfo-10.0.38-2.6.2 mariadb-100-debugsource-10.0.38-2.6.2 mariadb-100-errormessages-10.0.38-2.6.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libmysqlclient18-32bit-10.0.38-2.6.2 libmysqlclient18-debuginfo-32bit-10.0.38-2.6.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libmysqlclient18-10.0.38-2.6.2 libmysqlclient18-32bit-10.0.38-2.6.2 libmysqlclient18-debuginfo-10.0.38-2.6.2 libmysqlclient18-debuginfo-32bit-10.0.38-2.6.2 libmysqlclient_r18-10.0.38-2.6.2 libmysqlclient_r18-32bit-10.0.38-2.6.2 mariadb-100-debuginfo-10.0.38-2.6.2 mariadb-100-debugsource-10.0.38-2.6.2 mariadb-100-errormessages-10.0.38-2.6.2 References: https://www.suse.com/security/cve/CVE-2019-2529.html https://www.suse.com/security/cve/CVE-2019-2537.html https://bugzilla.suse.com/1136037 From sle-updates at lists.suse.com Tue Aug 13 10:13:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Aug 2019 18:13:15 +0200 (CEST) Subject: SUSE-SU-2019:2119-1: important: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Message-ID: <20190813161315.720FBF798@maintenance.suse.de> SUSE Security Update: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2119-1 Rating: important References: #1100331 #1121967 #1142160 #1142413 #1143409 Cross-References: CVE-2018-10892 CVE-2019-13509 CVE-2019-14271 CVE-2019-5736 Affected Products: SUSE OpenStack Cloud 6-LTSS SUSE Linux Enterprise Module for Containers 12 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker: - CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409). - CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160). - Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413). golang-github-docker-libnetwork: - Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6-LTSS: zypper in -t patch SUSE-OpenStack-Cloud-6-LTSS-2019-2119=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2019-2119=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 6-LTSS (x86_64): containerd-1.2.6-16.23.1 docker-19.03.1_ce-98.46.1 docker-debuginfo-19.03.1_ce-98.46.1 docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-25.1 docker-libnetwork-debuginfo-0.7.0.1+gitr2800_fc5a7d91d54c-25.1 docker-runc-1.0.0rc8+gitr3826_425e105d5a03-1.29.1 - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): containerd-1.2.6-16.23.1 docker-19.03.1_ce-98.46.1 docker-debuginfo-19.03.1_ce-98.46.1 docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-25.1 docker-libnetwork-debuginfo-0.7.0.1+gitr2800_fc5a7d91d54c-25.1 docker-runc-1.0.0rc8+gitr3826_425e105d5a03-1.29.1 - SUSE CaaS Platform 3.0 (x86_64): containerd-kubic-1.2.6-16.23.1 docker-kubic-19.03.1_ce-98.46.1 docker-kubic-debuginfo-19.03.1_ce-98.46.1 docker-libnetwork-kubic-0.7.0.1+gitr2800_fc5a7d91d54c-25.1 docker-libnetwork-kubic-debuginfo-0.7.0.1+gitr2800_fc5a7d91d54c-25.1 docker-runc-kubic-1.0.0rc8+gitr3826_425e105d5a03-1.29.1 docker-runc-kubic-debuginfo-1.0.0rc8+gitr3826_425e105d5a03-1.29.1 References: https://www.suse.com/security/cve/CVE-2018-10892.html https://www.suse.com/security/cve/CVE-2019-13509.html https://www.suse.com/security/cve/CVE-2019-14271.html https://www.suse.com/security/cve/CVE-2019-5736.html https://bugzilla.suse.com/1100331 https://bugzilla.suse.com/1121967 https://bugzilla.suse.com/1142160 https://bugzilla.suse.com/1142413 https://bugzilla.suse.com/1143409 From sle-updates at lists.suse.com Wed Aug 14 07:12:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 15:12:25 +0200 (CEST) Subject: SUSE-RU-2019:2131-1: moderate: Recommended update for checkmedia Message-ID: <20190814131225.58EA1FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for checkmedia ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2131-1 Rating: moderate References: #1139561 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for checkmedia fixes the following issues: - Fix compatibilty issue with older gcc compiler. - work also wi - Add support for signed media. (bsc#1139561) - adjust tagmedia script - Update documentation. - Allow to set specific gpg key for signature verification. - Added tests for signature verification. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2131=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): checkmedia-5.2-7.3.2 checkmedia-debuginfo-5.2-7.3.2 checkmedia-debugsource-5.2-7.3.2 libmediacheck-devel-5.2-7.3.2 libmediacheck5-5.2-7.3.2 References: https://bugzilla.suse.com/1139561 From sle-updates at lists.suse.com Wed Aug 14 07:13:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 15:13:37 +0200 (CEST) Subject: SUSE-RU-2019:2129-1: important: Recommended update for open-vm-tools Message-ID: <20190814131337.C4167FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2129-1 Rating: important References: #1143452 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-vm-tools fixes the following issues: - Fixes a regression which was introduced by the recent patch of open-vm-tools in the vmtoolsd service file to cause cyclic dependencies (bsc#1143452) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2129=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2129=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2129=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2129=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2129=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2129=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2129=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libvmtools0-10.3.10-3.31.1 libvmtools0-debuginfo-10.3.10-3.31.1 open-vm-tools-10.3.10-3.31.1 open-vm-tools-debuginfo-10.3.10-3.31.1 open-vm-tools-debugsource-10.3.10-3.31.1 open-vm-tools-desktop-10.3.10-3.31.1 open-vm-tools-desktop-debuginfo-10.3.10-3.31.1 - SUSE OpenStack Cloud 8 (x86_64): libvmtools0-10.3.10-3.31.1 libvmtools0-debuginfo-10.3.10-3.31.1 open-vm-tools-10.3.10-3.31.1 open-vm-tools-debuginfo-10.3.10-3.31.1 open-vm-tools-debugsource-10.3.10-3.31.1 open-vm-tools-desktop-10.3.10-3.31.1 open-vm-tools-desktop-debuginfo-10.3.10-3.31.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libvmtools0-10.3.10-3.31.1 libvmtools0-debuginfo-10.3.10-3.31.1 open-vm-tools-10.3.10-3.31.1 open-vm-tools-debuginfo-10.3.10-3.31.1 open-vm-tools-debugsource-10.3.10-3.31.1 open-vm-tools-desktop-10.3.10-3.31.1 open-vm-tools-desktop-debuginfo-10.3.10-3.31.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): libvmtools0-10.3.10-3.31.1 libvmtools0-debuginfo-10.3.10-3.31.1 open-vm-tools-10.3.10-3.31.1 open-vm-tools-debuginfo-10.3.10-3.31.1 open-vm-tools-debugsource-10.3.10-3.31.1 open-vm-tools-desktop-10.3.10-3.31.1 open-vm-tools-desktop-debuginfo-10.3.10-3.31.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libvmtools0-10.3.10-3.31.1 libvmtools0-debuginfo-10.3.10-3.31.1 open-vm-tools-10.3.10-3.31.1 open-vm-tools-debuginfo-10.3.10-3.31.1 open-vm-tools-debugsource-10.3.10-3.31.1 open-vm-tools-desktop-10.3.10-3.31.1 open-vm-tools-desktop-debuginfo-10.3.10-3.31.1 - SUSE Enterprise Storage 5 (x86_64): libvmtools0-10.3.10-3.31.1 libvmtools0-debuginfo-10.3.10-3.31.1 open-vm-tools-10.3.10-3.31.1 open-vm-tools-debuginfo-10.3.10-3.31.1 open-vm-tools-debugsource-10.3.10-3.31.1 open-vm-tools-desktop-10.3.10-3.31.1 open-vm-tools-desktop-debuginfo-10.3.10-3.31.1 - SUSE CaaS Platform 3.0 (x86_64): libvmtools0-10.3.10-3.31.1 libvmtools0-debuginfo-10.3.10-3.31.1 open-vm-tools-10.3.10-3.31.1 open-vm-tools-debuginfo-10.3.10-3.31.1 open-vm-tools-debugsource-10.3.10-3.31.1 - HPE Helion Openstack 8 (x86_64): libvmtools0-10.3.10-3.31.1 libvmtools0-debuginfo-10.3.10-3.31.1 open-vm-tools-10.3.10-3.31.1 open-vm-tools-debuginfo-10.3.10-3.31.1 open-vm-tools-debugsource-10.3.10-3.31.1 open-vm-tools-desktop-10.3.10-3.31.1 open-vm-tools-desktop-debuginfo-10.3.10-3.31.1 References: https://bugzilla.suse.com/1143452 From sle-updates at lists.suse.com Wed Aug 14 07:14:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 15:14:20 +0200 (CEST) Subject: SUSE-RU-2019:2127-1: important: Recommended update for open-vm-tools Message-ID: <20190814131420.35980FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2127-1 Rating: important References: #1143452 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-vm-tools fixes the following issues: - Fixes a regression which was introduced by the recent patch of open-vm-tools in the vmtoolsd service file to cause cyclic dependencies (bsc#1143452) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2127=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2127=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): open-vm-tools-debuginfo-10.3.10-3.20.1 open-vm-tools-debugsource-10.3.10-3.20.1 open-vm-tools-desktop-10.3.10-3.20.1 open-vm-tools-desktop-debuginfo-10.3.10-3.20.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libvmtools-devel-10.3.10-3.20.1 libvmtools0-10.3.10-3.20.1 libvmtools0-debuginfo-10.3.10-3.20.1 open-vm-tools-10.3.10-3.20.1 open-vm-tools-debuginfo-10.3.10-3.20.1 open-vm-tools-debugsource-10.3.10-3.20.1 References: https://bugzilla.suse.com/1143452 From sle-updates at lists.suse.com Wed Aug 14 07:15:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 15:15:00 +0200 (CEST) Subject: SUSE-RU-2019:2124-1: important: Recommended update for open-vm-tools Message-ID: <20190814131500.5167CFDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2124-1 Rating: important References: #1143452 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-vm-tools fixes the following issues: - Fixes a regression which was introduced by the recent patch of open-vm-tools in the vmtoolsd service file to cause cyclic dependencies (bsc#1143452) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2124=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2124=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (x86_64): open-vm-tools-debuginfo-10.3.10-3.6.1 open-vm-tools-debugsource-10.3.10-3.6.1 open-vm-tools-desktop-10.3.10-3.6.1 open-vm-tools-desktop-debuginfo-10.3.10-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libvmtools-devel-10.3.10-3.6.1 libvmtools0-10.3.10-3.6.1 libvmtools0-debuginfo-10.3.10-3.6.1 open-vm-tools-10.3.10-3.6.1 open-vm-tools-debuginfo-10.3.10-3.6.1 open-vm-tools-debugsource-10.3.10-3.6.1 References: https://bugzilla.suse.com/1143452 From sle-updates at lists.suse.com Wed Aug 14 07:17:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 15:17:06 +0200 (CEST) Subject: SUSE-RU-2019:2133-1: moderate: Recommended update for python3-ec2imgutils Message-ID: <20190814131706.BFF43FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-ec2imgutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2133-1 Rating: moderate References: #1144357 #1144358 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python3-ec2imgutils fixes the following issues: - Fixes an issue with a name collision when creating a security group with a generated name (bsc#1144357, bsc#1144358) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2019-2133=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python3-ec2imgutils-7.0.5-3.3.1 References: https://bugzilla.suse.com/1144357 https://bugzilla.suse.com/1144358 From sle-updates at lists.suse.com Wed Aug 14 07:17:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 15:17:53 +0200 (CEST) Subject: SUSE-RU-2019:2128-1: important: Recommended update for open-vm-tools Message-ID: <20190814131753.3494AFDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2128-1 Rating: important References: #1143452 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-vm-tools fixes the following issues: - Fixes a regression which was introduced by the recent patch of open-vm-tools in the vmtoolsd service file to cause cyclic dependencies (bsc#1143452) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2128=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2128=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (x86_64): libvmtools0-10.3.10-4.12.1 libvmtools0-debuginfo-10.3.10-4.12.1 open-vm-tools-10.3.10-4.12.1 open-vm-tools-debuginfo-10.3.10-4.12.1 open-vm-tools-debugsource-10.3.10-4.12.1 open-vm-tools-desktop-10.3.10-4.12.1 open-vm-tools-desktop-debuginfo-10.3.10-4.12.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libvmtools0-10.3.10-4.12.1 libvmtools0-debuginfo-10.3.10-4.12.1 open-vm-tools-10.3.10-4.12.1 open-vm-tools-debuginfo-10.3.10-4.12.1 open-vm-tools-debugsource-10.3.10-4.12.1 open-vm-tools-desktop-10.3.10-4.12.1 open-vm-tools-desktop-debuginfo-10.3.10-4.12.1 References: https://bugzilla.suse.com/1143452 From sle-updates at lists.suse.com Wed Aug 14 07:19:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 15:19:04 +0200 (CEST) Subject: SUSE-RU-2019:2125-1: moderate: Recommended update for SAPHanaSR-ScaleOut Message-ID: <20190814131904.28559FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR-ScaleOut ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2125-1 Rating: moderate References: #1098979 #1144722 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SAPHanaSR-ScaleOut fixes the following issues: - Allowing virtual host names (bsc#1098979) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-2125=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2125=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2125=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): SAPHanaSR-ScaleOut-0.163.2-3.9.1 SAPHanaSR-ScaleOut-doc-0.163.2-3.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): SAPHanaSR-ScaleOut-0.163.2-3.9.1 SAPHanaSR-ScaleOut-doc-0.163.2-3.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): SAPHanaSR-ScaleOut-0.163.2-3.9.1 References: https://bugzilla.suse.com/1098979 https://bugzilla.suse.com/1144722 From sle-updates at lists.suse.com Wed Aug 14 07:19:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 15:19:51 +0200 (CEST) Subject: SUSE-OU-2019:2121-1: moderate: Optional update for susemanager-cloud-setup Message-ID: <20190814131951.D81A9FDD4@maintenance.suse.de> SUSE Optional Update: Optional update for susemanager-cloud-setup ______________________________________________________________________________ Announcement ID: SUSE-OU-2019:2121-1 Rating: moderate References: #1138254 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This is the initial release of the susemanager-cloud-setup packages (bsc#1138254, fate#327820) Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2019-2121=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): susemanager-cloud-setup-proxy-1.3-3.3.3 susemanager-cloud-setup-server-1.3-3.3.3 References: https://bugzilla.suse.com/1138254 From sle-updates at lists.suse.com Wed Aug 14 07:20:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 15:20:33 +0200 (CEST) Subject: SUSE-RU-2019:2120-1: moderate: Recommended update for pam Message-ID: <20190814132033.9B8C9FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2120-1 Rating: moderate References: #1136298 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pam fixes the following issues: - Enable pam_userdb.so (SLE-7257,bsc#1136298) - Upgraded pam_userdb to 1.3.1. (bsc#1136298) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2120=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2120=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2120=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): pam-debuginfo-1.1.8-24.27.1 pam-debugsource-1.1.8-24.27.1 pam-devel-1.1.8-24.27.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): pam-1.1.8-24.27.1 pam-debuginfo-1.1.8-24.27.1 pam-debugsource-1.1.8-24.27.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): pam-32bit-1.1.8-24.27.1 pam-debuginfo-32bit-1.1.8-24.27.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): pam-doc-1.1.8-24.27.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): pam-1.1.8-24.27.1 pam-32bit-1.1.8-24.27.1 pam-debuginfo-1.1.8-24.27.1 pam-debuginfo-32bit-1.1.8-24.27.1 pam-debugsource-1.1.8-24.27.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): pam-doc-1.1.8-24.27.1 - SUSE CaaS Platform 3.0 (x86_64): pam-1.1.8-24.27.1 pam-debuginfo-1.1.8-24.27.1 pam-debugsource-1.1.8-24.27.1 References: https://bugzilla.suse.com/1136298 From sle-updates at lists.suse.com Wed Aug 14 07:21:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 15:21:18 +0200 (CEST) Subject: SUSE-RU-2019:2126-1: moderate: Recommended update for mksusecd Message-ID: <20190814132118.8A981FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for mksusecd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2126-1 Rating: moderate References: #1139561 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mksusecd fixes the following issues: - Embed gpg signature of checksum metadata into image. (bsc#1139561) - Add --enable-repos option. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2126=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): mksusecd-1.69-7.3.1 mksusecd-debuginfo-1.69-7.3.1 mksusecd-debugsource-1.69-7.3.1 References: https://bugzilla.suse.com/1139561 From sle-updates at lists.suse.com Wed Aug 14 07:22:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 15:22:01 +0200 (CEST) Subject: SUSE-RU-2019:2132-1: important: Recommended update for kernel-firmware Message-ID: <20190814132201.403EEFDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2132-1 Rating: important References: #1143331 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kernel-firmware fixes the following issues: - Reverts a patch which has caused systems to hang during booting in specific scenarios (bsc#1143331) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2132=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2132=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-firmware-20190618-5.11.1 ucode-amd-20190618-5.11.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): kernel-firmware-20190618-5.11.1 ucode-amd-20190618-5.11.1 References: https://bugzilla.suse.com/1143331 From sle-updates at lists.suse.com Wed Aug 14 07:22:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 15:22:43 +0200 (CEST) Subject: SUSE-RU-2019:2136-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20190814132243.1277CFDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2136-1 Rating: moderate References: #1136112 #1136113 #1137384 #1137385 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - If the credentials are not valid, an error is issued and the user is instructed to re-register the system - Fixes a bug where the registration client aborted with a traceback when the instance data cannot be retrieved (bsc#1137384, bsc#1137385) This maintenance update for cloud-regionsrv-client includes some more smaller bug fixes as well. Please refer to this rpm's changelog file to receive a full list of all changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-2136=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-9.0.2-52.13.1 cloud-regionsrv-client-generic-config-1.0.0-52.13.1 cloud-regionsrv-client-plugin-azure-1.0.1-52.13.1 cloud-regionsrv-client-plugin-ec2-1.0.0-52.13.1 cloud-regionsrv-client-plugin-gce-1.0.0-52.13.1 References: https://bugzilla.suse.com/1136112 https://bugzilla.suse.com/1136113 https://bugzilla.suse.com/1137384 https://bugzilla.suse.com/1137385 From sle-updates at lists.suse.com Wed Aug 14 07:24:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 15:24:53 +0200 (CEST) Subject: SUSE-RU-2019:2130-1: important: Recommended update for kernel-firmware Message-ID: <20190814132453.78481FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2130-1 Rating: important References: #1143331 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kernel-firmware fixes the following issues: - Reverts a patch which has caused systems to hang during booting in specific scenarios (bsc#1143331) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2130=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-firmware-20190618-3.25.1 ucode-amd-20190618-3.25.1 References: https://bugzilla.suse.com/1143331 From sle-updates at lists.suse.com Wed Aug 14 07:26:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 15:26:03 +0200 (CEST) Subject: SUSE-RU-2019:2134-1: moderate: Recommended update for zlib Message-ID: <20190814132603.7395FFDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for zlib ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2134-1 Rating: moderate References: #1136717 #1137624 #1141059 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for zlib fixes the following issues: - Update the s390 patchset. (bsc#1137624) - Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059) - Use FAT LTO objects in order to provide proper static library. - Do not enable the previous patchset on s390 but just s390x. (bsc#1137624) - Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2134=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2134=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2134=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2134=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2134=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libminizip1-32bit-1.2.11-3.9.1 libminizip1-32bit-debuginfo-1.2.11-3.9.1 zlib-debugsource-1.2.11-3.9.1 zlib-devel-static-32bit-1.2.11-3.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): zlib-debugsource-1.2.11-3.9.1 zlib-devel-32bit-1.2.11-3.9.1 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): zlib-debugsource-1.2.11-3.9.1 zlib-devel-32bit-1.2.11-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-3.9.1 libminizip1-debuginfo-1.2.11-3.9.1 libz1-1.2.11-3.9.1 libz1-debuginfo-1.2.11-3.9.1 minizip-devel-1.2.11-3.9.1 zlib-debugsource-1.2.11-3.9.1 zlib-devel-1.2.11-3.9.1 zlib-devel-static-1.2.11-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libz1-32bit-1.2.11-3.9.1 libz1-32bit-debuginfo-1.2.11-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-3.9.1 libminizip1-debuginfo-1.2.11-3.9.1 libz1-1.2.11-3.9.1 libz1-debuginfo-1.2.11-3.9.1 minizip-devel-1.2.11-3.9.1 zlib-debugsource-1.2.11-3.9.1 zlib-devel-1.2.11-3.9.1 zlib-devel-static-1.2.11-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libz1-32bit-1.2.11-3.9.1 libz1-32bit-debuginfo-1.2.11-3.9.1 References: https://bugzilla.suse.com/1136717 https://bugzilla.suse.com/1137624 https://bugzilla.suse.com/1141059 From sle-updates at lists.suse.com Wed Aug 14 07:27:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 15:27:05 +0200 (CEST) Subject: SUSE-RU-2019:2122-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <20190814132705.3E368FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2122-1 Rating: moderate References: #1020320 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Added data for 4_12_14-150_14, 4_12_14-150_17, 4_12_14-150_22, 4_12_14-195, 4_12_14-197_4, 4_12_14-197_7, 4_12_14-25_28. (bsc#1020320) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-2122=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-2122=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-2123=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-2123=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2019-2123=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (noarch): lifecycle-data-sle-module-live-patching-15-4.15.1 - SUSE Linux Enterprise Module for Live Patching 15 (noarch): lifecycle-data-sle-module-live-patching-15-4.15.1 - SUSE Linux Enterprise Live Patching 12-SP4 (noarch): lifecycle-data-sle-live-patching-1-10.47.1 - SUSE Linux Enterprise Live Patching 12-SP3 (noarch): lifecycle-data-sle-live-patching-1-10.47.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.47.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Wed Aug 14 07:27:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 15:27:50 +0200 (CEST) Subject: SUSE-RU-2019:2135-1: moderate: Recommended update for resource-agents Message-ID: <20190814132750.4F3D7FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2135-1 Rating: moderate References: #1114855 #1125138 #1131793 #1133337 #1133962 #1137038 #1137231 #1140874 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - Pacemaker SST databases to /dev/null. (bsc#1131793) - Include the latest aws-vpc-route53 bug fixes and improvements from upstream. (bsc#1140874) - Add --cli-connect-timeout 10 option to AWS CLI. - Replace ec2metada with curl to fetch the IP address directlyi from EC2 metadata. - azure-events: Change message log level for the non action messages. (bsc#1137038, bsc#1137231) - dhcpd: keep SELinux context - Set fdisk command options on Linux or BSD - Fix implicit bytes conversion that breaks in python3. Reduces the amount of error messages. (bsc#1137038, bsc#1137231) - galera: Allow empty password for "check_passwd" parameter. - Add resource agent for dovecot. - CTDB: fix version string with vendor trailer comparison (bsc#1133337) - aws-vpc-move-ip: - Linting adjustment. (bsc#1133962) - Moving shared part outside if. (bsc#1133962) - More robust approach of getting MAC address. (bsc#1133962) - Multiple VPC routing tables in routing_tables parameter - included comment in metadata section. (bsc#1125138) - Multiple routing tables - adjust sleep time. (bsc#1125138) - New feature: include support for multiple routing tables. (bsc#1125138) - Requested fix to avoid using AWS API. (bsc#1133962) - Fixing indentation. (bsc#1133962) - Fix for VM having multiple network interfaces. (bsc#1133962) - Add network namespace support to IPaddr2 - IPsrcaddr: make proto optional to fix regression when used without NetworkManager - LVM-activate: return OCF_NOT_RUNNING on initial probe. (bsc#1114855) - Add Support for lxc-stop Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-2135=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.25.1 resource-agents-4.3.018.a7fb5035-3.25.1 resource-agents-debuginfo-4.3.018.a7fb5035-3.25.1 resource-agents-debugsource-4.3.018.a7fb5035-3.25.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.25.1 References: https://bugzilla.suse.com/1114855 https://bugzilla.suse.com/1125138 https://bugzilla.suse.com/1131793 https://bugzilla.suse.com/1133337 https://bugzilla.suse.com/1133962 https://bugzilla.suse.com/1137038 https://bugzilla.suse.com/1137231 https://bugzilla.suse.com/1140874 From sle-updates at lists.suse.com Wed Aug 14 10:14:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 18:14:40 +0200 (CEST) Subject: SUSE-RU-2019:2141-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20190814161440.D94FAFDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2141-1 Rating: moderate References: #1136112 #1136113 #1137384 #1137385 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - If the credentials are not valid, an error is issued and the user is instructed to re-register the system - Fixes a bug where the registration client aborted with a traceback when the instance data cannot be retrieved (bsc#1137384, bsc#1137385) This maintenance update for cloud-regionsrv-client includes some more smaller bug fixes as well. Please refer to this rpm's changelog file to receive a full list of all changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2019-2141=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-2141=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-regionsrv-client-9.0.2-6.6.1 cloud-regionsrv-client-generic-config-1.0.0-6.6.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.6.1 cloud-regionsrv-client-plugin-ec2-1.0.0-6.6.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.6.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cloud-regionsrv-client-9.0.2-6.6.1 cloud-regionsrv-client-generic-config-1.0.0-6.6.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.6.1 cloud-regionsrv-client-plugin-ec2-1.0.0-6.6.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.6.1 References: https://bugzilla.suse.com/1136112 https://bugzilla.suse.com/1136113 https://bugzilla.suse.com/1137384 https://bugzilla.suse.com/1137385 From sle-updates at lists.suse.com Wed Aug 14 10:15:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 18:15:39 +0200 (CEST) Subject: SUSE-RU-2019:2138-1: Recommended update for ses-manual_en Message-ID: <20190814161539.40506FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-manual_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2138-1 Rating: low References: #1102242 #1116349 #1120662 #1132245 #1132544 #1134492 #1134736 #1142064 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for ses-manual_en fixes the following issues: - Redefining ceph.conf parameters (bsc#1116349) - Deleted minion's key temporarily (bsc#1120662) - Added a phrase to make it clear that SLES 12 SP4 is not supported (bsc#1134492) - Review auto profile proposal (bsc#1134736) - Migrate from replicated pool only (bsc#1102242) - Explains Capabilities better (bsc#1132245) - Fixed a typo in migrate with cache tier (bsc#1132544) - Added a phrase to make it clear that iperf3 processes won't get stopped automatically after a test run (bsc#1142064) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2138=1 Package List: - SUSE Enterprise Storage 5 (noarch): ses-admin_en-pdf-5.5+git349.29aaae0-22.22.1 ses-deployment_en-pdf-5.5+git349.29aaae0-22.22.1 ses-manual_en-5.5+git349.29aaae0-22.22.1 References: https://bugzilla.suse.com/1102242 https://bugzilla.suse.com/1116349 https://bugzilla.suse.com/1120662 https://bugzilla.suse.com/1132245 https://bugzilla.suse.com/1132544 https://bugzilla.suse.com/1134492 https://bugzilla.suse.com/1134736 https://bugzilla.suse.com/1142064 From sle-updates at lists.suse.com Wed Aug 14 10:17:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 18:17:07 +0200 (CEST) Subject: SUSE-RU-2019:2137-1: moderate: Recommended update for google-compute-engine Message-ID: <20190814161707.EFE01FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2137-1 Rating: moderate References: #1144092 #1144170 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for google-compute-engine fixes the following issues: - updated to version 20190801 (bsc#1144092, bsc#1144170) * Fix for 2FA on RHEL 8 * Support for Debian 10 * Support for Google Private Access over IPv6 * Support root disk expansion in RHEL 8 and Debian 10 Some more minor bug fixes were included in this maintenance update. The full list can be retrieved from this rpm's changelog file. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-2137=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): google-compute-engine-oslogin-20190801-36.1 google-compute-engine-oslogin-debuginfo-20190801-36.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-compute-engine-init-20190801-36.1 References: https://bugzilla.suse.com/1144092 https://bugzilla.suse.com/1144170 From sle-updates at lists.suse.com Wed Aug 14 10:18:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 18:18:20 +0200 (CEST) Subject: SUSE-RU-2019:2140-1: moderate: Recommended update for python3-susepubliccloudinfo Message-ID: <20190814161820.42F9FFDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-susepubliccloudinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2140-1 Rating: moderate References: #1144100 #1144102 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python3-susepubliccloudinfo fixes the following issues: - Added support for 'oracle' framework for images only (bsc#1144100, bsc#1144102) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-2140=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python3-susepubliccloudinfo-1.2.1-1.6.1 References: https://bugzilla.suse.com/1144100 https://bugzilla.suse.com/1144102 From sle-updates at lists.suse.com Wed Aug 14 10:20:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2019 18:20:24 +0200 (CEST) Subject: SUSE-RU-2019:2139-1: moderate: Recommended update for google-compute-engine Message-ID: <20190814162024.E1D08FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2139-1 Rating: moderate References: #1144092 #1144170 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for google-compute-engine fixes the following issues: - updated to version 20190801 (bsc#1144092, bsc#1144170) * Fix for 2FA on RHEL 8 * Support for Debian 10 * Support for Google Private Access over IPv6 * Support root disk expansion in RHEL 8 and Debian 10 Some more minor bug fixes were included in this maintenance update. The full list can be retrieved from this rpm's changelog file. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2019-2139=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-2139=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2139=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): google-compute-engine-debugsource-20190801-4.20.1 google-compute-engine-oslogin-20190801-4.20.1 google-compute-engine-oslogin-debuginfo-20190801-4.20.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): google-compute-engine-init-20190801-4.20.1 - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): google-compute-engine-oslogin-20190801-4.20.1 google-compute-engine-oslogin-debuginfo-20190801-4.20.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): google-compute-engine-init-20190801-4.20.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): google-compute-engine-debugsource-20190801-4.20.1 google-compute-engine-oslogin-32bit-20190801-4.20.1 google-compute-engine-oslogin-32bit-debuginfo-20190801-4.20.1 References: https://bugzilla.suse.com/1144092 https://bugzilla.suse.com/1144170 From sle-updates at lists.suse.com Wed Aug 14 16:10:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Aug 2019 00:10:57 +0200 (CEST) Subject: SUSE-RU-2019:2142-1: moderate: Recommended update for mozilla-nspr, mozilla-nss Message-ID: <20190814221057.8423BFDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2142-1 Rating: moderate References: #1141322 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.45 (bsc#1141322) : * New function in pk11pub.h: PK11_FindRawCertsWithSubject * The following CA certificates were Removed: CN = Certinomis - Root CA (bmo#1552374) * Implement Delegated Credentials (draft-ietf-tls-subcerts) (bmo#1540403) This adds a new experimental function SSL_DelegateCredential Note: In 3.45, selfserv does not yet support delegated credentials (See bmo#1548360). Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated credential for better policy enforcement (See bmo#1563078). * Replace ARM32 Curve25519 implementation with one from fiat-crypto (bmo#1550579) * Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot (bmo#1552262) * Add IPSEC IKE support to softoken (bmo#1546229) * Add support for the Elbrus lcc compiler (<=1.23) (bmo#1554616) * Expose an external clock for SSL (bmo#1543874) This adds new experimental functions: SSL_SetTimeFunc, SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and SSL_ReleaseAntiReplayContext. The experimental function SSL_InitAntiReplay is removed. * Various changes in response to the ongoing FIPS review (bmo#1546477) Note: The source package size has increased substantially due to the new FIPS test vectors. This will likely prompt follow-on work, but please accept our apologies in the meantime. mozilla-nspr was updated to version 4.21 * Changed prbit.h to use builtin function on aarch64. * Removed Gonk/B2G references. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2142=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2142=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2142=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2142=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libfreebl3-hmac-3.45-3.19.1 libsoftokn3-hmac-3.45-3.19.1 mozilla-nss-debuginfo-3.45-3.19.1 mozilla-nss-debugsource-3.45-3.19.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libfreebl3-hmac-32bit-3.45-3.19.1 libsoftokn3-hmac-32bit-3.45-3.19.1 mozilla-nss-32bit-debuginfo-3.45-3.19.1 mozilla-nss-debugsource-3.45-3.19.1 mozilla-nss-sysinit-32bit-3.45-3.19.1 mozilla-nss-sysinit-32bit-debuginfo-3.45-3.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libfreebl3-3.45-3.19.1 libfreebl3-debuginfo-3.45-3.19.1 libsoftokn3-3.45-3.19.1 libsoftokn3-debuginfo-3.45-3.19.1 mozilla-nspr-4.21-3.6.1 mozilla-nspr-debuginfo-4.21-3.6.1 mozilla-nspr-debugsource-4.21-3.6.1 mozilla-nspr-devel-4.21-3.6.1 mozilla-nss-3.45-3.19.1 mozilla-nss-certs-3.45-3.19.1 mozilla-nss-certs-debuginfo-3.45-3.19.1 mozilla-nss-debuginfo-3.45-3.19.1 mozilla-nss-debugsource-3.45-3.19.1 mozilla-nss-devel-3.45-3.19.1 mozilla-nss-sysinit-3.45-3.19.1 mozilla-nss-sysinit-debuginfo-3.45-3.19.1 mozilla-nss-tools-3.45-3.19.1 mozilla-nss-tools-debuginfo-3.45-3.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libfreebl3-32bit-3.45-3.19.1 libfreebl3-32bit-debuginfo-3.45-3.19.1 libsoftokn3-32bit-3.45-3.19.1 libsoftokn3-32bit-debuginfo-3.45-3.19.1 mozilla-nspr-32bit-4.21-3.6.1 mozilla-nspr-32bit-debuginfo-4.21-3.6.1 mozilla-nss-32bit-3.45-3.19.1 mozilla-nss-32bit-debuginfo-3.45-3.19.1 mozilla-nss-certs-32bit-3.45-3.19.1 mozilla-nss-certs-32bit-debuginfo-3.45-3.19.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libfreebl3-3.45-3.19.1 libfreebl3-debuginfo-3.45-3.19.1 libfreebl3-hmac-3.45-3.19.1 libsoftokn3-3.45-3.19.1 libsoftokn3-debuginfo-3.45-3.19.1 libsoftokn3-hmac-3.45-3.19.1 mozilla-nspr-4.21-3.6.1 mozilla-nspr-debuginfo-4.21-3.6.1 mozilla-nspr-debugsource-4.21-3.6.1 mozilla-nspr-devel-4.21-3.6.1 mozilla-nss-3.45-3.19.1 mozilla-nss-certs-3.45-3.19.1 mozilla-nss-certs-debuginfo-3.45-3.19.1 mozilla-nss-debuginfo-3.45-3.19.1 mozilla-nss-debugsource-3.45-3.19.1 mozilla-nss-devel-3.45-3.19.1 mozilla-nss-sysinit-3.45-3.19.1 mozilla-nss-sysinit-debuginfo-3.45-3.19.1 mozilla-nss-tools-3.45-3.19.1 mozilla-nss-tools-debuginfo-3.45-3.19.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libfreebl3-32bit-3.45-3.19.1 libfreebl3-32bit-debuginfo-3.45-3.19.1 libfreebl3-hmac-32bit-3.45-3.19.1 libsoftokn3-32bit-3.45-3.19.1 libsoftokn3-32bit-debuginfo-3.45-3.19.1 libsoftokn3-hmac-32bit-3.45-3.19.1 mozilla-nspr-32bit-4.21-3.6.1 mozilla-nspr-32bit-debuginfo-4.21-3.6.1 mozilla-nss-32bit-3.45-3.19.1 mozilla-nss-32bit-debuginfo-3.45-3.19.1 mozilla-nss-certs-32bit-3.45-3.19.1 mozilla-nss-certs-32bit-debuginfo-3.45-3.19.1 References: https://bugzilla.suse.com/1141322 From sle-updates at lists.suse.com Thu Aug 15 04:15:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Aug 2019 12:15:08 +0200 (CEST) Subject: SUSE-RU-2019:2144-1: moderate: Recommended update for golang-github-digitalocean-ceph_exporter, golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter, golang-github-prometheus-prometheus Message-ID: <20190815101508.50908FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for golang-github-digitalocean-ceph_exporter, golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter, golang-github-prometheus-prometheus ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2144-1 Rating: moderate References: #1139348 #1143929 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for golang-github-digitalocean-ceph_exporter, golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter, golang-github-prometheus-prometheus fixes the following issues: golang-github-prometheus-prometheus: - Avoid corrupted meta.json files to cause crashes by using fsync to force file content persistence (bsc#1139348) Generic changes to all packages included in this maintenance update: - Add network-online (Wants and After) dependency to systemd unit to prevent the services from starting when the network is not yet available (bsc#1143929) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2144=1 Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): golang-github-digitalocean-ceph_exporter-2.0.1+git20180913.eed5856-4.9.2 golang-github-prometheus-alertmanager-0.6.2-4.3.1 golang-github-prometheus-node_exporter-0.14.0-5.11.1 golang-github-prometheus-prometheus-2.3.2-2.13.1 References: https://bugzilla.suse.com/1139348 https://bugzilla.suse.com/1143929 From sle-updates at lists.suse.com Thu Aug 15 04:15:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Aug 2019 12:15:55 +0200 (CEST) Subject: SUSE-RU-2019:2151-1: moderate: Recommended update for ipmctl Message-ID: <20190815101555.C3CC8FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipmctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2151-1 Rating: moderate References: #1123735 #1128830 #1134253 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for ipmctl fixes the following issues: ipmctl was updated to version v01.00.00.3440. - Support more than 16 sockets. [FATE#327556, FATE#327573, bsc#1123735] - Fix flashing FW of DCPMM modules. [bsc#1128830, bsc#1134253, FATE#327773] For detailed changes see 'ChangeLog.xz' Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2151=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): ipmctl-01.00.00.3440-1.6.1 ipmctl-debuginfo-01.00.00.3440-1.6.1 ipmctl-debugsource-01.00.00.3440-1.6.1 ipmctl-devel-01.00.00.3440-1.6.1 ipmctl-monitor-01.00.00.3440-1.6.1 ipmctl-monitor-debuginfo-01.00.00.3440-1.6.1 References: https://bugzilla.suse.com/1123735 https://bugzilla.suse.com/1128830 https://bugzilla.suse.com/1134253 From sle-updates at lists.suse.com Thu Aug 15 04:16:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Aug 2019 12:16:55 +0200 (CEST) Subject: SUSE-RU-2019:2149-1: moderate: Recommended update for rmt-server Message-ID: <20190815101655.76859FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2149-1 Rating: moderate References: #1132690 #1136020 #1136081 #1138316 #1140492 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: - Fix mirroring logic when errors are encountered (bsc#1140492) - Refactor RMT::Mirror to download metadata/licenses in parallel - Check repo metadata GPG signatures during mirroring (bsc#1132690) - Add rmt-server-config subpackage with nginx configs (fate#327816, bsc#1136081) - Fix dependency to removed boot_cli_i18n file (bsc#1136020) - Add `rmt-cli systems list` command to list registered systems - Fix create UUID when system_uuid file empty (bsc#1138316) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2149=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): rmt-server-2.3.1-3.20.1 rmt-server-config-2.3.1-3.20.1 rmt-server-debuginfo-2.3.1-3.20.1 References: https://bugzilla.suse.com/1132690 https://bugzilla.suse.com/1136020 https://bugzilla.suse.com/1136081 https://bugzilla.suse.com/1138316 https://bugzilla.suse.com/1140492 From sle-updates at lists.suse.com Thu Aug 15 04:18:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Aug 2019 12:18:07 +0200 (CEST) Subject: SUSE-RU-2019:2148-1: moderate: Recommended update for s390-tools Message-ID: <20190815101807.7D7A3FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2148-1 Rating: moderate References: #1141872 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issue: - ziomon: fix utilization recording with multi-digit scsi hosts (bsc#1141872) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2148=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (s390x): osasnmpd-2.1.0-12.17.1 osasnmpd-debuginfo-2.1.0-12.17.1 s390-tools-2.1.0-12.17.1 s390-tools-debuginfo-2.1.0-12.17.1 s390-tools-debugsource-2.1.0-12.17.1 s390-tools-hmcdrvfs-2.1.0-12.17.1 s390-tools-hmcdrvfs-debuginfo-2.1.0-12.17.1 s390-tools-zdsfs-2.1.0-12.17.1 s390-tools-zdsfs-debuginfo-2.1.0-12.17.1 References: https://bugzilla.suse.com/1141872 From sle-updates at lists.suse.com Thu Aug 15 04:18:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Aug 2019 12:18:54 +0200 (CEST) Subject: SUSE-RU-2019:2150-1: moderate: Recommended update for cloud-init Message-ID: <20190815101854.BD6A5FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2150-1 Rating: moderate References: #1136440 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-init fixes the following issues: - Fixes a bug where OpenStack instances where not detected on VIO (bsc#1136440) Some more fixes were included within the 19.1 update of cloud-init. Please refer to the package changelog for more details. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-2150=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): cloud-init-19.1-37.24.1 cloud-init-config-suse-19.1-37.24.1 - SUSE CaaS Platform 3.0 (x86_64): cloud-init-19.1-37.24.1 References: https://bugzilla.suse.com/1136440 From sle-updates at lists.suse.com Thu Aug 15 04:19:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Aug 2019 12:19:36 +0200 (CEST) Subject: SUSE-RU-2019:2147-1: moderate: Recommended update for s390-tools Message-ID: <20190815101936.1E378FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2147-1 Rating: moderate References: #1141876 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issue: - ziomon: fix utilization recording with multi-digit scsi hosts (bsc#1141876) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2147=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): osasnmpd-2.1.0-21.3.1 osasnmpd-debuginfo-2.1.0-21.3.1 s390-tools-2.1.0-21.3.1 s390-tools-debuginfo-2.1.0-21.3.1 s390-tools-debugsource-2.1.0-21.3.1 s390-tools-hmcdrvfs-2.1.0-21.3.1 s390-tools-hmcdrvfs-debuginfo-2.1.0-21.3.1 s390-tools-zdsfs-2.1.0-21.3.1 s390-tools-zdsfs-debuginfo-2.1.0-21.3.1 References: https://bugzilla.suse.com/1141876 From sle-updates at lists.suse.com Thu Aug 15 04:20:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Aug 2019 12:20:16 +0200 (CEST) Subject: SUSE-RU-2019:1818-2: moderate: Recommended update for timezone Message-ID: <20190815102016.AB45FFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1818-2 Rating: moderate References: #1135262 #1140016 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1818=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1818=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-1818=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1818=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): timezone-java-2019b-0.74.26.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): timezone-java-2019b-0.74.26.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): timezone-java-2019b-0.74.26.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 - HPE Helion Openstack 8 (noarch): timezone-java-2019b-0.74.26.1 - HPE Helion Openstack 8 (x86_64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 References: https://bugzilla.suse.com/1135262 https://bugzilla.suse.com/1140016 From sle-updates at lists.suse.com Thu Aug 15 04:21:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Aug 2019 12:21:14 +0200 (CEST) Subject: SUSE-RU-2019:2143-1: Recommended update for ses-manual_en Message-ID: <20190815102114.42FC8FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-manual_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2143-1 Rating: low References: #1102242 #1130430 #1132245 #1132544 #1135185 #1138603 #1138691 #1138804 #1140655 #1141799 #1142064 #1142198 #1142311 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. Description: This update for ses-manual_en fixes the following issues: - MDS names migration (bsc#1138804) - migrate whole OSD node to LVM (bsc#1138691) - HW requirements (jsc#SES-460) - DB and WAl sizes updated (jsc#SES-460) - migrate pools from replicated only (bsc#1102242) - migration caps better explained (bsc#1132245) - /var/lib/ceph subvolume (bsc#1138603) - MDS names starting with digit (bsc#1138804) - removed multiple clusters (bsc#1141799) - typo in migrate with cache tier (bsc#1132544) - upgrade MONs and MGRs simultaneously (bsc#1142311) - drivegroups specs updated (bsc#1142198) - stop iperf3 processes (bsc#1142064) - clarified flushing of dirty cache (bsc#1140655) - deactivate tuned profiles (bsc#1130430) - migrate ntpd to chronyd (bsc#1135185) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2019-2143=1 Package List: - SUSE Enterprise Storage 6 (noarch): ses-admin_en-pdf-6+git96.7143f88-3.6.1 ses-deployment_en-pdf-6+git96.7143f88-3.6.1 ses-manual_en-6+git96.7143f88-3.6.1 References: https://bugzilla.suse.com/1102242 https://bugzilla.suse.com/1130430 https://bugzilla.suse.com/1132245 https://bugzilla.suse.com/1132544 https://bugzilla.suse.com/1135185 https://bugzilla.suse.com/1138603 https://bugzilla.suse.com/1138691 https://bugzilla.suse.com/1138804 https://bugzilla.suse.com/1140655 https://bugzilla.suse.com/1141799 https://bugzilla.suse.com/1142064 https://bugzilla.suse.com/1142198 https://bugzilla.suse.com/1142311 From sle-updates at lists.suse.com Thu Aug 15 04:23:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Aug 2019 12:23:40 +0200 (CEST) Subject: SUSE-RU-2019:2146-1: moderate: Recommended update for osinfo-db Message-ID: <20190815102340.E38E1FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for osinfo-db ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2146-1 Rating: moderate References: #1143684 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for osinfo-db fixes the following issues: - Updated database to version 20190504 - Added official release date for sle15sp1 - Added support for sle12sp5 (bsc#1143684) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2146=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): osinfo-db-20190504-3.15.1 References: https://bugzilla.suse.com/1143684 From sle-updates at lists.suse.com Thu Aug 15 04:24:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Aug 2019 12:24:28 +0200 (CEST) Subject: SUSE-RU-2019:2145-1: moderate: Recommended update for python3-susepubliccloudinfo Message-ID: <20190815102428.5B66CFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-susepubliccloudinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2145-1 Rating: moderate References: #1144100 #1144102 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python3-susepubliccloudinfo fixes the following issues: - Added support for 'oracle' framework for images only (bsc#1144100, bsc#1144102) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2019-2145=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-2145=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python3-susepubliccloudinfo-1.2.1-3.9.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python3-susepubliccloudinfo-1.2.1-3.9.1 References: https://bugzilla.suse.com/1144100 https://bugzilla.suse.com/1144102 From sle-updates at lists.suse.com Thu Aug 15 13:11:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Aug 2019 21:11:41 +0200 (CEST) Subject: SUSE-SU-2019:14146-1: moderate: Security update for libvirt and libvirt-python Message-ID: <20190815191141.29235FCD3@maintenance.suse.de> SUSE Security Update: Security update for libvirt and libvirt-python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14146-1 Rating: moderate References: #1133150 #1134783 #1140252 Cross-References: CVE-2016-10746 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for libvirt and libvirt-python fixes the following issues: libvirt: - CVE-2016-10746: Fixed an authentication bypass where a guest agent with a read only connection could call virDomainGetTime API calls (bsc#1133150). - rpc: increase the size of REMOTE_MIGRATE_COOKIE_MAX (bsc#1134783). libvirt-python: - Fixes a memory leak in libvirt-python (bsc#1140252) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-libvirt-python-14146=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libvirt-python-14146=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libvirt-1.2.5-23.24.1 libvirt-client-1.2.5-23.24.1 libvirt-doc-1.2.5-23.24.1 libvirt-lock-sanlock-1.2.5-23.24.1 libvirt-python-1.2.5-3.3.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libvirt-client-32bit-1.2.5-23.24.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libvirt-debuginfo-1.2.5-23.24.1 libvirt-debugsource-1.2.5-23.24.1 libvirt-python-debuginfo-1.2.5-3.3.2 libvirt-python-debugsource-1.2.5-3.3.2 References: https://www.suse.com/security/cve/CVE-2016-10746.html https://bugzilla.suse.com/1133150 https://bugzilla.suse.com/1134783 https://bugzilla.suse.com/1140252 From sle-updates at lists.suse.com Thu Aug 15 13:12:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Aug 2019 21:12:38 +0200 (CEST) Subject: SUSE-SU-2019:2152-1: moderate: Security update for openjpeg2 Message-ID: <20190815191238.684F3FCD3@maintenance.suse.de> SUSE Security Update: Security update for openjpeg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2152-1 Rating: moderate References: #962522 Cross-References: CVE-2016-1923 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openjpeg2 fixes the following issues: Security issue fixed: - CVE-2016-1923: Fixed anout of bounds read int opj_j2k_update_image_data() and opj_tgt_reset () (bsc#962522). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2152=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2152=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.1.0-4.12.2 libopenjp2-7-debuginfo-2.1.0-4.12.2 openjpeg2-debuginfo-2.1.0-4.12.2 openjpeg2-debugsource-2.1.0-4.12.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libopenjp2-7-2.1.0-4.12.2 libopenjp2-7-debuginfo-2.1.0-4.12.2 openjpeg2-debuginfo-2.1.0-4.12.2 openjpeg2-debugsource-2.1.0-4.12.2 References: https://www.suse.com/security/cve/CVE-2016-1923.html https://bugzilla.suse.com/962522 From sle-updates at lists.suse.com Thu Aug 15 13:13:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Aug 2019 21:13:19 +0200 (CEST) Subject: SUSE-SU-2019:2155-1: important: Security update for 389-ds Message-ID: <20190815191319.67677FCD3@maintenance.suse.de> SUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2155-1 Rating: important References: #1083689 #1092187 #1099465 #1105606 #1108674 #1109609 #1120189 #1132385 #1144797 #991201 Cross-References: CVE-2016-5416 CVE-2018-1054 CVE-2018-10871 CVE-2018-1089 CVE-2018-10935 CVE-2018-14638 CVE-2018-14648 CVE-2019-3883 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has two fixes is now available. Description: This update for 389-ds to version 1.4.0.26 fixes the following issues: Security issues fixed: - CVE-2016-5416: Fixed an information disclosure where a anonymous user could read the default ACI (bsc#991201). - CVE-2018-1054: Fixed a denial of service via search filters in SetUnicodeStringFromUTF_8() (bsc#1083689). - CVE-2018-1089: Fixed a buffer overflow via large filter value (bsc#1092187). - CVE-2018-10871: Fixed an information disclosure in certain plugins leading to the disclosure of plaintext password to an privileged attackers (bsc#1099465). - CVE-2018-14638: Fixed a denial of service through a crash in delete_passwdPolicy () (bsc#1108674). - CVE-2018-14648: Fixed a denial of service caused by malformed values in search queries (bsc#1109609). - CVE-2018-10935: Fixed a denial of service related to ldapsearch with server side sort (bsc#1105606). - CVE-2019-3883: Fixed a denial of service caused by hanging LDAP requests over TLS (bsc#1132385). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2155=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2155=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2155=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2155=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1 389-ds-debuginfo-1.4.0.26~git0.8a2d3de6f-4.14.1 389-ds-debugsource-1.4.0.26~git0.8a2d3de6f-4.14.1 389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1 389-ds-debuginfo-1.4.0.26~git0.8a2d3de6f-4.14.1 389-ds-debugsource-1.4.0.26~git0.8a2d3de6f-4.14.1 389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): 389-ds-debuginfo-1.4.0.26~git0.8a2d3de6f-4.14.1 389-ds-debugsource-1.4.0.26~git0.8a2d3de6f-4.14.1 389-ds-snmp-1.4.0.26~git0.8a2d3de6f-4.14.1 389-ds-snmp-debuginfo-1.4.0.26~git0.8a2d3de6f-4.14.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): 389-ds-debuginfo-1.4.0.26~git0.8a2d3de6f-4.14.1 389-ds-debugsource-1.4.0.26~git0.8a2d3de6f-4.14.1 389-ds-snmp-1.4.0.26~git0.8a2d3de6f-4.14.1 389-ds-snmp-debuginfo-1.4.0.26~git0.8a2d3de6f-4.14.1 References: https://www.suse.com/security/cve/CVE-2016-5416.html https://www.suse.com/security/cve/CVE-2018-1054.html https://www.suse.com/security/cve/CVE-2018-10871.html https://www.suse.com/security/cve/CVE-2018-1089.html https://www.suse.com/security/cve/CVE-2018-10935.html https://www.suse.com/security/cve/CVE-2018-14638.html https://www.suse.com/security/cve/CVE-2018-14648.html https://www.suse.com/security/cve/CVE-2019-3883.html https://bugzilla.suse.com/1083689 https://bugzilla.suse.com/1092187 https://bugzilla.suse.com/1099465 https://bugzilla.suse.com/1105606 https://bugzilla.suse.com/1108674 https://bugzilla.suse.com/1109609 https://bugzilla.suse.com/1120189 https://bugzilla.suse.com/1132385 https://bugzilla.suse.com/1144797 https://bugzilla.suse.com/991201 From sle-updates at lists.suse.com Fri Aug 16 04:10:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Aug 2019 12:10:56 +0200 (CEST) Subject: SUSE-RU-2019:2164-1: moderate: Recommended update for mariadb Message-ID: <20190816101056.10014FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2164-1 Rating: moderate References: #1143215 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mariadb fixes the following issues: - mysql-systemd-helper will now check for ping responses and the pid in a process list - this fixes the "found left-over process" issue when regular mariadb is started (bsc#1143215) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2164=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2164=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2164=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2164=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libmysqld-devel-10.2.25-3.20.1 libmysqld19-10.2.25-3.20.1 libmysqld19-debuginfo-10.2.25-3.20.1 mariadb-10.2.25-3.20.1 mariadb-client-10.2.25-3.20.1 mariadb-client-debuginfo-10.2.25-3.20.1 mariadb-debuginfo-10.2.25-3.20.1 mariadb-debugsource-10.2.25-3.20.1 mariadb-tools-10.2.25-3.20.1 mariadb-tools-debuginfo-10.2.25-3.20.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): mariadb-errormessages-10.2.25-3.20.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libmysqld-devel-10.2.25-3.20.1 libmysqld19-10.2.25-3.20.1 libmysqld19-debuginfo-10.2.25-3.20.1 mariadb-10.2.25-3.20.1 mariadb-client-10.2.25-3.20.1 mariadb-client-debuginfo-10.2.25-3.20.1 mariadb-debuginfo-10.2.25-3.20.1 mariadb-debugsource-10.2.25-3.20.1 mariadb-tools-10.2.25-3.20.1 mariadb-tools-debuginfo-10.2.25-3.20.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): mariadb-errormessages-10.2.25-3.20.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): mariadb-bench-10.2.25-3.20.1 mariadb-bench-debuginfo-10.2.25-3.20.1 mariadb-debuginfo-10.2.25-3.20.1 mariadb-debugsource-10.2.25-3.20.1 mariadb-galera-10.2.25-3.20.1 mariadb-test-10.2.25-3.20.1 mariadb-test-debuginfo-10.2.25-3.20.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): mariadb-bench-10.2.25-3.20.1 mariadb-bench-debuginfo-10.2.25-3.20.1 mariadb-debuginfo-10.2.25-3.20.1 mariadb-debugsource-10.2.25-3.20.1 mariadb-galera-10.2.25-3.20.1 mariadb-test-10.2.25-3.20.1 mariadb-test-debuginfo-10.2.25-3.20.1 References: https://bugzilla.suse.com/1143215 From sle-updates at lists.suse.com Fri Aug 16 04:13:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Aug 2019 12:13:36 +0200 (CEST) Subject: SUSE-RU-2019:2161-1: moderate: Recommended update for net-snmp Message-ID: <20190816101336.E9B85FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2161-1 Rating: moderate References: #1108471 #1116807 #1140341 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for net-snmp fixes the following issues: - Added Lustre filesystem support (bsc#1140341, jsc#SLE-6120). - Added info about the original agent which triggered the trap. When the trap is forwarded there was no info about the original agent (bsc#1116807). - Fixes missing sysconfig files creation (bsc#1108471) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2161=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2161=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): net-snmp-debuginfo-5.7.3-7.6.1 net-snmp-debugsource-5.7.3-7.6.1 python2-net-snmp-5.7.3-7.6.1 python2-net-snmp-debuginfo-5.7.3-7.6.1 python3-net-snmp-5.7.3-7.6.1 python3-net-snmp-debuginfo-5.7.3-7.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-7.6.1 libsnmp30-debuginfo-5.7.3-7.6.1 net-snmp-5.7.3-7.6.1 net-snmp-debuginfo-5.7.3-7.6.1 net-snmp-debugsource-5.7.3-7.6.1 net-snmp-devel-5.7.3-7.6.1 perl-SNMP-5.7.3-7.6.1 perl-SNMP-debuginfo-5.7.3-7.6.1 snmp-mibs-5.7.3-7.6.1 References: https://bugzilla.suse.com/1108471 https://bugzilla.suse.com/1116807 https://bugzilla.suse.com/1140341 From sle-updates at lists.suse.com Fri Aug 16 04:21:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Aug 2019 12:21:23 +0200 (CEST) Subject: SUSE-RU-2019:2162-1: moderate: Recommended update for multipath-tools Message-ID: <20190816102123.6CE66FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2162-1 Rating: moderate References: #1118495 #1119898 #1125507 #1134648 #1139369 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for multipath-tools contains the following changes: - Added basic NVMe ANA support (bsc#1119898, bsc#1118495) - mpathpersist: optimize for setups with many LUNs (bsc#1134648) - mpathpersist: add option -f/--batch-file (bsc#1134648) - libmultipath: get_prio(): really don't reset prio for inaccessible paths (bsc#1118495) - Upstream bug fixes from dm-devel (bsc#1139369): * multipath: call store_pathinfo with DI_BLACKLIST - hwtable: add Lenovo DE series (bsc#1125507) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2162=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2162=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libdmmp0_1_0-0.7.3+147+suse.1382aee-3.15.1 libdmmp0_1_0-debuginfo-0.7.3+147+suse.1382aee-3.15.1 multipath-tools-debuginfo-0.7.3+147+suse.1382aee-3.15.1 multipath-tools-debugsource-0.7.3+147+suse.1382aee-3.15.1 multipath-tools-rbd-0.7.3+147+suse.1382aee-3.15.1 multipath-tools-rbd-debuginfo-0.7.3+147+suse.1382aee-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kpartx-0.7.3+147+suse.1382aee-3.15.1 kpartx-debuginfo-0.7.3+147+suse.1382aee-3.15.1 libdmmp-devel-0.7.3+147+suse.1382aee-3.15.1 libdmmp0_1_0-0.7.3+147+suse.1382aee-3.15.1 libdmmp0_1_0-debuginfo-0.7.3+147+suse.1382aee-3.15.1 multipath-tools-0.7.3+147+suse.1382aee-3.15.1 multipath-tools-debuginfo-0.7.3+147+suse.1382aee-3.15.1 multipath-tools-debugsource-0.7.3+147+suse.1382aee-3.15.1 multipath-tools-devel-0.7.3+147+suse.1382aee-3.15.1 multipath-tools-rbd-0.7.3+147+suse.1382aee-3.15.1 multipath-tools-rbd-debuginfo-0.7.3+147+suse.1382aee-3.15.1 References: https://bugzilla.suse.com/1118495 https://bugzilla.suse.com/1119898 https://bugzilla.suse.com/1125507 https://bugzilla.suse.com/1134648 https://bugzilla.suse.com/1139369 From sle-updates at lists.suse.com Fri Aug 16 04:30:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Aug 2019 12:30:14 +0200 (CEST) Subject: SUSE-RU-2019:2160-1: Recommended update for release-notes-sles Message-ID: <20190816103014.8430FFDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2160-1 Rating: low References: #1137326 Affected Products: SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Installer 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-sles adds the following new notes: * User Mode Instruction Prevention (UMIP) for KVM (FATE#325201, update requested via bsc#1145275) [fixed typo] * Modules That Are Automatically Selected During Upgrade (FATE#325293, update requested via bsc#1145275) [fixed typo, appended missing part of table] * zcrypt DD: APQN Tags Allow Deterministic Driver Binding (FATE#325689) [fixed typo, improved title wording] * Package insserv-compat Has Been Added to SAP Application Server Base Pattern (FATE#325727, update requested via bsc#1141324) [clarified that this package can be used outside of SAP contexts] * Support for the VM Generation ID Device (FATE#325848) [improved wording] * In-kernel Crypto: Support for Protected Keys Generated by random in the paes Module (FATE#326366) [improved wording] * Input Method Engines Changes for Asian Languages (FATE#326665, update requested via bsc#1145275) [fixed typos] * HiDPI support in GNOME (FATE#326682) [fixed typo] * Update to QEMU 3.1 (FATE#327089) [fixed typo, improved wording] * NVMe Multipath Handling (FATE#327156) [fixed categorization within the document] * JeOS Images for Hyper-V and VMware Are Now Compressed (FATE#327755) [fixed typo] * Intel Optane DC Persistent Memory Operating Modes (FATE#327794, update requested via bsc#1145275) [fixed typo, improved wording] * Branch Predictor Hardening (FATE#327833) [fixed typos] * Support for QEMU's multiqueue Feature for virtio-blk (FATE#327896) [made title more consistent] * Intel* Omni-Path Architecture (OPA) Host Software (FATE#327898) [corrected path to PDF] * klogconsole and setctsid Are Considered Deprecated (FATE#327901, update requested via bsc#1145275) [fixed typo, made title more consistent] * Intel Rapid Storage Controller: NVME Drive Is Not Accessible in UEFI Mode (FATE#327902, update requested via bsc#1145275) [fixed typos] * Updated number of logical CPUs for AArch64 to 480 * Open vSwitch Support (fate#320928) * Creating a Swap*File on a Btrfs File System (fate#322477) * Run XenStore in stubdom (fate#323663) * OpenID Authentication Module for Apache2 (fate#324447) * Enable Persistent Multipath Links in KVM Guests (fate#324810) * User Mode Instruction Prevention (UMIP) for KVM (fate#325201) * Modules that get Automatically Selected During Upgrade (fate#325293) * LLVM Update (fate#325696) * Support the VM Generation ID device (fate#325848) * Memory Bandwidth Allocation (fate#326237) * Input Method Engines Changes for Asian Languages (fate#326665) * NV*DIMM Support (fate#326969) * Update to QEMU 3.1 (fate#327089) * NVMe multipath handling (fate#327156) * Intel Optane DC Persistent Memory Operating Modes (fate#327794) * Credit2 Scheduler optimization (fate#327831) * Performance Optimization for XPTI (fate#327832) * Branch Predictor Hardening (fate#327833) * AVX512 support (fate#327834) * Support for AMD Secure Encrypted Virtualization (SEV) (fate#327889) * Xen vNUMA topology (fate#327890) * New virsh Command: migrate*getmaxdowntime (fate#327891) * Bash Completion Support for the virsh Command (fate#327892) * Support Migration of VMs with Shared Disks and directsync Caching (fate#327895) * Add support for QEMU's multiqueue Feature for virtio*blk (fate#327896) * Intel* Omni*Path Architecture (OPA) Host Software (fate#327898) * Installing on a System Combining Multipath with RAID (fate#327899) * Device Error Prevention Enabled (CONFIG_IO_STRICT_DEVMEM) (fate#327900) * Deprecation Note for klogconsole and setctsid (fate#327901) * Intel Rapid Storage Controller: NVME Drive is not Accessibe in UEFI Mode (fate#327902) * Connecting to a Remote Desktop via RDP Fails (fate#327903) Documented fixes and changed notes: * openjdk 10 has been moved to Legacy (bsc#1137326) * Xen Auto*Ballooning Disabled by Default (fate#323901) * Boot and Driver Enablement for Raspberry Pi (fate#325731) * System*on*Chip Driver Enablement (fate#327734) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-2019-2160=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2160=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2019-2160=1 Package List: - SUSE Linux Enterprise Server 15-SP1 (noarch): release-notes-sles-15.1.20190812-3.5.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): release-notes-sles-15.1.20190812-3.5.1 - SUSE Linux Enterprise Installer 15-SP1 (noarch): release-notes-sles-15.1.20190812-3.5.1 References: https://bugzilla.suse.com/1137326 From sle-updates at lists.suse.com Fri Aug 16 04:30:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Aug 2019 12:30:50 +0200 (CEST) Subject: SUSE-RU-2019:2163-1: moderate: Recommended update for multipath-tools Message-ID: <20190816103050.6F34FFDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2163-1 Rating: moderate References: #1118495 #1119898 #1125507 #1134648 #1139369 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for multipath-tools contains the following changes: - Added basic NVMe ANA support (bsc#1119898, bsc#1118495) - mpathpersist: optimize for setups with many LUNs (bsc#1134648) - mpathpersist: add option -f/--batch-file (bsc#1134648) - libmultipath: get_prio(): really don't reset prio for inaccessible paths (bsc#1118495) - Upstream bug fixes from dm-devel (bsc#1139369): * multipath: call store_pathinfo with DI_BLACKLIST - hwtable: add Lenovo DE series (bsc#1125507) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2163=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2163=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2163=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): multipath-tools-debuginfo-0.7.3+150+suse.caa50c4-2.11.1 multipath-tools-debugsource-0.7.3+150+suse.caa50c4-2.11.1 multipath-tools-devel-0.7.3+150+suse.caa50c4-2.11.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kpartx-0.7.3+150+suse.caa50c4-2.11.1 kpartx-debuginfo-0.7.3+150+suse.caa50c4-2.11.1 multipath-tools-0.7.3+150+suse.caa50c4-2.11.1 multipath-tools-debuginfo-0.7.3+150+suse.caa50c4-2.11.1 multipath-tools-debugsource-0.7.3+150+suse.caa50c4-2.11.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kpartx-0.7.3+150+suse.caa50c4-2.11.1 kpartx-debuginfo-0.7.3+150+suse.caa50c4-2.11.1 multipath-tools-0.7.3+150+suse.caa50c4-2.11.1 multipath-tools-debuginfo-0.7.3+150+suse.caa50c4-2.11.1 multipath-tools-debugsource-0.7.3+150+suse.caa50c4-2.11.1 References: https://bugzilla.suse.com/1118495 https://bugzilla.suse.com/1119898 https://bugzilla.suse.com/1125507 https://bugzilla.suse.com/1134648 https://bugzilla.suse.com/1139369 From sle-updates at lists.suse.com Fri Aug 16 07:10:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Aug 2019 15:10:30 +0200 (CEST) Subject: SUSE-RU-2019:2166-1: moderate: Recommended update for openvswitch Message-ID: <20190816131030.5525CFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2166-1 Rating: moderate References: #1130276 Affected Products: SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openvswitch fixes the following issues: openvswitch was updated to to 2.7.9 (bsc#1130276). Some of the changes are: * ofp-group: support to insert bucket with weight value for select type * ofproto: fix the bug of bucket counter is not updated * netdev-dpdk: Print netdev name for txq mapping. * ifupdown.sh: Add missing "--may-exist" option * timeval: Check for OS-provided clock_gettime on macOS * travis: Stop rsyslog before start. * vlog: Better handle syslog handler exceptions. * travis: Remove 'sudo' configuration. * ovsdb-monitor.at: Use correct perl scripts. * rconn: Avoid occasional immediate connection failures. * conntrack: Fix L4 csum for V6 extension hdr pkts. * packets: Change return type for 'packet_csum_upperlayer6()'. * ovsdb-client: Fix typo. * ofctl: break the loop if ovs_pcap_read returns error * Revert "ovs-tcpdump: Fix an undefined variable" * dhparams: Fix .c file generation with OpenSSL >= 1.1.1-pre9 * dhparams: Add pregenerated .c file to the repository. * conntrack: Exclude l2 padding in 'conn_key_extract()'. * dp-packet: Add 'dp_packet_l3_size()'. * monitor: Fix crash when monitor condition adds new columns. * dpif-netdev: Add thread safety annotation to sorted_poll_list. * acinclude: Drop DPDK_EXTRA_LIB variable. * datapath: Fix IPv6 later frags parsing * datapath: Derive IP protocol number for IPv6 later frags * datapath: Avoid OOB read when parsing flow nlattrs * odp-util: Stop parse odp actions if nlattr is overflow * ovs-tcpdump: Fix an undefined variable * stt: Fix return code during xmit. * netdev-linux: Fix function argument order in sfq_tc_load(). * ofproto-dpif-xlate: Account mirrored packets only if the VLAN matches. * ofp-actions: Avoid overflow for ofpact_learn_spec->n_bits * python: Escape backslashes while formatting logs. * docs: Fix table title for VM MQ config in dpdk howto. * cmap: Fix hashing in cmap_find_protected(). * python: Catch setsockopt exceptions for TCP stream. * rhel: Add 'SYSTEMD_NO_WRAP=yes' in ovs init script for SLES * debian: Install correct vtep-ctl. * datapath-windows: Fix invalid reference in Buffermgmt.c * netdev-dpdk: Bring link down when NETDEV_UP is not set * actions: Enforce a maximum limit for nested action depth * bond: Fix LACP fallback to active-backup when recirc is enabled. * netdev-dpdk: Fix netdev_dpdk_get_features(). * ovn-northd: Fix memory leak in free_chassis_queueid(). * python-c-ext: Fix memory leak in Parser_finish * bridge.c: prevent controller connects while flow-restore-wait * connmgr: Fix vswitchd abort when a port is added and the controller is down Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2166=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2166=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2166=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2166=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2166=1 Package List: - SUSE OpenStack Cloud 8 (x86_64): openvswitch-2.7.9-3.31.3 openvswitch-debuginfo-2.7.9-3.31.3 openvswitch-debugsource-2.7.9-3.31.3 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): openvswitch-2.7.9-3.31.3 openvswitch-debuginfo-2.7.9-3.31.3 openvswitch-debugsource-2.7.9-3.31.3 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): openvswitch-2.7.9-3.31.3 openvswitch-debuginfo-2.7.9-3.31.3 openvswitch-debugsource-2.7.9-3.31.3 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): openvswitch-2.7.9-3.31.3 openvswitch-debuginfo-2.7.9-3.31.3 openvswitch-debugsource-2.7.9-3.31.3 - SUSE Enterprise Storage 5 (x86_64): openvswitch-2.7.9-3.31.3 openvswitch-debuginfo-2.7.9-3.31.3 openvswitch-debugsource-2.7.9-3.31.3 References: https://bugzilla.suse.com/1130276 From sle-updates at lists.suse.com Fri Aug 16 16:10:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Aug 2019 00:10:35 +0200 (CEST) Subject: SUSE-SU-2019:1783-3: important: Security update for postgresql10 Message-ID: <20190816221035.6CBE5FCD3@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1783-3 Rating: important References: #1138034 Cross-References: CVE-2019-10164 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql10 to version 10.9 fixes the following issue: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). More information at https://www.postgresql.org/docs/10/release-10-9.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1783=1 Package List: - SUSE Enterprise Storage 5 (aarch64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Enterprise Storage 5 (noarch): postgresql10-docs-10.9-1.12.2 References: https://www.suse.com/security/cve/CVE-2019-10164.html https://bugzilla.suse.com/1138034 From sle-updates at lists.suse.com Fri Aug 16 16:11:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Aug 2019 00:11:14 +0200 (CEST) Subject: SUSE-SU-2019:2035-2: important: Security update for polkit Message-ID: <20190816221114.85A06FCD3@maintenance.suse.de> SUSE Security Update: Security update for polkit ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2035-2 Rating: important References: #1121826 Cross-References: CVE-2019-6133 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend (bsc#1121826). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2035=1 Package List: - SUSE Enterprise Storage 5 (aarch64): libpolkit0-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 References: https://www.suse.com/security/cve/CVE-2019-6133.html https://bugzilla.suse.com/1121826 From sle-updates at lists.suse.com Fri Aug 16 16:11:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Aug 2019 00:11:51 +0200 (CEST) Subject: SUSE-SU-2019:2036-2: important: Security update for java-1_8_0-openjdk Message-ID: <20190816221151.106FDFCD3@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2036-2 Rating: important References: #1115375 #1141780 #1141782 #1141783 #1141784 #1141785 #1141786 #1141787 #1141789 Cross-References: CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-7317 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for java-1_8_0-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2842: Extended AES support (bsc#1141786). - CVE-2019-7317: Improve PNG support (bsc#1141780). - Certificate validation improvements Non-security issue fixed: - Fixed an issue where the installation failed when the manpages are not present (bsc#1115375) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2036=1 Package List: - SUSE Enterprise Storage 5 (aarch64): java-1_8_0-openjdk-1.8.0.222-27.35.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-debugsource-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-1.8.0.222-27.35.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-1.8.0.222-27.35.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-1.8.0.222-27.35.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-27.35.2 References: https://www.suse.com/security/cve/CVE-2019-2745.html https://www.suse.com/security/cve/CVE-2019-2762.html https://www.suse.com/security/cve/CVE-2019-2766.html https://www.suse.com/security/cve/CVE-2019-2769.html https://www.suse.com/security/cve/CVE-2019-2786.html https://www.suse.com/security/cve/CVE-2019-2816.html https://www.suse.com/security/cve/CVE-2019-2842.html https://www.suse.com/security/cve/CVE-2019-7317.html https://bugzilla.suse.com/1115375 https://bugzilla.suse.com/1141780 https://bugzilla.suse.com/1141782 https://bugzilla.suse.com/1141783 https://bugzilla.suse.com/1141784 https://bugzilla.suse.com/1141785 https://bugzilla.suse.com/1141786 https://bugzilla.suse.com/1141787 https://bugzilla.suse.com/1141789 From sle-updates at lists.suse.com Fri Aug 16 16:13:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Aug 2019 00:13:23 +0200 (CEST) Subject: SUSE-RU-2019:2025-2: moderate: Recommended update for mozilla-nspr, mozilla-nss Message-ID: <20190816221323.31D6AFDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2025-2 Rating: moderate References: #1141322 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.45 (bsc#1141322): * New function in pk11pub.h: PK11_FindRawCertsWithSubject * The following CA certificates were Removed: CN = Certinomis - Root CA (bmo#1552374) * Implement Delegated Credentials (draft-ietf-tls-subcerts) (bmo#1540403) This adds a new experimental function SSL_DelegateCredential Note: In 3.45, selfserv does not yet support delegated credentials (See bmo#1548360). Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated credential for better policy enforcement (See bmo#1563078). * Replace ARM32 Curve25519 implementation with one from fiat-crypto (bmo#1550579) * Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot (bmo#1552262) * Add IPSEC IKE support to softoken (bmo#1546229) * Add support for the Elbrus lcc compiler (<=1.23) (bmo#1554616) * Expose an external clock for SSL (bmo#1543874) This adds new experimental functions: SSL_SetTimeFunc, SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and SSL_ReleaseAntiReplayContext. The experimental function SSL_InitAntiReplay is removed. * Various changes in response to the ongoing FIPS review (bmo#1546477) Note: The source package size has increased substantially due to the new FIPS test vectors. This will likely prompt follow-on work, but please accept our apologies in the meantime. mozilla-nspr was updated to version 4.21: * Changed prbit.h to use builtin function on aarch64. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2025=1 Package List: - SUSE Enterprise Storage 5 (aarch64): libfreebl3-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libfreebl3-hmac-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 libsoftokn3-hmac-3.45-58.31.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-sysinit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-3.45-58.31.1 mozilla-nss-tools-3.45-58.31.1 mozilla-nss-tools-debuginfo-3.45-58.31.1 References: https://bugzilla.suse.com/1141322 From sle-updates at lists.suse.com Fri Aug 16 16:14:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Aug 2019 00:14:02 +0200 (CEST) Subject: SUSE-SU-2019:1958-2: moderate: Security update for glibc Message-ID: <20190816221402.A1E23FDD4@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1958-2 Rating: moderate References: #1127223 #1127308 #1128574 Cross-References: CVE-2009-5155 CVE-2019-9169 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: - Added cfi information for start routines in order to stop unwinding on S390 (bsc#1128574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1958=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1958=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-1958=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1958=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1958=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): glibc-2.22-62.22.5 glibc-32bit-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE OpenStack Cloud Crowbar 8 (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): glibc-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-profile-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): glibc-2.22-62.22.5 glibc-32bit-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE Enterprise Storage 5 (aarch64): glibc-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-profile-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE Enterprise Storage 5 (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - HPE Helion Openstack 8 (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - HPE Helion Openstack 8 (x86_64): glibc-2.22-62.22.5 glibc-32bit-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 References: https://www.suse.com/security/cve/CVE-2009-5155.html https://www.suse.com/security/cve/CVE-2019-9169.html https://bugzilla.suse.com/1127223 https://bugzilla.suse.com/1127308 https://bugzilla.suse.com/1128574 From sle-updates at lists.suse.com Fri Aug 16 16:14:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Aug 2019 00:14:59 +0200 (CEST) Subject: SUSE-SU-2019:1830-2: important: Security update for glib2 Message-ID: <20190816221459.A0E09FDD4@maintenance.suse.de> SUSE Security Update: Security update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1830-2 Rating: important References: #1139959 #1140122 Cross-References: CVE-2019-13012 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). Non-security issue fixed: - Added explicit requires between libglib2 and libgio2 (bsc#1140122). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1830=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1830=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-1830=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1830=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1830=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Enterprise Storage 5 (aarch64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 - SUSE Enterprise Storage 5 (noarch): glib2-lang-2.48.2-12.15.1 - HPE Helion Openstack 8 (x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - HPE Helion Openstack 8 (noarch): glib2-lang-2.48.2-12.15.1 References: https://www.suse.com/security/cve/CVE-2019-13012.html https://bugzilla.suse.com/1139959 https://bugzilla.suse.com/1140122 From sle-updates at lists.suse.com Fri Aug 16 16:15:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Aug 2019 00:15:47 +0200 (CEST) Subject: SUSE-RU-2019:1911-2: important: Recommended update for grub2 Message-ID: <20190816221547.F2E1EFDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1911-2 Rating: important References: #1134287 #1139345 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fix a regression introduced by the previous update which could prevent booting on ppc64. (bsc#1134287, bsc#1139345). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1911=1 Package List: - SUSE Enterprise Storage 5 (aarch64): grub2-2.02-4.43.1 grub2-arm64-efi-2.02-4.43.1 grub2-debuginfo-2.02-4.43.1 grub2-debugsource-2.02-4.43.1 - SUSE Enterprise Storage 5 (noarch): grub2-snapper-plugin-2.02-4.43.1 grub2-systemd-sleep-plugin-2.02-4.43.1 References: https://bugzilla.suse.com/1134287 https://bugzilla.suse.com/1139345 From sle-updates at lists.suse.com Fri Aug 16 16:16:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Aug 2019 00:16:41 +0200 (CEST) Subject: SUSE-RU-2019:1843-2: important: Initial shipment of package sles-ltss-release Message-ID: <20190816221641.8A546FDD4@maintenance.suse.de> SUSE Recommended Update: Initial shipment of package sles-ltss-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1843-2 Rating: important References: #1141069 #1141108 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This patch ships the sles-ltss-release package to SUSE Linux Enterprise Server 12 SP3 customers. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1843=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1843=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1843=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1843=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1843=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): sles-ltss-release-12.3-10.5.1 sles-ltss-release-POOL-12.3-10.5.1 - SUSE OpenStack Cloud 8 (x86_64): sles-ltss-release-12.3-10.5.1 sles-ltss-release-POOL-12.3-10.5.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): sles-ltss-release-12.3-10.5.1 sles-ltss-release-POOL-12.3-10.5.1 - SUSE Enterprise Storage 5 (x86_64): sles-ltss-release-12.3-10.5.1 sles-ltss-release-POOL-12.3-10.5.1 - HPE Helion Openstack 8 (x86_64): sles-ltss-release-12.3-10.5.1 sles-ltss-release-POOL-12.3-10.5.1 References: https://bugzilla.suse.com/1141069 https://bugzilla.suse.com/1141108 From sle-updates at lists.suse.com Fri Aug 16 16:17:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Aug 2019 00:17:26 +0200 (CEST) Subject: SUSE-SU-2019:2013-2: important: Security update for bzip2 Message-ID: <20190816221726.C9821FDD4@maintenance.suse.de> SUSE Security Update: Security update for bzip2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2013-2 Rating: important References: #1139083 Cross-References: CVE-2019-12900 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2013=1 Package List: - SUSE Enterprise Storage 5 (aarch64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 - SUSE Enterprise Storage 5 (noarch): bzip2-doc-1.0.6-30.8.1 References: https://www.suse.com/security/cve/CVE-2019-12900.html https://bugzilla.suse.com/1139083 From sle-updates at lists.suse.com Fri Aug 16 16:18:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Aug 2019 00:18:04 +0200 (CEST) Subject: SUSE-SU-2019:1861-3: important: Security update for MozillaFirefox Message-ID: <20190816221804.7152DFDD4@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1861-3 Rating: important References: #1140868 Cross-References: CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1861=1 Package List: - SUSE Enterprise Storage 5 (aarch64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 References: https://www.suse.com/security/cve/CVE-2019-11709.html https://www.suse.com/security/cve/CVE-2019-11711.html https://www.suse.com/security/cve/CVE-2019-11712.html https://www.suse.com/security/cve/CVE-2019-11713.html https://www.suse.com/security/cve/CVE-2019-11715.html https://www.suse.com/security/cve/CVE-2019-11717.html https://www.suse.com/security/cve/CVE-2019-11719.html https://www.suse.com/security/cve/CVE-2019-11729.html https://www.suse.com/security/cve/CVE-2019-11730.html https://www.suse.com/security/cve/CVE-2019-9811.html https://bugzilla.suse.com/1140868 From sle-updates at lists.suse.com Fri Aug 16 16:18:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Aug 2019 00:18:44 +0200 (CEST) Subject: SUSE-RU-2019:2026-2: moderate: Recommended update for Azure Python SDK Message-ID: <20190816221844.57A6BFDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for Azure Python SDK ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2026-2 Rating: moderate References: #1054413 #1122523 #979331 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update brings the following python modules for the Azure Python SDK: - python-Flask - python-Werkzeug - python-click - python-decorator - python-httpbin - python-idna - python-itsdangerous - python-py - python-pytest-httpbin - python-pytest-mock - python-requests Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2026=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2026=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2026=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-idna-2.5-3.10.2 python-six-1.11.0-9.21.2 python3-idna-2.5-3.10.2 python3-six-1.11.0-9.21.2 - SUSE Enterprise Storage 5 (noarch): python-idna-2.5-3.10.2 python-six-1.11.0-9.21.2 python3-idna-2.5-3.10.2 python3-six-1.11.0-9.21.2 - HPE Helion Openstack 8 (noarch): python-idna-2.5-3.10.2 python-six-1.11.0-9.21.2 python3-idna-2.5-3.10.2 python3-six-1.11.0-9.21.2 References: https://bugzilla.suse.com/1054413 https://bugzilla.suse.com/1122523 https://bugzilla.suse.com/979331 From sle-updates at lists.suse.com Fri Aug 16 16:19:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Aug 2019 00:19:40 +0200 (CEST) Subject: SUSE-RU-2019:1904-2: important: Recommended update for openssh Message-ID: <20190816221941.5A291FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1904-2 Rating: important References: #1138936 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssh fixes the following issues: - Fix a regression in utf-8 handling that could cause crashes of scp (bsc#1138936). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1904=1 Package List: - SUSE Enterprise Storage 5 (aarch64): openssh-7.2p2-74.45.1 openssh-askpass-gnome-7.2p2-74.45.1 openssh-askpass-gnome-debuginfo-7.2p2-74.45.1 openssh-debuginfo-7.2p2-74.45.1 openssh-debugsource-7.2p2-74.45.1 openssh-fips-7.2p2-74.45.1 openssh-helpers-7.2p2-74.45.1 openssh-helpers-debuginfo-7.2p2-74.45.1 References: https://bugzilla.suse.com/1138936 From sle-updates at lists.suse.com Fri Aug 16 19:10:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Aug 2019 03:10:27 +0200 (CEST) Subject: SUSE-RU-2019:1818-3: moderate: Recommended update for timezone Message-ID: <20190817011027.4344CFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1818-3 Rating: moderate References: #1135262 #1140016 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1818=1 Package List: - SUSE Enterprise Storage 5 (aarch64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 - SUSE Enterprise Storage 5 (noarch): timezone-java-2019b-0.74.26.1 References: https://bugzilla.suse.com/1135262 https://bugzilla.suse.com/1140016 From sle-updates at lists.suse.com Fri Aug 16 19:11:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Aug 2019 03:11:15 +0200 (CEST) Subject: SUSE-RU-2019:2082-2: moderate: Recommended update for wireless-regdb Message-ID: <20190817011115.1A157FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for wireless-regdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2082-2 Rating: moderate References: #1138177 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wireless-regdb fixes the following issues: - Update to version 2019.06.03 (bsc#1138177): * Expand 60 GHz band for Japan to 57-66 GHz * update source of information for CU * Update regulatory rules for South Korea * Update regulatory rules for Japan (JP) on 5GHz * update source of information for ES Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2082=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2082=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2082=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): wireless-regdb-2019.06.03-4.22.1 - SUSE Enterprise Storage 5 (noarch): wireless-regdb-2019.06.03-4.22.1 - HPE Helion Openstack 8 (noarch): wireless-regdb-2019.06.03-4.22.1 References: https://bugzilla.suse.com/1138177 From sle-updates at lists.suse.com Fri Aug 16 19:11:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Aug 2019 03:11:52 +0200 (CEST) Subject: SUSE-SU-2019:2053-2: important: Security update for python3 Message-ID: <20190817011152.9BAC9FCD3@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2053-2 Rating: important References: #1109663 #1109847 #1138459 Cross-References: CVE-2018-1000802 CVE-2018-14647 CVE-2019-10160 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python3 fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document (bsc#1109847). - CVE-2018-1000802: Fixed a command injection in the shutil module (bsc#1109663). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2053=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2053=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2053=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2053=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2053=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-curses-3.4.6-25.29.1 python3-curses-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-curses-3.4.6-25.29.1 python3-curses-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-curses-3.4.6-25.29.1 python3-curses-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 - SUSE Enterprise Storage 5 (aarch64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-curses-3.4.6-25.29.1 python3-curses-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 - HPE Helion Openstack 8 (x86_64): libpython3_4m1_0-3.4.6-25.29.1 libpython3_4m1_0-debuginfo-3.4.6-25.29.1 python3-3.4.6-25.29.1 python3-base-3.4.6-25.29.1 python3-base-debuginfo-3.4.6-25.29.1 python3-base-debugsource-3.4.6-25.29.1 python3-curses-3.4.6-25.29.1 python3-curses-debuginfo-3.4.6-25.29.1 python3-debuginfo-3.4.6-25.29.1 python3-debugsource-3.4.6-25.29.1 References: https://www.suse.com/security/cve/CVE-2018-1000802.html https://www.suse.com/security/cve/CVE-2018-14647.html https://www.suse.com/security/cve/CVE-2019-10160.html https://bugzilla.suse.com/1109663 https://bugzilla.suse.com/1109847 https://bugzilla.suse.com/1138459 From sle-updates at lists.suse.com Fri Aug 16 19:12:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Aug 2019 03:12:44 +0200 (CEST) Subject: SUSE-SU-2019:2080-2: important: Security update for evince Message-ID: <20190817011244.A2B7BFCD3@maintenance.suse.de> SUSE Security Update: Security update for evince ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2080-2 Rating: important References: #1133037 #1141619 Cross-References: CVE-2019-1010006 CVE-2019-11459 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for evince fixes the following issues: Security issues fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2080=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2080=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2080=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): evince-lang-3.20.2-6.27.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): evince-3.20.2-6.27.1 evince-browser-plugin-3.20.2-6.27.1 evince-browser-plugin-debuginfo-3.20.2-6.27.1 evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 evince-plugin-djvudocument-3.20.2-6.27.1 evince-plugin-djvudocument-debuginfo-3.20.2-6.27.1 evince-plugin-dvidocument-3.20.2-6.27.1 evince-plugin-dvidocument-debuginfo-3.20.2-6.27.1 evince-plugin-pdfdocument-3.20.2-6.27.1 evince-plugin-pdfdocument-debuginfo-3.20.2-6.27.1 evince-plugin-psdocument-3.20.2-6.27.1 evince-plugin-psdocument-debuginfo-3.20.2-6.27.1 evince-plugin-tiffdocument-3.20.2-6.27.1 evince-plugin-tiffdocument-debuginfo-3.20.2-6.27.1 evince-plugin-xpsdocument-3.20.2-6.27.1 evince-plugin-xpsdocument-debuginfo-3.20.2-6.27.1 libevdocument3-4-3.20.2-6.27.1 libevdocument3-4-debuginfo-3.20.2-6.27.1 libevview3-3-3.20.2-6.27.1 libevview3-3-debuginfo-3.20.2-6.27.1 nautilus-evince-3.20.2-6.27.1 nautilus-evince-debuginfo-3.20.2-6.27.1 - SUSE Enterprise Storage 5 (aarch64): evince-3.20.2-6.27.1 evince-browser-plugin-3.20.2-6.27.1 evince-browser-plugin-debuginfo-3.20.2-6.27.1 evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 evince-plugin-djvudocument-3.20.2-6.27.1 evince-plugin-djvudocument-debuginfo-3.20.2-6.27.1 evince-plugin-dvidocument-3.20.2-6.27.1 evince-plugin-dvidocument-debuginfo-3.20.2-6.27.1 evince-plugin-pdfdocument-3.20.2-6.27.1 evince-plugin-pdfdocument-debuginfo-3.20.2-6.27.1 evince-plugin-psdocument-3.20.2-6.27.1 evince-plugin-psdocument-debuginfo-3.20.2-6.27.1 evince-plugin-tiffdocument-3.20.2-6.27.1 evince-plugin-tiffdocument-debuginfo-3.20.2-6.27.1 evince-plugin-xpsdocument-3.20.2-6.27.1 evince-plugin-xpsdocument-debuginfo-3.20.2-6.27.1 libevdocument3-4-3.20.2-6.27.1 libevdocument3-4-debuginfo-3.20.2-6.27.1 libevview3-3-3.20.2-6.27.1 libevview3-3-debuginfo-3.20.2-6.27.1 nautilus-evince-3.20.2-6.27.1 nautilus-evince-debuginfo-3.20.2-6.27.1 - SUSE Enterprise Storage 5 (noarch): evince-lang-3.20.2-6.27.1 - HPE Helion Openstack 8 (noarch): evince-lang-3.20.2-6.27.1 - HPE Helion Openstack 8 (x86_64): evince-3.20.2-6.27.1 evince-browser-plugin-3.20.2-6.27.1 evince-browser-plugin-debuginfo-3.20.2-6.27.1 evince-debuginfo-3.20.2-6.27.1 evince-debugsource-3.20.2-6.27.1 evince-plugin-djvudocument-3.20.2-6.27.1 evince-plugin-djvudocument-debuginfo-3.20.2-6.27.1 evince-plugin-dvidocument-3.20.2-6.27.1 evince-plugin-dvidocument-debuginfo-3.20.2-6.27.1 evince-plugin-pdfdocument-3.20.2-6.27.1 evince-plugin-pdfdocument-debuginfo-3.20.2-6.27.1 evince-plugin-psdocument-3.20.2-6.27.1 evince-plugin-psdocument-debuginfo-3.20.2-6.27.1 evince-plugin-tiffdocument-3.20.2-6.27.1 evince-plugin-tiffdocument-debuginfo-3.20.2-6.27.1 evince-plugin-xpsdocument-3.20.2-6.27.1 evince-plugin-xpsdocument-debuginfo-3.20.2-6.27.1 libevdocument3-4-3.20.2-6.27.1 libevdocument3-4-debuginfo-3.20.2-6.27.1 libevview3-3-3.20.2-6.27.1 libevview3-3-debuginfo-3.20.2-6.27.1 nautilus-evince-3.20.2-6.27.1 nautilus-evince-debuginfo-3.20.2-6.27.1 References: https://www.suse.com/security/cve/CVE-2019-1010006.html https://www.suse.com/security/cve/CVE-2019-11459.html https://bugzilla.suse.com/1133037 https://bugzilla.suse.com/1141619 From sle-updates at lists.suse.com Fri Aug 16 19:13:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Aug 2019 03:13:29 +0200 (CEST) Subject: SUSE-SU-2019:2089-2: moderate: Security update for squid Message-ID: <20190817011329.E10AFFCD3@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2089-2 Rating: moderate References: #1140738 #1141329 #1141332 Cross-References: CVE-2019-12525 CVE-2019-12529 CVE-2019-13345 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for squid fixes the following issues: Security issue fixed: - CVE-2019-12529: Fixed a potential denial of service associated with HTTP Basic Authentication credentials (bsc#1141329). - CVE-2019-12525: Fixed a denial of service during processing of HTTP Digest Authentication credentials (bsc#1141332). - CVE-2019-13345: Fixed a cross site scripting vulnerability via user_name or auth parameter in cachemgr.cgi (bsc#1140738). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2089=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2089=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2089=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): squid-3.5.21-26.17.1 squid-debuginfo-3.5.21-26.17.1 squid-debugsource-3.5.21-26.17.1 - SUSE Enterprise Storage 5 (aarch64): squid-3.5.21-26.17.1 squid-debuginfo-3.5.21-26.17.1 squid-debugsource-3.5.21-26.17.1 - HPE Helion Openstack 8 (x86_64): squid-3.5.21-26.17.1 squid-debuginfo-3.5.21-26.17.1 squid-debugsource-3.5.21-26.17.1 References: https://www.suse.com/security/cve/CVE-2019-12525.html https://www.suse.com/security/cve/CVE-2019-12529.html https://www.suse.com/security/cve/CVE-2019-13345.html https://bugzilla.suse.com/1140738 https://bugzilla.suse.com/1141329 https://bugzilla.suse.com/1141332 From sle-updates at lists.suse.com Fri Aug 16 19:14:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Aug 2019 03:14:22 +0200 (CEST) Subject: SUSE-RU-2019:2166-2: moderate: Recommended update for openvswitch Message-ID: <20190817011422.3D1FEFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2166-2 Rating: moderate References: #1130276 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openvswitch fixes the following issues: openvswitch was updated to to 2.7.9 (bsc#1130276). Some of the changes are: * ofp-group: support to insert bucket with weight value for select type * ofproto: fix the bug of bucket counter is not updated * netdev-dpdk: Print netdev name for txq mapping. * ifupdown.sh: Add missing "--may-exist" option * timeval: Check for OS-provided clock_gettime on macOS * travis: Stop rsyslog before start. * vlog: Better handle syslog handler exceptions. * travis: Remove 'sudo' configuration. * ovsdb-monitor.at: Use correct perl scripts. * rconn: Avoid occasional immediate connection failures. * conntrack: Fix L4 csum for V6 extension hdr pkts. * packets: Change return type for 'packet_csum_upperlayer6()'. * ovsdb-client: Fix typo. * ofctl: break the loop if ovs_pcap_read returns error * Revert "ovs-tcpdump: Fix an undefined variable" * dhparams: Fix .c file generation with OpenSSL >= 1.1.1-pre9 * dhparams: Add pregenerated .c file to the repository. * conntrack: Exclude l2 padding in 'conn_key_extract()'. * dp-packet: Add 'dp_packet_l3_size()'. * monitor: Fix crash when monitor condition adds new columns. * dpif-netdev: Add thread safety annotation to sorted_poll_list. * acinclude: Drop DPDK_EXTRA_LIB variable. * datapath: Fix IPv6 later frags parsing * datapath: Derive IP protocol number for IPv6 later frags * datapath: Avoid OOB read when parsing flow nlattrs * odp-util: Stop parse odp actions if nlattr is overflow * ovs-tcpdump: Fix an undefined variable * stt: Fix return code during xmit. * netdev-linux: Fix function argument order in sfq_tc_load(). * ofproto-dpif-xlate: Account mirrored packets only if the VLAN matches. * ofp-actions: Avoid overflow for ofpact_learn_spec->n_bits * python: Escape backslashes while formatting logs. * docs: Fix table title for VM MQ config in dpdk howto. * cmap: Fix hashing in cmap_find_protected(). * python: Catch setsockopt exceptions for TCP stream. * rhel: Add 'SYSTEMD_NO_WRAP=yes' in ovs init script for SLES * debian: Install correct vtep-ctl. * datapath-windows: Fix invalid reference in Buffermgmt.c * netdev-dpdk: Bring link down when NETDEV_UP is not set * actions: Enforce a maximum limit for nested action depth * bond: Fix LACP fallback to active-backup when recirc is enabled. * netdev-dpdk: Fix netdev_dpdk_get_features(). * ovn-northd: Fix memory leak in free_chassis_queueid(). * python-c-ext: Fix memory leak in Parser_finish * bridge.c: prevent controller connects while flow-restore-wait * connmgr: Fix vswitchd abort when a port is added and the controller is down Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2166=1 Package List: - SUSE Enterprise Storage 5 (aarch64): openvswitch-2.7.9-3.31.3 openvswitch-debuginfo-2.7.9-3.31.3 openvswitch-debugsource-2.7.9-3.31.3 References: https://bugzilla.suse.com/1130276 From sle-updates at lists.suse.com Mon Aug 19 07:10:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Aug 2019 15:10:57 +0200 (CEST) Subject: SUSE-RU-2019:2169-1: moderate: Recommended update for sbd Message-ID: <20190819131057.F00F7FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2169-1 Rating: moderate References: #1134496 #1140065 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sbd provides the following fixes: - sbd-cluster: Fix high CPU usage when CMAP connection is lost. (bsc#1140065) - sbd-inquisitor: Overhaul device-list-parser. - sbd-inquisitor: Free timeout action on bail out. - sbd-inquisitor: Avoid flooding logs with messages that hint the default/configured timeout action. (bsc#1134496) - sbd-md: Prevent unrealistic overflow on sector IO calculation. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-2169=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): sbd-1.4.0+20190514.e9be8d9-3.3.1 sbd-debuginfo-1.4.0+20190514.e9be8d9-3.3.1 sbd-debugsource-1.4.0+20190514.e9be8d9-3.3.1 References: https://bugzilla.suse.com/1134496 https://bugzilla.suse.com/1140065 From sle-updates at lists.suse.com Mon Aug 19 10:12:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Aug 2019 18:12:15 +0200 (CEST) Subject: SUSE-RU-2019:2176-1: moderate: Recommended update for nvme-cli Message-ID: <20190819161215.10044FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2176-1 Rating: moderate References: #1142768 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nvme-cli fixes the following issues: - Add patch to fix error when calling 'nvme error-log', introduced by patch 0008. This also fixes the corresponding failing test in the regress-script. (bsc#1142768) - Reorder install steps: Install systemd services first, since they are required for the udev rules, avoiding a theoretical race condition. - Add script to determine host NQN based on the system UUID, which adds a new dependency on dmidecode for the corresponding archs: x86_64, aarch64, i586. - Write hostnqn and hostid not only if the corresponding file doesn't exist, but also when it is empty. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2176=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): nvme-cli-1.5-7.22.1 nvme-cli-debuginfo-1.5-7.22.1 nvme-cli-debugsource-1.5-7.22.1 References: https://bugzilla.suse.com/1142768 From sle-updates at lists.suse.com Mon Aug 19 10:12:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Aug 2019 18:12:52 +0200 (CEST) Subject: SUSE-RU-2019:2174-1: moderate: Recommended update for yast2-proxy Message-ID: <20190819161252.7C8F7FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-proxy ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2174-1 Rating: moderate References: #1140199 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-proxy fixes the following issues: - Fix 'proxy' behaviour when running in firstboot (bsc#1140199) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2174=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-proxy-4.0.3-3.6.1 References: https://bugzilla.suse.com/1140199 From sle-updates at lists.suse.com Mon Aug 19 10:13:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Aug 2019 18:13:34 +0200 (CEST) Subject: SUSE-RU-2019:2168-1: moderate: Recommended update for obs-service-tar_scm Message-ID: <20190819161334.13C3AFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for obs-service-tar_scm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2168-1 Rating: moderate References: #1138377 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for obs-service-tar_scm fixes the following issues: - Fixes that osc service does not run under german locale (bsc#1138377) obs-service-tar_scm was updated to version 0.10.9.1559745964.22c86cd: * [dist] python3 for SLE12 and openSUSE 42.3 * [dist] enable python3 in SLE >= 12 * fix encoding error for surrogates * glibc-common was used up to FC23 and RHEL7 * Compile python files before install * change order in GNUMakefile to prefer python3 * More thorought spec file cleanup * predefine python version in spec file for GNUMAkefile * [dist] spec file: python3 only and multidist * Git also uses the LANGUAGE variable * centos_version and rhel_version are triple digits * Minimize diff with the version in openSUSE:Tools * Fix the logic to pick the locale package on Fedora * Forgot the guard 0 in one conditional * Require packages to get the en_US.UTF-8 locales * enforce bytes for cpio file list Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2168=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2168=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): obs-service-appimage-0.10.9.1559745964.22c86cd-3.6.1 obs-service-obs_scm-0.10.9.1559745964.22c86cd-3.6.1 obs-service-obs_scm-common-0.10.9.1559745964.22c86cd-3.6.1 obs-service-snapcraft-0.10.9.1559745964.22c86cd-3.6.1 obs-service-tar-0.10.9.1559745964.22c86cd-3.6.1 obs-service-tar_scm-0.10.9.1559745964.22c86cd-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): obs-service-appimage-0.10.9.1559745964.22c86cd-3.6.1 obs-service-obs_scm-0.10.9.1559745964.22c86cd-3.6.1 obs-service-obs_scm-common-0.10.9.1559745964.22c86cd-3.6.1 obs-service-snapcraft-0.10.9.1559745964.22c86cd-3.6.1 obs-service-tar-0.10.9.1559745964.22c86cd-3.6.1 obs-service-tar_scm-0.10.9.1559745964.22c86cd-3.6.1 References: https://bugzilla.suse.com/1138377 From sle-updates at lists.suse.com Mon Aug 19 10:14:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Aug 2019 18:14:44 +0200 (CEST) Subject: SUSE-RU-2019:2172-1: moderate: Recommended update for multipath-tools Message-ID: <20190819161444.8D2D8FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2172-1 Rating: moderate References: #1038865 #1057820 #1118224 #1118495 #1119898 #1125507 #1129827 #1133861 #1134648 #1139369 #1140146 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for multipath-tools contains the following changes: - libmultipath: trigger uevents for partitions, too (bsc#1140146) - mpathpersist: optimize for setups with many LUNs (bsc#1134648) - mpathpersist: add option -f/--batch-file (bsc#1134648) - libmultipath: get_prio(): really don't reset prio for inaccessible paths (bsc#1118495) - Upstream bug fixes from dm-devel (bsc#1139369): * multipath: call store_pathinfo with DI_BLACKLIST * multipathd: fix REALLOC_REPLY with max length reply * libmultipath: make vector_foreach_slot_backwards work as expected * multipathd: fix client response for socket activation (bsc#1133861) - hwtable: add Lenovo DE series (bsc#1125507) - added basic NVMe ANA support (bsc#1119898, bsc#1118495) - setup_map: wait for pending path checkers to finish (bsc#1118224) - fixes for NVMe discovery and failover (bsc#1038865, bsc#1057820) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2172=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kpartx-0.7.9+164+suse.e41fbd9-3.3.1 kpartx-debuginfo-0.7.9+164+suse.e41fbd9-3.3.1 libdmmp-devel-0.7.9+164+suse.e41fbd9-3.3.1 libdmmp0_2_0-0.7.9+164+suse.e41fbd9-3.3.1 libdmmp0_2_0-debuginfo-0.7.9+164+suse.e41fbd9-3.3.1 multipath-tools-0.7.9+164+suse.e41fbd9-3.3.1 multipath-tools-debuginfo-0.7.9+164+suse.e41fbd9-3.3.1 multipath-tools-debugsource-0.7.9+164+suse.e41fbd9-3.3.1 multipath-tools-devel-0.7.9+164+suse.e41fbd9-3.3.1 References: https://bugzilla.suse.com/1038865 https://bugzilla.suse.com/1057820 https://bugzilla.suse.com/1118224 https://bugzilla.suse.com/1118495 https://bugzilla.suse.com/1119898 https://bugzilla.suse.com/1125507 https://bugzilla.suse.com/1129827 https://bugzilla.suse.com/1133861 https://bugzilla.suse.com/1134648 https://bugzilla.suse.com/1139369 https://bugzilla.suse.com/1140146 From sle-updates at lists.suse.com Mon Aug 19 10:16:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Aug 2019 18:16:43 +0200 (CEST) Subject: SUSE-RU-2019:2173-1: moderate: Recommended update for yast2 Message-ID: <20190819161643.ECADDFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2173-1 Rating: moderate References: #1093052 #1113732 #1128032 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Installer 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2 fixes the following issues: - Stop "ls: write error: Broken pipe" messages. (bsc#1128032) - Choose SuSEfirewall2 as default if no firewall has been installed. (bsc#1093052) - Added more testcases if e.g. system is running in chroot environment and systemd does not work properly (bsc#1113732) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2173=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2019-2173=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): yast2-4.0.104-3.18.1 - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64): yast2-4.0.104-3.18.1 References: https://bugzilla.suse.com/1093052 https://bugzilla.suse.com/1113732 https://bugzilla.suse.com/1128032 From sle-updates at lists.suse.com Mon Aug 19 10:17:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Aug 2019 18:17:40 +0200 (CEST) Subject: SUSE-RU-2019:2171-1: moderate: Recommended update for nvme-cli Message-ID: <20190819161740.063B9FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2171-1 Rating: moderate References: #1142768 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nvme-cli fixes the following issues: - Update nvme-cli to upstream version 1.8.1 (FATE#327304), (jsc#SLE-6589), (eco#166), Tracking Bug (bsc#1142768) * wdc: new commands: drive status, clear assert dump status, drive resize, NAND statistics * Add reporting of Virtual Management support to id-ctrl * NetApp: add command for NetApp ONTAP devices * Revert stop-on-failure with connect-all - Reorder install steps: Install systemd services first, since they are required for the udev rules, avoiding a theoretical race condition. - Add script to determine host NQN based on the system UUID, which adds a new dependency on dmidecode for the corresponding archs: x86_64, aarch64, i586 - Write hostnqn and hostid not only if the corresponding file doesn't exist, but also, when it is empty. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2171=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): nvme-cli-1.8.1-6.9.1 nvme-cli-debuginfo-1.8.1-6.9.1 nvme-cli-debugsource-1.8.1-6.9.1 References: https://bugzilla.suse.com/1142768 From sle-updates at lists.suse.com Mon Aug 19 10:24:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Aug 2019 18:24:21 +0200 (CEST) Subject: SUSE-RU-2019:2175-1: moderate: Recommended update for yast2-proxy Message-ID: <20190819162421.EBB65FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-proxy ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2175-1 Rating: moderate References: #1140199 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-proxy fixes the following issues: - Fix 'proxy' behaviour when running in firstboot (bsc#1140199) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2175=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): yast2-proxy-4.1.1-7.3.1 References: https://bugzilla.suse.com/1140199 From sle-updates at lists.suse.com Mon Aug 19 13:11:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Aug 2019 21:11:22 +0200 (CEST) Subject: SUSE-SU-2019:2182-1: moderate: Security update for rubygem-rails-html-sanitizer Message-ID: <20190819191122.4B12BFCD3@maintenance.suse.de> SUSE Security Update: Security update for rubygem-rails-html-sanitizer ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2182-1 Rating: moderate References: #1086598 Cross-References: CVE-2018-3741 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2018-3741: Fixed a XSS vulnerability due to insufficient filtering in scrub_attribute (bsc#1086598). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2182=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2182=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2182=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2182=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.8.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.8.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.8.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.8.1 References: https://www.suse.com/security/cve/CVE-2018-3741.html https://bugzilla.suse.com/1086598 From sle-updates at lists.suse.com Mon Aug 19 13:12:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Aug 2019 21:12:04 +0200 (CEST) Subject: SUSE-SU-2019:2181-1: important: Security update for nodejs6 Message-ID: <20190819191204.64B30FCD3@maintenance.suse.de> SUSE Security Update: Security update for nodejs6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2181-1 Rating: important References: #1140290 Cross-References: CVE-2019-13173 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nodejs6 fixes the following issues: - CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter() (bsc#1140290). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2181=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2181=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2181=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-2181=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2181=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): nodejs6-6.17.0-11.27.1 nodejs6-debuginfo-6.17.0-11.27.1 nodejs6-debugsource-6.17.0-11.27.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): nodejs6-6.17.0-11.27.1 nodejs6-debuginfo-6.17.0-11.27.1 nodejs6-debugsource-6.17.0-11.27.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): nodejs6-6.17.0-11.27.1 nodejs6-debuginfo-6.17.0-11.27.1 nodejs6-debugsource-6.17.0-11.27.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs6-6.17.0-11.27.1 nodejs6-debuginfo-6.17.0-11.27.1 nodejs6-debugsource-6.17.0-11.27.1 nodejs6-devel-6.17.0-11.27.1 npm6-6.17.0-11.27.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs6-docs-6.17.0-11.27.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): nodejs6-6.17.0-11.27.1 nodejs6-debuginfo-6.17.0-11.27.1 nodejs6-debugsource-6.17.0-11.27.1 References: https://www.suse.com/security/cve/CVE-2019-13173.html https://bugzilla.suse.com/1140290 From sle-updates at lists.suse.com Mon Aug 19 13:12:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Aug 2019 21:12:47 +0200 (CEST) Subject: SUSE-SU-2019:2180-1: important: Security update for python-Django Message-ID: <20190819191247.4CB76FCD3@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2180-1 Rating: important References: #1142880 #1142882 #1142883 #1142885 Cross-References: CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for python-Django fixes the following issues: - CVE-2019-14232: Fixed a denial of service in 'django.utils.text.Truncator' (bsc#1142880). - CVE-2019-14233: Fixed a denial of service in strip_tags() (bsc#1142882). - CVE-2019-14234: Fixed an SQL injection in key and index lookups for 'JSONField'/'HStoreField' (bsc#1142883). - CVE-2019-14235: Fixed a potential memory exhaustion in 'django.utils.encoding.uri_to_iri()' (bsc#1142885). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2180=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-Django-1.8.19-3.15.1 References: https://www.suse.com/security/cve/CVE-2019-14232.html https://www.suse.com/security/cve/CVE-2019-14233.html https://www.suse.com/security/cve/CVE-2019-14234.html https://www.suse.com/security/cve/CVE-2019-14235.html https://bugzilla.suse.com/1142880 https://bugzilla.suse.com/1142882 https://bugzilla.suse.com/1142883 https://bugzilla.suse.com/1142885 From sle-updates at lists.suse.com Tue Aug 20 07:10:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Aug 2019 15:10:56 +0200 (CEST) Subject: SUSE-RU-2019:2184-1: moderate: Recommended update for mksusecd Message-ID: <20190820131056.94214FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for mksusecd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2184-1 Rating: moderate References: #1000947 #1093145 #1097814 #1100236 #1139561 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for mksusecd fixes the following issues: - Embed gpg signature of checksum metadata into image. (bsc#1139561) - Set the default to unsigned images. - Add --enable-repos option. - Support aarch64 media. - No longer assume repo-md repositories don't include the installer. (bsc#1093145) - Adjust isozipl according to the changes of isoinfo. (bsc#1097814) - Don't miss zstd compression module. (bsc#1100236) - Keep some meta data for media checking even if the filesystem does not use iso9660. (bsc#1000947) - adjust to isoinfo and syslinux changes (bsc#1097814) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2184=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): mksusecd-1.69-3.3.1 mksusecd-debuginfo-1.69-3.3.1 mksusecd-debugsource-1.69-3.3.1 References: https://bugzilla.suse.com/1000947 https://bugzilla.suse.com/1093145 https://bugzilla.suse.com/1097814 https://bugzilla.suse.com/1100236 https://bugzilla.suse.com/1139561 From sle-updates at lists.suse.com Tue Aug 20 07:12:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Aug 2019 15:12:12 +0200 (CEST) Subject: SUSE-RU-2019:2183-1: moderate: Recommended update for ebtables Message-ID: <20190820131212.E98CDFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for ebtables ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2183-1 Rating: moderate References: #1140898 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ebtables fixes the following issues: - Fix path /sbin to /usr/sbin in ebtables.systemd. (bsc#1140898) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2183=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2183=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): ebtables-2.0.10.4-5.3.1 ebtables-debuginfo-2.0.10.4-5.3.1 ebtables-debugsource-2.0.10.4-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): ebtables-2.0.10.4-5.3.1 ebtables-debuginfo-2.0.10.4-5.3.1 ebtables-debugsource-2.0.10.4-5.3.1 References: https://bugzilla.suse.com/1140898 From sle-updates at lists.suse.com Tue Aug 20 13:10:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Aug 2019 21:10:36 +0200 (CEST) Subject: SUSE-SU-2019:2185-1: moderate: Security update for flatpak Message-ID: <20190820191036.BDF69FCD3@maintenance.suse.de> SUSE Security Update: Security update for flatpak ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2185-1 Rating: moderate References: #1125431 #1133041 #1133043 Cross-References: CVE-2019-11460 CVE-2019-11461 CVE-2019-8308 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for flatpak fixes the following issues: Security issues fixed: - CVE-2019-8308: Fixed a potential sandbox escape via /proc (bsc#1125431). - CVE-2019-11460: Fixed a compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl (bsc#1133043). - CVE-2019-11461: Fixed a compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl (bsc#1133041). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2185=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): flatpak-0.10.4-4.10.1 flatpak-debuginfo-0.10.4-4.10.1 flatpak-debugsource-0.10.4-4.10.1 flatpak-devel-0.10.4-4.10.1 libflatpak0-0.10.4-4.10.1 libflatpak0-debuginfo-0.10.4-4.10.1 typelib-1_0-Flatpak-1_0-0.10.4-4.10.1 References: https://www.suse.com/security/cve/CVE-2019-11460.html https://www.suse.com/security/cve/CVE-2019-11461.html https://www.suse.com/security/cve/CVE-2019-8308.html https://bugzilla.suse.com/1125431 https://bugzilla.suse.com/1133041 https://bugzilla.suse.com/1133043 From sle-updates at lists.suse.com Wed Aug 21 07:16:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Aug 2019 15:16:29 +0200 (CEST) Subject: SUSE-RU-2019:2188-1: moderate: Recommended update for aaa_base Message-ID: <20190821131629.5AB17FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2188-1 Rating: moderate References: #1140647 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aaa_base fixes the following issues: - Make systemd detection cgroup oblivious. (bsc#1140647) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2188=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2188=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2188=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2188=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2188=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2188=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.12.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.12.1 aaa_base-wsl-84.87+git20180409.04c9dae-3.12.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.12.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.12.1 aaa_base-wsl-84.87+git20180409.04c9dae-3.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.12.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.12.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.12.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.12.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.12.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-3.12.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.12.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.12.1 aaa_base-extras-84.87+git20180409.04c9dae-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-3.12.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.12.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.12.1 aaa_base-extras-84.87+git20180409.04c9dae-3.12.1 References: https://bugzilla.suse.com/1140647 From sle-updates at lists.suse.com Wed Aug 21 07:17:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Aug 2019 15:17:14 +0200 (CEST) Subject: SUSE-RU-2019:2189-1: moderate: Recommended update for sysstat Message-ID: <20190821131714.B58A4FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2189-1 Rating: moderate References: #1142470 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sysstat fixes the following issues: - Remove deprecated gettext and require gettext-runtime during build only. (bsc#1142470) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2189=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2189=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2189=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2189=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): sysstat-debuginfo-12.0.2-3.12.1 sysstat-debugsource-12.0.2-3.12.1 sysstat-isag-12.0.2-3.12.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): sysstat-debuginfo-12.0.2-3.12.1 sysstat-debugsource-12.0.2-3.12.1 sysstat-isag-12.0.2-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): sysstat-12.0.2-3.12.1 sysstat-debuginfo-12.0.2-3.12.1 sysstat-debugsource-12.0.2-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): sysstat-12.0.2-3.12.1 sysstat-debuginfo-12.0.2-3.12.1 sysstat-debugsource-12.0.2-3.12.1 References: https://bugzilla.suse.com/1142470 From sle-updates at lists.suse.com Wed Aug 21 07:17:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Aug 2019 15:17:54 +0200 (CEST) Subject: SUSE-RU-2019:2187-1: moderate: Recommended update for gnome-music Message-ID: <20190821131754.2C79FFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-music ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2187-1 Rating: moderate References: #1115708 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-music fixes the following issues: - Mark albums view as initialized, to avoid populating duplicate albums. (bsc#1115708). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-2187=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-2187=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): gnome-music-3.26.2-4.3.3 gnome-music-debuginfo-3.26.2-4.3.3 gnome-music-debugsource-3.26.2-4.3.3 - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): gnome-music-lang-3.26.2-4.3.3 - SUSE Linux Enterprise Workstation Extension 15 (noarch): gnome-music-lang-3.26.2-4.3.3 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): gnome-music-3.26.2-4.3.3 gnome-music-debuginfo-3.26.2-4.3.3 gnome-music-debugsource-3.26.2-4.3.3 References: https://bugzilla.suse.com/1115708 From sle-updates at lists.suse.com Wed Aug 21 07:18:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Aug 2019 15:18:31 +0200 (CEST) Subject: SUSE-RU-2019:2186-1: moderate: Recommended update for yast2-instserver Message-ID: <20190821131831.C692CFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-instserver ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2186-1 Rating: moderate References: #1141963 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-instserver contains the following fixes: - Do not crash when starting the Installation Server. (bsc#1141963) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2186=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): yast2-instserver-4.1.6-13.3.1 References: https://bugzilla.suse.com/1141963 From sle-updates at lists.suse.com Wed Aug 21 10:10:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Aug 2019 18:10:40 +0200 (CEST) Subject: SUSE-SU-2019:1606-2: moderate: Security update for libssh2_org Message-ID: <20190821161040.7110EFCD3@maintenance.suse.de> SUSE Security Update: Security update for libssh2_org ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1606-2 Rating: moderate References: #1128481 #1136570 Cross-References: CVE-2019-3860 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Desktop 12-SP5 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libssh2_org fixes the following issues: - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1606=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1606=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-1606=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1606=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1606=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1606=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-1606=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1606=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1606=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1606=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-32bit-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2-1-debuginfo-32bit-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE OpenStack Cloud 8 (x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-32bit-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2-1-debuginfo-32bit-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libssh2-devel-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libssh2-1-32bit-1.4.3-20.9.1 libssh2-1-debuginfo-32bit-1.4.3-20.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libssh2-1-32bit-1.4.3-20.9.1 libssh2-1-debuginfo-32bit-1.4.3-20.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libssh2-1-32bit-1.4.3-20.9.1 libssh2-1-debuginfo-32bit-1.4.3-20.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-32bit-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2-1-debuginfo-32bit-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-32bit-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2-1-debuginfo-32bit-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - HPE Helion Openstack 8 (x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-32bit-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2-1-debuginfo-32bit-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 References: https://www.suse.com/security/cve/CVE-2019-3860.html https://bugzilla.suse.com/1128481 https://bugzilla.suse.com/1136570 From sle-updates at lists.suse.com Wed Aug 21 13:10:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Aug 2019 21:10:36 +0200 (CEST) Subject: SUSE-OU-2019:2190-1: SUSE Enterprise Storage 6 Technical Container Preview Message-ID: <20190821191036.49B38FCD3@maintenance.suse.de> SUSE Optional Update: SUSE Enterprise Storage 6 Technical Container Preview ______________________________________________________________________________ Announcement ID: SUSE-OU-2019:2190-1 Rating: low References: #1145433 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This is a technical preview for SUSE Enterprise Storage 6. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2019-2190=1 Package List: - SUSE Enterprise Storage 6 (aarch64 x86_64): patterns-ses-admin-1.1-5.3.1 patterns-ses-ceph_iscsi-1.1-5.3.1 patterns-ses-ceph_server-1.1-5.3.1 - SUSE Enterprise Storage 6 (noarch): rook-k8s-yaml-1.0.0+git1862.ge9abbf48-1.3.1 References: https://bugzilla.suse.com/1145433 From sle-updates at lists.suse.com Wed Aug 21 13:12:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Aug 2019 21:12:20 +0200 (CEST) Subject: SUSE-SU-2019:2192-1: important: Security update for qemu Message-ID: <20190821191220.6E04FFCD3@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2192-1 Rating: important References: #1128106 #1133031 #1134883 #1135210 #1135902 #1136540 #1136778 #1138534 #1140402 #1143794 #1144087 Cross-References: CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 CVE-2019-5008 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has 7 fixes is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). - CVE-2019-5008: Fix DoS (NULL pointer dereference) in sparc64 virtual machine possible through guest device driver (bsc#1133031). Bug fixes and enhancements: - Upstream tweaked SnowRidge-Server vcpu model to now be simply Snowridge (jsc#SLE-4883) - Add SnowRidge-Server vcpu model (jsc#SLE-4883) - Add in documentation about md-clear feature (bsc#1138534) - Fix SEV issue where older machine type is not processed correctly (bsc#1144087) - Fix case of a bad pointer in Xen PV usb support code (bsc#1128106) - Further refine arch-capabilities handling to help with security and performance in Intel hosts (bsc#1134883, bsc#1135210) (fate#327764) - Add support for one more security/performance related vcpu feature (bsc#1136778) (fate#327796) - Ignore csske for expanding the cpu model (bsc#1136540) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2192=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2192=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2192=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): qemu-3.1.1-9.3.3 qemu-block-curl-3.1.1-9.3.3 qemu-block-curl-debuginfo-3.1.1-9.3.3 qemu-block-iscsi-3.1.1-9.3.3 qemu-block-iscsi-debuginfo-3.1.1-9.3.3 qemu-block-rbd-3.1.1-9.3.3 qemu-block-rbd-debuginfo-3.1.1-9.3.3 qemu-block-ssh-3.1.1-9.3.3 qemu-block-ssh-debuginfo-3.1.1-9.3.3 qemu-debuginfo-3.1.1-9.3.3 qemu-debugsource-3.1.1-9.3.3 qemu-guest-agent-3.1.1-9.3.3 qemu-guest-agent-debuginfo-3.1.1-9.3.3 qemu-lang-3.1.1-9.3.3 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (s390x x86_64): qemu-kvm-3.1.1-9.3.3 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (ppc64le): qemu-ppc-3.1.1-9.3.3 qemu-ppc-debuginfo-3.1.1-9.3.3 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64): qemu-arm-3.1.1-9.3.3 qemu-arm-debuginfo-3.1.1-9.3.3 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): qemu-ipxe-1.0.0+-9.3.3 qemu-seabios-1.12.0-9.3.3 qemu-sgabios-8-9.3.3 qemu-vgabios-1.12.0-9.3.3 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (x86_64): qemu-audio-alsa-3.1.1-9.3.3 qemu-audio-alsa-debuginfo-3.1.1-9.3.3 qemu-audio-oss-3.1.1-9.3.3 qemu-audio-oss-debuginfo-3.1.1-9.3.3 qemu-audio-pa-3.1.1-9.3.3 qemu-audio-pa-debuginfo-3.1.1-9.3.3 qemu-ui-curses-3.1.1-9.3.3 qemu-ui-curses-debuginfo-3.1.1-9.3.3 qemu-ui-gtk-3.1.1-9.3.3 qemu-ui-gtk-debuginfo-3.1.1-9.3.3 qemu-x86-3.1.1-9.3.3 qemu-x86-debuginfo-3.1.1-9.3.3 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (s390x): qemu-s390-3.1.1-9.3.3 qemu-s390-debuginfo-3.1.1-9.3.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): qemu-block-dmg-3.1.1-9.3.3 qemu-block-dmg-debuginfo-3.1.1-9.3.3 qemu-debuginfo-3.1.1-9.3.3 qemu-debugsource-3.1.1-9.3.3 qemu-extra-3.1.1-9.3.3 qemu-extra-debuginfo-3.1.1-9.3.3 qemu-linux-user-3.1.1-9.3.2 qemu-linux-user-debuginfo-3.1.1-9.3.2 qemu-linux-user-debugsource-3.1.1-9.3.2 qemu-testsuite-3.1.1-9.3.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le x86_64): qemu-s390-3.1.1-9.3.3 qemu-s390-debuginfo-3.1.1-9.3.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x): qemu-audio-alsa-3.1.1-9.3.3 qemu-audio-alsa-debuginfo-3.1.1-9.3.3 qemu-audio-oss-3.1.1-9.3.3 qemu-audio-oss-debuginfo-3.1.1-9.3.3 qemu-audio-pa-3.1.1-9.3.3 qemu-audio-pa-debuginfo-3.1.1-9.3.3 qemu-ui-curses-3.1.1-9.3.3 qemu-ui-curses-debuginfo-3.1.1-9.3.3 qemu-ui-gtk-3.1.1-9.3.3 qemu-ui-gtk-debuginfo-3.1.1-9.3.3 qemu-x86-3.1.1-9.3.3 qemu-x86-debuginfo-3.1.1-9.3.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x x86_64): qemu-ppc-3.1.1-9.3.3 qemu-ppc-debuginfo-3.1.1-9.3.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le s390x x86_64): qemu-arm-3.1.1-9.3.3 qemu-arm-debuginfo-3.1.1-9.3.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): qemu-seabios-1.12.0-9.3.3 qemu-sgabios-8-9.3.3 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-3.1.1-9.3.3 qemu-debugsource-3.1.1-9.3.3 qemu-tools-3.1.1-9.3.3 qemu-tools-debuginfo-3.1.1-9.3.3 References: https://www.suse.com/security/cve/CVE-2019-12155.html https://www.suse.com/security/cve/CVE-2019-13164.html https://www.suse.com/security/cve/CVE-2019-14378.html https://www.suse.com/security/cve/CVE-2019-5008.html https://bugzilla.suse.com/1128106 https://bugzilla.suse.com/1133031 https://bugzilla.suse.com/1134883 https://bugzilla.suse.com/1135210 https://bugzilla.suse.com/1135902 https://bugzilla.suse.com/1136540 https://bugzilla.suse.com/1136778 https://bugzilla.suse.com/1138534 https://bugzilla.suse.com/1140402 https://bugzilla.suse.com/1143794 https://bugzilla.suse.com/1144087 From sle-updates at lists.suse.com Wed Aug 21 13:14:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Aug 2019 21:14:21 +0200 (CEST) Subject: SUSE-SU-2019:2159-1: important: Security update for postgresql96 Message-ID: <20190821191421.53356FCD3@maintenance.suse.de> SUSE Security Update: Security update for postgresql96 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2159-1 Rating: important References: #1145092 Cross-References: CVE-2019-10208 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql96 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2159=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2159=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2159=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2159=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2159=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2159=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2159=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2159=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2159=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2159=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2159=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2159=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2159=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2159=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): postgresql96-docs-9.6.15-3.29.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): postgresql96-9.6.15-3.29.1 postgresql96-contrib-9.6.15-3.29.1 postgresql96-contrib-debuginfo-9.6.15-3.29.1 postgresql96-debuginfo-9.6.15-3.29.1 postgresql96-debugsource-9.6.15-3.29.1 postgresql96-libs-debugsource-9.6.15-3.29.1 postgresql96-server-9.6.15-3.29.1 postgresql96-server-debuginfo-9.6.15-3.29.1 - SUSE OpenStack Cloud 8 (x86_64): postgresql96-9.6.15-3.29.1 postgresql96-contrib-9.6.15-3.29.1 postgresql96-contrib-debuginfo-9.6.15-3.29.1 postgresql96-debuginfo-9.6.15-3.29.1 postgresql96-debugsource-9.6.15-3.29.1 postgresql96-libs-debugsource-9.6.15-3.29.1 postgresql96-server-9.6.15-3.29.1 postgresql96-server-debuginfo-9.6.15-3.29.1 - SUSE OpenStack Cloud 8 (noarch): postgresql96-docs-9.6.15-3.29.1 - SUSE OpenStack Cloud 7 (s390x x86_64): postgresql96-9.6.15-3.29.1 postgresql96-contrib-9.6.15-3.29.1 postgresql96-contrib-debuginfo-9.6.15-3.29.1 postgresql96-debuginfo-9.6.15-3.29.1 postgresql96-debugsource-9.6.15-3.29.1 postgresql96-libs-debugsource-9.6.15-3.29.1 postgresql96-server-9.6.15-3.29.1 postgresql96-server-debuginfo-9.6.15-3.29.1 - SUSE OpenStack Cloud 7 (noarch): postgresql96-docs-9.6.15-3.29.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): postgresql96-9.6.15-3.29.1 postgresql96-contrib-9.6.15-3.29.1 postgresql96-contrib-debuginfo-9.6.15-3.29.1 postgresql96-debuginfo-9.6.15-3.29.1 postgresql96-debugsource-9.6.15-3.29.1 postgresql96-libs-debugsource-9.6.15-3.29.1 postgresql96-server-9.6.15-3.29.1 postgresql96-server-debuginfo-9.6.15-3.29.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): postgresql96-docs-9.6.15-3.29.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): postgresql96-9.6.15-3.29.1 postgresql96-contrib-9.6.15-3.29.1 postgresql96-contrib-debuginfo-9.6.15-3.29.1 postgresql96-debuginfo-9.6.15-3.29.1 postgresql96-debugsource-9.6.15-3.29.1 postgresql96-libs-debugsource-9.6.15-3.29.1 postgresql96-server-9.6.15-3.29.1 postgresql96-server-debuginfo-9.6.15-3.29.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): postgresql96-docs-9.6.15-3.29.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): postgresql96-9.6.15-3.29.1 postgresql96-contrib-9.6.15-3.29.1 postgresql96-contrib-debuginfo-9.6.15-3.29.1 postgresql96-debuginfo-9.6.15-3.29.1 postgresql96-debugsource-9.6.15-3.29.1 postgresql96-libs-debugsource-9.6.15-3.29.1 postgresql96-server-9.6.15-3.29.1 postgresql96-server-debuginfo-9.6.15-3.29.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): postgresql96-docs-9.6.15-3.29.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): postgresql96-9.6.15-3.29.1 postgresql96-contrib-9.6.15-3.29.1 postgresql96-contrib-debuginfo-9.6.15-3.29.1 postgresql96-debuginfo-9.6.15-3.29.1 postgresql96-debugsource-9.6.15-3.29.1 postgresql96-libs-debugsource-9.6.15-3.29.1 postgresql96-server-9.6.15-3.29.1 postgresql96-server-debuginfo-9.6.15-3.29.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): postgresql96-docs-9.6.15-3.29.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): postgresql96-docs-9.6.15-3.29.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): postgresql96-9.6.15-3.29.1 postgresql96-contrib-9.6.15-3.29.1 postgresql96-contrib-debuginfo-9.6.15-3.29.1 postgresql96-debuginfo-9.6.15-3.29.1 postgresql96-debugsource-9.6.15-3.29.1 postgresql96-libs-debugsource-9.6.15-3.29.1 postgresql96-server-9.6.15-3.29.1 postgresql96-server-debuginfo-9.6.15-3.29.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): postgresql96-9.6.15-3.29.1 postgresql96-contrib-9.6.15-3.29.1 postgresql96-contrib-debuginfo-9.6.15-3.29.1 postgresql96-debuginfo-9.6.15-3.29.1 postgresql96-debugsource-9.6.15-3.29.1 postgresql96-libs-debugsource-9.6.15-3.29.1 postgresql96-server-9.6.15-3.29.1 postgresql96-server-debuginfo-9.6.15-3.29.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): postgresql96-docs-9.6.15-3.29.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): postgresql96-9.6.15-3.29.1 postgresql96-contrib-9.6.15-3.29.1 postgresql96-contrib-debuginfo-9.6.15-3.29.1 postgresql96-debuginfo-9.6.15-3.29.1 postgresql96-debugsource-9.6.15-3.29.1 postgresql96-libs-debugsource-9.6.15-3.29.1 postgresql96-server-9.6.15-3.29.1 postgresql96-server-debuginfo-9.6.15-3.29.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): postgresql96-docs-9.6.15-3.29.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): postgresql96-9.6.15-3.29.1 postgresql96-contrib-9.6.15-3.29.1 postgresql96-contrib-debuginfo-9.6.15-3.29.1 postgresql96-debuginfo-9.6.15-3.29.1 postgresql96-debugsource-9.6.15-3.29.1 postgresql96-libs-debugsource-9.6.15-3.29.1 postgresql96-server-9.6.15-3.29.1 postgresql96-server-debuginfo-9.6.15-3.29.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): postgresql96-docs-9.6.15-3.29.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): postgresql96-9.6.15-3.29.1 postgresql96-contrib-9.6.15-3.29.1 postgresql96-contrib-debuginfo-9.6.15-3.29.1 postgresql96-debuginfo-9.6.15-3.29.1 postgresql96-debugsource-9.6.15-3.29.1 postgresql96-libs-debugsource-9.6.15-3.29.1 postgresql96-server-9.6.15-3.29.1 postgresql96-server-debuginfo-9.6.15-3.29.1 - SUSE Enterprise Storage 5 (noarch): postgresql96-docs-9.6.15-3.29.1 - SUSE Enterprise Storage 4 (noarch): postgresql96-docs-9.6.15-3.29.1 - SUSE Enterprise Storage 4 (x86_64): postgresql96-9.6.15-3.29.1 postgresql96-contrib-9.6.15-3.29.1 postgresql96-contrib-debuginfo-9.6.15-3.29.1 postgresql96-debuginfo-9.6.15-3.29.1 postgresql96-debugsource-9.6.15-3.29.1 postgresql96-libs-debugsource-9.6.15-3.29.1 postgresql96-server-9.6.15-3.29.1 postgresql96-server-debuginfo-9.6.15-3.29.1 - HPE Helion Openstack 8 (x86_64): postgresql96-9.6.15-3.29.1 postgresql96-contrib-9.6.15-3.29.1 postgresql96-contrib-debuginfo-9.6.15-3.29.1 postgresql96-debuginfo-9.6.15-3.29.1 postgresql96-debugsource-9.6.15-3.29.1 postgresql96-libs-debugsource-9.6.15-3.29.1 postgresql96-server-9.6.15-3.29.1 postgresql96-server-debuginfo-9.6.15-3.29.1 - HPE Helion Openstack 8 (noarch): postgresql96-docs-9.6.15-3.29.1 References: https://www.suse.com/security/cve/CVE-2019-10208.html https://bugzilla.suse.com/1145092 From sle-updates at lists.suse.com Wed Aug 21 13:15:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Aug 2019 21:15:03 +0200 (CEST) Subject: SUSE-SU-2019:14151-1: important: Security update for kvm Message-ID: <20190821191503.BE66AFCD3@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14151-1 Rating: important References: #1135902 #1140402 #1143794 Cross-References: CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for kvm fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-kvm-14151=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 s390x x86_64): kvm-1.4.2-60.27.1 References: https://www.suse.com/security/cve/CVE-2019-12155.html https://www.suse.com/security/cve/CVE-2019-13164.html https://www.suse.com/security/cve/CVE-2019-14378.html https://bugzilla.suse.com/1135902 https://bugzilla.suse.com/1140402 https://bugzilla.suse.com/1143794 From sle-updates at lists.suse.com Wed Aug 21 13:15:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Aug 2019 21:15:57 +0200 (CEST) Subject: SUSE-SU-2019:2191-1: Security update for wavpack Message-ID: <20190821191557.E19C8FCD3@maintenance.suse.de> SUSE Security Update: Security update for wavpack ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2191-1 Rating: low References: #1133384 #1141334 Cross-References: CVE-2019-1010319 CVE-2019-11498 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for wavpack fixes the following issues: Security issues fixed: - CVE-2019-1010319: Fixed use of uninitialized variable in ParseWave64HeaderConfig that can result in unexpected control flow, crashes, and segfaults (bsc#1141334). - CVE-2019-11498: Fixed possible denial of service (application crash) in WavpackSetConfiguration64 via a DFF file that lacks valid sample-rate data (bsc#1133384). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2191=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2191=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2191=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2191=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2191=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libwavpack1-32bit-5.1.0-4.6.1 libwavpack1-32bit-debuginfo-5.1.0-4.6.1 wavpack-debugsource-5.1.0-4.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): wavpack-5.1.0-4.6.1 wavpack-debuginfo-5.1.0-4.6.1 wavpack-debugsource-5.1.0-4.6.1 wavpack-devel-5.1.0-4.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): wavpack-5.1.0-4.6.1 wavpack-debuginfo-5.1.0-4.6.1 wavpack-debugsource-5.1.0-4.6.1 wavpack-devel-5.1.0-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libwavpack1-5.1.0-4.6.1 libwavpack1-debuginfo-5.1.0-4.6.1 wavpack-debuginfo-5.1.0-4.6.1 wavpack-debugsource-5.1.0-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libwavpack1-5.1.0-4.6.1 libwavpack1-debuginfo-5.1.0-4.6.1 wavpack-debuginfo-5.1.0-4.6.1 wavpack-debugsource-5.1.0-4.6.1 References: https://www.suse.com/security/cve/CVE-2019-1010319.html https://www.suse.com/security/cve/CVE-2019-11498.html https://bugzilla.suse.com/1133384 https://bugzilla.suse.com/1141334 From sle-updates at lists.suse.com Thu Aug 22 04:10:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Aug 2019 12:10:44 +0200 (CEST) Subject: SUSE-RU-2019:2194-1: moderate: Recommended update for deepsea Message-ID: <20190822101045.0227EFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for deepsea ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2194-1 Rating: moderate References: #1133826 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for deepsea fixes the following issues: - Removes the OSD entry from Ceph regardless of the results from the minion (bsc#1133826) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2194=1 Package List: - SUSE Enterprise Storage 5 (noarch): deepsea-0.8.12+git.0.e885d513e-2.40.1 References: https://bugzilla.suse.com/1133826 From sle-updates at lists.suse.com Thu Aug 22 10:10:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Aug 2019 18:10:41 +0200 (CEST) Subject: SUSE-RU-2019:2201-1: moderate: Recommended update for pacemaker Message-ID: <20190822161041.5AEBBFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2201-1 Rating: moderate References: #1032511 #1127716 #1130122 #1133866 #1135317 #1136712 #1140519 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - scheduler: wait for probe actions to complete to prevent unnecessary restart/re-promote of dependent resources (bsc#1130122, bsc#1032511) - The --help option of stonith_admin defines now the usage of --cleanup (bsc#1135317) - controller: confirm cancel of failed monitors (bsc#1133866) - libcrmcommon: returns an error when applying XML diffs containing unknown operations (bsc#1127716) - libcrmcommon: avoids now a possible use-of-NULL when applying XML diffs (bsc#1127716) - libcrmcommon: correctly apply XML diffs with multiple move/create changes (bsc#1127716) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-2201=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.1+20190417.13d370ca9-3.3.1 libpacemaker3-2.0.1+20190417.13d370ca9-3.3.1 libpacemaker3-debuginfo-2.0.1+20190417.13d370ca9-3.3.1 pacemaker-2.0.1+20190417.13d370ca9-3.3.1 pacemaker-cli-2.0.1+20190417.13d370ca9-3.3.1 pacemaker-cli-debuginfo-2.0.1+20190417.13d370ca9-3.3.1 pacemaker-debuginfo-2.0.1+20190417.13d370ca9-3.3.1 pacemaker-debugsource-2.0.1+20190417.13d370ca9-3.3.1 pacemaker-remote-2.0.1+20190417.13d370ca9-3.3.1 pacemaker-remote-debuginfo-2.0.1+20190417.13d370ca9-3.3.1 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): pacemaker-cts-2.0.1+20190417.13d370ca9-3.3.1 References: https://bugzilla.suse.com/1032511 https://bugzilla.suse.com/1127716 https://bugzilla.suse.com/1130122 https://bugzilla.suse.com/1133866 https://bugzilla.suse.com/1135317 https://bugzilla.suse.com/1136712 https://bugzilla.suse.com/1140519 From sle-updates at lists.suse.com Thu Aug 22 10:12:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Aug 2019 18:12:15 +0200 (CEST) Subject: SUSE-RU-2019:2196-1: important: Recommended update for cloud-regionsrv-client Message-ID: <20190822161215.E223DFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2196-1 Rating: important References: #1144754 #1146321 #1146462 #1146463 #1146467 #1146468 #1146610 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Adds a dependency to python3-urllib3 (bsc#1146610, bsc#1146321, bsc#1144754) - Fixes an issue where the registration client exited with a traceback since the last update (bsc#1146462, bsc#1146463) - Clear the new-registration marker if the instance has a cache of update servers (bsc#1146467, bsc#1146468) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-2196=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-9.0.3-52.16.1 cloud-regionsrv-client-generic-config-1.0.0-52.16.1 cloud-regionsrv-client-plugin-azure-1.0.1-52.16.1 cloud-regionsrv-client-plugin-ec2-1.0.0-52.16.1 cloud-regionsrv-client-plugin-gce-1.0.0-52.16.1 References: https://bugzilla.suse.com/1144754 https://bugzilla.suse.com/1146321 https://bugzilla.suse.com/1146462 https://bugzilla.suse.com/1146463 https://bugzilla.suse.com/1146467 https://bugzilla.suse.com/1146468 https://bugzilla.suse.com/1146610 From sle-updates at lists.suse.com Thu Aug 22 10:13:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Aug 2019 18:13:39 +0200 (CEST) Subject: SUSE-RU-2019:2202-1: moderate: Recommended update for openvswitch Message-ID: <20190822161339.DC091FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2202-1 Rating: moderate References: #1132029 #1138948 #1139798 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for openvswitch contains the following changes: - fixes a permission error on logrotating (bsc#1132029, bsc#1139798) - This version update to 2.11.1 for openvswitch includes many minor bug fixes (Please refer to the rpm changelog file to see the full list) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2202=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2202=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_11-0-2.11.1-3.7.1 libopenvswitch-2_11-0-debuginfo-2.11.1-3.7.1 openvswitch-2.11.1-3.7.1 openvswitch-debuginfo-2.11.1-3.7.1 openvswitch-debugsource-2.11.1-3.7.1 openvswitch-devel-2.11.1-3.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): openvswitch-debuginfo-2.11.1-3.7.1 openvswitch-debugsource-2.11.1-3.7.1 openvswitch-ovn-central-2.11.1-3.7.1 openvswitch-ovn-central-debuginfo-2.11.1-3.7.1 openvswitch-ovn-common-2.11.1-3.7.1 openvswitch-ovn-common-debuginfo-2.11.1-3.7.1 openvswitch-ovn-docker-2.11.1-3.7.1 openvswitch-ovn-host-2.11.1-3.7.1 openvswitch-ovn-host-debuginfo-2.11.1-3.7.1 openvswitch-ovn-vtep-2.11.1-3.7.1 openvswitch-ovn-vtep-debuginfo-2.11.1-3.7.1 openvswitch-pki-2.11.1-3.7.1 openvswitch-test-2.11.1-3.7.1 openvswitch-test-debuginfo-2.11.1-3.7.1 openvswitch-vtep-2.11.1-3.7.1 openvswitch-vtep-debuginfo-2.11.1-3.7.1 python2-ovs-2.11.1-3.7.1 python2-ovs-debuginfo-2.11.1-3.7.1 python3-ovs-2.11.1-3.7.1 python3-ovs-debuginfo-2.11.1-3.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): openvswitch-doc-2.11.1-3.7.1 References: https://bugzilla.suse.com/1132029 https://bugzilla.suse.com/1138948 https://bugzilla.suse.com/1139798 From sle-updates at lists.suse.com Thu Aug 22 10:14:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Aug 2019 18:14:35 +0200 (CEST) Subject: SUSE-RU-2019:2203-1: moderate: Recommended update for tcmu-runner Message-ID: <20190822161435.33404FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for tcmu-runner ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2203-1 Rating: moderate References: #1138443 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tcmu-runner fixes the following issues: - Move tcmu.conf into main package. (bsc#1138443) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2203=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2203=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2203=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libtcmu2-1.4.0-3.6.1 libtcmu2-debuginfo-1.4.0-3.6.1 tcmu-runner-1.4.0-3.6.1 tcmu-runner-debuginfo-1.4.0-3.6.1 tcmu-runner-debugsource-1.4.0-3.6.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libtcmu2-1.4.0-3.6.1 libtcmu2-debuginfo-1.4.0-3.6.1 tcmu-runner-1.4.0-3.6.1 tcmu-runner-debuginfo-1.4.0-3.6.1 tcmu-runner-debugsource-1.4.0-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 x86_64): tcmu-runner-debuginfo-1.4.0-3.6.1 tcmu-runner-debugsource-1.4.0-3.6.1 tcmu-runner-handler-rbd-1.4.0-3.6.1 tcmu-runner-handler-rbd-debuginfo-1.4.0-3.6.1 References: https://bugzilla.suse.com/1138443 From sle-updates at lists.suse.com Thu Aug 22 10:15:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Aug 2019 18:15:18 +0200 (CEST) Subject: SUSE-RU-2019:2200-1: Recommended update for quota Message-ID: <20190822161518.7BE07FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for quota ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2200-1 Rating: low References: #1144265 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for quota fixes the following issues: - quota will stop processing the config file in case of errors (bsc#1144265) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2200=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2200=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): quota-4.05-3.9.1 quota-debuginfo-4.05-3.9.1 quota-debugsource-4.05-3.9.1 quota-nfs-4.05-3.9.1 quota-nfs-debuginfo-4.05-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): quota-4.05-3.9.1 quota-debuginfo-4.05-3.9.1 quota-debugsource-4.05-3.9.1 quota-nfs-4.05-3.9.1 quota-nfs-debuginfo-4.05-3.9.1 References: https://bugzilla.suse.com/1144265 From sle-updates at lists.suse.com Thu Aug 22 10:15:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Aug 2019 18:15:58 +0200 (CEST) Subject: SUSE-RU-2019:2204-1: moderate: Recommended update for yast2-apparmor Message-ID: <20190822161558.ED088FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2204-1 Rating: moderate References: #1139852 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-apparmor provides the following fixes: - Avoid warnings due to dead code related to removed notify settings. (bsc#1139852) - Removes a Perl script to generate reports that is broken and not used. (bsc#1139852) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2204=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2204=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): yast2-apparmor-3.2.2-3.4.2 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): yast2-apparmor-3.2.2-3.4.2 References: https://bugzilla.suse.com/1139852 From sle-updates at lists.suse.com Thu Aug 22 10:16:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Aug 2019 18:16:40 +0200 (CEST) Subject: SUSE-RU-2019:2197-1: moderate: Recommended update for shim Message-ID: <20190822161640.2380FFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for shim ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2197-1 Rating: moderate References: #1145676 #1145802 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for shim fixes the following issues: - Fixes an issue where shim-install crashed (bsc#1145802, bsc#1145676) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2197=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): shim-15+git47-3.3.1 shim-debuginfo-15+git47-3.3.1 shim-debugsource-15+git47-3.3.1 References: https://bugzilla.suse.com/1145676 https://bugzilla.suse.com/1145802 From sle-updates at lists.suse.com Thu Aug 22 10:17:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Aug 2019 18:17:27 +0200 (CEST) Subject: SUSE-RU-2019:2198-1: important: Recommended update for cloud-regionsrv-client Message-ID: <20190822161727.56760FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2198-1 Rating: important References: #1144754 #1146321 #1146462 #1146463 #1146467 #1146468 #1146610 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Adds a dependency to python3-urllib3 (bsc#1146610, bsc#1146321, bsc#1144754) - Fixes an issue where the registration client exited with a traceback since the last update (bsc#1146462, bsc#1146463) - Clear the new-registration marker if the instance has a cache of update servers (bsc#1146467, bsc#1146468) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2019-2198=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-2198=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-regionsrv-client-9.0.3-6.9.1 cloud-regionsrv-client-generic-config-1.0.0-6.9.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.9.1 cloud-regionsrv-client-plugin-ec2-1.0.0-6.9.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.9.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cloud-regionsrv-client-9.0.3-6.9.1 cloud-regionsrv-client-generic-config-1.0.0-6.9.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.9.1 cloud-regionsrv-client-plugin-ec2-1.0.0-6.9.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.9.1 References: https://bugzilla.suse.com/1144754 https://bugzilla.suse.com/1146321 https://bugzilla.suse.com/1146462 https://bugzilla.suse.com/1146463 https://bugzilla.suse.com/1146467 https://bugzilla.suse.com/1146468 https://bugzilla.suse.com/1146610 From sle-updates at lists.suse.com Fri Aug 23 04:11:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Aug 2019 12:11:29 +0200 (CEST) Subject: SUSE-RU-2019:1844-2: Recommended update for pam Message-ID: <20190823101129.18FFFFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1844-2 Rating: low References: #1116544 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pam fixes the following issues: - restricted the number of file descriptors to close to a more sensible number based upon resource limits (bsc#1116544) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1844=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1844=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1844=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1844=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1844=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1844=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1844=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-1844=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1844=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1844=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1844=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1844=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1844=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1844=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): pam-doc-1.1.8-24.24.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): pam-1.1.8-24.24.1 pam-32bit-1.1.8-24.24.1 pam-debuginfo-1.1.8-24.24.1 pam-debuginfo-32bit-1.1.8-24.24.1 pam-debugsource-1.1.8-24.24.1 - SUSE OpenStack Cloud 8 (noarch): pam-doc-1.1.8-24.24.1 - SUSE OpenStack Cloud 8 (x86_64): pam-1.1.8-24.24.1 pam-32bit-1.1.8-24.24.1 pam-debuginfo-1.1.8-24.24.1 pam-debuginfo-32bit-1.1.8-24.24.1 pam-debugsource-1.1.8-24.24.1 - SUSE OpenStack Cloud 7 (s390x x86_64): pam-1.1.8-24.24.1 pam-32bit-1.1.8-24.24.1 pam-debuginfo-1.1.8-24.24.1 pam-debuginfo-32bit-1.1.8-24.24.1 pam-debugsource-1.1.8-24.24.1 - SUSE OpenStack Cloud 7 (noarch): pam-doc-1.1.8-24.24.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): pam-1.1.8-24.24.1 pam-debuginfo-1.1.8-24.24.1 pam-debugsource-1.1.8-24.24.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): pam-32bit-1.1.8-24.24.1 pam-debuginfo-32bit-1.1.8-24.24.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): pam-doc-1.1.8-24.24.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): pam-1.1.8-24.24.1 pam-debuginfo-1.1.8-24.24.1 pam-debugsource-1.1.8-24.24.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): pam-32bit-1.1.8-24.24.1 pam-debuginfo-32bit-1.1.8-24.24.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): pam-doc-1.1.8-24.24.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): pam-doc-1.1.8-24.24.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): pam-1.1.8-24.24.1 pam-32bit-1.1.8-24.24.1 pam-debuginfo-1.1.8-24.24.1 pam-debuginfo-32bit-1.1.8-24.24.1 pam-debugsource-1.1.8-24.24.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): pam-1.1.8-24.24.1 pam-debuginfo-1.1.8-24.24.1 pam-debugsource-1.1.8-24.24.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): pam-32bit-1.1.8-24.24.1 pam-debuginfo-32bit-1.1.8-24.24.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): pam-doc-1.1.8-24.24.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): pam-1.1.8-24.24.1 pam-32bit-1.1.8-24.24.1 pam-debuginfo-1.1.8-24.24.1 pam-debuginfo-32bit-1.1.8-24.24.1 pam-debugsource-1.1.8-24.24.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): pam-doc-1.1.8-24.24.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): pam-1.1.8-24.24.1 pam-debuginfo-1.1.8-24.24.1 pam-debugsource-1.1.8-24.24.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): pam-32bit-1.1.8-24.24.1 pam-debuginfo-32bit-1.1.8-24.24.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): pam-doc-1.1.8-24.24.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): pam-doc-1.1.8-24.24.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): pam-1.1.8-24.24.1 pam-32bit-1.1.8-24.24.1 pam-debuginfo-1.1.8-24.24.1 pam-debuginfo-32bit-1.1.8-24.24.1 pam-debugsource-1.1.8-24.24.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): pam-1.1.8-24.24.1 pam-debuginfo-1.1.8-24.24.1 pam-debugsource-1.1.8-24.24.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): pam-32bit-1.1.8-24.24.1 pam-debuginfo-32bit-1.1.8-24.24.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): pam-doc-1.1.8-24.24.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): pam-1.1.8-24.24.1 pam-debuginfo-1.1.8-24.24.1 pam-debugsource-1.1.8-24.24.1 - SUSE Enterprise Storage 5 (noarch): pam-doc-1.1.8-24.24.1 - SUSE Enterprise Storage 5 (x86_64): pam-32bit-1.1.8-24.24.1 pam-debuginfo-32bit-1.1.8-24.24.1 - SUSE Enterprise Storage 4 (noarch): pam-doc-1.1.8-24.24.1 - SUSE Enterprise Storage 4 (x86_64): pam-1.1.8-24.24.1 pam-32bit-1.1.8-24.24.1 pam-debuginfo-1.1.8-24.24.1 pam-debuginfo-32bit-1.1.8-24.24.1 pam-debugsource-1.1.8-24.24.1 - HPE Helion Openstack 8 (x86_64): pam-1.1.8-24.24.1 pam-32bit-1.1.8-24.24.1 pam-debuginfo-1.1.8-24.24.1 pam-debuginfo-32bit-1.1.8-24.24.1 pam-debugsource-1.1.8-24.24.1 - HPE Helion Openstack 8 (noarch): pam-doc-1.1.8-24.24.1 References: https://bugzilla.suse.com/1116544 From sle-updates at lists.suse.com Fri Aug 23 07:10:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Aug 2019 15:10:57 +0200 (CEST) Subject: SUSE-SU-2019:2209-1: moderate: Security update for rubygem-loofah Message-ID: <20190823131057.88CEDFCD3@maintenance.suse.de> SUSE Security Update: Security update for rubygem-loofah ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2209-1 Rating: moderate References: #1086598 Cross-References: CVE-2018-8048 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-loofah fixes the following issues: - Security issue fixed: - CVE-2018-8048: Update fix to make Loofah::HTML5::Scrub.force_correct_attribute_escaping! callable from other gems (bsc#1086598). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2209=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2209=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2209=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2209=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-loofah-2.0.2-3.8.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-loofah-2.0.2-3.8.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-loofah-2.0.2-3.8.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): ruby2.1-rubygem-loofah-2.0.2-3.8.1 References: https://www.suse.com/security/cve/CVE-2018-8048.html https://bugzilla.suse.com/1086598 From sle-updates at lists.suse.com Fri Aug 23 07:11:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Aug 2019 15:11:41 +0200 (CEST) Subject: SUSE-RU-2019:2208-1: important: Recommended update for ses-manual_en Message-ID: <20190823131141.B63E5FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-manual_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2208-1 Rating: important References: #1121999 #1126329 #1135616 #1136996 #1138585 #1138846 #1139981 #1141020 #1141287 #1142341 #1142627 #1143551 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: This update for the SUSE Storage 6 manuals contains the following: * SES6 on CaaSPv4 (jsc#SES-720) New chapter describing how to utilize SES6 storage features in CaaSPv4 Kubernetes cluster. * WAL/DB recommendations (bsc#1126329) Updated and simplified the recommended size of WLA/DB partitions for most OSD deployments. * LVM cache (jsc#SES-268) New chapter describes how to add LVM cache feature to OSDs to improve read/write performance. * updated typo in a graphical scheme (bsc#1121999) * firewalld replaced SuSEfirewall (bsc#1138585) SuSEfirewall service became obsolete, was replaced by firewalld. Deployment chapter needed an update with firewalld. * Supported CephFS clients are SLE version 12 SP3+ or 15+ (bsc#1136996) * CephFS snapshots are now supported (bsc#1141020) In previous versions, CephFS snapshots were not a supported feature. Since SES6 this changed. * osd.[replace/remove] is correct, not [replace/remove.osd] (bsc#1141287) Documentation included wrong salt 'replace.osd' and 'remove.osd' commands, correct version is 'osd.replace' and 'osd.remove' * ceph.purge runner and purging custom roles (bsc#1138846) When custom dashboard roles exist, manual interaction is needed if running 'ceph.purge' salt runner * updated filtering disks by size (bsc#1142627) Section on filtering disk devices by their size in drive group layout included incorrect information on limiting the minimal and maximal size. * DeepSea grain is mandatory (bsc#1139981) Setting the DeepSea grain is mandatory when specifying salt minions belonging to Ceph cluster. * 'ceph df' command output was updated to match new version (bsc#1143551) * described 3 new advanced options related to configuring iSCSI gateway (bsc#1142341) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2019-2208=1 Package List: - SUSE Enterprise Storage 6 (noarch): ses-admin_en-pdf-6+git118.8bfd3f8-3.9.1 ses-deployment_en-pdf-6+git118.8bfd3f8-3.9.1 ses-manual_en-6+git118.8bfd3f8-3.9.1 References: https://bugzilla.suse.com/1121999 https://bugzilla.suse.com/1126329 https://bugzilla.suse.com/1135616 https://bugzilla.suse.com/1136996 https://bugzilla.suse.com/1138585 https://bugzilla.suse.com/1138846 https://bugzilla.suse.com/1139981 https://bugzilla.suse.com/1141020 https://bugzilla.suse.com/1141287 https://bugzilla.suse.com/1142341 https://bugzilla.suse.com/1142627 https://bugzilla.suse.com/1143551 From sle-updates at lists.suse.com Fri Aug 23 13:10:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Aug 2019 21:10:46 +0200 (CEST) Subject: SUSE-RU-2019:2210-1: moderate: Recommended update for python-reno Message-ID: <20190823191046.15593F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-reno ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2210-1 Rating: moderate References: #1137659 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-reno fixes the following issues: - Added a dependency to python-pbr and python-six in order to let python-reno work properly (bsc#1137659) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2210=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2210=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python2-reno-2.7.0-3.3.1 python3-reno-2.7.0-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python2-reno-2.7.0-3.3.1 python3-reno-2.7.0-3.3.1 References: https://bugzilla.suse.com/1137659 From sle-updates at lists.suse.com Fri Aug 23 13:11:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Aug 2019 21:11:27 +0200 (CEST) Subject: SUSE-SU-2019:2213-1: moderate: Security update for go1.11 Message-ID: <20190823191127.A3556F798@maintenance.suse.de> SUSE Security Update: Security update for go1.11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2213-1 Rating: moderate References: #1141688 #1146111 #1146115 #1146123 Cross-References: CVE-2019-14809 CVE-2019-9512 CVE-2019-9514 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for go1.11 fixes the following issues: Security issues fixed: - CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth (bsc#1146111). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146115). - CVE-2019-14809: Fixed malformed hosts in URLs that leads to authorization bypass (bsc#1146123). Bugfixes: - Update to go version 1.11.13 (bsc#1141688). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2213=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2213=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): go1.11-1.11.13-1.18.1 go1.11-doc-1.11.13-1.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): go1.11-race-1.11.13-1.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): go1.11-1.11.13-1.18.1 go1.11-doc-1.11.13-1.18.1 References: https://www.suse.com/security/cve/CVE-2019-14809.html https://www.suse.com/security/cve/CVE-2019-9512.html https://www.suse.com/security/cve/CVE-2019-9514.html https://bugzilla.suse.com/1141688 https://bugzilla.suse.com/1146111 https://bugzilla.suse.com/1146115 https://bugzilla.suse.com/1146123 From sle-updates at lists.suse.com Fri Aug 23 13:12:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Aug 2019 21:12:27 +0200 (CEST) Subject: SUSE-SU-2019:2214-1: moderate: Security update for go1.12 Message-ID: <20190823191227.DE05BF798@maintenance.suse.de> SUSE Security Update: Security update for go1.12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2214-1 Rating: moderate References: #1139210 #1141689 #1146111 #1146115 #1146123 Cross-References: CVE-2019-14809 CVE-2019-9512 CVE-2019-9514 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for go1.12 fixes the following issues: Security issues fixed: - CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth (bsc#1146111). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146115). - CVE-2019-14809: Fixed malformed hosts in URLs that leads to authorization bypass (bsc#1146123). Bugfixes: - Update to go version 1.12.9 (bsc#1141689). - Adding Web Assembly stuff from misc/wasm (bsc#1139210). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2214=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2214=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): go1.12-1.12.9-1.15.1 go1.12-doc-1.12.9-1.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): go1.12-race-1.12.9-1.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): go1.12-1.12.9-1.15.1 go1.12-doc-1.12.9-1.15.1 References: https://www.suse.com/security/cve/CVE-2019-14809.html https://www.suse.com/security/cve/CVE-2019-9512.html https://www.suse.com/security/cve/CVE-2019-9514.html https://bugzilla.suse.com/1139210 https://bugzilla.suse.com/1141689 https://bugzilla.suse.com/1146111 https://bugzilla.suse.com/1146115 https://bugzilla.suse.com/1146123 From sle-updates at lists.suse.com Fri Aug 23 13:14:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Aug 2019 21:14:41 +0200 (CEST) Subject: SUSE-SU-2019:2211-1: important: Security update for python-SQLAlchemy Message-ID: <20190823191441.420B0F798@maintenance.suse.de> SUSE Security Update: Security update for python-SQLAlchemy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2211-1 Rating: important References: #1124593 Cross-References: CVE-2019-7164 CVE-2019-7548 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-SQLAlchemy fixes the following issues: Security issues fixed: - CVE-2019-7164: Fixed SQL Injection via the order_by parameter (bsc#1124593). - CVE-2019-7548: Fixed SQL Injection via the group_by parameter (bsc#1124593). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2211=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python-SQLAlchemy-debuginfo-1.2.7-3.3.1 python-SQLAlchemy-debugsource-1.2.7-3.3.1 python2-SQLAlchemy-1.2.7-3.3.1 python2-SQLAlchemy-debuginfo-1.2.7-3.3.1 python3-SQLAlchemy-1.2.7-3.3.1 python3-SQLAlchemy-debuginfo-1.2.7-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python-SQLAlchemy-doc-1.2.7-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-7164.html https://www.suse.com/security/cve/CVE-2019-7548.html https://bugzilla.suse.com/1124593 From sle-updates at lists.suse.com Fri Aug 23 13:15:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Aug 2019 21:15:21 +0200 (CEST) Subject: SUSE-SU-2019:2212-1: moderate: Security update for python-Twisted Message-ID: <20190823191521.6749DF798@maintenance.suse.de> SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2212-1 Rating: moderate References: #1138461 Cross-References: CVE-2019-12855 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Twisted fixes the following issues: Security issue fixed: - CVE-2019-12855: Fixed TLS certificate verification to protecting against MITM attacks (bsc#1138461). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2212=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2212=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-17.9.0-3.6.1 python-Twisted-debugsource-17.9.0-3.6.1 python-Twisted-doc-17.9.0-3.6.1 python2-Twisted-17.9.0-3.6.1 python2-Twisted-debuginfo-17.9.0-3.6.1 python3-Twisted-17.9.0-3.6.1 python3-Twisted-debuginfo-17.9.0-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-17.9.0-3.6.1 python-Twisted-debugsource-17.9.0-3.6.1 python-Twisted-doc-17.9.0-3.6.1 python2-Twisted-17.9.0-3.6.1 python2-Twisted-debuginfo-17.9.0-3.6.1 python3-Twisted-17.9.0-3.6.1 python3-Twisted-debuginfo-17.9.0-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-12855.html https://bugzilla.suse.com/1138461 From sle-updates at lists.suse.com Mon Aug 26 07:11:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Aug 2019 15:11:16 +0200 (CEST) Subject: SUSE-RU-2019:2218-1: moderate: Recommended update for pinentry Message-ID: <20190826131116.EF70FF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for pinentry ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2218-1 Rating: moderate References: #1141883 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-2218=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-2218=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2218=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2218=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2218=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2218=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2218=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2218=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2218=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): pinentry-debuginfo-1.1.0-4.3.1 pinentry-debugsource-1.1.0-4.3.1 pinentry-emacs-1.1.0-4.3.1 pinentry-emacs-debuginfo-1.1.0-4.3.1 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): pinentry-debuginfo-1.1.0-4.3.1 pinentry-debugsource-1.1.0-4.3.1 pinentry-emacs-1.1.0-4.3.1 pinentry-emacs-debuginfo-1.1.0-4.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): pinentry-debuginfo-1.1.0-4.3.1 pinentry-debugsource-1.1.0-4.3.1 pinentry-gtk2-1.1.0-4.3.1 pinentry-gtk2-debuginfo-1.1.0-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): pinentry-debuginfo-1.1.0-4.3.1 pinentry-debugsource-1.1.0-4.3.1 pinentry-fltk-1.1.0-4.3.1 pinentry-fltk-debuginfo-1.1.0-4.3.1 pinentry-gtk2-1.1.0-4.3.1 pinentry-gtk2-debuginfo-1.1.0-4.3.1 pinentry-qt5-1.1.0-4.3.1 pinentry-qt5-debuginfo-1.1.0-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): pinentry-debuginfo-1.1.0-4.3.1 pinentry-debugsource-1.1.0-4.3.1 pinentry-fltk-1.1.0-4.3.1 pinentry-fltk-debuginfo-1.1.0-4.3.1 pinentry-gtk2-1.1.0-4.3.1 pinentry-gtk2-debuginfo-1.1.0-4.3.1 pinentry-qt5-1.1.0-4.3.1 pinentry-qt5-debuginfo-1.1.0-4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): pinentry-debuginfo-1.1.0-4.3.1 pinentry-debugsource-1.1.0-4.3.1 pinentry-gnome3-1.1.0-4.3.1 pinentry-gnome3-debuginfo-1.1.0-4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): pinentry-debuginfo-1.1.0-4.3.1 pinentry-debugsource-1.1.0-4.3.1 pinentry-gnome3-1.1.0-4.3.1 pinentry-gnome3-debuginfo-1.1.0-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): pinentry-1.1.0-4.3.1 pinentry-debuginfo-1.1.0-4.3.1 pinentry-debugsource-1.1.0-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): pinentry-1.1.0-4.3.1 pinentry-debuginfo-1.1.0-4.3.1 pinentry-debugsource-1.1.0-4.3.1 References: https://bugzilla.suse.com/1141883 From sle-updates at lists.suse.com Mon Aug 26 07:13:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Aug 2019 15:13:03 +0200 (CEST) Subject: SUSE-RU-2019:2217-1: moderate: Recommended update for sblim-gather Message-ID: <20190826131303.BA8D4F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for sblim-gather ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2217-1 Rating: moderate References: #1143461 #1143503 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sblim-gather fixes the following issues: - Fixes an issue where sblim gatherd ignored checking cmb_enable sysfs attibute for devices later than 9fff (bsc#1143461, bsc#1143503) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2217=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2217=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): sblim-gather-debuginfo-2.2.8-3.8.1 sblim-gather-debugsource-2.2.8-3.8.1 sblim-gather-devel-2.2.8-3.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): sblim-gather-2.2.8-3.8.1 sblim-gather-debuginfo-2.2.8-3.8.1 sblim-gather-debugsource-2.2.8-3.8.1 sblim-gather-provider-2.2.8-3.8.1 sblim-gather-provider-debuginfo-2.2.8-3.8.1 References: https://bugzilla.suse.com/1143461 https://bugzilla.suse.com/1143503 From sle-updates at lists.suse.com Mon Aug 26 07:13:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Aug 2019 15:13:55 +0200 (CEST) Subject: SUSE-RU-2019:2215-1: important: Recommended update for yast2-users Message-ID: <20190826131355.356BFF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-users ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2215-1 Rating: important References: #1141017 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-users fixes the following issues: - Does no longer log passwords to logfile (bsc#1141017). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2215=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-users-4.1.14-3.6.1 yast2-users-debuginfo-4.1.14-3.6.1 yast2-users-debugsource-4.1.14-3.6.1 References: https://bugzilla.suse.com/1141017 From sle-updates at lists.suse.com Mon Aug 26 07:14:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Aug 2019 15:14:38 +0200 (CEST) Subject: SUSE-RU-2019:2216-1: moderate: Recommended update for yast2-proxy Message-ID: <20190826131438.64B22F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-proxy ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2216-1 Rating: moderate References: #1100366 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-proxy provides the following fixes: - Replace novel URLs by SUSE ones. (bsc#1100366) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2216=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2216=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): yast2-proxy-3.1.8-5.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): yast2-proxy-3.1.8-5.6.1 References: https://bugzilla.suse.com/1100366 From sle-updates at lists.suse.com Mon Aug 26 10:11:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Aug 2019 18:11:14 +0200 (CEST) Subject: SUSE-SU-2019:2219-1: moderate: Security update for ardana-ansible, ardana-db, ardana-freezer, ardana-glance, ardana-input-model, ardana-nova, ardana-osconfig, ardana-tempest, caasp-openstack-heat-templates, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, documentation-suse-openstack-cloud, galera-python-clustercheck, openstack-cinder, openstack-glance, openstack-heat, openstack-horizon-plugin-monasca-ui, openstack-horizon-plugin-neutron-fwaas-ui, openstack-ironic, openstack-keystone, openstack-manila, openstack-monasca-agent, openstack-monasca-api, openstack-monasca-persister, openstack-monasca-persister-java, openstack-murano, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, python-Beaver, python-oslo.db, python-osprofiler, python-swiftlm, venv-openstack-magnum, venv-openstack-monasca, venv-openstack-monasca-ceilometer, venv-openstack-murano, venv-openstack-neutron Message-ID: <20190826161114.B3105F798@maintenance.suse.de> SUSE Security Update: Security update for ardana-ansible, ardana-db, ardana-freezer, ardana-glance, ardana-input-model, ardana-nova, ardana-osconfig, ardana-tempest, caasp-openstack-heat-templates, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, documentation-suse-openstack-cloud, galera-python-clustercheck, openstack-cinder, openstack-glance, openstack-heat, openstack-horizon-plugin-monasca-ui, openstack-horizon-plugin-neutron-fwaas-ui, openstack-ironic, openstack-keystone, openstack-manila, openstack-monasca-agent, openstack-monasca-api, openstack-monasca-persister, openstack-monasca-persister-java, openstack-murano, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, python-Beaver, python-oslo.db, python-osprofiler, python-swiftlm, venv-openstack-magnum, venv-openstack-monasca, venv-openstack-monasca-ceilometer, venv-openstack-murano, venv-openstack-neutron ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2219-1 Rating: moderate References: #1070500 #1108818 #1118159 #1120657 #1122053 #1122825 #1124170 #1128382 #1128453 #1128783 #1129729 #1132654 #1132852 #1133719 #1134495 #1134589 #1136569 #1137377 #1137817 #1138124 #1138187 #1138489 #1138967 #1139750 #1140512 #1140663 #1142032 #1142521 #1142686 #1143310 Cross-References: CVE-2015-3448 CVE-2017-17051 CVE-2019-9735 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves three vulnerabilities and has 27 fixes is now available. Description: This update for ardana-ansible, ardana-db, ardana-freezer, ardana-glance, ardana-input-model, ardana-nova, ardana-osconfig, ardana-tempest, caasp-openstack-heat-templates, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, documentation-suse-openstack-cloud, galera-python-clustercheck, openstack-cinder, openstack-glance, openstack-heat, openstack-horizon-plugin-monasca-ui, openstack-horizon-plugin-neutron-fwaas-ui, openstack-ironic, openstack-keystone, openstack-manila, openstack-monasca-agent, openstack-monasca-api, openstack-monasca-persister, openstack-monasca-persister-java, openstack-murano, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, python-Beaver, python-oslo.db, python-osprofiler, python-swiftlm, venv-openstack-magnum, venv-openstack-monasca, venv-openstack-monasca-ceilometer, venv-openstack-murano, venv-openstack-neutron fixes the following issues: - Update to version 8.0+git.1560208949.67048e3: * Adds repository list parameter (bsc#1122825) - Update to version 8.0+git.1564410318.f0cca2c: * Don't use 'latest' with 'zypper' (SOC-9997) - Update to version 8.0+git.1564164977.ef9baeb: * Freezer Config file is mixed case (SOC-9700) - Update to version 8.0+git.1564491709.349d78e: * Default glance_default_store to rbd if SES enabled (SOC-8749) - Update to version 8.0+git.1562848601.c3daff0: * Include memcached in the minimal ardana-ci model (SOC-9800) - Update to version 8.0+git.1565388406.c6abb8d: * Make default/rpc_response_timeout configurable (SOC-9285) - Update to version 8.0+git.1562943864.e04a92f: * Resolves nova-novncproxy random status failures (SOC-9574) - Update to version 8.0+git.1560180700.bd26898: * Adding support for qemu-ovmf to ardana (SOC-8985) - Update to version 8.0+git.1563383198.c7fd9b4: * Add an global_filter entry to lvm.conf (bsc#1140512) - Update to version 8.0+git.1559761021.5605746: * Enable FCOE for SUSE platform family (SCRD-8562) - Update to version 8.0+git.1562849010.73bc517: * Fix Keystone only deployment tempest testing (SOC-9800) - Update to version 8.0+git.1560764545.6c8d2dc: * Install manila tempest tests package (SOC-7496) - Update to version 8.0+git.1560330843.b7d807c: * Add configuration for manila-tempest-plugin (SOC-7496) - Update to version 1.0+git.1560518045.ad7dc6d: * Patching node before bootstraping - Update to version 5.0+git.1565280360.01fed6905: * batch: Fix get_proposal_json (SOC-9954) * batch: Format crowbar batch error output (SOC-9954) * batch: Format crowbar batch error output (SOC-9954) - Update to version 5.0+git.1564657662.75174c965: * travis: Whitelist CVE-2015-3448 (SOC-9911) * travis: Use env variable for commit range (SOC-9911) * Use proper names for the Travis Tests (SOC-9565) * Replace Danger with Gitlint (SOC-9565) * Switch from Travis dist from Trusty to Xenial (SOC-9565) - Update to version 5.0+git.1563983933.03880f1c8: * dns: fix migration for designate - Update to version 5.0+git.1562080799.f2dd7d0dd: * network: Don't set datapath-ids on ovs-bridges anymore * crowbar: Save sync_mark attributes in databag - Update to version 5.0+git.1561648142.b6be652e9: * dns: forwards dns queries to dns-master when using desingate * dns: write admin network in ip/mask notation for bind9 * dns: skip installing designate-rndc-key on non-master nodes * dns: fix designate migration * dns: allow using dns-server as designate target * bind: Allow new zones configured via rndc * bind: Disable listening on IPv6 addresses for now - Update to version 5.0+git.1561465092.4dc67a7fa: * travis: pin sexp_processor to 4.12.0 - Update to version 5.0+git.1561380950.b4e37c0e2: * deployer: Use dhcp on crowbar_register only when enable_pxe is set (bsc#1132654) * network: Allow locking down the network config for nodes (bsc#1120657) - Update to version 5.0+git.1562069707.e2de18c: * Add timeout multiplier * Make default sync_mark timeout configurable - Update to version 5.0+git.1565270683.ea6e63d87: * designate: Use server node for VIP look ups (SOC-9631) - Update to version 5.0+git.1565081678.e15f2c9a9: * nova: add max_threads_per_process tuneable (SOC-10001, bsc#1133719) - Update to version 5.0+git.1562911219.f22efd5c2: * designate: allow worker on cluster (SOC-9632) * swift: Sync HA nodes (SOC-9683) - Update to version 5.0+git.1562731577.aefaf8a6d: * Improve Mnesia IO performances - Update to version 5.0+git.1562650331.0e86ce8ba: * cinder: Set cinder pool to exclusive by default when using embedded ceph - Update to version 5.0+git.1561984197.a675e8c50: * designate: do not install the keystone_authtoken on worker nodes * neutron: enable designate integration * designate: rely on dns-master entirely * designate: Fix variables initialization in mdns * designate: start and run the mdns service * designate: Finish rename of role to designate-worker * designate: address most hound comments. * designate: update monasca monitoring. * neutron: add floating_dns_domain setting * designate: Add initial designate barclamp - Update to version 5.0+git.1559857295.d68afb38f: * rabbitmq: Fix ACL of SSL key after uid/gid change - Update to version 5.0+git.1559536094.a9cc7f312: * nova: Don't retry creating existing flavors - Update to version 1.2.0+git.1563181545.65360af5: * upgrade: Update repocheck keys * Update texts for 8-9 upgrade (SOC-9689) - Update to version 1.2.0+git.1562579063.5690a1bc: * Pin gulp-angular-templatecache version - Update to version 8.20190805: * DC files: Align profiling, throw out unnecessary attributes * Rename DCs: "hos-imported" to "clm-all" & "-all" to "crowbar-all" * Fix styleroot of Helion set * add ardana prompt, add ardana-init step (bsc#1143310) * New ID format (noref) - Update packaging to deal with new IDs - Update to version 8.20190729: * add image-volume cache instructions for SES (bsc#1140663) - Update to version 8.20190725: * warning about .j2 file comments (bsc#1142521) * MANAGEMENT network group name cannot be changed (bsc#1142686) - Update to version 8.20190724: * replace SUSE ca-certificate instructions for Crowbar (bsc#1136569) * replace SUSE ca-certificate instructions (bsc#1136569) - Update to version 8.20190723: * update MariaDB manually with CLI (bsc#1132852, SOC-9022) * clarify No Maintenance Mode (bsc#1108818) * replace empty ESX compatibility guide (noref) * delete cache volume before trying to use source volume (bsc#1142032) * delete cache volume when source volume is changed (bsc#1142032) * replace empty ESX compatibility guide (noref) - Update to version 8.20190719: * add hostnamectl to ardana-update-pkgs process (bsc#1138967) - Update to version 8.20190718: * correct repo URL (bsc#1134589) * remove duplicate content (bsc#1138489) - Update to version 8.20190717: * corrections from Scott Wulf (bsc#1128453) * replace SLES 12 SP2 with SLES 12 SP3 (bsc#1128382) * add information about image-volume-cache (bsc#1140663) * remove deprecated parameters (bsc#1138124) * correct file reference (bsc#1137377) * change SES URL (bsc#1137817) * manually set br-int(bsc#1139750) * update MariaDB manually with CLI (bsc#1132852, SOC-9022) - Update to version 8.20190717: * Fix DC file - Update to version 8.20190621: * minor grammar fixups * add external reference to Deploy Keystone * add LDAP integration troubleshooting (bsc#1134495) * clarify LDAP manual vs GUI (bsc#1134495) * address requested changes * SOC8 alarm table restructure ((SCRD-7710, bsc#1124170) - Update to version 8.20190620: * Update installation-installation-ses_integration.xml * Adding copy-on-write cloning backport - BSC#1138187 * move fernet token to supported Keystone feature * Remove obsolete DC/DEF file * Fix title * CLM - update MariaDB manually (bsc#1132852, SOC-9022) * update MariaDB manually (bsc#1132852, SOC-9022) * Fix command to create external network * Remove sudo from commands in "Setting Up Multiple External Networks" * address requested changes * SOC8 alarm table restructure ((SCRD-7710, bsc#1124170) * add scottwulf content * address recommended changes * change PTF deploy instructions (bsc#1128453) - Update to version 8.20190613: * Update installation-installation-ses_integration.xml * Adding copy-on-write cloning backport - BSC#1138187 - Update to version 8.20190605: * move fernet token to supported Keystone feature - Add 0001-Use-strings-when-setting-X-Cache-header.patch Fixes a problem with Twisted versions where headers values must be strings, not bools. - Update to version 0.0+git.1562242499.36b8b64 (bsc#1122053): * Add optional systemd ready and watchdog support * Drop unneeded check for "conn" * Reset last_query_response when the cache needs to be updated * Drop unneeded "conn" var initialization * Move respone header generation to own function * Use None as default result * Drop opts.being_updated variable * Use contextmanager for DB connection * Refactor DB method to get WSREP local state * Refactor method to get readonly DB status * pep8: Fix E712 comparison to False should be 'if cond is False:' * pep8: Fix E305 expected 2 blank lines after class or function def * pep8: Fix E124 closing bracket does not match visual indentation * pep8: Fix E251 unexpected spaces around keyword / parameter equals * pep8: Fix E262 inline comment should start with '# ' * pep8: Fix E261 at least two spaces before inline comment * pep8: Fix F841 local variable is assigned to but never used * pep8: Fix E302 expected 2 blank lines, found 1 * pep8: Fix E265 block comment should start with '# ' * pep8: Fix E231 missing whitespace after ',' * pep8: Fix E999 SyntaxError: invalid syntax * pep8: Fix F821 undefined name * pep8: Fix E225 missing whitespace around operator * pep8: Fix E221 multiple spaces before operator * pep8: Fix F401 module imported but unused * Add clustercheck to console_scripts * Add basic test infrastructure and a first pep8 job * Fix exception handling for pymysql exception * Readd argparse usage * Fix installation requirements * Add read timeout to prevent connection hanging forever * Exclude benchmark/ directory when creating sdist tarball * Use argparse instead of optparse * Add basic logging infrastructure * Add a standard setup.py file * Catch all query exceptions * Switch to PyMySQL - Drop pymysql.patch and readtimeout.patch. Both merged upstream. - Use systemd service type=notify which is now supported upstream - Use systemd watchdog which is now supported upstream - Update to version cinder-11.2.3.dev7: * [VNX] Fix test case issue - Update to version cinder-11.2.3.dev6: * VMAX Pike docs - clarifying supported software in Pike - Update to version cinder-11.2.3.dev7: * [VNX] Fix test case issue - Update to version cinder-11.2.3.dev6: * VMAX Pike docs - clarifying supported software in Pike - Update to version glance-15.0.3.dev2: * Add a local bindep.txt override * OpenDev Migration Patch 15.0.2 - Update to version glance-15.0.3.dev2: * Add a local bindep.txt override * OpenDev Migration Patch 15.0.2 - Update to version heat-9.0.8.dev11: * Retry on DB deadlock in event\_create() - Update to version heat-9.0.8.dev10: * Add local bindep.txt and limit bandit version - Update to version heat-9.0.8.dev9: * Fix regression with SW deployments when region not configured * Return None for attributes of sd with no actions * Fix multi region issue for software deployment - Update to version heat-9.0.8.dev4: * Blacklist bandit 1.6.0 and cap Sphinx on Python2 - Update to version heat-9.0.8.dev11: * Retry on DB deadlock in event\_create() - Update to version heat-9.0.8.dev10: * Add local bindep.txt and limit bandit version - Update to version heat-9.0.8.dev9: * Fix regression with SW deployments when region not configured * Return None for attributes of sd with no actions * Fix multi region issue for software deployment - Update to version heat-9.0.8.dev4: * Blacklist bandit 1.6.0 and cap Sphinx on Python2 - update to version 1.8.1~dev39 - Convert README.md to ReStructuredText format - OpenDev Migration Patch - don't exclude *pyc files to fix update/upgrade (SOC-9339) - Update to version ironic-9.1.8.dev7: * Add bindep.txt - Update to version ironic-9.1.8.dev6: * Update sphinx requirements - Update to version ironic-9.1.8.dev7: * Add bindep.txt - Update to version ironic-9.1.8.dev6: * Update sphinx requirements - 0001-Allow-domain-admin-to-list-projest-assignments.patch * bsc#1118159 * forward-port from SOC 7 - Update to version manila-5.1.1.dev2: * [CI] Add bindep.txt * OpenDev Migration Patch 5.1.0 - Update to version manila-5.1.1.dev2: * [CI] Add bindep.txt * OpenDev Migration Patch 5.1.0 - update to version 2.2.5~dev5 - Convert README to reStructuredText - OpenDev Migration Patch - update to version 2.2.2~dev1 - OpenDev Migration Patch - Fix test_metrics tempest-test encoding - Convert README.md to ReStructuredText format - update to version 1.7.1~dev10 - OpenDev Migration Patch - Convert README.md to ReStructuredTest format - Add 0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch (bsc#1128783) - Add java-persister-defaults.patch - Update to version murano-4.0.2.dev2: * Add local bindep.txt * OpenDev Migration Patch 4.0.1 - Update to version murano-4.0.2.dev2: * Add local bindep.txt * OpenDev Migration Patch 4.0.1 - Update to version neutron-11.0.9.dev42: * Yield control to other greenthreads while processing trusted ports - Update to version neutron-11.0.9.dev41: * DVR: on new port only send router update on port's host - Update to version neutron-11.0.9.dev40: * Reset MAC on unbinding direct-physical port - Update to version neutron-11.0.9.dev38: * SRIOV agent: wait VFs initialization on embedded switch create - Update to version neutron-11.0.9.dev36: * Make OVS controller inactivity\_probe configurable - Update to version neutron-11.0.9.dev34: * Packets getting lost during SNAT with too many connections * [DVR] Block ARP to dvr router's port instead of subnet's gateway - Update to version neutron-11.0.9.dev30: * improve dvr port update under large scale deployment - Update to version neutron-11.0.9.dev29: * cap bandit in test-requirements.txt - Update to version neutron-11.0.9.dev42: * Yield control to other greenthreads while processing trusted ports - Update to version neutron-11.0.9.dev41: * DVR: on new port only send router update on port's host - Update to version neutron-11.0.9.dev40: * Reset MAC on unbinding direct-physical port - Update to version neutron-11.0.9.dev38: * SRIOV agent: wait VFs initialization on embedded switch create - Update to version neutron-11.0.9.dev36: * Make OVS controller inactivity\_probe configurable - Update to version neutron-11.0.9.dev34: * Packets getting lost during SNAT with too many connections * [DVR] Block ARP to dvr router's port instead of subnet's gateway - Update to version neutron-11.0.9.dev30: * improve dvr port update under large scale deployment - Update to version neutron-11.0.9.dev29: * cap bandit in test-requirements.txt * When converting sg rules to iptables, do not emit dport if not supported (CVE-2019-9735, bsc#1129729) - Update to version group-based-policy-7.3.1.dev45: * Adding icmp\_code and icmp\_type for SG rule - Update to version group-based-policy-7.3.1.dev43: * A VM could be associated with multiple ports * Optimize the extend\_router\_dict() call - Update to version group-based-policy-7.3.1.dev40: * [AIM] Enhance gbp-validate to detect routed subnet overlap * [AIM] Prevent overlapping CIDRs in routed VRF - Update to version group-based-policy-7.3.1.dev37: * Disallow external subnets as router interfaces * Make DHCP provisioning blocks conditional - Update to version group-based-policy-7.3.1.dev34: * Fix issues on sync\_state display on neutron based on AIM status * Send the port updates for the SNAT case if needed - Update to version group-based-policy-7.3.1.dev32: * Pull the upper constraint file also from the opendev.org site - Update to version group-based-policy-7.3.1.dev31: * Fix the thread concurrency issue while calling gbp purge - Update to version group-based-policy-7.3.1.dev30: * [AIM] Fix handling of missing PortSecurityBinding - Update to version group-based-policy-7.3.1.dev29: * [AIM] Don't override loading of SG rules when validating - add 0001-neutron-lbaas-haproxy-agent-prevent-vif-unplug-when-.patch and 0001-Fix-memory-leak-in-the-haproxy-provider-driver.patch - Update to version nova-16.1.9.dev4: * Implement power\_off/power\_on for the FakeDriver - Update to version nova-16.1.9.dev4: * Implement power\_off/power\_on for the FakeDriver * Fix doubling allocations on rebuild (CVE-2017-17051, bsc#1070500) - Update to version octavia-1.0.6.dev2: * Add bindep.txt and ignore sha1 warning * OpenDev Migration Patch 1.0.5 - Switch to new Gerrit Server - added 0001-exc_filters-fix-deadlock-detection-for-MariaDB-Galer.patch - added 0001-Add-sqlalchemy-collector.patch - added 0001-Don-t-fail-if-sqlalchemy-driver-fails-to-initialize.patch - update to version 1.11.1 - Update .gitreview for stable/pike - import zuul job settings from project-config - Switch to new Gerrit Server - Fix lower version numver after inheriting the version from main component (SCRD-8523) - Do not relocate shebang in make-cert.py (SCRD-8594) - Inherit version number of venv from main component (SCRD-8523) - Inherit version number of venv from main component (SCRD-8523) - Fix lower version numver after inheriting the version from main component (SCRD-8523) - Inherit version number of venv from main component (SCRD-8523) - Inherit version number of venv from main component (SCRD-8523) - Remove openstack-neutron-opflex-agent, python-aci-integration-module, python-acitoolkit, python-apicapi and python-networking-cisco as they pull in new requirements into the product - Inherit version number of venv from main component (SCRD-8523) - Added to the neutron virtual environment: * python-aci-integration-module * python-acitoolkit * python-apicapi * python-networking-cisco * openstack-neutron-gbp * openstack-neutron-opflex-agent - Inherit version number of venv from main component (SCRD-8523) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2219=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2219=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2219=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): crowbar-core-5.0+git.1565280360.01fed6905-3.26.1 crowbar-core-branding-upstream-5.0+git.1565280360.01fed6905-3.26.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-4.15.1 crowbar-ha-5.0+git.1562069707.e2de18c-3.20.1 crowbar-openstack-5.0+git.1565270683.ea6e63d87-4.28.1 crowbar-ui-1.2.0+git.1563181545.65360af5-3.9.1 documentation-suse-openstack-cloud-deployment-8.20190805-1.20.1 documentation-suse-openstack-cloud-supplement-8.20190805-1.20.1 documentation-suse-openstack-cloud-upstream-admin-8.20190805-1.20.1 documentation-suse-openstack-cloud-upstream-user-8.20190805-1.20.1 galera-python-clustercheck-0.0+git.1562242499.36b8b64-4.6.1 grafana-monasca-ui-drilldown-1.8.1~dev39-3.9.2 openstack-cinder-11.2.3~dev7-3.18.2 openstack-cinder-api-11.2.3~dev7-3.18.2 openstack-cinder-backup-11.2.3~dev7-3.18.2 openstack-cinder-doc-11.2.3~dev7-3.18.1 openstack-cinder-scheduler-11.2.3~dev7-3.18.2 openstack-cinder-volume-11.2.3~dev7-3.18.2 openstack-glance-15.0.3~dev2-3.9.2 openstack-glance-api-15.0.3~dev2-3.9.2 openstack-glance-doc-15.0.3~dev2-3.9.1 openstack-glance-registry-15.0.3~dev2-3.9.2 openstack-heat-9.0.8~dev11-3.21.2 openstack-heat-api-9.0.8~dev11-3.21.2 openstack-heat-api-cfn-9.0.8~dev11-3.21.2 openstack-heat-api-cloudwatch-9.0.8~dev11-3.21.2 openstack-heat-doc-9.0.8~dev11-3.21.1 openstack-heat-engine-9.0.8~dev11-3.21.2 openstack-heat-plugin-heat_docker-9.0.8~dev11-3.21.2 openstack-heat-test-9.0.8~dev11-3.21.2 openstack-horizon-plugin-monasca-ui-1.8.1~dev39-3.9.2 openstack-horizon-plugin-neutron-fwaas-ui-1.0.1~dev9-4.6.2 openstack-ironic-9.1.8~dev7-3.21.2 openstack-ironic-api-9.1.8~dev7-3.21.2 openstack-ironic-conductor-9.1.8~dev7-3.21.2 openstack-ironic-doc-9.1.8~dev7-3.21.1 openstack-keystone-12.0.4~dev2-5.22.2 openstack-keystone-doc-12.0.4~dev2-5.22.1 openstack-manila-5.1.1~dev2-3.18.2 openstack-manila-api-5.1.1~dev2-3.18.2 openstack-manila-data-5.1.1~dev2-3.18.2 openstack-manila-doc-5.1.1~dev2-3.18.1 openstack-manila-scheduler-5.1.1~dev2-3.18.2 openstack-manila-share-5.1.1~dev2-3.18.2 openstack-monasca-agent-2.2.5~dev5-3.12.1 openstack-monasca-api-2.2.2~dev1-3.15.2 openstack-monasca-persister-1.7.1~dev10-3.9.1 openstack-monasca-persister-java-1.7.1~a0~dev2-3.3.1 openstack-murano-4.0.2~dev2-3.9.2 openstack-murano-api-4.0.2~dev2-3.9.2 openstack-murano-doc-4.0.2~dev2-3.9.1 openstack-murano-engine-4.0.2~dev2-3.9.2 openstack-neutron-11.0.9~dev42-3.21.2 openstack-neutron-dhcp-agent-11.0.9~dev42-3.21.2 openstack-neutron-doc-11.0.9~dev42-3.21.1 openstack-neutron-gbp-7.3.1~dev45-3.6.1 openstack-neutron-ha-tool-11.0.9~dev42-3.21.2 openstack-neutron-l3-agent-11.0.9~dev42-3.21.2 openstack-neutron-lbaas-11.0.4~dev6-3.12.1 openstack-neutron-lbaas-agent-11.0.4~dev6-3.12.1 openstack-neutron-lbaas-doc-11.0.4~dev6-3.12.1 openstack-neutron-linuxbridge-agent-11.0.9~dev42-3.21.2 openstack-neutron-macvtap-agent-11.0.9~dev42-3.21.2 openstack-neutron-metadata-agent-11.0.9~dev42-3.21.2 openstack-neutron-metering-agent-11.0.9~dev42-3.21.2 openstack-neutron-openvswitch-agent-11.0.9~dev42-3.21.2 openstack-neutron-server-11.0.9~dev42-3.21.2 openstack-nova-16.1.9~dev4-3.26.2 openstack-nova-api-16.1.9~dev4-3.26.2 openstack-nova-cells-16.1.9~dev4-3.26.2 openstack-nova-compute-16.1.9~dev4-3.26.2 openstack-nova-conductor-16.1.9~dev4-3.26.2 openstack-nova-console-16.1.9~dev4-3.26.2 openstack-nova-consoleauth-16.1.9~dev4-3.26.2 openstack-nova-doc-16.1.9~dev4-3.26.1 openstack-nova-novncproxy-16.1.9~dev4-3.26.2 openstack-nova-placement-api-16.1.9~dev4-3.26.2 openstack-nova-scheduler-16.1.9~dev4-3.26.2 openstack-nova-serialproxy-16.1.9~dev4-3.26.2 openstack-nova-vncproxy-16.1.9~dev4-3.26.2 openstack-octavia-1.0.6~dev2-4.18.1 openstack-octavia-amphora-agent-1.0.6~dev2-4.18.1 openstack-octavia-api-1.0.6~dev2-4.18.1 openstack-octavia-health-manager-1.0.6~dev2-4.18.1 openstack-octavia-housekeeping-1.0.6~dev2-4.18.1 openstack-octavia-worker-1.0.6~dev2-4.18.1 python-cinder-11.2.3~dev7-3.18.2 python-glance-15.0.3~dev2-3.9.2 python-heat-9.0.8~dev11-3.21.2 python-horizon-plugin-monasca-ui-1.8.1~dev39-3.9.2 python-horizon-plugin-neutron-fwaas-ui-1.0.1~dev9-4.6.2 python-ironic-9.1.8~dev7-3.21.2 python-keystone-12.0.4~dev2-5.22.2 python-manila-5.1.1~dev2-3.18.2 python-monasca-agent-2.2.5~dev5-3.12.1 python-monasca-api-2.2.2~dev1-3.15.2 python-monasca-persister-1.7.1~dev10-3.9.1 python-murano-4.0.2~dev2-3.9.2 python-neutron-11.0.9~dev42-3.21.2 python-neutron-gbp-7.3.1~dev45-3.6.1 python-neutron-lbaas-11.0.4~dev6-3.12.1 python-nova-16.1.9~dev4-3.26.2 python-octavia-1.0.6~dev2-4.18.1 python-oslo.db-4.25.2-3.6.1 python-osprofiler-1.11.1-3.3.1 - SUSE OpenStack Cloud 8 (noarch): ardana-ansible-8.0+git.1560208949.67048e3-3.64.1 ardana-db-8.0+git.1564410318.f0cca2c-3.28.1 ardana-freezer-8.0+git.1564164977.ef9baeb-3.18.1 ardana-glance-8.0+git.1564491709.349d78e-3.14.1 ardana-input-model-8.0+git.1562848601.c3daff0-3.30.1 ardana-nova-8.0+git.1565388406.c6abb8d-3.32.1 ardana-osconfig-8.0+git.1563383198.c7fd9b4-3.39.1 ardana-swiftlm-drive-provision-8.0+git.1541434883.e0ebe69-5.9.1 ardana-swiftlm-log-tailer-8.0+git.1541434883.e0ebe69-5.9.1 ardana-swiftlm-uptime-mon-8.0+git.1541434883.e0ebe69-5.9.1 ardana-tempest-8.0+git.1562849010.73bc517-3.24.1 caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-4.15.1 documentation-suse-openstack-cloud-installation-8.20190805-1.20.1 documentation-suse-openstack-cloud-operations-8.20190805-1.20.1 documentation-suse-openstack-cloud-opsconsole-8.20190805-1.20.1 documentation-suse-openstack-cloud-planning-8.20190805-1.20.1 documentation-suse-openstack-cloud-security-8.20190805-1.20.1 documentation-suse-openstack-cloud-supplement-8.20190805-1.20.1 documentation-suse-openstack-cloud-upstream-admin-8.20190805-1.20.1 documentation-suse-openstack-cloud-upstream-user-8.20190805-1.20.1 documentation-suse-openstack-cloud-user-8.20190805-1.20.1 galera-python-clustercheck-0.0+git.1562242499.36b8b64-4.6.1 grafana-monasca-ui-drilldown-1.8.1~dev39-3.9.2 openstack-cinder-11.2.3~dev7-3.18.2 openstack-cinder-api-11.2.3~dev7-3.18.2 openstack-cinder-backup-11.2.3~dev7-3.18.2 openstack-cinder-doc-11.2.3~dev7-3.18.1 openstack-cinder-scheduler-11.2.3~dev7-3.18.2 openstack-cinder-volume-11.2.3~dev7-3.18.2 openstack-glance-15.0.3~dev2-3.9.2 openstack-glance-api-15.0.3~dev2-3.9.2 openstack-glance-doc-15.0.3~dev2-3.9.1 openstack-glance-registry-15.0.3~dev2-3.9.2 openstack-heat-9.0.8~dev11-3.21.2 openstack-heat-api-9.0.8~dev11-3.21.2 openstack-heat-api-cfn-9.0.8~dev11-3.21.2 openstack-heat-api-cloudwatch-9.0.8~dev11-3.21.2 openstack-heat-doc-9.0.8~dev11-3.21.1 openstack-heat-engine-9.0.8~dev11-3.21.2 openstack-heat-plugin-heat_docker-9.0.8~dev11-3.21.2 openstack-heat-test-9.0.8~dev11-3.21.2 openstack-horizon-plugin-monasca-ui-1.8.1~dev39-3.9.2 openstack-horizon-plugin-neutron-fwaas-ui-1.0.1~dev9-4.6.2 openstack-ironic-9.1.8~dev7-3.21.2 openstack-ironic-api-9.1.8~dev7-3.21.2 openstack-ironic-conductor-9.1.8~dev7-3.21.2 openstack-ironic-doc-9.1.8~dev7-3.21.1 openstack-keystone-12.0.4~dev2-5.22.2 openstack-keystone-doc-12.0.4~dev2-5.22.1 openstack-manila-5.1.1~dev2-3.18.2 openstack-manila-api-5.1.1~dev2-3.18.2 openstack-manila-data-5.1.1~dev2-3.18.2 openstack-manila-doc-5.1.1~dev2-3.18.1 openstack-manila-scheduler-5.1.1~dev2-3.18.2 openstack-manila-share-5.1.1~dev2-3.18.2 openstack-monasca-agent-2.2.5~dev5-3.12.1 openstack-monasca-api-2.2.2~dev1-3.15.2 openstack-monasca-persister-1.7.1~dev10-3.9.1 openstack-monasca-persister-java-1.7.1~a0~dev2-3.3.1 openstack-murano-4.0.2~dev2-3.9.2 openstack-murano-api-4.0.2~dev2-3.9.2 openstack-murano-doc-4.0.2~dev2-3.9.1 openstack-murano-engine-4.0.2~dev2-3.9.2 openstack-neutron-11.0.9~dev42-3.21.2 openstack-neutron-dhcp-agent-11.0.9~dev42-3.21.2 openstack-neutron-doc-11.0.9~dev42-3.21.1 openstack-neutron-gbp-7.3.1~dev45-3.6.1 openstack-neutron-ha-tool-11.0.9~dev42-3.21.2 openstack-neutron-l3-agent-11.0.9~dev42-3.21.2 openstack-neutron-lbaas-11.0.4~dev6-3.12.1 openstack-neutron-lbaas-agent-11.0.4~dev6-3.12.1 openstack-neutron-lbaas-doc-11.0.4~dev6-3.12.1 openstack-neutron-linuxbridge-agent-11.0.9~dev42-3.21.2 openstack-neutron-macvtap-agent-11.0.9~dev42-3.21.2 openstack-neutron-metadata-agent-11.0.9~dev42-3.21.2 openstack-neutron-metering-agent-11.0.9~dev42-3.21.2 openstack-neutron-openvswitch-agent-11.0.9~dev42-3.21.2 openstack-neutron-server-11.0.9~dev42-3.21.2 openstack-nova-16.1.9~dev4-3.26.2 openstack-nova-api-16.1.9~dev4-3.26.2 openstack-nova-cells-16.1.9~dev4-3.26.2 openstack-nova-compute-16.1.9~dev4-3.26.2 openstack-nova-conductor-16.1.9~dev4-3.26.2 openstack-nova-console-16.1.9~dev4-3.26.2 openstack-nova-consoleauth-16.1.9~dev4-3.26.2 openstack-nova-doc-16.1.9~dev4-3.26.1 openstack-nova-novncproxy-16.1.9~dev4-3.26.2 openstack-nova-placement-api-16.1.9~dev4-3.26.2 openstack-nova-scheduler-16.1.9~dev4-3.26.2 openstack-nova-serialproxy-16.1.9~dev4-3.26.2 openstack-nova-vncproxy-16.1.9~dev4-3.26.2 openstack-octavia-1.0.6~dev2-4.18.1 openstack-octavia-amphora-agent-1.0.6~dev2-4.18.1 openstack-octavia-api-1.0.6~dev2-4.18.1 openstack-octavia-health-manager-1.0.6~dev2-4.18.1 openstack-octavia-housekeeping-1.0.6~dev2-4.18.1 openstack-octavia-worker-1.0.6~dev2-4.18.1 python-Beaver-8.0+git.1502900605.3e0068a-4.3.1 python-cinder-11.2.3~dev7-3.18.2 python-glance-15.0.3~dev2-3.9.2 python-heat-9.0.8~dev11-3.21.2 python-horizon-plugin-monasca-ui-1.8.1~dev39-3.9.2 python-horizon-plugin-neutron-fwaas-ui-1.0.1~dev9-4.6.2 python-ironic-9.1.8~dev7-3.21.2 python-keystone-12.0.4~dev2-5.22.2 python-manila-5.1.1~dev2-3.18.2 python-monasca-agent-2.2.5~dev5-3.12.1 python-monasca-api-2.2.2~dev1-3.15.2 python-monasca-persister-1.7.1~dev10-3.9.1 python-murano-4.0.2~dev2-3.9.2 python-neutron-11.0.9~dev42-3.21.2 python-neutron-gbp-7.3.1~dev45-3.6.1 python-neutron-lbaas-11.0.4~dev6-3.12.1 python-nova-16.1.9~dev4-3.26.2 python-octavia-1.0.6~dev2-4.18.1 python-oslo.db-4.25.2-3.6.1 python-osprofiler-1.11.1-3.3.1 python-swiftlm-8.0+git.1541434883.e0ebe69-5.9.1 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.18.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.14.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.16.1 venv-openstack-murano-x86_64-4.0.2~dev2-12.14.1 venv-openstack-neutron-x86_64-11.0.9~dev42-13.22.1 - HPE Helion Openstack 8 (noarch): ardana-ansible-8.0+git.1560208949.67048e3-3.64.1 ardana-db-8.0+git.1564410318.f0cca2c-3.28.1 ardana-freezer-8.0+git.1564164977.ef9baeb-3.18.1 ardana-glance-8.0+git.1564491709.349d78e-3.14.1 ardana-input-model-8.0+git.1562848601.c3daff0-3.30.1 ardana-nova-8.0+git.1565388406.c6abb8d-3.32.1 ardana-osconfig-8.0+git.1563383198.c7fd9b4-3.39.1 ardana-swiftlm-drive-provision-8.0+git.1541434883.e0ebe69-5.9.1 ardana-swiftlm-log-tailer-8.0+git.1541434883.e0ebe69-5.9.1 ardana-swiftlm-uptime-mon-8.0+git.1541434883.e0ebe69-5.9.1 ardana-tempest-8.0+git.1562849010.73bc517-3.24.1 caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-4.15.1 documentation-hpe-helion-openstack-installation-8.20190805-1.20.1 documentation-hpe-helion-openstack-operations-8.20190805-1.20.1 documentation-hpe-helion-openstack-opsconsole-8.20190805-1.20.1 documentation-hpe-helion-openstack-planning-8.20190805-1.20.1 documentation-hpe-helion-openstack-security-8.20190805-1.20.1 documentation-hpe-helion-openstack-user-8.20190805-1.20.1 galera-python-clustercheck-0.0+git.1562242499.36b8b64-4.6.1 grafana-monasca-ui-drilldown-1.8.1~dev39-3.9.2 openstack-cinder-11.2.3~dev7-3.18.2 openstack-cinder-api-11.2.3~dev7-3.18.2 openstack-cinder-backup-11.2.3~dev7-3.18.2 openstack-cinder-doc-11.2.3~dev7-3.18.1 openstack-cinder-scheduler-11.2.3~dev7-3.18.2 openstack-cinder-volume-11.2.3~dev7-3.18.2 openstack-glance-15.0.3~dev2-3.9.2 openstack-glance-api-15.0.3~dev2-3.9.2 openstack-glance-doc-15.0.3~dev2-3.9.1 openstack-glance-registry-15.0.3~dev2-3.9.2 openstack-heat-9.0.8~dev11-3.21.2 openstack-heat-api-9.0.8~dev11-3.21.2 openstack-heat-api-cfn-9.0.8~dev11-3.21.2 openstack-heat-api-cloudwatch-9.0.8~dev11-3.21.2 openstack-heat-doc-9.0.8~dev11-3.21.1 openstack-heat-engine-9.0.8~dev11-3.21.2 openstack-heat-plugin-heat_docker-9.0.8~dev11-3.21.2 openstack-heat-test-9.0.8~dev11-3.21.2 openstack-horizon-plugin-monasca-ui-1.8.1~dev39-3.9.2 openstack-horizon-plugin-neutron-fwaas-ui-1.0.1~dev9-4.6.2 openstack-ironic-9.1.8~dev7-3.21.2 openstack-ironic-api-9.1.8~dev7-3.21.2 openstack-ironic-conductor-9.1.8~dev7-3.21.2 openstack-ironic-doc-9.1.8~dev7-3.21.1 openstack-keystone-12.0.4~dev2-5.22.2 openstack-keystone-doc-12.0.4~dev2-5.22.1 openstack-manila-5.1.1~dev2-3.18.2 openstack-manila-api-5.1.1~dev2-3.18.2 openstack-manila-data-5.1.1~dev2-3.18.2 openstack-manila-doc-5.1.1~dev2-3.18.1 openstack-manila-scheduler-5.1.1~dev2-3.18.2 openstack-manila-share-5.1.1~dev2-3.18.2 openstack-monasca-agent-2.2.5~dev5-3.12.1 openstack-monasca-api-2.2.2~dev1-3.15.2 openstack-monasca-persister-1.7.1~dev10-3.9.1 openstack-monasca-persister-java-1.7.1~a0~dev2-3.3.1 openstack-murano-4.0.2~dev2-3.9.2 openstack-murano-api-4.0.2~dev2-3.9.2 openstack-murano-doc-4.0.2~dev2-3.9.1 openstack-murano-engine-4.0.2~dev2-3.9.2 openstack-neutron-11.0.9~dev42-3.21.2 openstack-neutron-dhcp-agent-11.0.9~dev42-3.21.2 openstack-neutron-doc-11.0.9~dev42-3.21.1 openstack-neutron-gbp-7.3.1~dev45-3.6.1 openstack-neutron-ha-tool-11.0.9~dev42-3.21.2 openstack-neutron-l3-agent-11.0.9~dev42-3.21.2 openstack-neutron-lbaas-11.0.4~dev6-3.12.1 openstack-neutron-lbaas-agent-11.0.4~dev6-3.12.1 openstack-neutron-lbaas-doc-11.0.4~dev6-3.12.1 openstack-neutron-linuxbridge-agent-11.0.9~dev42-3.21.2 openstack-neutron-macvtap-agent-11.0.9~dev42-3.21.2 openstack-neutron-metadata-agent-11.0.9~dev42-3.21.2 openstack-neutron-metering-agent-11.0.9~dev42-3.21.2 openstack-neutron-openvswitch-agent-11.0.9~dev42-3.21.2 openstack-neutron-server-11.0.9~dev42-3.21.2 openstack-nova-16.1.9~dev4-3.26.2 openstack-nova-api-16.1.9~dev4-3.26.2 openstack-nova-cells-16.1.9~dev4-3.26.2 openstack-nova-compute-16.1.9~dev4-3.26.2 openstack-nova-conductor-16.1.9~dev4-3.26.2 openstack-nova-console-16.1.9~dev4-3.26.2 openstack-nova-consoleauth-16.1.9~dev4-3.26.2 openstack-nova-doc-16.1.9~dev4-3.26.1 openstack-nova-novncproxy-16.1.9~dev4-3.26.2 openstack-nova-placement-api-16.1.9~dev4-3.26.2 openstack-nova-scheduler-16.1.9~dev4-3.26.2 openstack-nova-serialproxy-16.1.9~dev4-3.26.2 openstack-nova-vncproxy-16.1.9~dev4-3.26.2 openstack-octavia-1.0.6~dev2-4.18.1 openstack-octavia-amphora-agent-1.0.6~dev2-4.18.1 openstack-octavia-api-1.0.6~dev2-4.18.1 openstack-octavia-health-manager-1.0.6~dev2-4.18.1 openstack-octavia-housekeeping-1.0.6~dev2-4.18.1 openstack-octavia-worker-1.0.6~dev2-4.18.1 python-Beaver-8.0+git.1502900605.3e0068a-4.3.1 python-cinder-11.2.3~dev7-3.18.2 python-glance-15.0.3~dev2-3.9.2 python-heat-9.0.8~dev11-3.21.2 python-horizon-plugin-monasca-ui-1.8.1~dev39-3.9.2 python-horizon-plugin-neutron-fwaas-ui-1.0.1~dev9-4.6.2 python-ironic-9.1.8~dev7-3.21.2 python-keystone-12.0.4~dev2-5.22.2 python-manila-5.1.1~dev2-3.18.2 python-monasca-agent-2.2.5~dev5-3.12.1 python-monasca-api-2.2.2~dev1-3.15.2 python-monasca-persister-1.7.1~dev10-3.9.1 python-murano-4.0.2~dev2-3.9.2 python-neutron-11.0.9~dev42-3.21.2 python-neutron-gbp-7.3.1~dev45-3.6.1 python-neutron-lbaas-11.0.4~dev6-3.12.1 python-nova-16.1.9~dev4-3.26.2 python-octavia-1.0.6~dev2-4.18.1 python-oslo.db-4.25.2-3.6.1 python-osprofiler-1.11.1-3.3.1 python-swiftlm-8.0+git.1541434883.e0ebe69-5.9.1 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.18.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.14.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.16.1 venv-openstack-murano-x86_64-4.0.2~dev2-12.14.1 venv-openstack-neutron-x86_64-11.0.9~dev42-13.22.1 References: https://www.suse.com/security/cve/CVE-2015-3448.html https://www.suse.com/security/cve/CVE-2017-17051.html https://www.suse.com/security/cve/CVE-2019-9735.html https://bugzilla.suse.com/1070500 https://bugzilla.suse.com/1108818 https://bugzilla.suse.com/1118159 https://bugzilla.suse.com/1120657 https://bugzilla.suse.com/1122053 https://bugzilla.suse.com/1122825 https://bugzilla.suse.com/1124170 https://bugzilla.suse.com/1128382 https://bugzilla.suse.com/1128453 https://bugzilla.suse.com/1128783 https://bugzilla.suse.com/1129729 https://bugzilla.suse.com/1132654 https://bugzilla.suse.com/1132852 https://bugzilla.suse.com/1133719 https://bugzilla.suse.com/1134495 https://bugzilla.suse.com/1134589 https://bugzilla.suse.com/1136569 https://bugzilla.suse.com/1137377 https://bugzilla.suse.com/1137817 https://bugzilla.suse.com/1138124 https://bugzilla.suse.com/1138187 https://bugzilla.suse.com/1138489 https://bugzilla.suse.com/1138967 https://bugzilla.suse.com/1139750 https://bugzilla.suse.com/1140512 https://bugzilla.suse.com/1140663 https://bugzilla.suse.com/1142032 https://bugzilla.suse.com/1142521 https://bugzilla.suse.com/1142686 https://bugzilla.suse.com/1143310 From sle-updates at lists.suse.com Tue Aug 27 07:10:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Aug 2019 15:10:36 +0200 (CEST) Subject: SUSE-SU-2019:2221-1: important: Security update for qemu Message-ID: <20190827131036.52D52F798@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2221-1 Rating: important References: #1135902 #1140402 #1143794 Cross-References: CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2221=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2221=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): qemu-2.3.1-33.26.1 qemu-block-curl-2.3.1-33.26.1 qemu-block-curl-debuginfo-2.3.1-33.26.1 qemu-block-rbd-2.3.1-33.26.1 qemu-block-rbd-debuginfo-2.3.1-33.26.1 qemu-debugsource-2.3.1-33.26.1 qemu-guest-agent-2.3.1-33.26.1 qemu-guest-agent-debuginfo-2.3.1-33.26.1 qemu-kvm-2.3.1-33.26.1 qemu-lang-2.3.1-33.26.1 qemu-tools-2.3.1-33.26.1 qemu-tools-debuginfo-2.3.1-33.26.1 qemu-x86-2.3.1-33.26.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): qemu-ipxe-1.0.0-33.26.1 qemu-seabios-1.8.1-33.26.1 qemu-sgabios-8-33.26.1 qemu-vgabios-1.8.1-33.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): qemu-2.3.1-33.26.1 qemu-block-curl-2.3.1-33.26.1 qemu-block-curl-debuginfo-2.3.1-33.26.1 qemu-debugsource-2.3.1-33.26.1 qemu-guest-agent-2.3.1-33.26.1 qemu-guest-agent-debuginfo-2.3.1-33.26.1 qemu-lang-2.3.1-33.26.1 qemu-tools-2.3.1-33.26.1 qemu-tools-debuginfo-2.3.1-33.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): qemu-kvm-2.3.1-33.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le): qemu-ppc-2.3.1-33.26.1 qemu-ppc-debuginfo-2.3.1-33.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): qemu-ipxe-1.0.0-33.26.1 qemu-seabios-1.8.1-33.26.1 qemu-sgabios-8-33.26.1 qemu-vgabios-1.8.1-33.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): qemu-block-rbd-2.3.1-33.26.1 qemu-block-rbd-debuginfo-2.3.1-33.26.1 qemu-x86-2.3.1-33.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): qemu-s390-2.3.1-33.26.1 qemu-s390-debuginfo-2.3.1-33.26.1 References: https://www.suse.com/security/cve/CVE-2019-12155.html https://www.suse.com/security/cve/CVE-2019-13164.html https://www.suse.com/security/cve/CVE-2019-14378.html https://bugzilla.suse.com/1135902 https://bugzilla.suse.com/1140402 https://bugzilla.suse.com/1143794 From sle-updates at lists.suse.com Tue Aug 27 13:10:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Aug 2019 21:10:46 +0200 (CEST) Subject: SUSE-SU-2019:2223-1: moderate: Security update for podman, slirp4netns and libcontainers-common Message-ID: <20190827191046.4C13EF798@maintenance.suse.de> SUSE Security Update: Security update for podman, slirp4netns and libcontainers-common ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2223-1 Rating: moderate References: #1096726 #1123156 #1123387 #1135460 #1136974 #1137860 #1143386 Cross-References: CVE-2018-15664 CVE-2019-10152 CVE-2019-6778 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This is a version update for podman to version 1.4.4 (bsc#1143386). Additional changes by SUSE on top: - Remove fuse-overlayfs because it's (currently) an unsatisfied dependency on SLE (bsc#1143386) - Update libpod.conf to use correct infra_command - Update libpod.conf to use better versioned pause container - Update libpod.conf to use official kubic pause container - Update libpod.conf to match latest features set: detach_keys, lock_type, runtime_supports_json - Add podman-remote varlink client Version update podman to v1.4.4: - Features - Podman now has greatly improved support for containers using multiple OCI runtimes. Containers now remember if they were created with a different runtime using --runtime and will always use that runtime - The cached and delegated options for volume mounts are now allowed for Docker compatability (#3340) - The podman diff command now supports the --latest flag - Bugfixes - Fixed a bug where rootless Podman would attempt to use the entire root configuration if no rootless configuration was present for the user, breaking rootless Podman for new installations - Fixed a bug where rootless Podman's pause process would block SIGTERM, preventing graceful system shutdown and hanging until the system's init send SIGKILL - Fixed a bug where running Podman as root with sudo -E would not work after running rootless Podman at least once - Fixed a bug where options for tmpfs volumes added with the --tmpfs flag were being ignored - Fixed a bug where images with no layers could not properly be displayed and removed by Podman - Fixed a bug where locks were not properly freed on failure to create a container or pod - Fixed a bug where podman cp on a single file would create a directory at the target and place the file in it (#3384) - Fixed a bug where podman inspect --format '{{.Mounts}}' would print a hexadecimal address instead of a container's mounts - Fixed a bug where rootless Podman would not add an entry to container's /etc/hosts files for their own hostname (#3405) - Fixed a bug where podman ps --sync would segfault (#3411) - Fixed a bug where podman generate kube would produce an invalid ports configuration (#3408) - Misc - Updated containers/storage to v1.12.13 - Podman now performs much better on systems with heavy I/O load - The --cgroup-manager flag to podman now shows the correct default setting in help if the default was overridden by libpod.conf - For backwards compatability, setting --log-driver=json-file in podman run is now supported as an alias for --log-driver=k8s-file. This is considered deprecated, and json-file will be moved to a new implementation in the future ([#3363](https://github.com/containers/libpo\ d/issues/3363)) - Podman's default libpod.conf file now allows the crun OCI runtime to be used if it is installed Update podman to v1.4.2: - Fixed a bug where Podman could not run containers using an older version of Systemd as init - Updated vendored Buildah to v1.9.0 to resolve a critical bug with Dockerfile RUN instructions - The error message for running podman kill on containers that are not running has been improved - Podman remote client can now log to a file if syslog is not available - The podman exec command now sets its error code differently based on whether the container does not exist, and the command in the container does not exist - The podman inspect command on containers now outputs Mounts JSON that matches that of docker inspect, only including user-specified volumes and differentiating bind mounts and named volumes - The podman inspect command now reports the path to a container's OCI spec with the OCIConfigPath key (only included when the container is initialized or running) - The podman run --mount command now supports the bind-nonrecursive option for bind mounts - Fixed a bug where podman play kube would fail to create containers due to an unspecified log driver - Fixed a bug where Podman would fail to build with musl libc - Fixed a bug where rootless Podman using slirp4netns networking in an environment with no nameservers on the host other than localhost would result in nonfunctional networking - Fixed a bug where podman import would not properly set environment variables, discarding their values and retaining only keys - Fixed a bug where Podman would fail to run when built with Apparmor support but run on systems without the Apparmor kernel module loaded - Remote Podman will now default the username it uses to log in to remote systems to the username of the current user - Podman now uses JSON logging with OCI runtimes that support it, allowing for better error reporting - Updated vendored containers/image to v2.0 - Update conmon to v0.3.0 - Support OOM Monitor under cgroup V2 - Add config binary and make target for configuring conmon with a go library for importing values Updated podman to version 1.4.0 (bsc#1137860) and (bsc#1135460) - Podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems. - The podman cp now supports pause flag. - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations - CVE-2019-10152: Fixed an iproper dereference of symlinks of the the podman cp command which introduced in version 1.1.0 (bsc#1136974). - Fixed a bug where podman commit could improperly set environment variables that contained = characters - Fixed a bug where rootless podman would sometimes fail to start containers with forwarded ports - Fixed a bug where podman version on the remote client could segfault - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed - Fixed a bug where filtering images by label did not work - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start - Fixed a bug where podman generate kube did not work with containers with named volumes - Fixed a bug where rootless podman would receive permission denied errors accessing conmon.pid - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash - Fixed a bug where podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime - Fixed a bug where podman exec would fail on older kernels - Podman commit command is now usable with the Podman remote client - Signature-policy flag has been deprecated - Updated vendored containers/storage and containers/image libraries with numerous bugfixes - Updated vendored Buildah to v1.8.3 - Podman now requires Conmon v0.2.0 - The podman cp command is now aliased as podman container cp - Rootless podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration - Added fuse-overlayfs dependency to support overlay based rootless image manipulations - The podman cp command can now read input redirected to STDIN, and output to STDOUT instead of a file, using - instead of an argument. - The podman remote client now displays version information from both the client and server in podman version - The podman unshare command has been added, allowing easy entry into the user namespace set up by rootless Podman (allowing the removal of files created by rootless podman, among other things) - Fixed a bug where Podman containers with the --rm flag were removing created volumes when they were automatically removed - Fixed a bug where container and pod locks were incorrectly marked as released after a system reboot, causing errors on container and pod removal - Fixed a bug where Podman pods could not be removed if any container in the pod encountered an error during removal - Fixed a bug where Podman pods run with the cgroupfs CGroup driver would encounter a race condition during removal, potentially failing to remove the pod CGroup - Fixed a bug where the podman container checkpoint and podman container restore commands were not visible in the remote client - Fixed a bug where podman remote ps --ns would not print the container's namespaces - Fixed a bug where removing stopped containers with healthchecks could cause an error - Fixed a bug where the default libpod.conf file was causing parsing errors - Fixed a bug where pod locks were not being freed when pods were removed, potentially leading to lock exhaustion - Fixed a bug where 'podman run' with SD_NOTIFY set could, on short-running containers, create an inconsistent state rendering the container unusable - The remote Podman client now uses the Varlink bridge to establish remote connections by default - Fixed an issue with apparmor_parser (bsc#1123387) - Update to libpod v1.4.0 (bsc#1137860): - The podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems - The podman cp command now supports a pause flag to pause containers while copying into them - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations - Fixed CVE-2019-10152 - The podman cp command improperly dereferenced symlinks in host context - Fixed a bug where podman commit could improperly set environment variables that contained = characters - Fixed a bug where rootless Podman would sometimes fail to start containers with forwarded ports - Fixed a bug where podman version on the remote client could segfault - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed - Fixed a bug where filtering images by label did not work - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start - Fixed a bug where podman generate kube did not work with containers with named volumes - Fixed a bug where rootless Podman would receive permission denied errors accessing conmon.pid - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash - Fixed a bug where Podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime - Fixed a bug where podman exec would fail on older kernels - The podman commit command is now usable with the Podman remote client - The --signature-policy flag (used with several image-related commands) has been deprecated - The podman unshare command now defines two environment variables in the spawned shell: CONTAINERS_RUNROOT and CONTAINERS_GRAPHROOT, pointing to temporary and permanent storage for rootless containers - Updated vendored containers/storage and containers/image libraries with numerous bugfixes - Updated vendored Buildah to v1.8.3 - Podman now requires Conmon v0.2.0 - The podman cp command is now aliased as podman container cp - Rootless Podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration - Update to image v1.5.1 - Vendor in latest containers/storage - docker/docker_client: Drop redundant Domain(ref.ref) call - pkg/blobinfocache: Split implementations into subpackages - copy: progress bar: show messages on completion - docs: rename manpages to *.5.command - add container-certs.d.md manpage - pkg/docker/config: Bring auth tests from docker/docker_client_test - Don't allocate a sync.Mutex separately Update to storage v1.12.10: - Add function to parse out mount options from graphdriver - Merge the disparate parts of all of the Unix-like lockfiles - Fix unix-but-not-Linux compilation - Return XDG_RUNTIME_DIR as RootlessRuntimeDir if set - Cherry-pick moby/moby #39292 for CVE-2018-15664 fixes - lockfile: add RecursiveLock() API - Update generated files - Fix crash on tesing of aufs code - Let consumers know when Layers and Images came from read-only stores - chown: do not change owner for the mountpoint - locks: correctly mark updates to the layers list - CreateContainer: don't worry about mapping layers unless necessary - docs: fix manpage for containers-storage.conf - docs: sort configuration options alphabetically - docs: document OSTree file deduplication - Add missing options to man page for containers-storage - overlay: use the layer idmapping if present - vfs: prefer layer custom idmappings - layers: propagate down the idmapping settings - Recreate symlink when not found - docs: fix manpage for configuration file - docs: add special handling for manpages in sect 5 - overlay: fix single-lower test - Recreate symlink when not found - overlay: propagate errors from mountProgram - utils: root in a userns uses global conf file - Fix handling of additional stores - Correctly check permissions on rootless directory - Fix possible integer overflow on 32bit builds - Evaluate device path for lvm - lockfile test: make concurrent RW test determinisitc - lockfile test: make concurrent read tests deterministic - drivers.DirCopy: fix filemode detection - storage: move the logic to detect rootless into utils.go - Don't set (struct flock).l_pid - Improve documentation of getLockfile - Rename getLockFile to createLockerForPath, and document it - Add FILES section to containers-storage.5 man page - add digest locks - drivers/copy: add a non-cgo fallback slirp4netns was updated to 0.3.0: - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() (bsc#1123156) This update also includes: - fuse3 and fuse-overlayfs to support rootless containers. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2019-2223=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2223=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): fuse-overlayfs-0.4.1-3.3.8 fuse-overlayfs-debuginfo-0.4.1-3.3.8 fuse-overlayfs-debugsource-0.4.1-3.3.8 fuse3-3.6.1-3.3.8 fuse3-debuginfo-3.6.1-3.3.8 fuse3-debugsource-3.6.1-3.3.8 libfuse3-3-3.6.1-3.3.8 libfuse3-3-debuginfo-3.6.1-3.3.8 podman-1.4.4-4.8.1 slirp4netns-0.3.0-3.3.3 slirp4netns-debuginfo-0.3.0-3.3.3 slirp4netns-debugsource-0.3.0-3.3.3 - SUSE Linux Enterprise Module for Containers 15-SP1 (noarch): podman-cni-config-1.4.4-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libcontainers-common-20190401-3.3.5 References: https://www.suse.com/security/cve/CVE-2018-15664.html https://www.suse.com/security/cve/CVE-2019-10152.html https://www.suse.com/security/cve/CVE-2019-6778.html https://bugzilla.suse.com/1096726 https://bugzilla.suse.com/1123156 https://bugzilla.suse.com/1123387 https://bugzilla.suse.com/1135460 https://bugzilla.suse.com/1136974 https://bugzilla.suse.com/1137860 https://bugzilla.suse.com/1143386 From sle-updates at lists.suse.com Tue Aug 27 16:11:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 00:11:02 +0200 (CEST) Subject: SUSE-RU-2019:2226-1: moderate: Recommended update for yast2-s390 Message-ID: <20190827221102.DFCCEF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-s390 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2226-1 Rating: moderate References: #1134927 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-s390 provides the following fixes: - Setting DIAG mode on active DASDs. (bsc#1134927) - Sort DASDs by channel ID. (bsc#1134927) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2226=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (s390x): yast2-s390-4.0.6-3.3.1 References: https://bugzilla.suse.com/1134927 From sle-updates at lists.suse.com Tue Aug 27 16:11:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 00:11:47 +0200 (CEST) Subject: SUSE-RU-2019:2224-1: moderate: Recommended update for crowbar-core, crowbar-ha Message-ID: <20190827221147.B9A81F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-core, crowbar-ha ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2224-1 Rating: moderate References: #1109991 Affected Products: SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-core, crowbar-ha fixes the following issues: - Update to version 5.0+git.1566394923.866944d0b: * ohai: Hardcode ruby version for package installation (SOC-10010) - Update to version 5.0+git.1565553348.0292f4fd1: * ovs-pre-up: remove controller for admin bridge (SOC-10073) - Update to version 5.0+git.1566549465.f2e4c15: * corosync: Hardcode ruby version for package installation (SOC-10010) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2224=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): crowbar-core-5.0+git.1566394923.866944d0b-3.29.1 crowbar-core-branding-upstream-5.0+git.1566394923.866944d0b-3.29.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): crowbar-ha-5.0+git.1566549465.f2e4c15-3.23.1 References: https://bugzilla.suse.com/1109991 From sle-updates at lists.suse.com Tue Aug 27 16:12:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 00:12:29 +0200 (CEST) Subject: SUSE-RU-2019:2225-1: moderate: Recommended update for yast2-s390 Message-ID: <20190827221229.9E300F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-s390 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2225-1 Rating: moderate References: #1134927 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-s390 provides the following fixes: - Setting DIAG mode on active DASDs. (bsc#1134927) - Sort DASDs by channel ID. (bsc#1134927) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2225=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): yast2-s390-4.1.2-3.3.1 References: https://bugzilla.suse.com/1134927 From sle-updates at lists.suse.com Wed Aug 28 07:12:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 15:12:00 +0200 (CEST) Subject: SUSE-SU-2019:2230-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) Message-ID: <20190828131200.D0D75F798@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2230-1 Rating: important References: #1102682 Cross-References: CVE-2018-5390 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.121-92_117 fixes one issue. The following security issue was fixed: - CVE-2018-5390: Fixed expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which could have led to a denial of service (bsc#1102682). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2230=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2230=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_117-default-2-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_117-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1102682 From sle-updates at lists.suse.com Wed Aug 28 07:12:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 15:12:46 +0200 (CEST) Subject: SUSE-SU-2019:2229-1: important: Security update for slurm Message-ID: <20190828131246.A4132F798@maintenance.suse.de> SUSE Security Update: Security update for slurm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2229-1 Rating: important References: #1140709 Cross-References: CVE-2019-12838 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for HPC 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slurm to version 18.08.8 fixes the following issues: Security issue fixed: - CVE-2019-12838: Fixed a SQL injection in slurmdbd (bsc#1140709). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2229=1 - SUSE Linux Enterprise Module for HPC 15-SP1: zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2019-2229=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2229=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2229=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): slurm-debuginfo-18.08.8-3.4.1 slurm-debugsource-18.08.8-3.4.1 slurm-openlava-18.08.8-3.4.1 slurm-seff-18.08.8-3.4.1 slurm-sjstat-18.08.8-3.4.1 slurm-sview-18.08.8-3.4.1 slurm-sview-debuginfo-18.08.8-3.4.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le s390x): libpmi0-18.08.8-3.4.1 libpmi0-debuginfo-18.08.8-3.4.1 libslurm33-18.08.8-3.4.1 libslurm33-debuginfo-18.08.8-3.4.1 perl-slurm-18.08.8-3.4.1 perl-slurm-debuginfo-18.08.8-3.4.1 slurm-18.08.8-3.4.1 slurm-auth-none-18.08.8-3.4.1 slurm-auth-none-debuginfo-18.08.8-3.4.1 slurm-config-18.08.8-3.4.1 slurm-config-man-18.08.8-3.4.1 slurm-devel-18.08.8-3.4.1 slurm-doc-18.08.8-3.4.1 slurm-lua-18.08.8-3.4.1 slurm-lua-debuginfo-18.08.8-3.4.1 slurm-munge-18.08.8-3.4.1 slurm-munge-debuginfo-18.08.8-3.4.1 slurm-node-18.08.8-3.4.1 slurm-node-debuginfo-18.08.8-3.4.1 slurm-pam_slurm-18.08.8-3.4.1 slurm-pam_slurm-debuginfo-18.08.8-3.4.1 slurm-plugins-18.08.8-3.4.1 slurm-plugins-debuginfo-18.08.8-3.4.1 slurm-slurmdbd-18.08.8-3.4.1 slurm-slurmdbd-debuginfo-18.08.8-3.4.1 slurm-sql-18.08.8-3.4.1 slurm-sql-debuginfo-18.08.8-3.4.1 slurm-torque-18.08.8-3.4.1 slurm-torque-debuginfo-18.08.8-3.4.1 - SUSE Linux Enterprise Module for HPC 15-SP1 (aarch64 x86_64): libpmi0-18.08.8-3.4.1 libpmi0-debuginfo-18.08.8-3.4.1 libslurm33-18.08.8-3.4.1 libslurm33-debuginfo-18.08.8-3.4.1 perl-slurm-18.08.8-3.4.1 perl-slurm-debuginfo-18.08.8-3.4.1 slurm-18.08.8-3.4.1 slurm-auth-none-18.08.8-3.4.1 slurm-auth-none-debuginfo-18.08.8-3.4.1 slurm-config-18.08.8-3.4.1 slurm-config-man-18.08.8-3.4.1 slurm-debuginfo-18.08.8-3.4.1 slurm-debugsource-18.08.8-3.4.1 slurm-devel-18.08.8-3.4.1 slurm-doc-18.08.8-3.4.1 slurm-lua-18.08.8-3.4.1 slurm-lua-debuginfo-18.08.8-3.4.1 slurm-munge-18.08.8-3.4.1 slurm-munge-debuginfo-18.08.8-3.4.1 slurm-node-18.08.8-3.4.1 slurm-node-debuginfo-18.08.8-3.4.1 slurm-pam_slurm-18.08.8-3.4.1 slurm-pam_slurm-debuginfo-18.08.8-3.4.1 slurm-plugins-18.08.8-3.4.1 slurm-plugins-debuginfo-18.08.8-3.4.1 slurm-slurmdbd-18.08.8-3.4.1 slurm-slurmdbd-debuginfo-18.08.8-3.4.1 slurm-sql-18.08.8-3.4.1 slurm-sql-debuginfo-18.08.8-3.4.1 slurm-sview-18.08.8-3.4.1 slurm-sview-debuginfo-18.08.8-3.4.1 slurm-torque-18.08.8-3.4.1 slurm-torque-debuginfo-18.08.8-3.4.1 - SUSE Linux Enterprise Module for HPC 15-SP1 (noarch): perl-Switch-2.17-3.2.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): perl-Switch-2.17-3.2.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): perl-Switch-2.17-3.2.1 References: https://www.suse.com/security/cve/CVE-2019-12838.html https://bugzilla.suse.com/1140709 From sle-updates at lists.suse.com Wed Aug 28 07:13:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 15:13:35 +0200 (CEST) Subject: SUSE-SU-2019:2228-1: important: Security update for postgresql10 Message-ID: <20190828131335.D0F6CF798@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2228-1 Rating: important References: #1145092 Cross-References: CVE-2019-10208 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2228=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2228=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2228=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2228=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libecpg6-10.10-4.16.1 libecpg6-debuginfo-10.10-4.16.1 postgresql10-contrib-10.10-4.16.1 postgresql10-contrib-debuginfo-10.10-4.16.1 postgresql10-debuginfo-10.10-4.16.1 postgresql10-debugsource-10.10-4.16.1 postgresql10-devel-10.10-4.16.1 postgresql10-devel-debuginfo-10.10-4.16.1 postgresql10-plperl-10.10-4.16.1 postgresql10-plperl-debuginfo-10.10-4.16.1 postgresql10-plpython-10.10-4.16.1 postgresql10-plpython-debuginfo-10.10-4.16.1 postgresql10-pltcl-10.10-4.16.1 postgresql10-pltcl-debuginfo-10.10-4.16.1 postgresql10-server-10.10-4.16.1 postgresql10-server-debuginfo-10.10-4.16.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): postgresql10-docs-10.10-4.16.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): postgresql10-debuginfo-10.10-4.16.1 postgresql10-debugsource-10.10-4.16.1 postgresql10-test-10.10-4.16.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): postgresql10-debuginfo-10.10-4.16.1 postgresql10-debugsource-10.10-4.16.1 postgresql10-test-10.10-4.16.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (x86_64): libpq5-32bit-10.10-4.16.1 libpq5-32bit-debuginfo-10.10-4.16.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpq5-10.10-4.16.1 libpq5-debuginfo-10.10-4.16.1 postgresql10-10.10-4.16.1 postgresql10-debuginfo-10.10-4.16.1 postgresql10-debugsource-10.10-4.16.1 References: https://www.suse.com/security/cve/CVE-2019-10208.html https://bugzilla.suse.com/1145092 From sle-updates at lists.suse.com Wed Aug 28 07:14:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 15:14:16 +0200 (CEST) Subject: SUSE-SU-2019:2231-1: important: Security update for libreoffice Message-ID: <20190828131416.C96CBF798@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2231-1 Rating: important References: #1133534 #1141861 #1141862 #1146098 #1146105 #1146107 Cross-References: CVE-2019-9848 CVE-2019-9849 CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for libreoffice fixes the following issues: Security issues fixed: - CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' (bsc#1141861). - CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo (bsc#1141862). - CVE-2019-9851: Fixed LibreLogo global-event script execution issue (bsc#1146105). - CVE-2019-9852: Fixed insufficient URL encoding flaw in allowed script location check (bsc#1146107). - CVE-2019-9850: Fixed insufficient URL validation that allowed LibreLogo script execution (bsc#1146098). Non-security issue fixed: - SmartArt: Basic rendering of Trapezoid List (bsc#1133534) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-2231=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (noarch): libreoffice-branding-upstream-6.2.6.2-3.21.1 libreoffice-icon-themes-6.2.6.2-3.21.1 libreoffice-l10n-af-6.2.6.2-3.21.1 libreoffice-l10n-ar-6.2.6.2-3.21.1 libreoffice-l10n-as-6.2.6.2-3.21.1 libreoffice-l10n-bg-6.2.6.2-3.21.1 libreoffice-l10n-bn-6.2.6.2-3.21.1 libreoffice-l10n-br-6.2.6.2-3.21.1 libreoffice-l10n-ca-6.2.6.2-3.21.1 libreoffice-l10n-cs-6.2.6.2-3.21.1 libreoffice-l10n-cy-6.2.6.2-3.21.1 libreoffice-l10n-da-6.2.6.2-3.21.1 libreoffice-l10n-de-6.2.6.2-3.21.1 libreoffice-l10n-dz-6.2.6.2-3.21.1 libreoffice-l10n-el-6.2.6.2-3.21.1 libreoffice-l10n-en-6.2.6.2-3.21.1 libreoffice-l10n-eo-6.2.6.2-3.21.1 libreoffice-l10n-es-6.2.6.2-3.21.1 libreoffice-l10n-et-6.2.6.2-3.21.1 libreoffice-l10n-eu-6.2.6.2-3.21.1 libreoffice-l10n-fa-6.2.6.2-3.21.1 libreoffice-l10n-fi-6.2.6.2-3.21.1 libreoffice-l10n-fr-6.2.6.2-3.21.1 libreoffice-l10n-ga-6.2.6.2-3.21.1 libreoffice-l10n-gl-6.2.6.2-3.21.1 libreoffice-l10n-gu-6.2.6.2-3.21.1 libreoffice-l10n-he-6.2.6.2-3.21.1 libreoffice-l10n-hi-6.2.6.2-3.21.1 libreoffice-l10n-hr-6.2.6.2-3.21.1 libreoffice-l10n-hu-6.2.6.2-3.21.1 libreoffice-l10n-it-6.2.6.2-3.21.1 libreoffice-l10n-ja-6.2.6.2-3.21.1 libreoffice-l10n-kk-6.2.6.2-3.21.1 libreoffice-l10n-kn-6.2.6.2-3.21.1 libreoffice-l10n-ko-6.2.6.2-3.21.1 libreoffice-l10n-lt-6.2.6.2-3.21.1 libreoffice-l10n-lv-6.2.6.2-3.21.1 libreoffice-l10n-mai-6.2.6.2-3.21.1 libreoffice-l10n-ml-6.2.6.2-3.21.1 libreoffice-l10n-mr-6.2.6.2-3.21.1 libreoffice-l10n-nb-6.2.6.2-3.21.1 libreoffice-l10n-nl-6.2.6.2-3.21.1 libreoffice-l10n-nn-6.2.6.2-3.21.1 libreoffice-l10n-nr-6.2.6.2-3.21.1 libreoffice-l10n-nso-6.2.6.2-3.21.1 libreoffice-l10n-or-6.2.6.2-3.21.1 libreoffice-l10n-pa-6.2.6.2-3.21.1 libreoffice-l10n-pl-6.2.6.2-3.21.1 libreoffice-l10n-pt_BR-6.2.6.2-3.21.1 libreoffice-l10n-pt_PT-6.2.6.2-3.21.1 libreoffice-l10n-ro-6.2.6.2-3.21.1 libreoffice-l10n-ru-6.2.6.2-3.21.1 libreoffice-l10n-si-6.2.6.2-3.21.1 libreoffice-l10n-sk-6.2.6.2-3.21.1 libreoffice-l10n-sl-6.2.6.2-3.21.1 libreoffice-l10n-sr-6.2.6.2-3.21.1 libreoffice-l10n-ss-6.2.6.2-3.21.1 libreoffice-l10n-st-6.2.6.2-3.21.1 libreoffice-l10n-sv-6.2.6.2-3.21.1 libreoffice-l10n-ta-6.2.6.2-3.21.1 libreoffice-l10n-te-6.2.6.2-3.21.1 libreoffice-l10n-th-6.2.6.2-3.21.1 libreoffice-l10n-tn-6.2.6.2-3.21.1 libreoffice-l10n-tr-6.2.6.2-3.21.1 libreoffice-l10n-ts-6.2.6.2-3.21.1 libreoffice-l10n-uk-6.2.6.2-3.21.1 libreoffice-l10n-ve-6.2.6.2-3.21.1 libreoffice-l10n-xh-6.2.6.2-3.21.1 libreoffice-l10n-zh_CN-6.2.6.2-3.21.1 libreoffice-l10n-zh_TW-6.2.6.2-3.21.1 libreoffice-l10n-zu-6.2.6.2-3.21.1 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): libreoffice-6.2.6.2-3.21.1 libreoffice-base-6.2.6.2-3.21.1 libreoffice-base-debuginfo-6.2.6.2-3.21.1 libreoffice-base-drivers-postgresql-6.2.6.2-3.21.1 libreoffice-base-drivers-postgresql-debuginfo-6.2.6.2-3.21.1 libreoffice-calc-6.2.6.2-3.21.1 libreoffice-calc-debuginfo-6.2.6.2-3.21.1 libreoffice-calc-extensions-6.2.6.2-3.21.1 libreoffice-debuginfo-6.2.6.2-3.21.1 libreoffice-debugsource-6.2.6.2-3.21.1 libreoffice-draw-6.2.6.2-3.21.1 libreoffice-draw-debuginfo-6.2.6.2-3.21.1 libreoffice-filters-optional-6.2.6.2-3.21.1 libreoffice-gnome-6.2.6.2-3.21.1 libreoffice-gnome-debuginfo-6.2.6.2-3.21.1 libreoffice-gtk3-6.2.6.2-3.21.1 libreoffice-gtk3-debuginfo-6.2.6.2-3.21.1 libreoffice-impress-6.2.6.2-3.21.1 libreoffice-impress-debuginfo-6.2.6.2-3.21.1 libreoffice-mailmerge-6.2.6.2-3.21.1 libreoffice-math-6.2.6.2-3.21.1 libreoffice-math-debuginfo-6.2.6.2-3.21.1 libreoffice-officebean-6.2.6.2-3.21.1 libreoffice-officebean-debuginfo-6.2.6.2-3.21.1 libreoffice-pyuno-6.2.6.2-3.21.1 libreoffice-pyuno-debuginfo-6.2.6.2-3.21.1 libreoffice-writer-6.2.6.2-3.21.1 libreoffice-writer-debuginfo-6.2.6.2-3.21.1 libreoffice-writer-extensions-6.2.6.2-3.21.1 libreofficekit-6.2.6.2-3.21.1 References: https://www.suse.com/security/cve/CVE-2019-9848.html https://www.suse.com/security/cve/CVE-2019-9849.html https://www.suse.com/security/cve/CVE-2019-9850.html https://www.suse.com/security/cve/CVE-2019-9851.html https://www.suse.com/security/cve/CVE-2019-9852.html https://bugzilla.suse.com/1133534 https://bugzilla.suse.com/1141861 https://bugzilla.suse.com/1141862 https://bugzilla.suse.com/1146098 https://bugzilla.suse.com/1146105 https://bugzilla.suse.com/1146107 From sle-updates at lists.suse.com Wed Aug 28 07:15:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 15:15:31 +0200 (CEST) Subject: SUSE-SU-2019:2237-1: important: Security update for apache2 Message-ID: <20190828131531.301D1F798@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2237-1 Rating: important References: #1145575 #1145738 #1145739 #1145740 #1145741 #1145742 Cross-References: CVE-2019-10081 CVE-2019-10082 CVE-2019-10092 CVE-2019-10097 CVE-2019-10098 CVE-2019-9517 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1145575). - CVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption on early pushes (bsc#1145742). - CVE-2019-10082: Fixed mod_http2 that is vulnerable to read-after-free in h2 connection shutdown (bsc#1145741). - CVE-2019-10092: Fixed limited cross-site scripting in mod_proxy (bsc#1145740). - CVE-2019-10097: Fixed mod_remoteip stack buffer overflow and NULL pointer dereference (bsc#1145739). - CVE-2019-10098: Fixed mod_rewrite configuration vulnerablility to open redirect (bsc#1145738). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2237=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2237=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2237=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2237=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-2.4.33-3.21.1 apache2-debuginfo-2.4.33-3.21.1 apache2-debugsource-2.4.33-3.21.1 apache2-devel-2.4.33-3.21.1 apache2-prefork-2.4.33-3.21.1 apache2-prefork-debuginfo-2.4.33-3.21.1 apache2-utils-2.4.33-3.21.1 apache2-utils-debuginfo-2.4.33-3.21.1 apache2-worker-2.4.33-3.21.1 apache2-worker-debuginfo-2.4.33-3.21.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): apache2-doc-2.4.33-3.21.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): apache2-2.4.33-3.21.1 apache2-debuginfo-2.4.33-3.21.1 apache2-debugsource-2.4.33-3.21.1 apache2-devel-2.4.33-3.21.1 apache2-prefork-2.4.33-3.21.1 apache2-prefork-debuginfo-2.4.33-3.21.1 apache2-utils-2.4.33-3.21.1 apache2-utils-debuginfo-2.4.33-3.21.1 apache2-worker-2.4.33-3.21.1 apache2-worker-debuginfo-2.4.33-3.21.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): apache2-doc-2.4.33-3.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.33-3.21.1 apache2-debugsource-2.4.33-3.21.1 apache2-event-2.4.33-3.21.1 apache2-event-debuginfo-2.4.33-3.21.1 apache2-example-pages-2.4.33-3.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.33-3.21.1 apache2-debugsource-2.4.33-3.21.1 apache2-event-2.4.33-3.21.1 apache2-event-debuginfo-2.4.33-3.21.1 apache2-example-pages-2.4.33-3.21.1 References: https://www.suse.com/security/cve/CVE-2019-10081.html https://www.suse.com/security/cve/CVE-2019-10082.html https://www.suse.com/security/cve/CVE-2019-10092.html https://www.suse.com/security/cve/CVE-2019-10097.html https://www.suse.com/security/cve/CVE-2019-10098.html https://www.suse.com/security/cve/CVE-2019-9517.html https://bugzilla.suse.com/1145575 https://bugzilla.suse.com/1145738 https://bugzilla.suse.com/1145739 https://bugzilla.suse.com/1145740 https://bugzilla.suse.com/1145741 https://bugzilla.suse.com/1145742 From sle-updates at lists.suse.com Wed Aug 28 07:16:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 15:16:45 +0200 (CEST) Subject: SUSE-SU-2019:2232-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP1) Message-ID: <20190828131645.82429F798@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2232-1 Rating: important References: #1144502 Cross-References: CVE-2019-13233 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-197_7 fixes one issue. The following security issue was fixed: - CVE-2019-13233: Fixed use-after-free for access to an LDT entry caused by a race condition between modify_ldt() and a #BR exception for an MPX bounds violation (bsc#1140454). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-2232=1 SUSE-SLE-Module-Live-Patching-15-SP1-2019-2233=1 SUSE-SLE-Module-Live-Patching-15-SP1-2019-2235=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-195-default-5-13.2 kernel-livepatch-4_12_14-197_4-default-4-2.1 kernel-livepatch-4_12_14-197_7-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2019-13233.html https://bugzilla.suse.com/1144502 From sle-updates at lists.suse.com Wed Aug 28 07:17:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 15:17:35 +0200 (CEST) Subject: SUSE-SU-2019:2227-1: important: Security update for libvirt Message-ID: <20190828131735.67EA7F798@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2227-1 Rating: important References: #1133719 #1138301 #1138303 #1138734 Cross-References: CVE-2019-10161 CVE-2019-10167 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Non-security issues fixed: - Fixed an issue with short bitmaps when setting vcpu affinity using the vcpupin (bsc#1138734). - Added support for overriding max threads per process limit (bsc#1133719) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2227=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2227=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2227=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2227=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2227=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2227=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libvirt-3.3.0-5.40.1 libvirt-admin-3.3.0-5.40.1 libvirt-admin-debuginfo-3.3.0-5.40.1 libvirt-client-3.3.0-5.40.1 libvirt-client-debuginfo-3.3.0-5.40.1 libvirt-daemon-3.3.0-5.40.1 libvirt-daemon-config-network-3.3.0-5.40.1 libvirt-daemon-config-nwfilter-3.3.0-5.40.1 libvirt-daemon-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-interface-3.3.0-5.40.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-libxl-3.3.0-5.40.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-lxc-3.3.0-5.40.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-network-3.3.0-5.40.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-nodedev-3.3.0-5.40.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-nwfilter-3.3.0-5.40.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-qemu-3.3.0-5.40.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-secret-3.3.0-5.40.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-3.3.0-5.40.1 libvirt-daemon-driver-storage-core-3.3.0-5.40.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-disk-3.3.0-5.40.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.40.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-logical-3.3.0-5.40.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.40.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.40.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.40.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.40.1 libvirt-daemon-hooks-3.3.0-5.40.1 libvirt-daemon-lxc-3.3.0-5.40.1 libvirt-daemon-qemu-3.3.0-5.40.1 libvirt-daemon-xen-3.3.0-5.40.1 libvirt-debugsource-3.3.0-5.40.1 libvirt-doc-3.3.0-5.40.1 libvirt-libs-3.3.0-5.40.1 libvirt-libs-debuginfo-3.3.0-5.40.1 libvirt-lock-sanlock-3.3.0-5.40.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.40.1 libvirt-nss-3.3.0-5.40.1 libvirt-nss-debuginfo-3.3.0-5.40.1 - SUSE OpenStack Cloud 8 (x86_64): libvirt-3.3.0-5.40.1 libvirt-admin-3.3.0-5.40.1 libvirt-admin-debuginfo-3.3.0-5.40.1 libvirt-client-3.3.0-5.40.1 libvirt-client-debuginfo-3.3.0-5.40.1 libvirt-daemon-3.3.0-5.40.1 libvirt-daemon-config-network-3.3.0-5.40.1 libvirt-daemon-config-nwfilter-3.3.0-5.40.1 libvirt-daemon-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-interface-3.3.0-5.40.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-libxl-3.3.0-5.40.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-lxc-3.3.0-5.40.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-network-3.3.0-5.40.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-nodedev-3.3.0-5.40.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-nwfilter-3.3.0-5.40.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-qemu-3.3.0-5.40.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-secret-3.3.0-5.40.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-3.3.0-5.40.1 libvirt-daemon-driver-storage-core-3.3.0-5.40.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-disk-3.3.0-5.40.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.40.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-logical-3.3.0-5.40.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.40.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.40.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.40.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.40.1 libvirt-daemon-hooks-3.3.0-5.40.1 libvirt-daemon-lxc-3.3.0-5.40.1 libvirt-daemon-qemu-3.3.0-5.40.1 libvirt-daemon-xen-3.3.0-5.40.1 libvirt-debugsource-3.3.0-5.40.1 libvirt-doc-3.3.0-5.40.1 libvirt-libs-3.3.0-5.40.1 libvirt-libs-debuginfo-3.3.0-5.40.1 libvirt-lock-sanlock-3.3.0-5.40.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.40.1 libvirt-nss-3.3.0-5.40.1 libvirt-nss-debuginfo-3.3.0-5.40.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libvirt-3.3.0-5.40.1 libvirt-admin-3.3.0-5.40.1 libvirt-admin-debuginfo-3.3.0-5.40.1 libvirt-client-3.3.0-5.40.1 libvirt-client-debuginfo-3.3.0-5.40.1 libvirt-daemon-3.3.0-5.40.1 libvirt-daemon-config-network-3.3.0-5.40.1 libvirt-daemon-config-nwfilter-3.3.0-5.40.1 libvirt-daemon-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-interface-3.3.0-5.40.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-lxc-3.3.0-5.40.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-network-3.3.0-5.40.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-nodedev-3.3.0-5.40.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-nwfilter-3.3.0-5.40.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-qemu-3.3.0-5.40.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-secret-3.3.0-5.40.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-3.3.0-5.40.1 libvirt-daemon-driver-storage-core-3.3.0-5.40.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-disk-3.3.0-5.40.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.40.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-logical-3.3.0-5.40.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.40.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.40.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.40.1 libvirt-daemon-hooks-3.3.0-5.40.1 libvirt-daemon-lxc-3.3.0-5.40.1 libvirt-daemon-qemu-3.3.0-5.40.1 libvirt-debugsource-3.3.0-5.40.1 libvirt-doc-3.3.0-5.40.1 libvirt-libs-3.3.0-5.40.1 libvirt-libs-debuginfo-3.3.0-5.40.1 libvirt-lock-sanlock-3.3.0-5.40.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.40.1 libvirt-nss-3.3.0-5.40.1 libvirt-nss-debuginfo-3.3.0-5.40.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libvirt-daemon-driver-libxl-3.3.0-5.40.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.40.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.40.1 libvirt-daemon-xen-3.3.0-5.40.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): libvirt-3.3.0-5.40.1 libvirt-admin-3.3.0-5.40.1 libvirt-admin-debuginfo-3.3.0-5.40.1 libvirt-client-3.3.0-5.40.1 libvirt-client-debuginfo-3.3.0-5.40.1 libvirt-daemon-3.3.0-5.40.1 libvirt-daemon-config-network-3.3.0-5.40.1 libvirt-daemon-config-nwfilter-3.3.0-5.40.1 libvirt-daemon-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-interface-3.3.0-5.40.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-lxc-3.3.0-5.40.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-network-3.3.0-5.40.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-nodedev-3.3.0-5.40.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-nwfilter-3.3.0-5.40.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-qemu-3.3.0-5.40.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-secret-3.3.0-5.40.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-3.3.0-5.40.1 libvirt-daemon-driver-storage-core-3.3.0-5.40.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-disk-3.3.0-5.40.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.40.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-logical-3.3.0-5.40.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.40.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.40.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.40.1 libvirt-daemon-hooks-3.3.0-5.40.1 libvirt-daemon-lxc-3.3.0-5.40.1 libvirt-daemon-qemu-3.3.0-5.40.1 libvirt-debugsource-3.3.0-5.40.1 libvirt-doc-3.3.0-5.40.1 libvirt-libs-3.3.0-5.40.1 libvirt-libs-debuginfo-3.3.0-5.40.1 libvirt-lock-sanlock-3.3.0-5.40.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.40.1 libvirt-nss-3.3.0-5.40.1 libvirt-nss-debuginfo-3.3.0-5.40.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): libvirt-daemon-driver-libxl-3.3.0-5.40.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.40.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.40.1 libvirt-daemon-xen-3.3.0-5.40.1 - SUSE Enterprise Storage 5 (x86_64): libvirt-3.3.0-5.40.1 libvirt-admin-3.3.0-5.40.1 libvirt-admin-debuginfo-3.3.0-5.40.1 libvirt-client-3.3.0-5.40.1 libvirt-client-debuginfo-3.3.0-5.40.1 libvirt-daemon-3.3.0-5.40.1 libvirt-daemon-config-network-3.3.0-5.40.1 libvirt-daemon-config-nwfilter-3.3.0-5.40.1 libvirt-daemon-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-interface-3.3.0-5.40.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-libxl-3.3.0-5.40.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-lxc-3.3.0-5.40.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-network-3.3.0-5.40.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-nodedev-3.3.0-5.40.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-nwfilter-3.3.0-5.40.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-qemu-3.3.0-5.40.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-secret-3.3.0-5.40.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-3.3.0-5.40.1 libvirt-daemon-driver-storage-core-3.3.0-5.40.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-disk-3.3.0-5.40.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.40.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-logical-3.3.0-5.40.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.40.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.40.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.40.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.40.1 libvirt-daemon-hooks-3.3.0-5.40.1 libvirt-daemon-lxc-3.3.0-5.40.1 libvirt-daemon-qemu-3.3.0-5.40.1 libvirt-daemon-xen-3.3.0-5.40.1 libvirt-debugsource-3.3.0-5.40.1 libvirt-doc-3.3.0-5.40.1 libvirt-libs-3.3.0-5.40.1 libvirt-libs-debuginfo-3.3.0-5.40.1 libvirt-lock-sanlock-3.3.0-5.40.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.40.1 libvirt-nss-3.3.0-5.40.1 libvirt-nss-debuginfo-3.3.0-5.40.1 - HPE Helion Openstack 8 (x86_64): libvirt-3.3.0-5.40.1 libvirt-admin-3.3.0-5.40.1 libvirt-admin-debuginfo-3.3.0-5.40.1 libvirt-client-3.3.0-5.40.1 libvirt-client-debuginfo-3.3.0-5.40.1 libvirt-daemon-3.3.0-5.40.1 libvirt-daemon-config-network-3.3.0-5.40.1 libvirt-daemon-config-nwfilter-3.3.0-5.40.1 libvirt-daemon-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-interface-3.3.0-5.40.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-libxl-3.3.0-5.40.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-lxc-3.3.0-5.40.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-network-3.3.0-5.40.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-nodedev-3.3.0-5.40.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-nwfilter-3.3.0-5.40.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-qemu-3.3.0-5.40.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-secret-3.3.0-5.40.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-3.3.0-5.40.1 libvirt-daemon-driver-storage-core-3.3.0-5.40.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-disk-3.3.0-5.40.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.40.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-logical-3.3.0-5.40.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.40.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.40.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.40.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.40.1 libvirt-daemon-hooks-3.3.0-5.40.1 libvirt-daemon-lxc-3.3.0-5.40.1 libvirt-daemon-qemu-3.3.0-5.40.1 libvirt-daemon-xen-3.3.0-5.40.1 libvirt-debugsource-3.3.0-5.40.1 libvirt-doc-3.3.0-5.40.1 libvirt-libs-3.3.0-5.40.1 libvirt-libs-debuginfo-3.3.0-5.40.1 libvirt-lock-sanlock-3.3.0-5.40.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.40.1 libvirt-nss-3.3.0-5.40.1 libvirt-nss-debuginfo-3.3.0-5.40.1 References: https://www.suse.com/security/cve/CVE-2019-10161.html https://www.suse.com/security/cve/CVE-2019-10167.html https://bugzilla.suse.com/1133719 https://bugzilla.suse.com/1138301 https://bugzilla.suse.com/1138303 https://bugzilla.suse.com/1138734 From sle-updates at lists.suse.com Wed Aug 28 07:18:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 15:18:38 +0200 (CEST) Subject: SUSE-SU-2019:2236-1: moderate: Security update for fontforge Message-ID: <20190828131838.E35B8F798@maintenance.suse.de> SUSE Security Update: Security update for fontforge ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2236-1 Rating: moderate References: #1050161 #1050181 #1050185 #1050187 #1050193 #1050194 #1050195 #1050196 #1050200 Cross-References: CVE-2017-11568 CVE-2017-11569 CVE-2017-11571 CVE-2017-11572 CVE-2017-11573 CVE-2017-11574 CVE-2017-11575 CVE-2017-11576 CVE-2017-11577 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for fontforge fixes the following security issues: fontforge was updated to 20170731, fixings lots of bugs and security issues. - CVE-2017-11568: Heap-based buffer over-read in PSCharStringToSplines (bsc#1050161) - CVE-2017-11569: Heap-based buffer over-read in readttfcopyrights (bsc#1050181) - CVE-2017-11571: Stack-based buffer overflow in addnibble (bsc#1050185) - CVE-2017-11572: Heap-based buffer over-read in readcfftopdicts (bsc#1050187) - CVE-2017-11573: Over-read in ValidatePostScriptFontName (bsc#1050193) - CVE-2017-11574: Heap-based buffer overflow in readcffset (bsc#1050194) - CVE-2017-11575: Buffer over-read in strnmatch (bsc#1050195) - CVE-2017-11576: Ensure a positive size in a weight vector memcpycall in readcfftopdict (bsc#1050196) - CVE-2017-11577: Buffer over-read in getsid (bsc#1050200) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2236=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): fontforge-20170731-11.8.1 fontforge-debuginfo-20170731-11.8.1 fontforge-debugsource-20170731-11.8.1 References: https://www.suse.com/security/cve/CVE-2017-11568.html https://www.suse.com/security/cve/CVE-2017-11569.html https://www.suse.com/security/cve/CVE-2017-11571.html https://www.suse.com/security/cve/CVE-2017-11572.html https://www.suse.com/security/cve/CVE-2017-11573.html https://www.suse.com/security/cve/CVE-2017-11574.html https://www.suse.com/security/cve/CVE-2017-11575.html https://www.suse.com/security/cve/CVE-2017-11576.html https://www.suse.com/security/cve/CVE-2017-11577.html https://bugzilla.suse.com/1050161 https://bugzilla.suse.com/1050181 https://bugzilla.suse.com/1050185 https://bugzilla.suse.com/1050187 https://bugzilla.suse.com/1050193 https://bugzilla.suse.com/1050194 https://bugzilla.suse.com/1050195 https://bugzilla.suse.com/1050196 https://bugzilla.suse.com/1050200 From sle-updates at lists.suse.com Wed Aug 28 07:20:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 15:20:20 +0200 (CEST) Subject: SUSE-SU-2019:14155-1: important: Recommended update for ghostscript-library Message-ID: <20190828132020.111FBF798@maintenance.suse.de> SUSE Security Update: Recommended update for ghostscript-library ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14155-1 Rating: important References: #1129186 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for ghostscript-library fixes the following issues: Security issue fixed: - CVE-2019-3838: Fixed various bugs which allows to reenable and misuse system Postscript operators to read files from within Postscript files and send them with the help of e.g. the %pipe% to the attacker (bsc#1129186). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-ghostscript-library-14155=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-ghostscript-library-14155=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ghostscript-library-14155=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ghostscript-library-14155=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): ghostscript-fonts-other-8.62-47.16.1 ghostscript-fonts-rus-8.62-47.16.1 ghostscript-fonts-std-8.62-47.16.1 ghostscript-library-8.62-47.16.1 ghostscript-omni-8.62-47.16.1 ghostscript-x11-8.62-47.16.1 libgimpprint-4.2.7-47.16.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ghostscript-fonts-other-8.62-47.16.1 ghostscript-fonts-rus-8.62-47.16.1 ghostscript-fonts-std-8.62-47.16.1 ghostscript-library-8.62-47.16.1 ghostscript-omni-8.62-47.16.1 ghostscript-x11-8.62-47.16.1 libgimpprint-4.2.7-47.16.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): ghostscript-library-debuginfo-8.62-47.16.1 ghostscript-library-debugsource-8.62-47.16.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ghostscript-library-debuginfo-8.62-47.16.1 ghostscript-library-debugsource-8.62-47.16.1 References: https://bugzilla.suse.com/1129186 From sle-updates at lists.suse.com Wed Aug 28 07:21:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 15:21:06 +0200 (CEST) Subject: SUSE-RU-2019:2239-1: moderate: Recommended update for autoyast2 Message-ID: <20190828132106.843ECF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2239-1 Rating: moderate References: #1135083 Affected Products: SUSE Linux Enterprise Server Installer 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop Installer 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for autoyast2 fixes the following issues: - Added support for enabling snapper when installing over a Software RAID. (bsc#1135083) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server Installer 12-SP4: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP4-2019-2239=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2239=1 - SUSE Linux Enterprise Desktop Installer 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-INSTALLER-12-SP4-2019-2239=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2239=1 Package List: - SUSE Linux Enterprise Server Installer 12-SP4 (noarch): autoyast2-3.2.36-3.11.1 autoyast2-installation-3.2.36-3.11.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): autoyast2-3.2.36-3.11.1 autoyast2-installation-3.2.36-3.11.1 - SUSE Linux Enterprise Desktop Installer 12-SP4 (noarch): autoyast2-3.2.36-3.11.1 autoyast2-installation-3.2.36-3.11.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): autoyast2-3.2.36-3.11.1 autoyast2-installation-3.2.36-3.11.1 References: https://bugzilla.suse.com/1135083 From sle-updates at lists.suse.com Wed Aug 28 10:12:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 18:12:02 +0200 (CEST) Subject: SUSE-RU-2019:2240-1: moderate: Recommended update for ca-certificates-mozilla Message-ID: <20190828161202.630D6F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for ca-certificates-mozilla ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2240-1 Rating: moderate References: #1144169 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ca-certificates-mozilla fixes the following issues: - Update to 2.34 state of the Mozilla NSS Certificate store. (bsc#1144169) - Removed Root CAs: - Certinomis - Root CA - Added root CAs from the 2.32 version: - emSign ECC Root CA - C3 (email and server auth) - emSign ECC Root CA - G3 (email and server auth) - emSign Root CA - C1 (email and server auth) - emSign Root CA - G1 (email and server auth) - Hongkong Post Root CA 3 (server auth) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2240=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2240=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2240=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2240=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2240=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2240=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2240=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2240=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2240=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2240=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2240=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2240=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2240=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2240=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2240=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2240=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2240=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2240=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): ca-certificates-mozilla-2.34-12.15.1 - SUSE OpenStack Cloud 8 (noarch): ca-certificates-mozilla-2.34-12.15.1 - SUSE OpenStack Cloud 7 (noarch): ca-certificates-mozilla-2.34-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): ca-certificates-mozilla-2.34-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): ca-certificates-mozilla-2.34-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): ca-certificates-mozilla-2.34-12.15.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): ca-certificates-mozilla-2.34-12.15.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): ca-certificates-mozilla-2.34-12.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): ca-certificates-mozilla-2.34-12.15.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): ca-certificates-mozilla-2.34-12.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): ca-certificates-mozilla-2.34-12.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): ca-certificates-mozilla-2.34-12.15.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): ca-certificates-mozilla-2.34-12.15.1 - SUSE Linux Enterprise Desktop 12-SP5 (noarch): ca-certificates-mozilla-2.34-12.15.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): ca-certificates-mozilla-2.34-12.15.1 - SUSE Enterprise Storage 5 (noarch): ca-certificates-mozilla-2.34-12.15.1 - SUSE Enterprise Storage 4 (noarch): ca-certificates-mozilla-2.34-12.15.1 - SUSE CaaS Platform 3.0 (noarch): ca-certificates-mozilla-2.34-12.15.1 - HPE Helion Openstack 8 (noarch): ca-certificates-mozilla-2.34-12.15.1 References: https://bugzilla.suse.com/1144169 From sle-updates at lists.suse.com Wed Aug 28 10:12:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 18:12:48 +0200 (CEST) Subject: SUSE-RU-2019:2241-1: moderate: Recommended update for ca-certificates-mozilla Message-ID: <20190828161248.C9B19F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for ca-certificates-mozilla ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2241-1 Rating: moderate References: #1144169 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ca-certificates-mozilla fixes the following issues: ca-certificates-mozillawas updated to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169) Removed CAs: - Certinomis - Root CA Includes new root CAs from the 2.32 version: - emSign ECC Root CA - C3 (email and server auth) - emSign ECC Root CA - G3 (email and server auth) - emSign Root CA - C1 (email and server auth) - emSign Root CA - G1 (email and server auth) - Hongkong Post Root CA 3 (server auth) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2241=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2241=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): ca-certificates-mozilla-2.34-4.12.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): ca-certificates-mozilla-2.34-4.12.1 References: https://bugzilla.suse.com/1144169 From sle-updates at lists.suse.com Wed Aug 28 13:11:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 21:11:21 +0200 (CEST) Subject: SUSE-SU-2019:2246-1: important: Security update for qemu Message-ID: <20190828191121.17C63F798@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2246-1 Rating: important References: #1079730 #1098403 #1111025 #1119115 #1134883 #1135902 #1136540 #1136778 #1140402 #1143794 Cross-References: CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has 7 fixes is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Bug fixes and enhancements: - Add vcpu features needed for Cascadelake-Server, Icelake-Client and Icelake-Server, especially the foundational arch-capabilities to help with security and performance on Intel hosts (bsc#1134883) (fate#327764) - Add support for one more security/performance related vcpu feature (bsc#1136778) (fate#327796) - Disable file locking in the Xen PV disk backend to avoid locking issues with PV domUs during migration. The issues triggered by the locking can not be properly handled in libxl. The locking introduced in qemu-2.10 was removed again in qemu-4.0 (bsc#1079730, bsc#1098403, bsc#1111025). - Ignore csske for expanding the cpu model (bsc#1136540) - Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2246=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2246=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2246=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): qemu-2.11.2-9.28.3 qemu-block-curl-2.11.2-9.28.3 qemu-block-curl-debuginfo-2.11.2-9.28.3 qemu-block-iscsi-2.11.2-9.28.3 qemu-block-iscsi-debuginfo-2.11.2-9.28.3 qemu-block-rbd-2.11.2-9.28.3 qemu-block-rbd-debuginfo-2.11.2-9.28.3 qemu-block-ssh-2.11.2-9.28.3 qemu-block-ssh-debuginfo-2.11.2-9.28.3 qemu-debuginfo-2.11.2-9.28.3 qemu-debugsource-2.11.2-9.28.3 qemu-guest-agent-2.11.2-9.28.3 qemu-guest-agent-debuginfo-2.11.2-9.28.3 qemu-lang-2.11.2-9.28.3 - SUSE Linux Enterprise Module for Server Applications 15 (s390x x86_64): qemu-kvm-2.11.2-9.28.3 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64): qemu-arm-2.11.2-9.28.3 qemu-arm-debuginfo-2.11.2-9.28.3 - SUSE Linux Enterprise Module for Server Applications 15 (ppc64le): qemu-ppc-2.11.2-9.28.3 qemu-ppc-debuginfo-2.11.2-9.28.3 - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): qemu-x86-2.11.2-9.28.3 qemu-x86-debuginfo-2.11.2-9.28.3 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): qemu-ipxe-1.0.0+-9.28.3 qemu-seabios-1.11.0-9.28.3 qemu-sgabios-8-9.28.3 qemu-vgabios-1.11.0-9.28.3 - SUSE Linux Enterprise Module for Server Applications 15 (s390x): qemu-s390-2.11.2-9.28.3 qemu-s390-debuginfo-2.11.2-9.28.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): qemu-block-dmg-2.11.2-9.28.3 qemu-block-dmg-debuginfo-2.11.2-9.28.3 qemu-debuginfo-2.11.2-9.28.3 qemu-debugsource-2.11.2-9.28.3 qemu-extra-2.11.2-9.28.3 qemu-extra-debuginfo-2.11.2-9.28.3 qemu-linux-user-2.11.2-9.28.2 qemu-linux-user-debuginfo-2.11.2-9.28.2 qemu-linux-user-debugsource-2.11.2-9.28.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-2.11.2-9.28.3 qemu-debugsource-2.11.2-9.28.3 qemu-tools-2.11.2-9.28.3 qemu-tools-debuginfo-2.11.2-9.28.3 References: https://www.suse.com/security/cve/CVE-2019-12155.html https://www.suse.com/security/cve/CVE-2019-13164.html https://www.suse.com/security/cve/CVE-2019-14378.html https://bugzilla.suse.com/1079730 https://bugzilla.suse.com/1098403 https://bugzilla.suse.com/1111025 https://bugzilla.suse.com/1119115 https://bugzilla.suse.com/1134883 https://bugzilla.suse.com/1135902 https://bugzilla.suse.com/1136540 https://bugzilla.suse.com/1136778 https://bugzilla.suse.com/1140402 https://bugzilla.suse.com/1143794 From sle-updates at lists.suse.com Wed Aug 28 13:13:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 21:13:21 +0200 (CEST) Subject: SUSE-SU-2019:2244-1: important: Security update for apache-commons-beanutils Message-ID: <20190828191321.27A23F798@maintenance.suse.de> SUSE Security Update: Security update for apache-commons-beanutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2244-1 Rating: important References: #1146657 Cross-References: CVE-2019-10086 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache-commons-beanutils fixes the following issues: Security issue fixed: - CVE-2019-10086: Added special BeanIntrospector class which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects (bsc#1146657). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2244=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): apache-commons-beanutils-1.9.2-3.3.1 apache-commons-beanutils-javadoc-1.9.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-10086.html https://bugzilla.suse.com/1146657 From sle-updates at lists.suse.com Wed Aug 28 13:14:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 21:14:02 +0200 (CEST) Subject: SUSE-SU-2019:2243-1: important: Security update for php7 Message-ID: <20190828191402.8425CF798@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2243-1 Rating: important References: #1140118 #1145095 #1146360 Cross-References: CVE-2019-11038 CVE-2019-11041 CVE-2019-11042 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140118). - CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2243=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-2243=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.85.1 php7-debugsource-7.0.7-50.85.1 php7-devel-7.0.7-50.85.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.85.1 apache2-mod_php7-debuginfo-7.0.7-50.85.1 php7-7.0.7-50.85.1 php7-bcmath-7.0.7-50.85.1 php7-bcmath-debuginfo-7.0.7-50.85.1 php7-bz2-7.0.7-50.85.1 php7-bz2-debuginfo-7.0.7-50.85.1 php7-calendar-7.0.7-50.85.1 php7-calendar-debuginfo-7.0.7-50.85.1 php7-ctype-7.0.7-50.85.1 php7-ctype-debuginfo-7.0.7-50.85.1 php7-curl-7.0.7-50.85.1 php7-curl-debuginfo-7.0.7-50.85.1 php7-dba-7.0.7-50.85.1 php7-dba-debuginfo-7.0.7-50.85.1 php7-debuginfo-7.0.7-50.85.1 php7-debugsource-7.0.7-50.85.1 php7-dom-7.0.7-50.85.1 php7-dom-debuginfo-7.0.7-50.85.1 php7-enchant-7.0.7-50.85.1 php7-enchant-debuginfo-7.0.7-50.85.1 php7-exif-7.0.7-50.85.1 php7-exif-debuginfo-7.0.7-50.85.1 php7-fastcgi-7.0.7-50.85.1 php7-fastcgi-debuginfo-7.0.7-50.85.1 php7-fileinfo-7.0.7-50.85.1 php7-fileinfo-debuginfo-7.0.7-50.85.1 php7-fpm-7.0.7-50.85.1 php7-fpm-debuginfo-7.0.7-50.85.1 php7-ftp-7.0.7-50.85.1 php7-ftp-debuginfo-7.0.7-50.85.1 php7-gd-7.0.7-50.85.1 php7-gd-debuginfo-7.0.7-50.85.1 php7-gettext-7.0.7-50.85.1 php7-gettext-debuginfo-7.0.7-50.85.1 php7-gmp-7.0.7-50.85.1 php7-gmp-debuginfo-7.0.7-50.85.1 php7-iconv-7.0.7-50.85.1 php7-iconv-debuginfo-7.0.7-50.85.1 php7-imap-7.0.7-50.85.1 php7-imap-debuginfo-7.0.7-50.85.1 php7-intl-7.0.7-50.85.1 php7-intl-debuginfo-7.0.7-50.85.1 php7-json-7.0.7-50.85.1 php7-json-debuginfo-7.0.7-50.85.1 php7-ldap-7.0.7-50.85.1 php7-ldap-debuginfo-7.0.7-50.85.1 php7-mbstring-7.0.7-50.85.1 php7-mbstring-debuginfo-7.0.7-50.85.1 php7-mcrypt-7.0.7-50.85.1 php7-mcrypt-debuginfo-7.0.7-50.85.1 php7-mysql-7.0.7-50.85.1 php7-mysql-debuginfo-7.0.7-50.85.1 php7-odbc-7.0.7-50.85.1 php7-odbc-debuginfo-7.0.7-50.85.1 php7-opcache-7.0.7-50.85.1 php7-opcache-debuginfo-7.0.7-50.85.1 php7-openssl-7.0.7-50.85.1 php7-openssl-debuginfo-7.0.7-50.85.1 php7-pcntl-7.0.7-50.85.1 php7-pcntl-debuginfo-7.0.7-50.85.1 php7-pdo-7.0.7-50.85.1 php7-pdo-debuginfo-7.0.7-50.85.1 php7-pgsql-7.0.7-50.85.1 php7-pgsql-debuginfo-7.0.7-50.85.1 php7-phar-7.0.7-50.85.1 php7-phar-debuginfo-7.0.7-50.85.1 php7-posix-7.0.7-50.85.1 php7-posix-debuginfo-7.0.7-50.85.1 php7-pspell-7.0.7-50.85.1 php7-pspell-debuginfo-7.0.7-50.85.1 php7-shmop-7.0.7-50.85.1 php7-shmop-debuginfo-7.0.7-50.85.1 php7-snmp-7.0.7-50.85.1 php7-snmp-debuginfo-7.0.7-50.85.1 php7-soap-7.0.7-50.85.1 php7-soap-debuginfo-7.0.7-50.85.1 php7-sockets-7.0.7-50.85.1 php7-sockets-debuginfo-7.0.7-50.85.1 php7-sqlite-7.0.7-50.85.1 php7-sqlite-debuginfo-7.0.7-50.85.1 php7-sysvmsg-7.0.7-50.85.1 php7-sysvmsg-debuginfo-7.0.7-50.85.1 php7-sysvsem-7.0.7-50.85.1 php7-sysvsem-debuginfo-7.0.7-50.85.1 php7-sysvshm-7.0.7-50.85.1 php7-sysvshm-debuginfo-7.0.7-50.85.1 php7-tokenizer-7.0.7-50.85.1 php7-tokenizer-debuginfo-7.0.7-50.85.1 php7-wddx-7.0.7-50.85.1 php7-wddx-debuginfo-7.0.7-50.85.1 php7-xmlreader-7.0.7-50.85.1 php7-xmlreader-debuginfo-7.0.7-50.85.1 php7-xmlrpc-7.0.7-50.85.1 php7-xmlrpc-debuginfo-7.0.7-50.85.1 php7-xmlwriter-7.0.7-50.85.1 php7-xmlwriter-debuginfo-7.0.7-50.85.1 php7-xsl-7.0.7-50.85.1 php7-xsl-debuginfo-7.0.7-50.85.1 php7-zip-7.0.7-50.85.1 php7-zip-debuginfo-7.0.7-50.85.1 php7-zlib-7.0.7-50.85.1 php7-zlib-debuginfo-7.0.7-50.85.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.85.1 php7-pear-Archive_Tar-7.0.7-50.85.1 References: https://www.suse.com/security/cve/CVE-2019-11038.html https://www.suse.com/security/cve/CVE-2019-11041.html https://www.suse.com/security/cve/CVE-2019-11042.html https://bugzilla.suse.com/1140118 https://bugzilla.suse.com/1145095 https://bugzilla.suse.com/1146360 From sle-updates at lists.suse.com Wed Aug 28 13:15:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 21:15:03 +0200 (CEST) Subject: SUSE-SU-2019:2247-1: important: Security update for ceph Message-ID: <20190828191503.3106AF798@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2247-1 Rating: important References: #1145093 Cross-References: CVE-2019-10222 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ceph fixes the following issues: Security issue fixed: - CVE-2019-10222: Fixed RGW crash via unauthenticated clients (bsc#1145093). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2247=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2247=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2019-2247=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ceph-14.2.2.349+g6716a1e448-3.9.1 ceph-base-14.2.2.349+g6716a1e448-3.9.1 ceph-base-debuginfo-14.2.2.349+g6716a1e448-3.9.1 ceph-debugsource-14.2.2.349+g6716a1e448-3.9.1 ceph-fuse-14.2.2.349+g6716a1e448-3.9.1 ceph-fuse-debuginfo-14.2.2.349+g6716a1e448-3.9.1 ceph-mds-14.2.2.349+g6716a1e448-3.9.1 ceph-mds-debuginfo-14.2.2.349+g6716a1e448-3.9.1 ceph-mgr-14.2.2.349+g6716a1e448-3.9.1 ceph-mgr-debuginfo-14.2.2.349+g6716a1e448-3.9.1 ceph-mon-14.2.2.349+g6716a1e448-3.9.1 ceph-mon-debuginfo-14.2.2.349+g6716a1e448-3.9.1 ceph-osd-14.2.2.349+g6716a1e448-3.9.1 ceph-osd-debuginfo-14.2.2.349+g6716a1e448-3.9.1 ceph-radosgw-14.2.2.349+g6716a1e448-3.9.1 ceph-radosgw-debuginfo-14.2.2.349+g6716a1e448-3.9.1 cephfs-shell-14.2.2.349+g6716a1e448-3.9.1 rbd-fuse-14.2.2.349+g6716a1e448-3.9.1 rbd-fuse-debuginfo-14.2.2.349+g6716a1e448-3.9.1 rbd-mirror-14.2.2.349+g6716a1e448-3.9.1 rbd-mirror-debuginfo-14.2.2.349+g6716a1e448-3.9.1 rbd-nbd-14.2.2.349+g6716a1e448-3.9.1 rbd-nbd-debuginfo-14.2.2.349+g6716a1e448-3.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): ceph-test-14.2.2.349+g6716a1e448-3.9.1 ceph-test-debuginfo-14.2.2.349+g6716a1e448-3.9.1 ceph-test-debugsource-14.2.2.349+g6716a1e448-3.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): ceph-grafana-dashboards-14.2.2.349+g6716a1e448-3.9.1 ceph-mgr-dashboard-14.2.2.349+g6716a1e448-3.9.1 ceph-mgr-diskprediction-cloud-14.2.2.349+g6716a1e448-3.9.1 ceph-mgr-diskprediction-local-14.2.2.349+g6716a1e448-3.9.1 ceph-mgr-rook-14.2.2.349+g6716a1e448-3.9.1 ceph-mgr-ssh-14.2.2.349+g6716a1e448-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): ceph-common-14.2.2.349+g6716a1e448-3.9.1 ceph-common-debuginfo-14.2.2.349+g6716a1e448-3.9.1 ceph-debugsource-14.2.2.349+g6716a1e448-3.9.1 libcephfs-devel-14.2.2.349+g6716a1e448-3.9.1 libcephfs2-14.2.2.349+g6716a1e448-3.9.1 libcephfs2-debuginfo-14.2.2.349+g6716a1e448-3.9.1 librados-devel-14.2.2.349+g6716a1e448-3.9.1 librados-devel-debuginfo-14.2.2.349+g6716a1e448-3.9.1 librados2-14.2.2.349+g6716a1e448-3.9.1 librados2-debuginfo-14.2.2.349+g6716a1e448-3.9.1 libradospp-devel-14.2.2.349+g6716a1e448-3.9.1 librbd-devel-14.2.2.349+g6716a1e448-3.9.1 librbd1-14.2.2.349+g6716a1e448-3.9.1 librbd1-debuginfo-14.2.2.349+g6716a1e448-3.9.1 librgw-devel-14.2.2.349+g6716a1e448-3.9.1 librgw2-14.2.2.349+g6716a1e448-3.9.1 librgw2-debuginfo-14.2.2.349+g6716a1e448-3.9.1 python3-ceph-argparse-14.2.2.349+g6716a1e448-3.9.1 python3-cephfs-14.2.2.349+g6716a1e448-3.9.1 python3-cephfs-debuginfo-14.2.2.349+g6716a1e448-3.9.1 python3-rados-14.2.2.349+g6716a1e448-3.9.1 python3-rados-debuginfo-14.2.2.349+g6716a1e448-3.9.1 python3-rbd-14.2.2.349+g6716a1e448-3.9.1 python3-rbd-debuginfo-14.2.2.349+g6716a1e448-3.9.1 python3-rgw-14.2.2.349+g6716a1e448-3.9.1 python3-rgw-debuginfo-14.2.2.349+g6716a1e448-3.9.1 rados-objclass-devel-14.2.2.349+g6716a1e448-3.9.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): ceph-14.2.2.349+g6716a1e448-3.9.1 ceph-base-14.2.2.349+g6716a1e448-3.9.1 ceph-base-debuginfo-14.2.2.349+g6716a1e448-3.9.1 ceph-common-14.2.2.349+g6716a1e448-3.9.1 ceph-common-debuginfo-14.2.2.349+g6716a1e448-3.9.1 ceph-debugsource-14.2.2.349+g6716a1e448-3.9.1 ceph-fuse-14.2.2.349+g6716a1e448-3.9.1 ceph-fuse-debuginfo-14.2.2.349+g6716a1e448-3.9.1 ceph-mds-14.2.2.349+g6716a1e448-3.9.1 ceph-mds-debuginfo-14.2.2.349+g6716a1e448-3.9.1 ceph-mgr-14.2.2.349+g6716a1e448-3.9.1 ceph-mgr-debuginfo-14.2.2.349+g6716a1e448-3.9.1 ceph-mon-14.2.2.349+g6716a1e448-3.9.1 ceph-mon-debuginfo-14.2.2.349+g6716a1e448-3.9.1 ceph-osd-14.2.2.349+g6716a1e448-3.9.1 ceph-osd-debuginfo-14.2.2.349+g6716a1e448-3.9.1 ceph-radosgw-14.2.2.349+g6716a1e448-3.9.1 ceph-radosgw-debuginfo-14.2.2.349+g6716a1e448-3.9.1 cephfs-shell-14.2.2.349+g6716a1e448-3.9.1 libcephfs2-14.2.2.349+g6716a1e448-3.9.1 libcephfs2-debuginfo-14.2.2.349+g6716a1e448-3.9.1 librados2-14.2.2.349+g6716a1e448-3.9.1 librados2-debuginfo-14.2.2.349+g6716a1e448-3.9.1 librbd1-14.2.2.349+g6716a1e448-3.9.1 librbd1-debuginfo-14.2.2.349+g6716a1e448-3.9.1 librgw2-14.2.2.349+g6716a1e448-3.9.1 librgw2-debuginfo-14.2.2.349+g6716a1e448-3.9.1 python3-ceph-argparse-14.2.2.349+g6716a1e448-3.9.1 python3-cephfs-14.2.2.349+g6716a1e448-3.9.1 python3-cephfs-debuginfo-14.2.2.349+g6716a1e448-3.9.1 python3-rados-14.2.2.349+g6716a1e448-3.9.1 python3-rados-debuginfo-14.2.2.349+g6716a1e448-3.9.1 python3-rbd-14.2.2.349+g6716a1e448-3.9.1 python3-rbd-debuginfo-14.2.2.349+g6716a1e448-3.9.1 python3-rgw-14.2.2.349+g6716a1e448-3.9.1 python3-rgw-debuginfo-14.2.2.349+g6716a1e448-3.9.1 rbd-fuse-14.2.2.349+g6716a1e448-3.9.1 rbd-fuse-debuginfo-14.2.2.349+g6716a1e448-3.9.1 rbd-mirror-14.2.2.349+g6716a1e448-3.9.1 rbd-mirror-debuginfo-14.2.2.349+g6716a1e448-3.9.1 rbd-nbd-14.2.2.349+g6716a1e448-3.9.1 rbd-nbd-debuginfo-14.2.2.349+g6716a1e448-3.9.1 - SUSE Enterprise Storage 6 (noarch): ceph-grafana-dashboards-14.2.2.349+g6716a1e448-3.9.1 ceph-mgr-dashboard-14.2.2.349+g6716a1e448-3.9.1 ceph-mgr-diskprediction-local-14.2.2.349+g6716a1e448-3.9.1 ceph-mgr-rook-14.2.2.349+g6716a1e448-3.9.1 ceph-prometheus-alerts-14.2.2.349+g6716a1e448-3.9.1 References: https://www.suse.com/security/cve/CVE-2019-10222.html https://bugzilla.suse.com/1145093 From sle-updates at lists.suse.com Wed Aug 28 13:15:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2019 21:15:47 +0200 (CEST) Subject: SUSE-SU-2019:2245-1: important: Security update for apache-commons-beanutils Message-ID: <20190828191547.D5F4EF798@maintenance.suse.de> SUSE Security Update: Security update for apache-commons-beanutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2245-1 Rating: important References: #1146657 Cross-References: CVE-2019-10086 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache-commons-beanutils fixes the following issues: Security issue fixed: - CVE-2019-10086: Added special BeanIntrospector class which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects (bsc#1146657). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2019-2245=1 - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-2245=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2245=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2245=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): apache-commons-beanutils-1.9.2-4.3.1 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): apache-commons-beanutils-1.9.2-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): apache-commons-beanutils-javadoc-1.9.2-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): apache-commons-beanutils-javadoc-1.9.2-4.3.1 References: https://www.suse.com/security/cve/CVE-2019-10086.html https://bugzilla.suse.com/1146657 From sle-updates at lists.suse.com Thu Aug 29 04:11:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Aug 2019 12:11:22 +0200 (CEST) Subject: SUSE-RU-2019:2249-1: moderate: Recommended update for python-kiwi Message-ID: <20190829101122.CCE95F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2249-1 Rating: moderate References: #1141168 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-kiwi fixes the following issues: - kiwi will no longer create an empty machine-id file in case it is not provided during the system installation (bsc#1141168) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2249=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2249=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python-kiwi-debugsource-9.17.16-3.3.1 python2-kiwi-9.17.16-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.17.16-3.3.1 dracut-kiwi-live-9.17.16-3.3.1 dracut-kiwi-oem-dump-9.17.16-3.3.1 dracut-kiwi-oem-repart-9.17.16-3.3.1 dracut-kiwi-overlay-9.17.16-3.3.1 kiwi-man-pages-9.17.16-3.3.1 kiwi-tools-9.17.16-3.3.1 kiwi-tools-debuginfo-9.17.16-3.3.1 python-kiwi-debugsource-9.17.16-3.3.1 python3-kiwi-9.17.16-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): kiwi-pxeboot-9.17.16-3.3.1 References: https://bugzilla.suse.com/1141168 From sle-updates at lists.suse.com Thu Aug 29 04:12:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Aug 2019 12:12:09 +0200 (CEST) Subject: SUSE-RU-2019:2250-1: moderate: Recommended update for yast2-ftp-server Message-ID: <20190829101209.05403F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-ftp-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2250-1 Rating: moderate References: #1142146 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-ftp-server fixes the following issue: - wrong allowed user displayed (bsc#1142146) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2250=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): yast2-ftp-server-4.1.7-9.5.1 References: https://bugzilla.suse.com/1142146 From sle-updates at lists.suse.com Thu Aug 29 04:12:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Aug 2019 12:12:59 +0200 (CEST) Subject: SUSE-RU-2019:2248-1: moderate: Recommended update for python-kiwi Message-ID: <20190829101259.4E06FF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2248-1 Rating: moderate References: #1141168 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-kiwi fixes the following issues: - kiwi will no longer create an empty machine-id file in case it is not provided during the system installation (bsc#1141168) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2248=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2248=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python-kiwi-debugsource-9.17.16-3.21.1 python2-kiwi-9.17.16-3.21.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.17.16-3.21.1 dracut-kiwi-live-9.17.16-3.21.1 dracut-kiwi-oem-dump-9.17.16-3.21.1 dracut-kiwi-oem-repart-9.17.16-3.21.1 dracut-kiwi-overlay-9.17.16-3.21.1 kiwi-man-pages-9.17.16-3.21.1 kiwi-tools-9.17.16-3.21.1 kiwi-tools-debuginfo-9.17.16-3.21.1 python-kiwi-debugsource-9.17.16-3.21.1 python3-kiwi-9.17.16-3.21.1 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): kiwi-pxeboot-9.17.16-3.21.1 References: https://bugzilla.suse.com/1141168 From sle-updates at lists.suse.com Thu Aug 29 13:11:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Aug 2019 21:11:08 +0200 (CEST) Subject: SUSE-SU-2019:14157-1: important: Security update for the Linux Kernel Message-ID: <20190829191108.7D6FCF7C7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14157-1 Rating: important References: #1134390 #1134399 #1138744 #1139358 #1140945 #1140965 #1141401 #1141402 #1141452 #1141453 #1141454 #1142023 #1143045 #1143179 #1143189 #1143191 Cross-References: CVE-2015-9289 CVE-2018-20855 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-14283 CVE-2019-14284 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 9 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143189). - CVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143191). - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023). - CVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399). - CVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358). - CVE-2018-20855: An issue was discovered in create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045). - CVE-2015-9289: A buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allowed larger values such as 23 (bsc#1143179). The following non-security bugs were fixed: - fix detection of race between fcntl-setlk and close (bsc#1140965). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945,bsc#1141401,bsc#1141402,bsc#1141452,bsc#1141453,bsc#1141454). - xen-netfront: use napi_complete() correctly to prevent Rx stalling (bsc#1138744). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-kernel-source-14157=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-14157=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-14157=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): kernel-default-3.0.101-108.101.1 kernel-default-base-3.0.101-108.101.1 kernel-default-devel-3.0.101-108.101.1 kernel-source-3.0.101-108.101.1 kernel-syms-3.0.101-108.101.1 kernel-trace-3.0.101-108.101.1 kernel-trace-base-3.0.101-108.101.1 kernel-trace-devel-3.0.101-108.101.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): kernel-ec2-3.0.101-108.101.1 kernel-ec2-base-3.0.101-108.101.1 kernel-ec2-devel-3.0.101-108.101.1 kernel-xen-3.0.101-108.101.1 kernel-xen-base-3.0.101-108.101.1 kernel-xen-devel-3.0.101-108.101.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (s390x): kernel-default-man-3.0.101-108.101.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64): kernel-bigmem-3.0.101-108.101.1 kernel-bigmem-base-3.0.101-108.101.1 kernel-bigmem-devel-3.0.101-108.101.1 kernel-ppc64-3.0.101-108.101.1 kernel-ppc64-base-3.0.101-108.101.1 kernel-ppc64-devel-3.0.101-108.101.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): kernel-pae-3.0.101-108.101.1 kernel-pae-base-3.0.101-108.101.1 kernel-pae-devel-3.0.101-108.101.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.101.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.101.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.101.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.101.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.101.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.101.1 kernel-default-debugsource-3.0.101-108.101.1 kernel-trace-debuginfo-3.0.101-108.101.1 kernel-trace-debugsource-3.0.101-108.101.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.101.1 kernel-trace-devel-debuginfo-3.0.101-108.101.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.101.1 kernel-ec2-debugsource-3.0.101-108.101.1 kernel-xen-debuginfo-3.0.101-108.101.1 kernel-xen-debugsource-3.0.101-108.101.1 kernel-xen-devel-debuginfo-3.0.101-108.101.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.101.1 kernel-bigmem-debugsource-3.0.101-108.101.1 kernel-ppc64-debuginfo-3.0.101-108.101.1 kernel-ppc64-debugsource-3.0.101-108.101.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.101.1 kernel-pae-debugsource-3.0.101-108.101.1 kernel-pae-devel-debuginfo-3.0.101-108.101.1 References: https://www.suse.com/security/cve/CVE-2015-9289.html https://www.suse.com/security/cve/CVE-2018-20855.html https://www.suse.com/security/cve/CVE-2019-1125.html https://www.suse.com/security/cve/CVE-2019-11810.html https://www.suse.com/security/cve/CVE-2019-13631.html https://www.suse.com/security/cve/CVE-2019-14283.html https://www.suse.com/security/cve/CVE-2019-14284.html https://bugzilla.suse.com/1134390 https://bugzilla.suse.com/1134399 https://bugzilla.suse.com/1138744 https://bugzilla.suse.com/1139358 https://bugzilla.suse.com/1140945 https://bugzilla.suse.com/1140965 https://bugzilla.suse.com/1141401 https://bugzilla.suse.com/1141402 https://bugzilla.suse.com/1141452 https://bugzilla.suse.com/1141453 https://bugzilla.suse.com/1141454 https://bugzilla.suse.com/1142023 https://bugzilla.suse.com/1143045 https://bugzilla.suse.com/1143179 https://bugzilla.suse.com/1143189 https://bugzilla.suse.com/1143191 From sle-updates at lists.suse.com Thu Aug 29 16:11:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Aug 2019 00:11:17 +0200 (CEST) Subject: SUSE-SU-2019:2253-1: important: Security update for python-SQLAlchemy Message-ID: <20190829221117.143BDF7B3@maintenance.suse.de> SUSE Security Update: Security update for python-SQLAlchemy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2253-1 Rating: important References: #1124593 Cross-References: CVE-2019-7164 CVE-2019-7548 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-SQLAlchemy fixes the following issues: Security issues fixed: - CVE-2019-7164: Fixed SQL Injection via the order_by parameter (bsc#1124593). - CVE-2019-7548: Fixed SQL Injection via the group_by parameter (bsc#1124593). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2253=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2253=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python-SQLAlchemy-debuginfo-1.2.14-6.3.1 python-SQLAlchemy-debugsource-1.2.14-6.3.1 python2-SQLAlchemy-1.2.14-6.3.1 python2-SQLAlchemy-debuginfo-1.2.14-6.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python-SQLAlchemy-doc-1.2.14-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): python-SQLAlchemy-debuginfo-1.2.14-6.3.1 python-SQLAlchemy-debugsource-1.2.14-6.3.1 python3-SQLAlchemy-1.2.14-6.3.1 python3-SQLAlchemy-debuginfo-1.2.14-6.3.1 References: https://www.suse.com/security/cve/CVE-2019-7164.html https://www.suse.com/security/cve/CVE-2019-7548.html https://bugzilla.suse.com/1124593 From sle-updates at lists.suse.com Thu Aug 29 16:12:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Aug 2019 00:12:01 +0200 (CEST) Subject: SUSE-SU-2019:2254-1: important: Security update for nodejs10 Message-ID: <20190829221201.814F5F7B3@maintenance.suse.de> SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2254-1 Rating: important References: #1146090 #1146091 #1146093 #1146094 #1146095 #1146097 #1146099 #1146100 Cross-References: CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for nodejs10 to version 10.16.3 fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091). - CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100). - CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097). - CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-2254=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs10-10.16.3-1.12.1 nodejs10-debuginfo-10.16.3-1.12.1 nodejs10-debugsource-10.16.3-1.12.1 nodejs10-devel-10.16.3-1.12.1 npm10-10.16.3-1.12.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs10-docs-10.16.3-1.12.1 References: https://www.suse.com/security/cve/CVE-2019-9511.html https://www.suse.com/security/cve/CVE-2019-9512.html https://www.suse.com/security/cve/CVE-2019-9513.html https://www.suse.com/security/cve/CVE-2019-9514.html https://www.suse.com/security/cve/CVE-2019-9515.html https://www.suse.com/security/cve/CVE-2019-9516.html https://www.suse.com/security/cve/CVE-2019-9517.html https://www.suse.com/security/cve/CVE-2019-9518.html https://bugzilla.suse.com/1146090 https://bugzilla.suse.com/1146091 https://bugzilla.suse.com/1146093 https://bugzilla.suse.com/1146094 https://bugzilla.suse.com/1146095 https://bugzilla.suse.com/1146097 https://bugzilla.suse.com/1146099 https://bugzilla.suse.com/1146100 From sle-updates at lists.suse.com Fri Aug 30 04:12:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Aug 2019 12:12:36 +0200 (CEST) Subject: SUSE-RU-2019:2255-1: moderate: Recommended update for clustduct Message-ID: <20190830101236.A884FF7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for clustduct ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2255-1 Rating: moderate References: #1138296 #1138326 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for HPC 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for clustduct fixes the following issues: - Add sample kiwi config and remove plymouth packages. (bsc#1138296) - Renamed kiwi description - Update documentation. (bsc#1138326) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2255=1 - SUSE Linux Enterprise Module for HPC 15-SP1: zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2019-2255=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le s390x): clustduct-0.0.2-3.2.2 - SUSE Linux Enterprise Module for HPC 15-SP1 (aarch64 x86_64): clustduct-0.0.2-3.2.2 References: https://bugzilla.suse.com/1138296 https://bugzilla.suse.com/1138326 From sle-updates at lists.suse.com Fri Aug 30 04:13:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Aug 2019 12:13:26 +0200 (CEST) Subject: SUSE-RU-2019:2256-1: moderate: Recommended update for deepsea Message-ID: <20190830101326.20947F7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for deepsea ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2256-1 Rating: moderate References: #1130930 #1135179 #1135913 #1137587 #1138325 #1138442 #1140932 #1141367 #1141368 #1141503 #1141956 #1142663 #1142821 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. Description: This update for deepsea fixes the following issues: - Added path to status report for better identification (bsc#1142663) - Fixed an issue where the disk_led runner was crashing (bsc#1142821) - monitoring: alertmanager sysconfig needs --cluster.listen-address (bsc#1141956) - cephdisks: ignore sr & rbd devices (bsc#1137587) - osd: move discovery code to dg.py (bsc#1135179) - dg: exclude /dev/mapper/ disks from c-v output (bsc#1141503) - mds: numerical mds names are forbidden (have been deprecated since 2014) (bsc#1138442) - populate: don't overwrite cluster config by default (bsc#1140932) - dg: exclude disks < 5GB (bsc#1141367) - dg: add osds_per_device to specs (bsc#1141368) - apparmor: ignore aa-disabled return code (bsc#1130930) - disable the automated upgrade (bsc#1135913) - Include missing README (bsc#1138325) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2019-2256=1 Package List: - SUSE Enterprise Storage 6 (noarch): deepsea-0.9.23+git.0.6a24f24a0-3.3.2 deepsea-cli-0.9.23+git.0.6a24f24a0-3.3.2 References: https://bugzilla.suse.com/1130930 https://bugzilla.suse.com/1135179 https://bugzilla.suse.com/1135913 https://bugzilla.suse.com/1137587 https://bugzilla.suse.com/1138325 https://bugzilla.suse.com/1138442 https://bugzilla.suse.com/1140932 https://bugzilla.suse.com/1141367 https://bugzilla.suse.com/1141368 https://bugzilla.suse.com/1141503 https://bugzilla.suse.com/1141956 https://bugzilla.suse.com/1142663 https://bugzilla.suse.com/1142821